[Dnsmasq-discuss] TCP DNS requests fail with "communications error" / "end of file"
Jinn Ko
dnsmasq-discuss at mx.ixido.net
Thu Jul 23 12:29:12 BST 2020
On 22/07/2020 12:46, Simon Kelley wrote:
> On 20/07/2020 14:11, Jinn Ko wrote:
>> Hi,
>>
>> While using dnsmasq as embedded in the pi-hole project I came across an issue with how TCP
>> DNS requests are handled over Wireguard interfaces.
>>
>> A ticket was raised in the FTL project (https://github.com/pi-hole/FTL/issues/824) and the
>> conclusion was that the issue is in dnsmasq. It seems the logic of determining the incoming
>> interface fails and the connection is closed and reset before FTL can handle it, which seems
>> to put the issue in the dnsmasq codebase.
>>
>> A key detail is that the Wireguard interface is configured with the same IP as the default
>> interface, but with a more specific subnet mask. For example where eth0 has the default
>> route it may be configured with 10.3.2.1/24, while the Wireguard interface would have the
>> address 10.3.2.1/32. Having a different IP on the two interfaces does not cause any issues.
>
> Is this something as simple as needing to have dnsmasq listening on both
> eth0 and the wireguard interface?
The process is listening on all interfaces:
# ss -plntu | grep -E ':53\W'
udp UNCONN 0 0 0.0.0.0:53 0.0.0.0:* users:(("pihole-FTL",pid=770,fd=4))
udp UNCONN 0 0 *:53 *:* users:(("pihole-FTL",pid=770,fd=6))
tcp LISTEN 0 32 0.0.0.0:53 0.0.0.0:* users:(("pihole-FTL",pid=770,fd=5))
tcp LISTEN 0 32 [::]:53 [::]:* users:(("pihole-FTL",pid=770,fd=7))
So I don't think it's as simple as adjusting the listening interfaces :/
>
> Can you describe exactly what's going on around dnsmasq.c line 1815 and
> in the loopback_exception() function, to cause client_ok to be set to
> zero?
Line 1815 on the branch that created the log output is here:
https://github.com/pi-hole/FTL/blob/fix/jjnnko/src/dnsmasq/dnsmasq.c#L1815
.. on this btranch I suspect you're referring to line 1850, but I'm afraid I'm not sure what
the logic is exactly about there. @DL6ER mentioned he'd try to chime in about this,
hopefully by early next week.
> I can't easily access your logging patches, and I don't have a
> pihole installation, so I can't easily reproduce this or understand
> exactly what the logging means.
These were the changes to introduce the logging:
https://github.com/pi-hole/FTL/commit/df647e81df860ac2a6247817fbaab16cea776817
> I'm interested in what interface_index
> is returned from tcp_interface(), what interface name that translates
> to, what interface indexes are in the daemon->interfaces linked list
> that gets tested against, and if that test fails, what happens in
> loopback_exception()
Seems like we can introduce some more logging and I'd be happy to test again.
Thanks,
Jinn
More information about the Dnsmasq-discuss
mailing list