[Dnsmasq-discuss] getting different responses from high traffic DNSmasq

Boris Behrens bb at kervyn.de
Wed Feb 17 18:06:26 UTC 2021


Hello people,
I've got a strange issue with a high traffic (>5 requests / sec) where it
sometimes does not responde with the NXDOMAIN but with NOERROR.

When we ask the upstream DNS directly we always get a NXDOMAIN response.

We use DNSmasq 2.80-1.1ubuntu1.2
We worked around this issue by disabling the cache.

Someone got an idea what the problem is?

The following request are made in a frame of 2 seconds:

/src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10713
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 111292d8f7ef4f7ce124a223602d53418932dae2b1b0e5ea (good)
;; QUESTION SECTION:
;consul.mgmt.DOMAIN.TLD.  IN  ANY

;; AUTHORITY SECTION:
mgmt.DOMAIN.TLD.  3600  IN  SOA ipa2.DOMAIN.TLD.
hostmaster.mgmt.DOMAIN.TLD. 1613268909 3600 900 1209600 3600

;; Query time: 2 msec
;; SERVER: 10.0.0.204#53(10.0.0.204)
;; WHEN: Wed Feb 17 17:32:49 UTC 2021
;; MSG SIZE  rcvd: 133

---
/src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54953
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 2bd32278271acc813fbfb58b602d5345fddaeac8e012297f (good)
;; QUESTION SECTION:
;consul.mgmt.DOMAIN.TLD.  IN  ANY

;; Query time: 1 msec
;; SERVER: 10.0.0.204#53(10.0.0.204)
;; WHEN: Wed Feb 17 17:32:53 UTC 2021
;; MSG SIZE  rcvd: 81

---
/src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46107
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: daeb796bf30117b9d54983db602d534f207b56ad08f7ad15 (good)
;; QUESTION SECTION:
;consul.mgmt.DOMAIN.TLD.  IN  ANY

;; AUTHORITY SECTION:
mgmt.DOMAIN.TLD.  3600  IN  SOA ipa2.DOMAIN.TLD.
hostmaster.mgmt.DOMAIN.TLD. 1613268909 3600 900 1209600 3600

;; Query time: 1 msec
;; SERVER: 10.0.0.204#53(10.0.0.204)
;; WHEN: Wed Feb 17 17:33:03 UTC 2021
;; MSG SIZE  rcvd: 133


Our config:
bind-interfaces
interface=ens18
all-servers
bogus-priv
no-resolv
no-hosts
server=/DOMAINS.TLD/10.0.255.11
server=/DOMAINS.TLD/10.0.255.12
server=/puppet/10.0.255.11
server=/puppet/10.0.255.12
rev-server=10.0.0.0/8,10.0.255.11
rev-server=10.0.0.0/8,10.0.255.12
#server=/DOMAINS/10.0.0.201#8600
#server=/DOMAINS/10.0.0.202#8600
#server=/DOMAINS/10.0.0.203#8600
#server=/DOMAINS/10.0.0.204#8600
#server=/DOMAINS/10.0.0.205#8600
server=/DOMAINS/10.0.240.11#8600
server=/DOMAINS/10.0.240.12#8600
server=/DOMAINS/10.0.240.13#8600
server=/consul/10.2.240.201#8600
server=/consul/10.2.240.202#8600
server=/consul/10.2.240.203#8600
server=8.8.8.8
server=8.8.4.4
addn-hosts=/etc/hosts.dnsmasq
no-negcache
cache-size=0
-- 
Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im
groüen Saal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210217/2efb83d0/attachment.htm>


More information about the Dnsmasq-discuss mailing list