[Dnsmasq-discuss] Problems with --server

Simon Kelley simon at thekelleys.org.uk
Tue Jan 20 21:17:14 GMT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 19/01/15 22:47, David Erickson wrote:
> Hello- I am using dnsmasq inside dd-wrt, I am a recent build of
> DD-WRT with dnsmasq v2.72.  I am having problems getting server
> domain forwarding to work, in particular I can tcpdump and watch my
> request come in on the LAN port, the request from dnsmasq head out
> the WAN port to the upstream server, the answer comes back from the
> upstream server, then dnsmasq returns an empty result to me.
> 
> Cmdline: dnsmasq -u root -g root --conf-file=/tmp/dnsmasq.conf
> 
> Conf: interface=br0 resolv-file=/tmp/resolv.dnsmasq all-servers 
> strict-order domain=zonk.some.domain 
> dhcp-leasefile=/tmp/dnsmasq.leases dhcp-lease-max=50 
> dhcp-option=lan,3,10.129.0.1 
> dhcp-range=lan,10.129.0.100,10.129.0.150,255.255.255.0,1440m 
> stop-dns-rebind
^^^^^^^^^^^^^^^^^^


This is your problem. It says "Don't accept replies is A queries where
the address is in the RFC1918 range, ie 10.x.y.z, amongst others.
Dnsmasq should have been logging this.


Cheers,

Simon.

> log-queries # some.domain server=/some.domain/10.128.0.1 
> rev-server=10.128.0.0/24,10.128.0.1 # dc.some.domain 
> server=/dc.some.domain/10.128.64.1 
> rev-server=10.128.64.0/24,10.128.64.1
> 
> And here is the tcpdump interchange:
> 
> Me -> dnsmasq 23:32:32.301531 IP (tos 0x0, ttl 64, id 49653, offset
> 0, flags [none], proto UDP (17), length 86) 10.129.0.138.65190 >
> 10.129.0.1.53: [udp sum ok] 8601+ A? dc-terminal.dc.some.domain.
> (58) 23:32:32.301567 IP (tos 0x0, ttl 64, id 49653, offset 0, flags
> [none], proto UDP (17), length 86) 10.129.0.138.65190 >
> 10.129.0.1.53: [udp sum ok] 8601+ A? dc-terminal.dc.some.domain.
> (58)
> 
> dnsmasq -> upstream device 23:32:32.302130 IP (tos 0x0, ttl 64, id
> 12450, offset 0, flags [DF], proto UDP (17), length 86) 
> 10.128.0.119.46851 > 10.128.64.1.53: [udp sum ok] 58951+ A? 
> dc-terminal.dc.some.domain. (58)
> 
> upstream device -> dnsmasq 23:32:32.317469 ethertype IPv4, IP (tos
> 0x0, ttl 63, id 58992, offset 0, flags [DF], proto UDP (17), length
> 102) 10.128.64.1.53 > 10.128.0.119.46851: [udp sum ok] 58951* q:
> A? dc-terminal.dc.some.domain. 1/0/0 dc-terminal.dc.some.domain.
> [0s] A 10.128.64.3 (74) 23:32:32.317505 IP (tos 0x0, ttl 63, id
> 58992, offset 0, flags [DF], proto UDP (17), length 102) 
> 10.128.64.1.53 > 10.128.0.119.46851: [udp sum ok] 58951* q: A? 
> dc-terminal.dc.some.domain. 1/0/0 dc-terminal.dc.some.domain. [0s]
> A 10.128.64.3 (74)
> 
> dnsmasq -> Me (with an empty answer payload) 23:32:32.317777 IP
> (tos 0x0, ttl 64, id 65207, offset 0, flags [DF], proto UDP (17),
> length 86) 10.129.0.1.53 > 10.129.0.138.65190: [bad udp cksum
> 0x15e0 -> 0x50d2!] 8601* q: A? dc-terminal.dc.some.domain. 0/0/0
> (58) 23:32:32.317804 IP (tos 0x0, ttl 64, id 65207, offset 0, flags
> [DF], proto UDP (17), length 86) 10.129.0.1.53 >
> 10.129.0.138.65190: [udp sum ok] 8601* q: A? 
> dc-terminal.dc.some.domain. 0/0/0 (58)
> 
> Any help or suggestions on troubleshooting would be greatly
> appreciated.
> 
> Thanks, David
> 
> 
> 
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUvsXaAAoJEBXN2mrhkTWic78P/0891jV4EBaseShOYhmD9tZK
1zjSWvuL39yBGQSxGkUtseGoXJ96rjjlVIpgLKSMDA3cliUZeclzM5Icd+4fCQcu
DFZoyCWN+9a+GQT9AkshmxiQrFTOLsKg+oPb0ycxwCDGSZyZVneECaTN0XPdQJzV
mBQBU8nluAei2/NgzO26qWwkUooQf5GXX0VF4cnj8U3EpXf3bxT5r7oBXQcMnc6N
ZUtfvgToKKtGzbK6Mu/L7r0KnI9i1Yghc7G4y36rkFBk3q8Nj76rtcPshf3+twQo
cU5+TOkI5XDWj94OvzTuK9XRTry6qoAYRbaQ3dWVimca5VZx5LxIoEsNeTE5mINl
sHbZPNd2h2oi0nt3gjldKR/zBdeEg68s6h/iD9y9GnItzwL68LMM1NF8s2S9L56Z
HbA7fYf0CKB2T2y86fcmpX1uLKDPgod5IOUemASSmtMWgrpCQkxXiFankviLdFFQ
A6t/+WuGqXhZaCowIRJyrRGW0lmYKHCSAtS1obTdlZhK+Rq9KaJHzoMDm/Rja67K
8/xqJY+9g7AOKn3wG2mutdxJp0X6FvIP+lgw1JDUlnL2gGkJBx3VjZwf+LsQHm5V
IaiCcACmc3Ac1mrCwCo/eKxYuL+l9iE2wNqrUyNOPSkbkjj5dHYva+UJIT+Uo6TG
A9Hp6aZkDiZPS4gzlA7E
=7bF0
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list