Hi guys, I saw a weird scenario in one of our dnsmasq servers yesterday. As the logs below show, the server was all happy doing its thing, until a set of PTR queries came from normal servers in our network. The last of it would ask for the hostname of the dns server giving the IP, and from that point dnsmasq would route all traffic to the parents. Restarting the dnsmasq service would restore the server to normal operations. This has happened 4 times in the last 10 days, always with the same pattern. Feb 17 01:35:51 dnsmasq[28538]: query[A] grdvpm3.dselgrid.local from 172.30.158.98
Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts grdvpm3.dselgrid.local is 172.30.158.93 Feb 17 01:35:51 dnsmasq[28538]: query[PTR] 93.158.30.172.in-addr.arpa from 172.30.158.98 Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts 172.30.158.93 is grdvpm3.dselgrid.local Feb 17 01:35:51 dnsmasq[28538]: query[A] grdvpm3.dselgrid.local from 172.30.158.98 Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts grdvpm3.dselgrid.local is 172.30.158.93 Feb 17 01:37:16 dnsmasq[28538]: query[MX] smtpmail.daiwaeurope.local from 127.0.0.1 Feb 17 01:37:16 dnsmasq[28538]: forwarded smtpmail.daiwaeurope.local to 172.30.48.192 Feb 17 01:37:16 dnsmasq[28538]: query[MX] vsmtpmail.daiwaeurope.local from 127.0.0.1 Feb 17 01:37:16 dnsmasq[28538]: forwarded vsmtpmail.daiwaeurope.local to 172.30.48.192 Feb 17 01:37:16 dnsmasq[28538]: query[A] smtpmail.daiwaeurope.local from 127.0.0.1 Feb 17 01:37:16 dnsmasq[28538]: forwarded smtpmail.daiwaeurope.local to 172.30.48.192 Feb 17 01:37:16 dnsmasq[28538]: reply smtpmail.daiwaeurope.local is <CNAME> Feb 17 01:37:16 dnsmasq[28538]: reply vsmtpmail.daiwaeurope.local is 172.30.19.221 Feb 17 01:37:52 dnsmasq[28538]: query[PTR] 250.158.30.172.in-addr.arpa from 172.30.158.94 Feb 17 01:37:52 dnsmasq[28538]: /etc/hosts 172.30.158.250 is grdxk-mgmt1.dselgrid.local Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Any idea what would be going on? Is that PTR query a signal that some other service could be asking the DNS server to stop reading the hosts file? Many thanks, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _____________________________________________________________________ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.