[Dnsmasq-discuss] Kind request regarding Dnsmasq's Dns response auto caching feature not working
Joyabrata Ghosh
joy.career at gmail.com
Thu Jun 4 12:46:28 BST 2015
Hi All,
A small correction on the latest setting without any success till now:
/etc/dnsmasq.conf
log-facility=/var/log/dnsmasq.log
log-queries
log-dhcp
no-daemon
interface=vEth0
interface=tun0
bind-interfaces
all-servers
cache-size=300
neg-ttl=3600
local-ttl=3600
server=/firepitdoc.app.jayapadhi.com/172.23.23.10
#interface-name=firepitdoc.app.jayapadhi.com,vEth0/4
user=root
group=root
server=172.23.23.10
server=10.25.25.2
addn-hosts=/etc/dnsmasq.hosts
listen-address=172.23.23.13
listen-address=10.20.0.1
/etc/dnsmasq.hosts
10.60.70.191 firepitdoc.app.jayapadhi.com
root at cfae:~# ps aux | grep dnsmasq
root 29658 0.0 0.0 21656 1660 pts/3 S+ 12:13 0:00 vi
/etc/dnsmasq.conf
root 29754 0.0 0.0 4404 760 pts/0 S+ 12:14 0:00 /bin/sh
/etc/init.d/dnsmasq restart
root 29770 0.0 0.0 27544 1488 pts/0 S+ 12:14 0:00
/usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -i vEth0 -2
vEth0 -r /var/run/dnsmasq/resolv.conf -7
/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
root 29779 0.0 0.0 8080 616 pts/4 S+ 12:14 0:00 grep
--color=auto dnsmasq
root at cfae:~# sudo tcpdump -s 0 -l -n port 53
12:15:08.208820 IP 172.23.23.13.60659 > 172.23.23.10.53: 62705+ A?
firepitdoc.app.jayapadhi.com. (46)
12:15:08.211889 IP 172.23.23.10.53 > 172.23.23.13.60659: 62705* 1/0/0 A
10.60.70.191 (62)
12:20:55.462247 IP 172.23.23.13.59571 > 172.23.23.10.53: 24925+ A?
firepitdoc.app.jayapadhi.com. (46)
12:20:55.463651 IP 172.23.23.10.53 > 172.23.23.13.59571: 24925* 1/0/0 A
10.60.70.191 (62)
Any tips/tricks on Dnsmasq Dns Cache working setup would be very very
helpful.
Thanks & Regards,
JGhosh
On Thu, Jun 4, 2015 at 4:22 PM, Joyabrata Ghosh <joy.career at gmail.com>
wrote:
> Hi All,
>
> Still unable to solve the Dnsmasq Cache Down problem, anything I am very
> fundamentally missing in cache configuration for DNS response traffic in
> Dnsmasq, when remote queries hit at vEth0 interface via 172.23.23.13 IPv4
> address from tun0 tunnel interface at 10.20.0.1, where DNS server is
> running at remotely at 172.23.23.10#53.
>
> When "nameserver 127.0.0.1" were added in only locally generated Dns
> traffic, Dnsmasq Cache works correctly and some cache were updated, but in
> case of remotely generated traffic, which arrived at vEth0 interface from
> tun0, Dnsmasq not working on any DNS Response traffic consistently, logs
> confirms it.
>
> Any tips/tricks on Dnsmasq Dns Cache working setup would be very very
> helpful.
