[Dnsmasq-discuss] dns query from localnetwork are blocked

samuel.lethiec at intelunix.fr samuel.lethiec at intelunix.fr
Thu Jan 1 22:10:42 GMT 2015


On 2015-01-01 20:16, T o n g wrote:
> Hi,
> 
> I following the following to config dnsmasq as DHCP and DNS server
> http://sfxpt.wordpress.com/2013/11/30/dnsmasq-installation-
> configuration-5/
> 
> It works well till Ubuntu 13.10. However, with Ubuntu 14.10, the dns
> query from localnetwork will always timeout. The configurations are
> exactly the same, What could be the problem?
> 
> From within localnetwork:
> 
> ~~~
> $ dig google.ca
> 
> ; <<>> DiG 9.9.5-4.3-Ubuntu <<>> google.ca
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
> 
> dig @192.168.2.100 maroon
> 
> ; <<>> DiG 9.9.5-4.3-Ubuntu <<>> @192.168.2.100 maroon
> ; (1 server found)
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
> ~~~
> 
> On the DNS sever itself:
> 
> ~~~
> $ dig google.ca @127.0.0.1
> ...
> ;; ANSWER SECTION:
> google.ca.              299     IN      A       173.194.43.111
> ...
> ;; Query time: 50 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> 
> $ dig @192.168.2.100 maroon
> ...
> ;; ANSWER SECTION:
> maroon.                 0       IN      A       192.168.2.100
> 
> ;; Query time: 1 msec
> ;; SERVER: 192.168.2.100#53(192.168.2.100)
> ...
> ~~~
> 
> This is the debug output from dnsmasq log:
> 
> ~~~
> Jan  1 13:26:10 maroon dnsmasq[2833]: reply google.ca is 
> 173.194.43.119
> Jan  1 13:26:10 maroon dnsmasq[2833]: reply google.ca is 
> 173.194.43.120
>     *** DEBUG 2015-01-01 13:26:21-05:00 DEBUG ***
> Jan  1 13:27:42 maroon dnsmasq[2833]: query[A] maroon from 
> 192.168.2.100
> Jan  1 13:27:42 maroon dnsmasq[2833]: /etc/dnsmasq.hosts maroon is
> 192.168.2.100
>     *** DEBUG 2015-01-01 13:28:19-05:00 DEBUG ***
> ~~~
> 
> All other dns queries from localnetwork did not generate any log 
> entries.
> So, because the local dns query work, I think something is blocking 
> the
> dns queries from localnetwork to reach my local DNS server. What could 
> it
> be?
> 
> I didn't limit the dnsmasq listen address:
> 
> ~~~
> $ grep listen-address /etc/dnsmasq.conf /etc/dnsmasq.d/*
> /etc/dnsmasq.conf:#listen-address=
> ~~~
> 
> My /etc/hosts.deny and hosts.allow files are untouched either, and I 
> can
> ping my DNS server, and ssh into its IP address as well. So I think 
> the
> blocking is only at the DNS level since other access are just fine. It 
> is
> not because of iptables rules either:
> 
> ~~~
> $ iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> ~~~
> 
> Now, I've run out of all the possibilities.
> What could be the problem?
> 
> Thanks


Hello,

iptables-save is usually the recommended way to show your ruleset.

Also, could you show the result of:

sudo ss -o state listening -utp 'sport = :domain'

Thanks!


> 
> 
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



More information about the Dnsmasq-discuss mailing list