[Dnsmasq-discuss] DNS refused when internet is down

Sat Dec 5 10:11:59 GMT 2020

On 02/12/2020 14:45, Matus UHLAR - fantomas wrote:
>>>>>> On 11/25/2020 9:31 AM, Duncan Webb wrote:
>>>>>>> When the internet is down for some external reason nslookup is 
>>>>>>> returning
>>>>>>> "Connection to DNS 10.0.0.1 was refused" when looking up a host 
>>>>>>> on the
>>>>>>> LAN that has its IP from DHCP. Both DHCP and DNS are provided by 
>>>>>>> dnsmasq.
>>>>>>>
>>>>>>> Is this the expected behaviour or a misconfiguration?
>>>
>>>>> On Wed, Nov 25, 2020 at 10:44:34AM +0100, john doe wrote:
>>>>>> No, this is not the expected behavior.
>>>
>>>> On 26/11/2020 08:31, Geert Stappers wrote:
>>>>> Also my first impression, on second thought: "It could be" ...
>>>
>>>>>> We can not say
>>>>>> where the issue lies with the little information you have provided.
>>>
>>>>> So please make your problem an interesting challenge for the ML ;-)
>>>
>>> On 01.12.20 09:32, Duncan Webb wrote:
>>>> The problem can be reproduced by disconnecting the cable to the 
>>>> ADSL router. As soon as the cable is removed then a nslookup will 
>>>> return a "Connection to DNS 10.0.0.1 was refused" reply for every 
>>>> query.
>
>> On 01/12/2020 10:24, Matus UHLAR - fantomas wrote:
>>> which server does 10.0.0.1 belong to? apparently not to your router, as
>>> I don't see this address as argument to --listen-address.
>
> On 01.12.20 10:52, Duncan Webb wrote:
>> Sorry this was a typo should have been 10.99.0.1 (can't pull that 
>> cable out at the moment to get the exact message)
>
> is 10.99.0.1 your external IP address?
This is the LAN address of the Firewall, the WAN address is the external 
address.
>
> I guess you'll need the exact error message.
>
> Also you should use "host" instead of "nslookup", because there are
> different nslookup implementations, when some provide non-sensical error
> messages (might be your case).

Thanks I have noticed differences between host and nslookup.

>
>>>> I would expect that hosts on the LAN that have been provided an IP 
>>>> address from the dnsmasq DHCP server to resolve.
>>>
>>> hosts on the lan should be resolved by dnsmasq, but unreachable address
>>> can't resolve them.
>>>
>>>> The configuration is all on the command line and this is
>>>>
>>>> /usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts
>>>> --listen-address=192.168.0.254 --listen-address=10.99.2.1
>>>> --listen-address=10.99.0.1 --listen-address=10.99.128.1
>>>> --listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces
>>>> --server=/example.net/10.99.0.1 --server=/opcase.private/10.99.130.1
>>>> --server=/130.99.10.in-addr.arpa/10.99.130.1
>>>> --server=/opcase1.private/10.99.144.1
>>>> --server=/144.99.10.in-addr.arpa/10.99.144.1 --dns-forward-max=5000
>>>> --cache-size=10000 --local-ttl=1
>>>> --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf
>>>>
>>>> I don't think that the options --server=/opcase.private/10.99.130.1 
>>>> where the server is offline could be causing this but for 
>>>> completeness both the servers 10.99.130.1 and 10.99.144.1 are offline.
>>>>
>>>> The --conf-dir directory has no .conf files.
>>>>
>>>> The firewall is OPNsense which based on BSD and I don't think this 
>>>> is relevant to this specific problem.
>
> btw,
> the firewall may cause different behaviour when the external link is 
> down.
> but for now get proper message from proper command.

Today I cannot reproduce the error.

This could be because the Firewall software was updated a couple of 
weeks ago and the settings for dnsmasq have changed. There used to be a 
text box for additional options and this has now gone so the additional 
settings have also been removed. The settings were mostly srv-host 
options and the other was no-negcache. Could it be that removing 
no-negcache has changed the behaviour.