>
> Thanks & Regards,
> Joy
>
> *dnsmasq: cache size 300, 0/0 cache insertions re-used unexpired cache
> entries.*
> *dnsmasq: queries forwarded 0, queries answered locally 0*
>
>
> /etc/dnsmasq.conf
> 561 log-facility=/var/log/dnsmasq.log
> 562 log-queries
> 563 log-dhcp
> 564 no-daemon
> 565 interface=vEth0
> 566 interface=tun0
> 567 bind-interfaces
> 568 all-servers
> 569 cache-size=300
> 570 neg-ttl=3600
> 571 local-ttl=3600
> 572 server=/firepitdoc.app.jayapadhi.com/10.60.70.191
> 573 interface-name=firepitdoc.app.jayapadhi.com,vEth0/4
> 574 user=root
> 575 group=root
> 576
> 577 server=10.25.25.2
> 578 server= 172.23.23.10
> 579 addn-hosts=/etc/dnsmasq.hosts
> 580 listen-address=172.23.23.13
> 581 listen-address=10.20.0.1
>
> root at cfae:/var/log# cat /etc/dnsmasq.hosts
> 10.60.70.190 blrfirepit.app.jayapadhi.com
>
> root at cfae:/var/log# cat /etc/resolv.conf
> domain jayapadhi.com
> search jayapadhi.com
> nameserver 10.25.25.2
> root at cfae:/var/log# cat /etc/host
> host.conf hostname hosts hosts.allow hosts.deny
> root at cfae:/var/log# cat /etc/hosts
> 127.0.0.1 localhost
> 127.0.1.1 xyz
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
>
> /var/log/dnsmasq.log
> root at cfae:/var/log# /etc/init.d/dnsmasq restart
> * Restarting DNS forwarder and DHCP server dnsmasq
> dnsmasq: started,
> version 2.59 cachesize 300
> dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n DHCP TFTP
> conntrack IDN
> dnsmasq: using nameserver 172.23.23.10#53
> dnsmasq: using nameserver 10.25.25.2#53
> dnsmasq: using nameserver 10.60.70.191#53 for domain
> firepitdoc.app.jayapadhi.com
> dnsmasq: reading /etc/resolv.conf
> dnsmasq: using nameserver 10.25.25.2#53
> dnsmasq: using nameserver 172.23.23.10#53
> dnsmasq: using nameserver 10.25.25.2#53
> dnsmasq: using nameserver 10.60.70.191#53 for domain
> firepitdoc.app.jayapadhi.com
> dnsmasq: read /etc/hosts - 7 addresses
> dnsmasq: read /etc/dnsmasq.hosts - 1 addresses
>
>
> User defined signal 1
> root at cfae:/var/log#
> root at cfae:/var/log#
> root at cfae:/var/log# dnsmasq: reading /etc/resolv.conf
> dnsmasq: using nameserver 10.25.25.2#53
> dnsmasq: using nameserver 172.23.23.10#53
> dnsmasq: using nameserver 10.25.25.2#53
> dnsmasq: using nameserver 10.60.70.191#53 for domain
> firepitdoc.app.jayapadhi.com
> dnsmasq: time 1433431170
> *dnsmasq: cache size 300, 0/0 cache insertions re-used unexpired cache
> entries.*
> *dnsmasq: queries forwarded 0, queries answered locally 0*
> dnsmasq: server 10.60.70.191#53: queries sent 0, retried or failed 0
> dnsmasq: server 10.25.25.2#53: queries sent 0, retried or failed 0
> dnsmasq: server 172.23.23.10#53: queries sent 0, retried or failed 0
> dnsmasq: Host Address
> Flags Expires
> dnsmasq: ip6-loopback ::1
> 6F I H
> dnsmasq: pep 127.0.1.1
> 4FRI H
> dnsmasq: blrfirepit.app.jayapadhi.com 10.60.70.190
> 4FRI H
> dnsmasq: ip6-mcastprefix ff00::
> 6FRI H
> dnsmasq: ip6-allrouters ff02::2
