[Dnsmasq-discuss] [help] conntrack with a iptables redirect in dnsmasq

Jeff Albert jalbert at additionnetworks.net
Tue Dec 3 15:26:48 GMT 2013

  I am new to using dnsmasq as we had an idea of using it to intercept DNS requests on our firewalls, but we are having an issue with it that we have been trying to resolve for over a day now.  What our goal is, is to use conntrack marks to mark different requests with a different tag within dnsmasq.  This is working great if we are specifying the firewall as the dns server.  The issue is when we are using an external DNS server and transparently redirecting it to dnsmasq then the mark cannot be read.

For instance if on the client I do this
$ nslookup -port=5353
> server
Default server:
> test.com

On the firewall I have a mangle rule to mark the packets and my debug output for dnsmasq shows the following.
dnsmasq: Client, Conn_Mark: 8193, requested: test.com

But when simply doing this from the client
$ nslookup
> server
Default server:
> test.com

Where I have an iptables redirect rule I receive the following error

dnsmasq: Conntrack connection mark retrieval failed: No such file or directory
dnsmasq: Client, Conn_Mark: 104, requested: test.com

I cannot seem to figure out what the error really means since no such file or directory really doesn't make any sense.  Are there any suggestions as to what might be causing this and any solutions that anyone can think of?

Jeff Albert
Senior Software Developer, Addition Networks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20131203/c21029a7/attachment.html>

More information about the Dnsmasq-discuss mailing list