[Dnsmasq-discuss] [help] conntrack with a iptables redirect in dnsmasq
jalbert at additionnetworks.net
Tue Dec 3 15:26:48 GMT 2013
I am new to using dnsmasq as we had an idea of using it to intercept DNS requests on our firewalls, but we are having an issue with it that we have been trying to resolve for over a day now. What our goal is, is to use conntrack marks to mark different requests with a different tag within dnsmasq. This is working great if we are specifying the firewall as the dns server. The issue is when we are using an external DNS server and transparently redirecting it to dnsmasq then the mark cannot be read.
For instance if on the client I do this
$ nslookup -port=5353
> server 192.168.0.1
Default server: 192.168.0.1
On the firewall I have a mangle rule to mark the packets and my debug output for dnsmasq shows the following.
dnsmasq: Client 192.168.0.104, Conn_Mark: 8193, requested: test.com
But when simply doing this from the client
> server 18.104.22.168
Default server: 22.214.171.124
Where I have an iptables redirect rule I receive the following error
dnsmasq: Conntrack connection mark retrieval failed: No such file or directory
dnsmasq: Client 192.168.0.104, Conn_Mark: 104, requested: test.com
I cannot seem to figure out what the error really means since no such file or directory really doesn't make any sense. Are there any suggestions as to what might be causing this and any solutions that anyone can think of?
Senior Software Developer, Addition Networks
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dnsmasq-discuss