[Dnsmasq-discuss] DNS recursion only works in debug mode

Geert Stappers stappers at stappers.nl
Mon Oct 31 20:28:21 UTC 2022 

On Mon, Oct 31, 2022 at 03:59:56PM +0100, Matus UHLAR - fantomas via Dnsmasq-discuss wrote:
> Hello,
> 
> I have upgraded my router which included upgrading dnsmasq 2.80 to 2.86.
> 
> (Turris OS 5.4.4 based on openwrt 19 to 6.0.1 based on OpenWrt 21.02.05)
> 
> in the current version, dnsmasq returns REFUSED for external lookups:
> 
> uhlar at fhome% dig +nocmd +noquestion +nostats fantomas.fantomas.sk @gw.lan
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 13206
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; EDE: 14 (Not Ready)
> 
> local lookups work correctly.
> 
> when I run dnsmasq with "-d" alias "--no-daemon" option, resolving works:
> 
> root at turris:/srv/tos6# /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid -d
> dnsmasq: started, version 2.86 cachesize 150
> dnsmasq: DNS service limited to local subnets
> dnsmasq: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
> dnsmasq: UBus support enabled: connected to system bus
> [deleted]
> dnsmasq-dhcp: read /etc/ethers - 24 addresses
> 
> 
> uhlar at fhome% dig +nocmd +noquestion +nostats fantomas.fantomas.sk @gw.lan
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46495
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ;; ANSWER SECTION:
> fantomas.fantomas.sk.   28383   IN      A       195.80.174.185
> 
> 
> If I run dnsmasq manually with exactly the same config file but without -d,
> same problem appears:
> 
> root at turris:/srv/tos6# /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
> 
> uhlar at fhome% dig +nocmd +noquestion +nostats fantomas.fantomas.sk @gw.lan
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 21530
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; EDE: 14 (Not Ready)
> 
> even after multiple attempts.
> 
> 
> I have tried to play with config options without success, running with
> --log-debug option, no change (and no logs that would explain).
> running with --keep-in-foreground caused no change either.
> 
> Any idea what could be the problem?

Manual page says about the debug mode, among others, "don't change user
id".  Idea / shoot in the dark:  The configuration file has 'user=foo'
and user `foo` not allowed to connect to upstream name server.
 

Groeten
Geert Stappers

P.S.
Thanks for https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q4/016668.html
When time permits, I'll do two things:
Reply to it  and update "monthly posting"
-- 
Silence is hard to parse

More information about the Dnsmasq-discuss mailing list