Re: [Dnsmasq-discuss] server forwarding all traffic to parents after a successful PTR query of itself

Wed, 17 Feb 2010 09:46:28 +0000 

Alberto Cuesta-Canada wrote:

Hi guys,
I saw a weird scenario in one of our dnsmasq servers yesterday. As the logs below show, the server was all happy doing its thing, until a set of PTR queries came from normal servers in our network. The last of it would ask for the hostname of the dns server giving the IP, and from that point dnsmasq would route all traffic to the parents. Restarting the dnsmasq service would restore the server to normal operations. This has happened 4 times in the last 10 days, always with the same pattern. Feb 17 01:35:51 dnsmasq[28538]: query[A] grdvpm3.dselgrid.local from 172.30.158.98 


Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts grdvpm3.dselgrid.local is 
172.30.158.93



Feb 17 01:35:51 dnsmasq[28538]: query[PTR] 93.158.30.172.in-addr.arpa 
from 172.30.158.98



Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts 172.30.158.93 is 
grdvpm3.dselgrid.local



Feb 17 01:35:51 dnsmasq[28538]: query[A] grdvpm3.dselgrid.local from 
172.30.158.98



Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts grdvpm3.dselgrid.local is 
172.30.158.93



Feb 17 01:37:16 dnsmasq[28538]: query[MX] smtpmail.daiwaeurope.local 
from 127.0.0.1



Feb 17 01:37:16 dnsmasq[28538]: forwarded smtpmail.daiwaeurope.local to 
172.30.48.192



Feb 17 01:37:16 dnsmasq[28538]: query[MX] vsmtpmail.daiwaeurope.local 
from 127.0.0.1



Feb 17 01:37:16 dnsmasq[28538]: forwarded vsmtpmail.daiwaeurope.local to 
172.30.48.192



Feb 17 01:37:16 dnsmasq[28538]: query[A] smtpmail.daiwaeurope.local from 
127.0.0.1



Feb 17 01:37:16 dnsmasq[28538]: forwarded smtpmail.daiwaeurope.local to 
172.30.48.192


Feb 17 01:37:16 dnsmasq[28538]: reply smtpmail.daiwaeurope.local is <CNAME>


Feb 17 01:37:16 dnsmasq[28538]: reply vsmtpmail.daiwaeurope.local is 
172.30.19.221



Feb 17 01:37:52 dnsmasq[28538]: query[PTR] 250.158.30.172.in-addr.arpa 
from 172.30.158.94



Feb 17 01:37:52 dnsmasq[28538]: /etc/hosts 172.30.158.250 is 
grdxk-mgmt1.dselgrid.local


Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192

Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192

Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192

Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192

Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192


Any idea what would be going on? Is that PTR query a signal that some 
other service could be asking the DNS server to stop reading the hosts file?
 


Which version of dnsmasq are you using?

Simon.























					Reply via email to