[Dnsmasq-discuss] Kind request regarding Dnsmasq's Dns response auto caching feature not working

Joyabrata Ghosh joy.career at gmail.com
Thu Jun 4 12:46:28 BST 2015 

Hi All,

A small correction on the latest setting without any success till now:

/etc/dnsmasq.conf
log-facility=/var/log/dnsmasq.log
log-queries
log-dhcp
no-daemon
interface=vEth0
interface=tun0
bind-interfaces
all-servers
cache-size=300
neg-ttl=3600
local-ttl=3600
server=/firepitdoc.app.jayapadhi.com/172.23.23.10
#interface-name=firepitdoc.app.jayapadhi.com,vEth0/4
user=root
group=root
server=172.23.23.10
server=10.25.25.2
addn-hosts=/etc/dnsmasq.hosts
listen-address=172.23.23.13
listen-address=10.20.0.1


/etc/dnsmasq.hosts
10.60.70.191 firepitdoc.app.jayapadhi.com


root at cfae:~# ps aux | grep dnsmasq
root     29658  0.0  0.0  21656  1660 pts/3    S+   12:13   0:00 vi
/etc/dnsmasq.conf
root     29754  0.0  0.0   4404   760 pts/0    S+   12:14   0:00 /bin/sh
/etc/init.d/dnsmasq restart
root     29770  0.0  0.0  27544  1488 pts/0    S+   12:14   0:00
/usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -i vEth0 -2
vEth0 -r /var/run/dnsmasq/resolv.conf -7
/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
root     29779  0.0  0.0   8080   616 pts/4    S+   12:14   0:00 grep
--color=auto dnsmasq

root at cfae:~# sudo tcpdump -s 0 -l -n port 53
12:15:08.208820 IP 172.23.23.13.60659 > 172.23.23.10.53: 62705+ A?
firepitdoc.app.jayapadhi.com. (46)
12:15:08.211889 IP 172.23.23.10.53 > 172.23.23.13.60659: 62705* 1/0/0 A
10.60.70.191 (62)
12:20:55.462247 IP 172.23.23.13.59571 > 172.23.23.10.53: 24925+ A?
firepitdoc.app.jayapadhi.com. (46)
12:20:55.463651 IP 172.23.23.10.53 > 172.23.23.13.59571: 24925* 1/0/0 A
10.60.70.191 (62)

Any tips/tricks on Dnsmasq Dns Cache working setup would be very very
helpful.

Thanks & Regards,
JGhosh

On Thu, Jun 4, 2015 at 4:22 PM, Joyabrata Ghosh <joy.career at gmail.com>
wrote:

