[Dnsmasq-discuss] Finding actual DNS server used

Albert ARIBAUD albert.aribaud at free.fr
Sun Jan 15 07:55:50 GMT 2017

Hi Lars,

Le Sat, 14 Jan 2017 20:18:13 +0200
Lars Noodén <lars.nooden at gmail.com> a écrit:

> On 01/14/2017 06:06 PM, Chris Green wrote:
> > On Sat, Jan 14, 2017 at 03:40:52PM +0100, Albert ARIBAUD wrote:  
> [snip]
> >> Or maybe I am missing something. What is your use case?
> >>  
> > Well for one it's useful to be able to check whether dnsmasq is
> > using a sensible DNS server.    
> [snip]
> That's what I'm aiming for.  There is an application on a remote
> computer that is failing because it appears to initially get a working
> nameserver but then somewhere early on the DNS fails.

Since the DNS symptom is on the client, I would investigate the client,
not the server, in the first place, because maybe you're chasing the 
issue in the wrong place. However...

> I think it
> would help the diagnosis to see which nameservers dnsmasq is actually
> calling or caching.
>  Because it's not my system and it is remote, I
> have to go step by step, slowly.

... Do you mean that you have good control of the remote system but
have to go there physically to run tests, or that you do not have
control of the system and must ask someone else to perform tests there?
This makes a difference in the way you can run your tests

> Since everything on that system, in
> regards to DNS, is going via Dnsmasq, I'd like to see what it has
> loaded and is using.

This bring me back to your description of the bug above: "somewhere
early on the DNS fails". What do you mean with that? Did you check
that the client keeps sinding DNS requests to your dnsmasq? (Sorry for
asking questions which might seem to have an obvious answer to you, but
nowhere in the discussion can I find a definitive indication, and the
devil is in the details) Or is it that answers stop coming back? Or is
it that they come back from your dnsmasq with an error code for domains
which you know your dns should resolve properly? Or something else?

If you don't have full control of the remote client, I suggest you check
the logs of your dnsmasq (assuming you have set the log-queries option
in its configuration). The log will tell you which domains are queried,
which replies are from cache and which are forwarded to which upstream
server. IOW, it will give you what you want (which are the upstream
servers your dnsmasq uses) and more (which one it actually used for
resolving request from your remote client, and what the answer was).

But if you have control over the remote machine, I would rather run
wireshirk (or tcpdump into a file, then copy the file over, then open
it in wireshark for ease of analysis) to catch all DHCP- and DNS-related
traffic there. This way, you'll miss the internal dnsmasq info (of
couse) but you'll get more info like which DHCP server this client
relies on (is it only your dnsmasq?) and which DNS it consults (again,
it might stop being dnsmasq for all one knows so far).


> Regards,
> Lars
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


More information about the Dnsmasq-discuss mailing list