[Dnsmasq-discuss] NXDOMAIN on exisiting A record

Alex Litvak alexander.v.litvak at gmail.com
Sun Jul 7 20:09:20 BST 2019


Hello every one,

I run consul services on my network where servics are registered with xyz.service.consul when they start.  All containers and bare metal hosts are running dnsmasq 2.80.
I noticed that if I restart one of the containers one of the hosts continue failing to resolve the server hostname.  I can see that dnsmasq is a culprit because:

1. I can resolve service against standard dns servers
2. Dnsmasq on 127.0.0.1 is first in the resolve.conf and when I run tcpdump against port 53 on lo I see it returns NXDOMAIN on the service query
3. If I restart dnsmasq everything is back to normal again.  Even more weird, if I send SIGHUP to dnsmasq which only causes to reread /etc/hosts file, everything is bad to normal as far as service 
resolution goes.

The weird thing is I have it only happen on some hosts without the pattern I can recognize.  For example I have to nodes with the same config, os, kernel version, dnsmasq version, etc ... and one of 
them have the problem 100% on service restart and other is not.

Where do I start troubleshooting, any ideas are welcome.

Here is a standard dnsmasq confugration.

port=53
domain-needed
bogus-priv
interface=lo
listen-address=127.0.0.1
no-dhcp-interface=127.0.0.1
#bind-interfaces
no-resolv
all-servers
dns-forward-max=500

# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use
# this.
#addn-hosts=/etc/banner_add_hosts

#log-queries=extra
#log-facility=/var/log/dnsmasq.log
log-async=25

# Set the cachesize here.
cache-size=10000
min-cache-ttl=5
#neg-ttl=3600

# If you want to disable negative caching, uncomment this.
#no-negcache

# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
#log-queries
clear-on-reload

server=10.0.48.12
server=10.0.48.11
server=10.0.21.63
server=10.0.21.61

server=/.la.consul/10.0.73.43
server=/.la.consul/10.0.73.40
server=/.la.consul/10.0.73.28
server=/.chi-pbx.consul/10.1.73.1
server=/.chi-pbx.consul/10.1.73.2
server=/.chi-pbx.consul/10.1.73.3
server=/.consul/10.0.73.43
server=/.consul/10.0.73.40
server=/.consul/10.0.73.28

Resolver config

search ''
options  timeout:1 attempts:1
nameserver 127.0.0.1
nameserver 10.0.48.11
nameserver 10.0.48.12
nameserver 10.0.21.63







More information about the Dnsmasq-discuss mailing list