[Dnsmasq-discuss] NetworkManager plugin not forwarding queries

Geert Stappers stappers at stappers.nl
Tue Dec 14 17:46:04 UTC 2021 

On Tue, Dec 14, 2021 at 04:50:32PM +0100, Natxo Asenjo wrote:
> hi,
> 
> on a rhel 7.9 host, dnsmasq is not properly forwarding queries to some
> internal domains.
> 
> If I run dnsmasq on the foreground with the same configuration, it works
> fine (only resolving the specified domains)
> 
> Let's see:
> 
> interface=some-bridge-name
> #bind-dynamic
> 
> 
> domain-needed  # do not forward short names
> bogus-priv     # drop non routed address spaces
> no-resolv      # do not resolve anything, only whitelist allowed which
> follows
> 
> # whitelisted dns domains
> server=/domain.local/10.xxx.xxx.xx
> server=/domain.local/10.1xxx.xxx.xx
> server=/other.sub.tld/10.1xxx.xxx.xx
> server=/other.sub.tld/10.1xxx.xxx.xx
> 
> # all other domains go to localhost
> address=/#/127.0.0.1
> 
> cache-size=1000
> 
> log-queries
> log-facility=/var/log/dnsmasq.log
> 
> 
> And obviously in /etc/resolv.conf
> 
> nameserver 127.0.0.1
> 
> So, if I restart NetworkMangager, because I added
> 
> # cat /etc/NetworkManager/conf.d/00-use-dnsmasq.conf
> # FILE MANAGED BY TEMPLATE
> # DO NOT MODIFY LOCALLY ALL CHANGES WILL BE OVERWRITTEN
> 
> [main]
> dns=dnsmasq
> 
> dnsmasq is automatically started (the dnsmaqs systemd service unit is
> disabled)
> 
> 
> I query a host in the sub.domain.tld and I have a timeout in dig, no
> servers could be reached.
> 
> 
> in the dnsmasq.log:
> Dec 14 16:36:41 dnsmasq[7508]: query[A] host.sub.domain.tld from 127.0.0.1
> Dec 14 16:36:41 dnsmasq[7508]: forwarded host.sub.domain.tld to 10.xxx.xxx.xx
> Dec 14 16:36:41 dnsmasq[7508]: forwarded host.sub.domain.tld to 10.xxx.xxx.xx
> Dec 14 16:36:46 dnsmasq[7508]: query[A] host.sub.domain.tld from 127.0.0.1
> Dec 14 16:36:46 dnsmasq[7508]: forwarded host.sub.domain.tld to 10.xxx.xxx.xx
> Dec 14 16:36:46 dnsmasq[7508]: forwarded host.sub.domain.tld to 10.xxx.xxx.xx
> 
> Ok, nou I kill dnsmasq, start it with --no-daemon
> 
> and then it works, dnsmasq forwards correctly.
> 
> In both cases I see a listening socket on the right interface port 53
> {udp,tcp}.
> 
> What am I doing wrong?

    :-/

 
> Selinux shows no denials (avc empty). I turned it off (permissive), still
> no improvement.
> 
> Any help greatly appreciated.
 
Make a drawing of what you have build.

Then test again and follow the DNS request both
in the drawing and in the computer.

I think there will be mismatches in it,
like the DNS request ending up in another place
was where it should show up in the drawing.

Schematic would be better name for the drawing.


Groeten
Geert Stappers
Former electric engineer, so familiar with schematics
-- 
Silence is hard to parse

More information about the Dnsmasq-discuss mailing list