[Dnsmasq-discuss] DNS only on LAN: what's not working?

Geert Stappers stappers at stappers.nl
Mon May 23 05:32:29 UTC 2022 

On Mon, May 23, 2022 at 02:44:53AM +0200, Grayan Adams wrote:
> I have a bunch of apache named vhosts on a server, and need to access them
> from other devices. To date, I’ve done this via /etc/hosts on each device.
> However, an iPad, iPhone and Samsung tablet now also need access, hence
> looking at dnsmasq.
> 
> The Problem: I cannot access any of the vhosts from any of the other devices
> on the LAN. Works perfectly on the server, but then it also worked just fine
> via /etc/hosts before installing dnsmasq.
> 
> Vast amounts of reading, postings to Serverfault, AskFedora, plus various
> friends have resulted in endless tweaks and fiddles, confusing things ever
> more.
> I should stress that I know less than nothing about network admin.

I should stress that acquiring a skill takes time.

 
> The current objective is to run dnsmasq as a DNS server only, leaving the
> router to assign DHCP leases as it sees fit.  So all *.lan queries from
> devices on the LAN should end up at the dnsmasq server. All non *.lan
> queries should go to the router and on to the world.
> The eventual objective is to set up a VPN, but baby steps!
> 
> I've disabled the NetworkManager dnsmasq plugin, and run the process with  $
> systemctl start dnsmasq.service
> 
> systemd-resolved seems to be completely out of the picture:
> $ netstat -tulpn | grep ":53 "
> tcp/udp  0  0  192.168.178.9:53  0.0.0.0:*  LISTEN  [pid]/dnsmasq
> tcp/udp  0  0  127.0.0.1:53      0.0.0.0:*  LISTEN  [pid]/dnsmasq
> ... ...
> 
> I don't think it's a firewall issue:
> $  firewall-cmd --zone=FedoraWorkstation --list-services
> | dhcpv6-client http https mdns mysql samba-client ssh ...
> 
> When dnsmasq starts up, journalctl msgs are generated:
> | reading /etc/resolv.conf
> | ignoring nameserver 192.168.178.9 - local interface
> | using nameserver 192.168.178.1#53  (router)
> 
> Turning log-queries on results in vast numbers of journalctl msgs:
> | server.lan dnsmasq[pid]: query[AAAA] docs.fedoraproject.org from 192.168.178.9
> | server.lan dnsmasq[pid]: forwarded docs.fedoraproject.org to 192.168.178.1
> | server.lan dnsmasq[pid]: reply docs.fedoraproject.org is <CNAME>
> | server.lan dnsmasq[pid]: reply wildcard.fedoraproject.org is 2605:bc80:3010:600:dead:beef:cafe:fed9       (ha ha!)
> 
> Dig output on the server:
> ; <<>> DiG 9.16.28-RH <<>> vhost1.lan
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12212
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;vhost1.lan.		IN	A
> ;; ANSWER SECTION:
> vhost1.lan.	0	IN	A	192.168.178.9
> ;; Query time: 0 msec
> ;; SERVER: 192.168.178.9#53(192.168.178.9)
> ;; WHEN: Sun May 22 21:22:47 CEST 2022
> ;; MSG SIZE  rcvd: 55
> 
> journalctl msgs generated from dig vhost1.lan on the server:
> | server.lan dnsmasq[pid]: query[A] vhost1.lan from 192.168.178.9
> | server.lan dnsmasq[pid]: /etc/hosts vhost.lan is 192.168.178.9
> 
> 
> I am beginning to wonder if the Fritzbox is getting in the way somehow, with
> its naming schema.  Irritatingly, it slaps ".fritz.box" onto the end of some
> devices - and afaik it can't be changed. So "server.mydomain.lan" becomes
> "server.fritz.box.

Yeah, Fritz does have an opinion.


> Example run on on the laptop:
> 
> laptop$  dig server.mydomain.lan
> 
> ; <<>> DiG 9.16.24-RH <<>> server.mydomain.lan
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9628
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 65494
> ;; QUESTION SECTION:
> ;server.mydomain.lan.		IN	A
> ;; AUTHORITY SECTION:
> .			1894	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022052201 1800
> 900 604800 86400
> ;; SERVER: 127.0.0.53#53(127.0.0.53)
> 
> But:
> laptop$  dig server.fritz.box
> 
> ; <<>> DiG 9.16.24-RH <<>> server.fritz.box
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46068
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 65494
> ;; QUESTION SECTION:
> ;server.fritz.box.		IN	A
> ;; ANSWER SECTION:
> server.fritz.box.	9	IN	A	192.168.178.9
> ;; AUTHORITY SECTION:
> server.fritz.box.	9	IN	NS	fritz.box.
> ;; ADDITIONAL SECTION:
> fritz.box.		9	IN	A	192.168.178.1
> ;; SERVER: 127.0.0.53#53(127.0.0.53)
> 

OKay, seen it.

The problem is, as I see it,  there are two domain names on the LAN.
One being ".fritz.box", the other the desired ".lan".

 
> ---- System --------------------------
> Fedora 35, installed Nov.2021
> Linux 5.15.5-200.fc35.x86_64
> dnsmasq v 2.86
> 
> /etc/hosts:
> 127.0.0.1 localhost localhost.localdomain
> ::1 localhost localhost.localdomain
> 192.168.178.9   server.mydomain.lan
> 192.168.178.10  laptop.mydomain.lan
> 192.168.178.9   vhost1.lan
> 192.168.178.9   vhost2.lan
> 
> Router: Fritzbox 7490
> Local DNS Server: 192.168.178.9

What does that say?
If it says:
  "Fritz has been told to use 192.168.178.9 as upstream DNS"
say so.


> /etc/NetworkManager/NetworkManager.conf
> [main]
> dns=none
> 
> /etc/systemd/resolved.conf
> DNS=192.168.178.9
> DNSStubListener=no
> 
> /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
> nameserver 192.168.178.9
> nameserver 192.168.178.9
> nameserver 192.168.178.1
> search localhost
> 
> NM config for IPv4 wlp5s0 (wifi conn on server)
> Method: Manual
> Address: 192.168.178.9/24
> Gateway: 192.168.178.1 (router)
> DNS Servers: 192.168.178.9 (server)
> Search domains: localhost
> 
> /etc/dnsmasq.conf:
> domain-needed
> bogus-priv
> local=/lan/
> address=/lan/192.168.178.9
> address=/lan/127.0.0.1
> interface=wlp5s0 (wifi)
> listen-address=127.0.0.1
> no-dhcp-interface=wlp5s0
> bind-interfaces
> 


Missing configuration of a client.


And I think that path to a solution might be
disabling DHCP server on the Fritz box
and doing DHCP server with dnsmasq.



Groeten
Geert Stappers
-- 
Silence is hard to parse

More information about the Dnsmasq-discuss mailing list