[Dnsmasq-discuss] AAAA requests: long delay or SERVFAIL
Simon Kelley
simon at thekelleys.org.uk
Tue Dec 23 17:14:38 GMT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
My guess is that the SERVFAIL is coming from a server upstream of
dnsmasq. Unless told to, dnsmasq "overlays" the DNS information is has
locally onto the global DNS a record-at-a-time, not a domain-name at a
time. So if dnsmasq knows the IPv4 address of red.virt, and not the
IPv6 address, then it will forward AAAA queries for red.virt upstream,
a particular domain-name is not either all local, or all usptream.
You can stop dnsmasq ever forwarding any query in *.virt like this.
local=/virt/
or even better, modify the domain definition to something like
domain=virt,192.168.122.0/24, local
which will automatically give you "local" declarations for the forward
(*.virt) and reverse (122.168.192.in-addr.arpa) domains.
Cheers,
Simon.
On 16/12/14 21:32, martin f krafft wrote:
> Hey,
>
> I am using dnsmasq from libvirt, like so:
>
> dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
> --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
>
> The configuration file is included below. Basically, this is a
> DHCP server and DNS forwarder, but I've also configured it to turn
> DHCP leases into DNS records, using the --domain keyword.
>
> This works splendidly and OMG did I rejoice to see how wonderfully
> easy this was to set up and just get it working.
>
> However, there's an issue relating to nonexistent RRs for the
> hosts configured by DHCP, as exemplified by a call to
> /usr/bin/host:
>
> % host red.virt red.virt has address 192.168.122.60 Host red.virt
> not found: 2(SERVFAIL) Host red.virt not found: 2(SERVFAIL)
>
> This is because host queries the DNS server for A, AAAA, and MX
> all at once.
>
> It's obvious that dnsmasq does not know about AAAA or MX for the
> host in this setup. However, why is it returning SERVFAIL?
>
> Moreover, this is not consistently the case. At other times, I get
> timeouts when asking for these RRs:
>
> % dig @192.168.122.1 aaaa green.virt
>
> *** 5–10 seconds later ***
>
> ; <<>> DiG 9.9.5-7-Debian <<>> @192.168.122.1 aaaa green.virt ; (1
> server found) ;; global options: +cmd ;; connection timed out; no
> servers could be reached
>
> Am I doing something wrong?
>
> I thought that the correct behaviour for a DNS server when asked
> about a record it does not have is to respond with NOERROR,
> AUTHORITY:1 and ANSWER:0.
>
> ==> /var/lib/libvirt/dnsmasq/default.conf: strict-order
> domain=virt expand-hosts
> pid-file=/var/run/libvirt/network/default.pid except-interface=lo
> bind-dynamic interface=virbr0
> dhcp-range=192.168.122.2,192.168.122.254 dhcp-no-override
> dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
> dhcp-lease-max=253
> dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
> addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
>
>
>
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUmaL+AAoJEBXN2mrhkTWibt0P/0TYkdnvWMo2QcV2aKo72J4f
p3DYVX3+I38ZTBHuD7LZWALw5TKW0xSPkcJIgfQh5wpppqf2Z/JMhcFbDY0eNc2t
5bsDBO3xQ9yU/GwchbaHUjme0f0PfvHCXNNbSQUioPIKgqHBDVHQDfQezhf2Fp0X
xPBjGcB3gMtO2/E5Nknsk7M6VIvYVWdGzPYgndBwFde/DZEnvybCCW2TnNrx4yUO
6qB+8ibQH6DchYr1NPX0ryvTwgiPR/3/NDPLxLjMrrF8Q+6njpTYHFkkDvmvRiFz
/aoeMyhFdaQHeqOUKVJCYzLGkQQciEHBQh5m4zWqi8JKmCIeZBLUplswGDa2pgEr
QLmIbGK5bm7opP9UfIBJG7WryQPzqX0AMXImgBefVU75eqnVOYPGuYpYZVMZhvG0
2lldJbxzAM9veWSNFEnBCvfBOSznqnGVqmOVb8K5hwaBYD8FYMRVI8nBEcG5mak1
5j3vEN79simtkr+9RCx62/cyLuGK/8jFJYd84Mf6KAuma69XXkIZGsv1MBIAqgqC
u9VDh1tjC3/kS3bn2+xuRNcZwTVQpHNTDRXy4u+vmdCAB2z+XSl3lMmdptMqOMFj
3FwtHUWs2Woqvfs+DfVHBR96Tg/lVFnOqLvqWQuBXrvh8+J07GL3dR8U+e88ahCQ
KZz/bBx8loiJuJ/iH7dE
=aCfJ
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss
mailing list