[Dnsmasq-discuss] DNS recursion only works in debug mode

Simon Kelley simon at thekelleys.org.uk
Mon Oct 31 20:59:00 UTC 2022 


On 31/10/2022 14:59, Matus UHLAR - fantomas via Dnsmasq-discuss wrote:
> Hello,
> 
> I have upgraded my router which included upgrading dnsmasq 2.80 to 2.86.
> 
> (Turris OS 5.4.4 based on openwrt 19 to 6.0.1 based on OpenWrt 21.02.05)
> 
> in the current version, dnsmasq returns REFUSED for external lookups:
> 
> % dig +nocmd +noquestion +nostats fantomas.fantomas.sk @gw.lan
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 13206
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; EDE: 14 (Not Ready)
> 
> local lookups work correctly.
> 
> when I run dnsmasq with "-d" alias "--no-daemon" option, resolving works:
> 
> root at turris:/srv/tos6# /usr/sbin/dnsmasq -C 
> /var/etc/dnsmasq.conf.cfg01411c -k -x 
> /var/run/dnsmasq/dnsmasq.cfg01411c.pid -d
> dnsmasq: started, version 2.86 cachesize 150
> dnsmasq: DNS service limited to local subnets
> dnsmasq: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n 
> no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC 
> no-ID loop-detect inotify dumpfile
> dnsmasq: UBus support enabled: connected to system bus
> [deleted]
> dnsmasq-dhcp: read /etc/ethers - 24 addresses
> 
> 
> uhlar at fhome% dig +nocmd +noquestion +nostats fantomas.fantomas.sk @gw.lan
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46495
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ;; ANSWER SECTION:
> fantomas.fantomas.sk.   28383   IN      A       195.80.174.185
> 
> 
> If I run dnsmasq manually with exactly the same config file but without 
> -d, same problem appears:
> 
> root at turris:/srv/tos6# /usr/sbin/dnsmasq -C 
> /var/etc/dnsmasq.conf.cfg01411c -k -x 
> /var/run/dnsmasq/dnsmasq.cfg01411c.pid
> 
> uhlar at fhome% dig +nocmd +noquestion +nostats fantomas.fantomas.sk @gw.lan
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 21530
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; EDE: 14 (Not Ready)
> 
> even after multiple attempts.
> 
> 
> I have tried to play with config options without success, running with 
> --log-debug option, no change (and no logs that would explain).
> running with --keep-in-foreground caused no change either.
> 
> Any idea what could be the problem?

It's most likely replying with REFUSED because there are no suitable 
servers configured. Information on that would likely be in the lines of 
logging you've replaced with [deleted] above.

2.86 has bugs in this area, as does 2.87 (though not as bad)

First stage would be to see the logging you deleted. Using Ubus might be 
the wild-card here.


Simon.

>

More information about the Dnsmasq-discuss mailing list