[Dnsmasq-discuss] getting different responses from high traffic DNSmasq
Simon Kelley
simon at thekelleys.org.uk
Thu Feb 18 22:35:56 UTC 2021
On 18/02/2021 09:44, Boris Behrens wrote:
> This happened after the update from v2.76 to v2.80
>
> Is there a way how I can debug that deeper.
The information you've given so far is useful, but not enough to allow
someone to easily reproduce the problem, which is the key.
Questions which need answering:
1) What are the actual domains which show this problem (email me direct
of you don't want to publicise them.)
2) is the presence of ANY queries important? Do you get the same effect
with other query types?
3) Do you see the same problem with the latest release? If not, then the
problem reduces to finding the already committed fix, or upgrading your
install. If we know is still exists in 2.84, then we can work on fixing
that, instead of going back to old code.
4) If you turn on query logging, what gets logged during the sequence below.
As a hunch, my guess is that
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10
which went into 2.81, may be the smoking gun, hence the importance of
question 3.
Simon.
>
>
> Am Mi., 17. Feb. 2021 um 19:06 Uhr schrieb Boris Behrens <bb at kervyn.de>:
>>
>> Hello people,
>> I've got a strange issue with a high traffic (>5 requests / sec) where it sometimes does not responde with the NXDOMAIN but with NOERROR.
>>
>> When we ask the upstream DNS directly we always get a NXDOMAIN response.
>>
>> We use DNSmasq 2.80-1.1ubuntu1.2
>> We worked around this issue by disabling the cache.
>>
>> Someone got an idea what the problem is?
>>
>> The following request are made in a frame of 2 seconds:
>>
>> /src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
>> ; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10713
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ; COOKIE: 111292d8f7ef4f7ce124a223602d53418932dae2b1b0e5ea (good)
>> ;; QUESTION SECTION:
>> ;consul.mgmt.DOMAIN.TLD. IN ANY
>>
>> ;; AUTHORITY SECTION:
>> mgmt.DOMAIN.TLD. 3600 IN SOA ipa2.DOMAIN.TLD. hostmaster.mgmt.DOMAIN.TLD. 1613268909 3600 900 1209600 3600
>>
>> ;; Query time: 2 msec
>> ;; SERVER: 10.0.0.204#53(10.0.0.204)
>> ;; WHEN: Wed Feb 17 17:32:49 UTC 2021
>> ;; MSG SIZE rcvd: 133
>>
>> ---
>> /src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
>> ; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54953
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ; COOKIE: 2bd32278271acc813fbfb58b602d5345fddaeac8e012297f (good)
>> ;; QUESTION SECTION:
>> ;consul.mgmt.DOMAIN.TLD. IN ANY
>>
>> ;; Query time: 1 msec
>> ;; SERVER: 10.0.0.204#53(10.0.0.204)
>> ;; WHEN: Wed Feb 17 17:32:53 UTC 2021
>> ;; MSG SIZE rcvd: 81
>>
>> ---
>> /src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
>> ; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46107
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ; COOKIE: daeb796bf30117b9d54983db602d534f207b56ad08f7ad15 (good)
>> ;; QUESTION SECTION:
>> ;consul.mgmt.DOMAIN.TLD. IN ANY
>>
>> ;; AUTHORITY SECTION:
>> mgmt.DOMAIN.TLD. 3600 IN SOA ipa2.DOMAIN.TLD. hostmaster.mgmt.DOMAIN.TLD. 1613268909 3600 900 1209600 3600
>>
>> ;; Query time: 1 msec
>> ;; SERVER: 10.0.0.204#53(10.0.0.204)
>> ;; WHEN: Wed Feb 17 17:33:03 UTC 2021
>> ;; MSG SIZE rcvd: 133
>>
>>
>> Our config:
>> bind-interfaces
>> interface=ens18
>> all-servers
>> bogus-priv
>> no-resolv
>> no-hosts
>> server=/DOMAINS.TLD/10.0.255.11
>> server=/DOMAINS.TLD/10.0.255.12
>> server=/puppet/10.0.255.11
>> server=/puppet/10.0.255.12
>> rev-server=10.0.0.0/8,10.0.255.11
>> rev-server=10.0.0.0/8,10.0.255.12
>> #server=/DOMAINS/10.0.0.201#8600
>> #server=/DOMAINS/10.0.0.202#8600
>> #server=/DOMAINS/10.0.0.203#8600
>> #server=/DOMAINS/10.0.0.204#8600
>> #server=/DOMAINS/10.0.0.205#8600
>> server=/DOMAINS/10.0.240.11#8600
>> server=/DOMAINS/10.0.240.12#8600
>> server=/DOMAINS/10.0.240.13#8600
>> server=/consul/10.2.240.201#8600
>> server=/consul/10.2.240.202#8600
>> server=/consul/10.2.240.203#8600
>> server=8.8.8.8
>> server=8.8.4.4
>> addn-hosts=/etc/hosts.dnsmasq
>> no-negcache
>> cache-size=0
>> --
>> Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im groüen Saal.
>
>
>
More information about the Dnsmasq-discuss
mailing list