[Dnsmasq-discuss] dns query from localnetwork are blocked
samuel.lethiec at intelunix.fr
samuel.lethiec at intelunix.fr
Thu Jan 1 22:10:42 GMT 2015
On 2015-01-01 20:16, T o n g wrote:
> Hi,
>
> I following the following to config dnsmasq as DHCP and DNS server
> http://sfxpt.wordpress.com/2013/11/30/dnsmasq-installation-
> configuration-5/
>
> It works well till Ubuntu 13.10. However, with Ubuntu 14.10, the dns
> query from localnetwork will always timeout. The configurations are
> exactly the same, What could be the problem?
>
> From within localnetwork:
>
> ~~~
> $ dig google.ca
>
> ; <<>> DiG 9.9.5-4.3-Ubuntu <<>> google.ca
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
>
> dig @192.168.2.100 maroon
>
> ; <<>> DiG 9.9.5-4.3-Ubuntu <<>> @192.168.2.100 maroon
> ; (1 server found)
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
> ~~~
>
> On the DNS sever itself:
>
> ~~~
> $ dig google.ca @127.0.0.1
> ...
> ;; ANSWER SECTION:
> google.ca. 299 IN A 173.194.43.111
> ...
> ;; Query time: 50 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>
> $ dig @192.168.2.100 maroon
> ...
> ;; ANSWER SECTION:
> maroon. 0 IN A 192.168.2.100
>
> ;; Query time: 1 msec
> ;; SERVER: 192.168.2.100#53(192.168.2.100)
> ...
> ~~~
>
> This is the debug output from dnsmasq log:
>
> ~~~
> Jan 1 13:26:10 maroon dnsmasq[2833]: reply google.ca is
> 173.194.43.119
> Jan 1 13:26:10 maroon dnsmasq[2833]: reply google.ca is
> 173.194.43.120
> *** DEBUG 2015-01-01 13:26:21-05:00 DEBUG ***
> Jan 1 13:27:42 maroon dnsmasq[2833]: query[A] maroon from
> 192.168.2.100
> Jan 1 13:27:42 maroon dnsmasq[2833]: /etc/dnsmasq.hosts maroon is
> 192.168.2.100
> *** DEBUG 2015-01-01 13:28:19-05:00 DEBUG ***
> ~~~
>
> All other dns queries from localnetwork did not generate any log
> entries.
> So, because the local dns query work, I think something is blocking
> the
> dns queries from localnetwork to reach my local DNS server. What could
> it
> be?
>
> I didn't limit the dnsmasq listen address:
>
> ~~~
> $ grep listen-address /etc/dnsmasq.conf /etc/dnsmasq.d/*
> /etc/dnsmasq.conf:#listen-address=
> ~~~
>
> My /etc/hosts.deny and hosts.allow files are untouched either, and I
> can
> ping my DNS server, and ssh into its IP address as well. So I think
> the
> blocking is only at the DNS level since other access are just fine. It
> is
> not because of iptables rules either:
>
> ~~~
> $ iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> ~~~
>
> Now, I've run out of all the possibilities.
> What could be the problem?
>
> Thanks
Hello,
iptables-save is usually the recommended way to show your ruleset.
Also, could you show the result of:
sudo ss -o state listening -utp 'sport = :domain'
Thanks!
>
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list