[Dnsmasq-discuss] getting different responses from high traffic DNSmasq

Thu Feb 18 09:44:04 UTC 2021

This happened after the update from v2.76 to v2.80

Is there a way how I can debug that deeper.

Am Mi., 17. Feb. 2021 um 19:06 Uhr schrieb Boris Behrens <bb at kervyn.de>:
>
> Hello people,
> I've got a strange issue with a high traffic (>5 requests / sec) where it sometimes does not responde with the NXDOMAIN but with NOERROR.
>
> When we ask the upstream DNS directly we always get a NXDOMAIN response.
>
> We use DNSmasq 2.80-1.1ubuntu1.2
> We worked around this issue by disabling the cache.
>
> Someone got an idea what the problem is?
>
> The following request are made in a frame of 2 seconds:
>
> /src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
> ; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10713
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 111292d8f7ef4f7ce124a223602d53418932dae2b1b0e5ea (good)
> ;; QUESTION SECTION:
> ;consul.mgmt.DOMAIN.TLD.  IN  ANY
>
> ;; AUTHORITY SECTION:
> mgmt.DOMAIN.TLD.  3600  IN  SOA ipa2.DOMAIN.TLD. hostmaster.mgmt.DOMAIN.TLD. 1613268909 3600 900 1209600 3600
>
> ;; Query time: 2 msec
> ;; SERVER: 10.0.0.204#53(10.0.0.204)
> ;; WHEN: Wed Feb 17 17:32:49 UTC 2021
> ;; MSG SIZE  rcvd: 133
>
> ---
> /src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
> ; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54953
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 2bd32278271acc813fbfb58b602d5345fddaeac8e012297f (good)
> ;; QUESTION SECTION:
> ;consul.mgmt.DOMAIN.TLD.  IN  ANY
>
> ;; Query time: 1 msec
> ;; SERVER: 10.0.0.204#53(10.0.0.204)
> ;; WHEN: Wed Feb 17 17:32:53 UTC 2021
> ;; MSG SIZE  rcvd: 81
>
> ---
> /src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
> ; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46107
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: daeb796bf30117b9d54983db602d534f207b56ad08f7ad15 (good)
> ;; QUESTION SECTION:
> ;consul.mgmt.DOMAIN.TLD.  IN  ANY
>
> ;; AUTHORITY SECTION:
> mgmt.DOMAIN.TLD.  3600  IN  SOA ipa2.DOMAIN.TLD. hostmaster.mgmt.DOMAIN.TLD. 1613268909 3600 900 1209600 3600
>
> ;; Query time: 1 msec
> ;; SERVER: 10.0.0.204#53(10.0.0.204)
> ;; WHEN: Wed Feb 17 17:33:03 UTC 2021
> ;; MSG SIZE  rcvd: 133
>
>
> Our config:
> bind-interfaces
> interface=ens18
> all-servers
> bogus-priv
> no-resolv
> no-hosts
> server=/DOMAINS.TLD/10.0.255.11
> server=/DOMAINS.TLD/10.0.255.12
> server=/puppet/10.0.255.11
> server=/puppet/10.0.255.12
> rev-server=10.0.0.0/8,10.0.255.11
> rev-server=10.0.0.0/8,10.0.255.12
> #server=/DOMAINS/10.0.0.201#8600
> #server=/DOMAINS/10.0.0.202#8600
> #server=/DOMAINS/10.0.0.203#8600
> #server=/DOMAINS/10.0.0.204#8600
> #server=/DOMAINS/10.0.0.205#8600
> server=/DOMAINS/10.0.240.11#8600
> server=/DOMAINS/10.0.240.12#8600
> server=/DOMAINS/10.0.240.13#8600
> server=/consul/10.2.240.201#8600
> server=/consul/10.2.240.202#8600
> server=/consul/10.2.240.203#8600
> server=8.8.8.8
> server=8.8.4.4
> addn-hosts=/etc/hosts.dnsmasq
> no-negcache
> cache-size=0
> --
> Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im groÃƒ¼en Saal.

-- 
Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend
im groÃƒ¼en Saal.