[Dnsmasq-discuss] v2.83 failed to send packet: Network is unreachable

Lonnie Abelbeck lists at lonnie.abelbeck.com
Fri Jan 22 16:04:07 UTC 2021


I'm able to reproduce this 2.83 issue, with both errors:
--
Jan 22 09:00:06 gw-lan daemon.err dnsmasq[19230]: failed to send packet: Network is unreachable
Jan 22 09:00:06 gw-lan daemon.err dnsmasq[19230]: failed to send packet: Network is unreachable
Jan 22 09:00:19 gw-lan daemon.err dnsmasq[19230]: failed to send packet: Address family not supported by protocol
Jan 22 09:00:19 gw-lan daemon.err dnsmasq[19230]: failed to send packet: Address family not supported by protocol
--
Reverting back to 2.82, the error logs do not appear, no issue.

I normally use "dns-forward-max=512" but tested with "dns-forward-max=2048", no effect on the 2.83 issue.

My testing also showed this has nothing to do with proxy-forwarding on 127.0.0.1#2853 vs. public DNS IPs, same 2.83 issue.


Test method to generate 2.83 issue:

Using an ethernet connected computer to the dnsmasq box, in a browser run Steve Gibson's "DNS Nameserver Spoofability Test"...

DNS Nameserver Spoofability Test
https://www.grc.com/dns/dns.htm
(scroll to bottom and click Initiate... button)

This always generates around 40 "failed to send packet" logs with 2.83 in my tests.

Interestingly, my WiFi connected MacBook Air over WireGuard does not generate any "failed to send packet" logs with the same test. So a direct ethernet connection with a non-wimpy computer is required.

Hopefully Simon (et al.) can reproduce this and provide a fix.

This log occurs in send_from() in src/forward.c . Many forward.c changes have occurred with 2.82 -> 2.83, but the function send_from() itself is unchanged.

Lonnie



> On Jan 21, 2021, at 8:14 PM, Steve Hirsch <STEVEHIRSCH49 at msn.com> wrote:
> 
> Hi Lonnie, 
>  
> I am also seeing an occasional “failed to send packet: Address family not supported by protocol”.  However, it is mostly “Network Unreachable” and they are pretty continuous (much more than the 10 you have).  Dnscrypt is configured to use DoH to cloudflare servers.  On my side, doesn’t seem to be related to activity level…low levels of activity also generates errors.
>  
> From: Lonnie Abelbeck
> Sent: Thursday, January 21, 2021 6:42 PM
> To: dnsmasq list
> Cc: Steve Hirsch
> Subject: Re: [Dnsmasq-discuss] v2.83 failed to send packet: Network is unreachable
>  
> 
> 
> > On Jan 21, 2021, at 5:53 PM, Steve Hirsch <STEVEHIRSCH49 at msn.com> wrote:
> > 
> > After upgrading dnsmasq from version 2.82 to version 2.83 on Arch Linux (kernel 5.10.9), “failed to send packet: Network is unreachable” errors continually show up.  However, name resolution still appears to work with v2.83.  Downgrading back to v2.82, and the error messages go away.  Dnsmasq is configured to forward requests to dnscrypt-proxy via server=::1#53000 and server=127.0.0.1#53000 lines in  dnsmasq.conf.  Turning on log-queries and log-dhcp did not show anything unusual in the log.
> >  
> > This configuration has been running fine for over a year now, so I don’t think it’s a configuration issue.  Dnscrypt-proxy is running version 2.0.45 (updated was on 1/6/2021).
> 
> Hey Steve, I'm seeing something similar "failed to send packet" on my setup that is new with 2.82 -> 2.83 .
> 
> Like you, I am proxying via 127.0.0.1#2853, but with unbound performing DNS-over-TLS.
> 
> This box is my edge device with a fair amount of traffic, so the 10 errors are not a lot in 24 hours, but would like to understand the change with 2.83 .
> 
> # grep dnsmasq /var/log/messages | grep -v dnsmasq-dhcp
> --
> Jan 20 15:52:41 gw-lan daemon.info dnsmasq[3300]: started, version 2.83 cachesize 4096
> Jan 20 15:52:41 gw-lan daemon.info dnsmasq[3300]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-nettlehash no-DNSSEC loop-detect inotify no-dumpfile
> Jan 20 15:52:41 gw-lan daemon.info dnsmasq-tftp[3300]: TFTP root is /tftpboot  
> Jan 20 15:52:41 gw-lan daemon.info dnsmasq[3300]: using nameserver 127.0.0.1#2853
> Jan 20 15:52:41 gw-lan daemon.info dnsmasq[3300]: using only locally-known addresses for domain priv.abelbeck.com
> Jan 20 15:52:41 gw-lan daemon.info dnsmasq[3300]: read /etc/hosts - 65 addresses
> Jan 21 04:27:43 gw-lan daemon.err dnsmasq[3300]: failed to send packet: Address family not supported by protocol
> Jan 21 13:14:00 gw-lan daemon.err dnsmasq[3300]: failed to send packet: Address family not supported by protocol
> Jan 21 13:14:00 gw-lan daemon.err dnsmasq[3300]: failed to send packet: Address family not supported by protocol
> Jan 21 13:14:01 gw-lan daemon.err dnsmasq[3300]: failed to send packet: Address family not supported by protocol
> Jan 21 13:14:01 gw-lan daemon.err dnsmasq[3300]: failed to send packet: Address family not supported by protocol
> Jan 21 13:14:01 gw-lan daemon.err dnsmasq[3300]: failed to send packet: Address family not supported by protocol
> Jan 21 13:14:01 gw-lan daemon.err dnsmasq[3300]: failed to send packet: Address family not supported by protocol
> Jan 21 14:12:22 gw-lan daemon.err dnsmasq[3300]: failed to send packet: Address family not supported by protocol
> Jan 21 15:37:30 gw-lan daemon.err dnsmasq[3300]: failed to send packet: Address family not supported by protocol
> Jan 21 15:37:30 gw-lan daemon.err dnsmasq[3300]: failed to send packet: Address family not supported by protocol
> --
> 
> In dnsmasq.conf I set:
> --
> dns-forward-max=512
> --
> 
> So far, I'm not able to generate the "failed to send packet" manually by flooding DNS requests and such.
> 
> Lonnie
> 
> 
>  
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss




More information about the Dnsmasq-discuss mailing list