> Hi All,
>
> Still unable to solve the Dnsmasq Cache Down problem, anything I am very
> fundamentally missing in cache configuration for DNS response traffic in
> Dnsmasq, when remote queries hit at vEth0 interface via 172.23.23.13 IPv4
> address from tun0 tunnel interface at 10.20.0.1, where DNS server is
> running at remotely at 172.23.23.10#53.
>
> When "nameserver 127.0.0.1" were added in only locally generated Dns
> traffic, Dnsmasq Cache works correctly and some cache were updated, but in
> case of remotely generated traffic, which arrived at vEth0 interface from
> tun0, Dnsmasq not working on any DNS Response traffic consistently, logs
> confirms it.
>
> Any tips/tricks on Dnsmasq Dns Cache working setup would be very very
> helpful.
>
> Thanks & Regards,
> Joy
>
> *dnsmasq: cache size 300, 0/0 cache insertions re-used unexpired cache
> entries.*
> *dnsmasq: queries forwarded 0, queries answered locally 0*
>
>
> /etc/dnsmasq.conf
>     561 log-facility=/var/log/dnsmasq.log
>     562 log-queries
>     563 log-dhcp
>     564 no-daemon
>     565 interface=vEth0
>     566 interface=tun0
>     567 bind-interfaces
>     568 all-servers
>     569 cache-size=300
>     570 neg-ttl=3600
>     571 local-ttl=3600
>     572 server=/firepitdoc.app.jayapadhi.com/10.60.70.191
>     573 interface-name=firepitdoc.app.jayapadhi.com,vEth0/4
>     574 user=root
>     575 group=root
>     576
>     577 server=10.25.25.2
>     578 server= 172.23.23.10
>     579 addn-hosts=/etc/dnsmasq.hosts
>     580 listen-address=172.23.23.13
>     581 listen-address=10.20.0.1
>
> root at cfae:/var/log# cat /etc/dnsmasq.hosts
> 10.60.70.190 blrfirepit.app.jayapadhi.com
>
> root at cfae:/var/log# cat /etc/resolv.conf
> domain jayapadhi.com
> search jayapadhi.com
> nameserver 10.25.25.2
> root at cfae:/var/log# cat /etc/host
> host.conf    hostname     hosts        hosts.allow  hosts.deny
> root at cfae:/var/log# cat /etc/hosts
> 127.0.0.1 localhost
> 127.0.1.1 xyz
>
> # The following lines are desirable for IPv6 capable hosts
> ::1     ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
>
> /var/log/dnsmasq.log
> root at cfae:/var/log# /etc/init.d/dnsmasq restart
>  * Restarting DNS forwarder and DHCP server dnsmasq
>                                                         dnsmasq: started,
> version 2.59 cachesize 300
> dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n DHCP TFTP
> conntrack IDN
> dnsmasq: using nameserver 172.23.23.10#53
> dnsmasq: using nameserver 10.25.25.2#53
> dnsmasq: using nameserver 10.60.70.191#53 for domain
> firepitdoc.app.jayapadhi.com
> dnsmasq: reading /etc/resolv.conf
> dnsmasq: using nameserver 10.25.25.2#53
> dnsmasq: using nameserver 172.23.23.10#53
> dnsmasq: using nameserver 10.25.25.2#53
> dnsmasq: using nameserver 10.60.70.191#53 for domain
> firepitdoc.app.jayapadhi.com
> dnsmasq: read /etc/hosts - 7 addresses
> dnsmasq: read /etc/dnsmasq.hosts - 1 addresses
>
>
> User defined signal 1
> root at cfae:/var/log#
> root at cfae:/var/log#
> root at cfae:/var/log# dnsmasq: reading /etc/resolv.conf
> dnsmasq: using nameserver 10.25.25.2#53
> dnsmasq: using nameserver 172.23.23.10#53
> dnsmasq: using nameserver 10.25.25.2#53
> dnsmasq: using nameserver 10.60.70.191#53 for domain
> firepitdoc.app.jayapadhi.com
> dnsmasq: time 1433431170
> *dnsmasq: cache size 300, 0/0 cache insertions re-used unexpired cache
> entries.*
> *dnsmasq: queries forwarded 0, queries answered locally 0*
> dnsmasq: server 10.60.70.191#53: queries sent 0, retried or failed 0
> dnsmasq: server 10.25.25.2#53: queries sent 0, retried or failed 0
