[Dnsmasq-discuss] getting different responses from high traffic DNSmasq

Chris Novakovic chris at chrisn.me.uk
Thu Feb 18 19:19:32 UTC 2021


On 18/02/2021 09:44, Boris Behrens wrote:
> This happened after the update from v2.76 to v2.80
> 
> Is there a way how I can debug that deeper.

If you're in a position to compile Dnsmasq from source and have an 
easily reproducible failure case (it sounds like you do), you could 
perform a bisection on the Dnsmasq Git repository to identify the commit 
that introduced the failure:

https://git-scm.com/docs/git-bisect

In brief:

git clone git://thekelleys.org.uk/dnsmasq.git
git bisect start
git bisect bad 91421cb7 # v2.80
git bisect good f186bdcb # v2.76
# make ...
# Run dnsmasq, try reproducing your failure case
# If it works as expected:
git bisect good
# If it doesn't:
git bisect bad
# Repeat from make ...

There are 140 commits between 2.76 and 2.80, so you'll need to build and 
test at most eight times to identify the breaking commit.


> Am Mi., 17. Feb. 2021 um 19:06 Uhr schrieb Boris Behrens <bb at kervyn.de>:
>>
>> Hello people,
>> I've got a strange issue with a high traffic (>5 requests / sec) where it sometimes does not responde with the NXDOMAIN but with NOERROR.
>>
>> When we ask the upstream DNS directly we always get a NXDOMAIN response.
>>
>> We use DNSmasq 2.80-1.1ubuntu1.2
>> We worked around this issue by disabling the cache.
>>
>> Someone got an idea what the problem is?
>>
>> The following request are made in a frame of 2 seconds:
>>
>> /src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
>> ; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10713
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ; COOKIE: 111292d8f7ef4f7ce124a223602d53418932dae2b1b0e5ea (good)
>> ;; QUESTION SECTION:
>> ;consul.mgmt.DOMAIN.TLD.  IN  ANY
>>
>> ;; AUTHORITY SECTION:
>> mgmt.DOMAIN.TLD.  3600  IN  SOA ipa2.DOMAIN.TLD. hostmaster.mgmt.DOMAIN.TLD. 1613268909 3600 900 1209600 3600
>>
>> ;; Query time: 2 msec
>> ;; SERVER: 10.0.0.204#53(10.0.0.204)
>> ;; WHEN: Wed Feb 17 17:32:49 UTC 2021
>> ;; MSG SIZE  rcvd: 133
>>
>> ---
>> /src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
>> ; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54953
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ; COOKIE: 2bd32278271acc813fbfb58b602d5345fddaeac8e012297f (good)
>> ;; QUESTION SECTION:
>> ;consul.mgmt.DOMAIN.TLD.  IN  ANY
>>
>> ;; Query time: 1 msec
>> ;; SERVER: 10.0.0.204#53(10.0.0.204)
>> ;; WHEN: Wed Feb 17 17:32:53 UTC 2021
>> ;; MSG SIZE  rcvd: 81
>>
>> ---
>> /src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
>> ; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46107
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ; COOKIE: daeb796bf30117b9d54983db602d534f207b56ad08f7ad15 (good)
>> ;; QUESTION SECTION:
>> ;consul.mgmt.DOMAIN.TLD.  IN  ANY
>>
>> ;; AUTHORITY SECTION:
>> mgmt.DOMAIN.TLD.  3600  IN  SOA ipa2.DOMAIN.TLD. hostmaster.mgmt.DOMAIN.TLD. 1613268909 3600 900 1209600 3600
>>
>> ;; Query time: 1 msec
>> ;; SERVER: 10.0.0.204#53(10.0.0.204)
>> ;; WHEN: Wed Feb 17 17:33:03 UTC 2021
>> ;; MSG SIZE  rcvd: 133
>>
>>
>> Our config:
>> bind-interfaces
>> interface=ens18
>> all-servers
>> bogus-priv
>> no-resolv
>> no-hosts
>> server=/DOMAINS.TLD/10.0.255.11
>> server=/DOMAINS.TLD/10.0.255.12
>> server=/puppet/10.0.255.11
>> server=/puppet/10.0.255.12
>> rev-server=10.0.0.0/8,10.0.255.11
>> rev-server=10.0.0.0/8,10.0.255.12
>> #server=/DOMAINS/10.0.0.201#8600
>> #server=/DOMAINS/10.0.0.202#8600
>> #server=/DOMAINS/10.0.0.203#8600
>> #server=/DOMAINS/10.0.0.204#8600
>> #server=/DOMAINS/10.0.0.205#8600
>> server=/DOMAINS/10.0.240.11#8600
>> server=/DOMAINS/10.0.240.12#8600
>> server=/DOMAINS/10.0.240.13#8600
>> server=/consul/10.2.240.201#8600
>> server=/consul/10.2.240.202#8600
>> server=/consul/10.2.240.203#8600
>> server=8.8.8.8
>> server=8.8.4.4
>> addn-hosts=/etc/hosts.dnsmasq
>> no-negcache
>> cache-size=0
>> --
>> Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im groüen Saal.
> 
> 
> 



More information about the Dnsmasq-discuss mailing list