Alberto Cuesta-Canada wrote:
Hi guys,
I saw a weird scenario in one of our dnsmasq servers yesterday. As the
logs below show, the server was all happy doing its thing, until a set
of PTR queries came from normal servers in our network. The last of it
would ask for the hostname of the dns server giving the IP, and from
that point dnsmasq would route all traffic to the parents. Restarting
the dnsmasq service would restore the server to normal operations. This
has happened 4 times in the last 10 days, always with the same pattern.
Feb 17 01:35:51 dnsmasq[28538]: query[A] grdvpm3.dselgrid.local from
172.30.158.98
Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts grdvpm3.dselgrid.local is
172.30.158.93
Feb 17 01:35:51 dnsmasq[28538]: query[PTR] 93.158.30.172.in-addr.arpa
from 172.30.158.98
Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts 172.30.158.93 is
grdvpm3.dselgrid.local
Feb 17 01:35:51 dnsmasq[28538]: query[A] grdvpm3.dselgrid.local from
172.30.158.98
Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts grdvpm3.dselgrid.local is
172.30.158.93
Feb 17 01:37:16 dnsmasq[28538]: query[MX] smtpmail.daiwaeurope.local
from 127.0.0.1
Feb 17 01:37:16 dnsmasq[28538]: forwarded smtpmail.daiwaeurope.local to
172.30.48.192
Feb 17 01:37:16 dnsmasq[28538]: query[MX] vsmtpmail.daiwaeurope.local
from 127.0.0.1
Feb 17 01:37:16 dnsmasq[28538]: forwarded vsmtpmail.daiwaeurope.local to
172.30.48.192
Feb 17 01:37:16 dnsmasq[28538]: query[A] smtpmail.daiwaeurope.local from
127.0.0.1
Feb 17 01:37:16 dnsmasq[28538]: forwarded smtpmail.daiwaeurope.local to
172.30.48.192
Feb 17 01:37:16 dnsmasq[28538]: reply smtpmail.daiwaeurope.local is <CNAME>
Feb 17 01:37:16 dnsmasq[28538]: reply vsmtpmail.daiwaeurope.local is
172.30.19.221
Feb 17 01:37:52 dnsmasq[28538]: query[PTR] 250.158.30.172.in-addr.arpa
from 172.30.158.94
Feb 17 01:37:52 dnsmasq[28538]: /etc/hosts 172.30.158.250 is
grdxk-mgmt1.dselgrid.local
Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192
Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192
Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192
Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192
Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192
Any idea what would be going on? Is that PTR query a signal that some
other service could be asking the DNS server to stop reading the hosts file?
Which version of dnsmasq are you using?
Simon.