> 6FRI H
> dnsmasq: ip6-localhost ::1
> 6FRI H
> dnsmasq: localhost 127.0.0.1
> 4FRI H
> dnsmasq: ip6-allnodes ff02::1
> 6FRI H
> dnsmasq: ip6-localnet fe00::
> 6FRI H
>
>
> root at cfae:/var/log# iptables-save
> # Generated by iptables-save v1.4.12 on Thu Jun 4 11:27:21 2015
> *raw
> :PREROUTING ACCEPT [58811:9140569]
> :OUTPUT ACCEPT [32414:8911344]
> -A PREROUTING -i eth2 -j CT --notrack
> -A PREROUTING -i vEth1 -j CT --notrack
> -A PREROUTING -i eth3 -j CT --notrack
> -A PREROUTING -i lo -j CT --notrack
> -A OUTPUT -o eth2 -j CT --notrack
> -A OUTPUT -o vEth1 -j CT --notrack
> -A OUTPUT -o eth3 -j CT --notrack
> -A OUTPUT -o lo -j CT --notrack
> COMMIT
> # Completed on Thu Jun 4 11:27:21 2015
> # Generated by iptables-save v1.4.12 on Thu Jun 4 11:27:21 2015
> *nat
> :PREROUTING ACCEPT [2010:128170]
> :INPUT ACCEPT [0:0]
> :OUTPUT ACCEPT [102:7604]
> :POSTROUTING ACCEPT [0:0]
> -A POSTROUTING -o vEth0 -j MASQUERADE
> COMMIT
> # Completed on Thu Jun 4 11:27:21 2015
> # Generated by iptables-save v1.4.12 on Thu Jun 4 11:27:21 2015
> *filter
> :INPUT ACCEPT [836:53279]
> :FORWARD ACCEPT [14348:3836413]
> :OUTPUT ACCEPT [836:53279]
> -A INPUT -d 10.25.25.31/32 -i eth2 -j ACCEPT
> -A INPUT -d 172.23.23.13/32 -i vEth0 -j ACCEPT
> -A INPUT -i eth3 -p udp -m udp --dport 1194 -j ACCEPT
> -A INPUT -i eth3 -j DROP
> -A INPUT -d 10.40.2.222/32 -i eth3 -j DROP
> -A OUTPUT -s 10.25.25.31/32 -o eth2 -j ACCEPT
> -A OUTPUT -s 172.23.23.13/32 -o vEth0 -j ACCEPT
> -A OUTPUT -o eth3 -p udp -m udp --sport 1194 -j ACCEPT
> -A OUTPUT -o eth3 -j DROP
> -A OUTPUT -s 10.40.2.222/32 -o eth3 -j DROP
> COMMIT
> # Completed on Thu Jun 4 11:27:21 2015
> root at cfae:/var/log#
>
>
> On Mon, Jun 1, 2015 at 12:11 AM, Albert ARIBAUD <albert.aribaud at free.fr>
> wrote:
>
>> Hi Joyabrata,
>>
>> Le Sun, 31 May 2015 22:48:42 +0530, Joyabrata Ghosh
>> <joy.career at gmail.com> a écrit :
>>
>> > Hi All,
>> >
>> > Thanks for quick reply, tried the proposed setting as well, where
>> > "listen-address=172.20.20.10", the DNS traffic source interface eth0's
>> IPv4
>> > address as well as "interface=eth0" without any success till now:
>> >
>> > *Dnsmasq setting: /etc/dnsmasq.conf*
>> >
>> > log-facility=/var/log/dnsmasq.log
>> > log-queries
>> > log-dhcp
>> > no-daemon
>> > * listen-address=172.20.20.10*
>> > port=53
>> > * interface=eth0*
>> > * bind-interfaces*
>> > cache-size=1000
>> > neg-ttl=3600
>> >
>> > Anyone please point if anything missing from configuration or invalid
>> > configuration applied.
>>
>> Since you're logging in /var/log/dnsmasq.log, maybe this file contains
>> information such as warnings or error messages ?
>>
>> > Thanks & Regards,
>> > JGhosh
>> > Networking developer, Bangalore, India
>>
>> Amicalement,
>> --
>> Albert.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20150604/cc39a39f/attachment-0001.html>
More information about the Dnsmasq-discuss
mailing list