[Dnsmasq-discuss] dnsmasq AAAA refused when resolving local address if upstream server unavailable

Simon Kelley simon at thekelleys.org.uk
Sat Jul 23 16:21:39 UTC 2022 

For better or worse, dnsmasq operates by overlaying locally configured 
data on the global DNS: if the local configuration doesn't include a 
particular record type,  dnsmasq continues to return the data in the 
global DNS for that record type. That's what's happening here: you've 
not defined an AAAA record for tv.home.lan, so dnsmasq attempts sends it 
upstream. There's no route to 1.1.1.1 and no other server configured, so 
dnsmasq returns REFUSED since that's what it does when it wants to send 
a query upstream but can't.

local=/lan/

Is the correct solution, not a "workaround". You're not expecting to get 
useful data about *.lan in the global DNS, so don't forward those queries.


Cheers,

Simon.



On 23/07/2022 02:44, winter874 wrote:
> Hi,
> 
> I'm using dnsmasq 2.85 on an Ubi Edgerouter, with DHCP hosts setup in 
> dnsmasq.d. This is an ipv4 only setup. Here's an example of one of the 
> hosts:
> 
>   dhcp-host=<MAC>,set:LAN,192.168.122.2
>   host-record=tv.home.lan,192.168.122.2,3600
> 
> Here is a snippet of dnsmasq.conf, where 1.1.1.1 <1.1.1.1> is a public 
> DNS server:
> 
> interface=eth4
> cache-size=1000
> server=1.1.1.1
> no-resolv
> 
> My Ubuntu client sends both an A and an AAAA DNS query for tv.home.lan 
> when I say ping it. If the router has internet connectivity and can 
> access 1.1.1.1, everything works great and I am able to successfully 
> resolve the device over LAN. I get a standard query response for A with 
> 192.168.122.2 <192.168.122.2> and an expected blank standard query 
> response for AAAA (no error).
> 
> Unfortunately, if my internet is down and I can't access 1.1.1.1, what 
> happens is that I get a regular response for A but I get a "refused" 
> standard query response for AAAA. That "refused" response causes 
> programs like ping to hang if I say ping tv.home.lan as it keeps trying 
> repeatedly to get a successful AAAA response from the server.  I have to 
> use ping -4 to force only the A request to get it to ping successfully. 
> I think dnsmasq refuses me because it's unable to resolve the ipv6 
> request on LAN (as the hosts are ipv4 only) but there is no upstream 
> server for it to pass the request along.
> 
> My current workaround is to set "local=/lan/" to force dnsmasq to ignore 
> the upstream servers entirely when responding to requests for .lan 
> domains. In this case if 1.1.1.1 <1.1.1.1> is unavailable I get an IP 
> address for the A request and a blank standard query response for AAAA, 
> which is what I expect.
> 
> All of the requests and responses above were confirmed with Wireshark. I 
> don't expect any patches for 2.85 and am unsure if this is fixed in 
> future versions, but I would like to know if this is intended behavior 
> or if there is a better workaround.
> 
> Thanks!
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list