[Dnsmasq-discuss] getting different responses from high traffic DNSmasq

Fri Feb 19 09:47:27 UTC 2021

Hi Simon,
hi Chris,

thanks a lot for your help. We updated to the latest version, by
compiling it on our own, and now the issue is gone.
@Simon: Your smoking gun seems to be correct.

The domains are just internal domains hosted on a free-ipa and consul :)

Best wishes and a really nice weekend
 Boris

Am Fr., 19. Feb. 2021 um 00:38 Uhr schrieb Simon Kelley
<simon at thekelleys.org.uk>:
>
> On 18/02/2021 09:44, Boris Behrens wrote:
> > This happened after the update from v2.76 to v2.80
> >
> > Is there a way how I can debug that deeper.
>
> The information you've given so far is useful, but not enough to allow
> someone to easily reproduce the problem, which is the key.
>
>
> Questions which need answering:
>
> 1) What are the actual domains which show this problem (email me direct
> of you don't want to publicise them.)
>
> 2) is the presence of ANY queries important? Do you get the same effect
> with other query types?
>
> 3) Do you see the same problem with the latest release? If not, then the
> problem reduces to finding the already committed fix, or upgrading your
> install. If we know is still exists in 2.84, then we can work on fixing
> that, instead of going back to old code.
>
> 4) If you turn on query logging, what gets logged during the sequence below.
>
>
>
>
>
> As a hunch, my guess is that
>
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10
>
> which went into 2.81, may be the smoking gun, hence the importance of
> question 3.
>
>
> Simon.
>
>
>
> >
> >
> > Am Mi., 17. Feb. 2021 um 19:06 Uhr schrieb Boris Behrens <bb at kervyn.de>:
> >>
> >> Hello people,
> >> I've got a strange issue with a high traffic (>5 requests / sec) where it sometimes does not responde with the NXDOMAIN but with NOERROR.
> >>
> >> When we ask the upstream DNS directly we always get a NXDOMAIN response.
> >>
> >> We use DNSmasq 2.80-1.1ubuntu1.2
> >> We worked around this issue by disabling the cache.
> >>
> >> Someone got an idea what the problem is?
> >>
> >> The following request are made in a frame of 2 seconds:
> >>
> >> /src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
> >> ; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
> >> ;; global options: +cmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10713
> >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> >>
> >> ;; OPT PSEUDOSECTION:
> >> ; EDNS: version: 0, flags:; udp: 4096
> >> ; COOKIE: 111292d8f7ef4f7ce124a223602d53418932dae2b1b0e5ea (good)
> >> ;; QUESTION SECTION:
> >> ;consul.mgmt.DOMAIN.TLD.  IN  ANY
> >>
> >> ;; AUTHORITY SECTION:
> >> mgmt.DOMAIN.TLD.  3600  IN  SOA ipa2.DOMAIN.TLD. hostmaster.mgmt.DOMAIN.TLD. 1613268909 3600 900 1209600 3600
> >>
> >> ;; Query time: 2 msec
> >> ;; SERVER: 10.0.0.204#53(10.0.0.204)
> >> ;; WHEN: Wed Feb 17 17:32:49 UTC 2021
> >> ;; MSG SIZE  rcvd: 133
> >>
> >> ---
> >> /src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
> >> ; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
> >> ;; global options: +cmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54953
> >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> >>
> >> ;; OPT PSEUDOSECTION:
> >> ; EDNS: version: 0, flags:; udp: 4096
> >> ; COOKIE: 2bd32278271acc813fbfb58b602d5345fddaeac8e012297f (good)
> >> ;; QUESTION SECTION:
> >> ;consul.mgmt.DOMAIN.TLD.  IN  ANY
> >>
> >> ;; Query time: 1 msec
> >> ;; SERVER: 10.0.0.204#53(10.0.0.204)
> >> ;; WHEN: Wed Feb 17 17:32:53 UTC 2021
> >> ;; MSG SIZE  rcvd: 81
> >>
> >> ---
> >> /src # dig consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
> >> ; <<>> DiG 9.14.12 <<>> consul.mgmt.DOMAIN.TLD @10.0.0.204 -t ANY
> >> ;; global options: +cmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46107
> >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> >>
> >> ;; OPT PSEUDOSECTION:
> >> ; EDNS: version: 0, flags:; udp: 4096
> >> ; COOKIE: daeb796bf30117b9d54983db602d534f207b56ad08f7ad15 (good)
> >> ;; QUESTION SECTION:
> >> ;consul.mgmt.DOMAIN.TLD.  IN  ANY
> >>
> >> ;; AUTHORITY SECTION:
> >> mgmt.DOMAIN.TLD.  3600  IN  SOA ipa2.DOMAIN.TLD. hostmaster.mgmt.DOMAIN.TLD. 1613268909 3600 900 1209600 3600
> >>
> >> ;; Query time: 1 msec
> >> ;; SERVER: 10.0.0.204#53(10.0.0.204)
> >> ;; WHEN: Wed Feb 17 17:33:03 UTC 2021
> >> ;; MSG SIZE  rcvd: 133
> >>
> >>
> >> Our config:
> >> bind-interfaces
> >> interface=ens18
> >> all-servers
> >> bogus-priv
> >> no-resolv
> >> no-hosts
> >> server=/DOMAINS.TLD/10.0.255.11
> >> server=/DOMAINS.TLD/10.0.255.12
> >> server=/puppet/10.0.255.11
> >> server=/puppet/10.0.255.12
> >> rev-server=10.0.0.0/8,10.0.255.11
> >> rev-server=10.0.0.0/8,10.0.255.12
> >> #server=/DOMAINS/10.0.0.201#8600
> >> #server=/DOMAINS/10.0.0.202#8600
> >> #server=/DOMAINS/10.0.0.203#8600
> >> #server=/DOMAINS/10.0.0.204#8600
> >> #server=/DOMAINS/10.0.0.205#8600
> >> server=/DOMAINS/10.0.240.11#8600
> >> server=/DOMAINS/10.0.240.12#8600
> >> server=/DOMAINS/10.0.240.13#8600
> >> server=/consul/10.2.240.201#8600
> >> server=/consul/10.2.240.202#8600
> >> server=/consul/10.2.240.203#8600
> >> server=8.8.8.8
> >> server=8.8.4.4
> >> addn-hosts=/etc/hosts.dnsmasq
> >> no-negcache
> >> cache-size=0
> >> --
> >> Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im groÃƒ¼en Saal.
> >
> >
> >
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

-- 
Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend
im groÃƒ¼en Saal.