> dnsmasq: server 172.23.23.10#53: queries sent 0, retried or failed 0
> dnsmasq: Host                                     Address
>        Flags     Expires
> dnsmasq: ip6-loopback                             ::1
>        6F I   H
> dnsmasq: pep                                      127.0.1.1
>        4FRI   H
> dnsmasq: blrfirepit.app.jayapadhi.com             10.60.70.190
>         4FRI   H
> dnsmasq: ip6-mcastprefix                          ff00::
>       6FRI   H
> dnsmasq: ip6-allrouters                           ff02::2
>        6FRI   H
> dnsmasq: ip6-localhost                            ::1
>        6FRI   H
> dnsmasq: localhost                                127.0.0.1
>        4FRI   H
> dnsmasq: ip6-allnodes                             ff02::1
>        6FRI   H
> dnsmasq: ip6-localnet                             fe00::
>       6FRI   H
>
>
> root at cfae:/var/log# iptables-save
> # Generated by iptables-save v1.4.12 on Thu Jun  4 11:27:21 2015
> *raw
> :PREROUTING ACCEPT [58811:9140569]
> :OUTPUT ACCEPT [32414:8911344]
> -A PREROUTING -i eth2 -j CT --notrack
> -A PREROUTING -i vEth1 -j CT --notrack
> -A PREROUTING -i eth3 -j CT --notrack
> -A PREROUTING -i lo -j CT --notrack
> -A OUTPUT -o eth2 -j CT --notrack
> -A OUTPUT -o vEth1 -j CT --notrack
> -A OUTPUT -o eth3 -j CT --notrack
> -A OUTPUT -o lo -j CT --notrack
> COMMIT
> # Completed on Thu Jun  4 11:27:21 2015
> # Generated by iptables-save v1.4.12 on Thu Jun  4 11:27:21 2015
> *nat
> :PREROUTING ACCEPT [2010:128170]
> :INPUT ACCEPT [0:0]
> :OUTPUT ACCEPT [102:7604]
> :POSTROUTING ACCEPT [0:0]
> -A POSTROUTING -o vEth0 -j MASQUERADE
> COMMIT
> # Completed on Thu Jun  4 11:27:21 2015
> # Generated by iptables-save v1.4.12 on Thu Jun  4 11:27:21 2015
> *filter
> :INPUT ACCEPT [836:53279]
> :FORWARD ACCEPT [14348:3836413]
> :OUTPUT ACCEPT [836:53279]
> -A INPUT -d 10.25.25.31/32 -i eth2 -j ACCEPT
> -A INPUT -d 172.23.23.13/32 -i vEth0 -j ACCEPT
> -A INPUT -i eth3 -p udp -m udp --dport 1194 -j ACCEPT
> -A INPUT -i eth3 -j DROP
> -A INPUT -d 10.40.2.222/32 -i eth3 -j DROP
> -A OUTPUT -s 10.25.25.31/32 -o eth2 -j ACCEPT
> -A OUTPUT -s 172.23.23.13/32 -o vEth0 -j ACCEPT
> -A OUTPUT -o eth3 -p udp -m udp --sport 1194 -j ACCEPT
> -A OUTPUT -o eth3 -j DROP
> -A OUTPUT -s 10.40.2.222/32 -o eth3 -j DROP
> COMMIT
> # Completed on Thu Jun  4 11:27:21 2015
> root at cfae:/var/log#
>
>
> On Mon, Jun 1, 2015 at 12:11 AM, Albert ARIBAUD <albert.aribaud at free.fr>
> wrote:
>
>> Hi Joyabrata,
>>
>> Le Sun, 31 May 2015 22:48:42 +0530, Joyabrata Ghosh
>> <joy.career at gmail.com> a écrit :
>>
>> > Hi All,
>> >
>> > Thanks for quick reply, tried the proposed setting as well, where
>> > "listen-address=172.20.20.10", the DNS traffic source interface eth0's
>> IPv4
>> > address as well as "interface=eth0" without any success till now:
>> >
>> > *Dnsmasq setting: /etc/dnsmasq.conf*
>> >
>> >     log-facility=/var/log/dnsmasq.log
>> >     log-queries
>> >     log-dhcp
>> >     no-daemon
>> > *    listen-address=172.20.20.10*
>> >     port=53
>> > *    interface=eth0*
>> > *    bind-interfaces*
>> >     cache-size=1000
>> >     neg-ttl=3600
>> >
>> > Anyone please point if anything missing from configuration or invalid
>> > configuration applied.
>>
>> Since you're logging in /var/log/dnsmasq.log, maybe this file contains
>> information such as warnings or error messages ?
>>
>> > Thanks & Regards,
>> > JGhosh
>> > Networking developer, Bangalore, India
>>
>> Amicalement,
>> --
>> Albert.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20150604/cc39a39f/attachment-0001.html>

More information about the Dnsmasq-discuss mailing list