[Dnsmasq-discuss] DNS only on LAN: what's not working?

Grayan Adams grayan at wikicorporates.org
Mon May 23 00:44:53 UTC 2022 

Apologies if this turns out to be trivial, but getting dnsmasq to work 
has completely frustrated and defeated me, after days of faffing around.

I have a bunch of apache named vhosts on a server, and need to access 
them from other devices. To date, I’ve done this via /etc/hosts on each 
device. However, an iPad, iPhone and Samsung tablet now also need 
access, hence looking at dnsmasq.

The Problem: I cannot access any of the vhosts from any of the other 
devices on the LAN. Works perfectly on the server, but then it also 
worked just fine via /etc/hosts before installing dnsmasq.

Vast amounts of reading, postings to Serverfault, AskFedora, plus 
various friends have resulted in endless tweaks and fiddles, confusing 
things ever more.
I should stress that I know less than nothing about network admin.

The current objective is to run dnsmasq as a DNS server only, leaving 
the router to assign DHCP leases as it sees fit.  So all *.lan queries 
from devices on the LAN should end up at the dnsmasq server. All non 
*.lan queries should go to the router and on to the world.
The eventual objective is to set up a VPN, but baby steps!

I've disabled the NetworkManager dnsmasq plugin, and run the process 
with  $ systemctl start dnsmasq.service

systemd-resolved seems to be completely out of the picture:
$ netstat -tulpn | grep ":53 "
tcp/udp  0  0  192.168.178.9:53  0.0.0.0:*  LISTEN  [pid]/dnsmasq
tcp/udp  0  0  127.0.0.1:53      0.0.0.0:*  LISTEN  [pid]/dnsmasq
... ...

I don't think it's a firewall issue:
$  firewall-cmd --zone=FedoraWorkstation --list-services
> dhcpv6-client http https mdns mysql samba-client ssh ...

When dnsmasq starts up, journalctl msgs are generated:
> reading /etc/resolv.conf
> ignoring nameserver 192.168.178.9 - local interface
> using nameserver 192.168.178.1#53  (router)

Turning log-queries on results in vast numbers of journalctl msgs:
> server.lan dnsmasq[pid]: query[AAAA] docs.fedoraproject.org from 192.168.178.9
> server.lan dnsmasq[pid]: forwarded docs.fedoraproject.org to 192.168.178.1
> server.lan dnsmasq[pid]: reply docs.fedoraproject.org is <CNAME>
> server.lan dnsmasq[pid]: reply wildcard.fedoraproject.org is 2605:bc80:3010:600:dead:beef:cafe:fed9       (ha ha!)

Dig output on the server:
; <<>> DiG 9.16.28-RH <<>> vhost1.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12212
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vhost1.lan.		IN	A
;; ANSWER SECTION:
vhost1.lan.	0	IN	A	192.168.178.9
;; Query time: 0 msec
;; SERVER: 192.168.178.9#53(192.168.178.9)
;; WHEN: Sun May 22 21:22:47 CEST 2022
;; MSG SIZE  rcvd: 55

journalctl msgs generated from dig vhost1.lan on the server:
> server.lan dnsmasq[pid]: query[A] vhost1.lan from 192.168.178.9
> server.lan dnsmasq[pid]: /etc/hosts vhost.lan is 192.168.178.9


I am beginning to wonder if the Fritzbox is getting in the way somehow, 
with its naming schema.  Irritatingly, it slaps ".fritz.box" onto the 
end of some devices - and afaik it can't be changed. So 
"server.mydomain.lan" becomes "server.fritz.box.  Example run on on the 
laptop:

laptop$  dig server.mydomain.lan

; <<>> DiG 9.16.24-RH <<>> server.mydomain.lan
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9628
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;server.mydomain.lan.		IN	A
;; AUTHORITY SECTION:
.			1894	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022052201 
1800 900 604800 86400
;; SERVER: 127.0.0.53#53(127.0.0.53)

But:
laptop$  dig server.fritz.box

; <<>> DiG 9.16.24-RH <<>> server.fritz.box
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46068
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;server.fritz.box.		IN	A
;; ANSWER SECTION:
server.fritz.box.	9	IN	A	192.168.178.9
;; AUTHORITY SECTION:
server.fritz.box.	9	IN	NS	fritz.box.
;; ADDITIONAL SECTION:
fritz.box.		9	IN	A	192.168.178.1
;; SERVER: 127.0.0.53#53(127.0.0.53)



---- System --------------------------
Fedora 35, installed Nov.2021
Linux 5.15.5-200.fc35.x86_64
dnsmasq v 2.86

/etc/hosts:
127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain
192.168.178.9   server.mydomain.lan
192.168.178.10  laptop.mydomain.lan
192.168.178.9   vhost1.lan
192.168.178.9   vhost2.lan

Router: Fritzbox 7490
Local DNS Server: 192.168.178.9

/etc/NetworkManager/NetworkManager.conf
[main]
dns=none

/etc/systemd/resolved.conf
DNS=192.168.178.9
DNSStubListener=no

/etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
nameserver 192.168.178.9
nameserver 192.168.178.9
nameserver 192.168.178.1
search localhost

NM config for IPv4 wlp5s0 (wifi conn on server)
Method: Manual
Address: 192.168.178.9/24
Gateway: 192.168.178.1 (router)
DNS Servers: 192.168.178.9 (server)
Search domains: localhost

/etc/dnsmasq.conf:
domain-needed
bogus-priv
local=/lan/
address=/lan/192.168.178.9
address=/lan/127.0.0.1
interface=wlp5s0 (wifi)
listen-address=127.0.0.1
no-dhcp-interface=wlp5s0
bind-interfaces

More information about the Dnsmasq-discuss mailing list