[Dnsmasq-discuss] DNS refused when internet is down

Wed Dec 2 14:03:20 GMT 2020

On Wed, Dec 02, 2020 at 02:45:04PM +0100, Matus UHLAR - fantomas wrote:
> > > > > > On 11/25/2020 9:31 AM, Duncan Webb wrote:
> > > > > > > When the internet is down for some external reason
> > > > > > > nslookup is returning
> > > > > > > "Connection to DNS 10.0.0.1 was refused" when
> > > > > > > looking up a host on the
> > > > > > > LAN that has its IP from DHCP. Both DHCP and DNS are
> > > > > > > provided by dnsmasq.
> > > > > > > 
> > > > > > > Is this the expected behaviour or a misconfiguration?
> > > 
> > > > > On Wed, Nov 25, 2020 at 10:44:34AM +0100, john doe wrote:
> > > > > > No, this is not the expected behavior.
> > > 
> > > > On 26/11/2020 08:31, Geert Stappers wrote:
> > > > > Also my first impression, on second thought: "It could be" ...
> > > 
> > > > > > We can not say
> > > > > > where the issue lies with the little information you have provided.
> > > 
> > > > > So please make your problem an interesting challenge for the ML ;-)
> > > 
> > > On 01.12.20 09:32, Duncan Webb wrote:
> > > > The problem can be reproduced by disconnecting the cable to the
> > > > ADSL router. As soon as the cable is removed then a nslookup
> > > > will return a "Connection to DNS 10.0.0.1 was refused" reply for
> > > > every query.
> 
> > On 01/12/2020 10:24, Matus UHLAR - fantomas wrote:
> > > which server does 10.0.0.1 belong to?  apparently not to your router, as
> > > I don't see this address as argument to --listen-address.
> 
> On 01.12.20 10:52, Duncan Webb wrote:
> > Sorry this was a typo should have been 10.99.0.1 (can't pull that cable
> > out at the moment to get the exact message)
> 
> is 10.99.0.1 your external IP address?
> 
> I guess you'll need the exact error message.
> 
> Also you should use "host" instead of "nslookup", because there are
> different nslookup implementations, when some provide non-sensical error
> messages (might be your case).
> 
> > > > I would expect that hosts on the LAN that have been provided an
> > > > IP address from the dnsmasq DHCP server to resolve.
> > > 
> > > hosts on the lan should be resolved by dnsmasq, but unreachable address
> > > can't resolve them.
> > > 
> > > > The configuration is all on the command line and this is
> > > > 
> > > > /usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts
> > > > --listen-address=192.168.0.254 --listen-address=10.99.2.1
> > > > --listen-address=10.99.0.1 --listen-address=10.99.128.1
> > > > --listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces
> > > > --server=/example.net/10.99.0.1 --server=/opcase.private/10.99.130.1
> > > > --server=/130.99.10.in-addr.arpa/10.99.130.1
> > > > --server=/opcase1.private/10.99.144.1
> > > > --server=/144.99.10.in-addr.arpa/10.99.144.1 --dns-forward-max=5000
> > > > --cache-size=10000 --local-ttl=1
> > > > --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf
> > > > 
> > > > I don't think that the options
> > > > --server=/opcase.private/10.99.130.1 where the server is offline
> > > > could be causing this but for completeness both the servers
> > > > 10.99.130.1 and 10.99.144.1 are offline.
> > > > 
> > > > The --conf-dir directory has no .conf files.
> > > > 
> > > > The firewall is OPNsense which based on BSD and I don't think
> > > > this is relevant to this specific problem.
> 
> btw,
> the firewall may cause different behaviour when the external link is down.
> but for now get proper message from proper command.

And add information at which network component it is.

> > > > example.net is not the real domain. The contents of
> > > > /var/etc/dnsmasq-hosts contains lines like this:
> > > > 
> > > > 10.99.0.201 w1.example.net w1
> > > > 10.99.0.202 w2.example.net w2
> > > > 10.99.0.203 w3.example.net w3
> > > > 
> > > > It is these addresses that I would expect to be resolved.

"Works for me"

Regards
Geert Stappers
-- 
Silence is hard to parse