[Dnsmasq-discuss] AAAA requests: long delay or SERVFAIL

Simon Kelley simon at thekelleys.org.uk
Tue Dec 23 17:14:38 GMT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

My guess is that the SERVFAIL is coming from a server upstream of
dnsmasq. Unless told to, dnsmasq "overlays" the DNS information is has
locally onto the global DNS a record-at-a-time, not a domain-name at a
time. So if dnsmasq knows the IPv4 address of red.virt, and not the
IPv6 address, then it will forward AAAA queries for red.virt upstream,
a particular domain-name is not either all local, or all usptream.

You can stop dnsmasq ever forwarding any query in *.virt like this.

local=/virt/

or even better, modify the domain definition to something like

domain=virt,192.168.122.0/24, local


which will automatically give you "local" declarations for the forward
(*.virt) and reverse (122.168.192.in-addr.arpa) domains.


Cheers,

Simon.


On 16/12/14 21:32, martin f krafft wrote:
> Hey,
> 
> I am using dnsmasq from libvirt, like so:
> 
> dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \ 
> --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
> 
> The configuration file is included below. Basically, this is a
> DHCP server and DNS forwarder, but I've also configured it to turn
> DHCP leases into DNS records, using the --domain keyword.
> 
> This works splendidly and OMG did I rejoice to see how wonderfully 
> easy this was to set up and just get it working.
> 
> However, there's an issue relating to nonexistent RRs for the
> hosts configured by DHCP, as exemplified by a call to
> /usr/bin/host:
> 
> % host red.virt red.virt has address 192.168.122.60 Host red.virt
> not found: 2(SERVFAIL) Host red.virt not found: 2(SERVFAIL)
> 
> This is because host queries the DNS server for A, AAAA, and MX
> all at once.
> 
> It's obvious that dnsmasq does not know about AAAA or MX for the 
> host in this setup. However, why is it returning SERVFAIL?
> 
> Moreover, this is not consistently the case. At other times, I get 
> timeouts when asking for these RRs:
> 
> % dig @192.168.122.1 aaaa green.virt
> 
> *** 5–10 seconds later ***
> 
> ; <<>> DiG 9.9.5-7-Debian <<>> @192.168.122.1 aaaa green.virt ; (1
> server found) ;; global options: +cmd ;; connection timed out; no
> servers could be reached
> 
> Am I doing something wrong?
> 
> I thought that the correct behaviour for a DNS server when asked 
> about a record it does not have is to respond with NOERROR, 
> AUTHORITY:1 and ANSWER:0.
> 
> ==> /var/lib/libvirt/dnsmasq/default.conf: strict-order 
> domain=virt expand-hosts 
> pid-file=/var/run/libvirt/network/default.pid except-interface=lo 
> bind-dynamic interface=virbr0 
> dhcp-range=192.168.122.2,192.168.122.254 dhcp-no-override 
> dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases 
> dhcp-lease-max=253 
> dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile 
> addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
> 
> 
> 
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUmaL+AAoJEBXN2mrhkTWibt0P/0TYkdnvWMo2QcV2aKo72J4f
p3DYVX3+I38ZTBHuD7LZWALw5TKW0xSPkcJIgfQh5wpppqf2Z/JMhcFbDY0eNc2t
5bsDBO3xQ9yU/GwchbaHUjme0f0PfvHCXNNbSQUioPIKgqHBDVHQDfQezhf2Fp0X
xPBjGcB3gMtO2/E5Nknsk7M6VIvYVWdGzPYgndBwFde/DZEnvybCCW2TnNrx4yUO
6qB+8ibQH6DchYr1NPX0ryvTwgiPR/3/NDPLxLjMrrF8Q+6njpTYHFkkDvmvRiFz
/aoeMyhFdaQHeqOUKVJCYzLGkQQciEHBQh5m4zWqi8JKmCIeZBLUplswGDa2pgEr
QLmIbGK5bm7opP9UfIBJG7WryQPzqX0AMXImgBefVU75eqnVOYPGuYpYZVMZhvG0
2lldJbxzAM9veWSNFEnBCvfBOSznqnGVqmOVb8K5hwaBYD8FYMRVI8nBEcG5mak1
5j3vEN79simtkr+9RCx62/cyLuGK/8jFJYd84Mf6KAuma69XXkIZGsv1MBIAqgqC
u9VDh1tjC3/kS3bn2+xuRNcZwTVQpHNTDRXy4u+vmdCAB2z+XSl3lMmdptMqOMFj
3FwtHUWs2Woqvfs+DfVHBR96Tg/lVFnOqLvqWQuBXrvh8+J07GL3dR8U+e88ahCQ
KZz/bBx8loiJuJ/iH7dE
=aCfJ
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list