* Vladislav Grishenko > Can you try to capture dns exchange to dnsmasq (on lo interface) and from it > (on your nic interface) both at the same time? > $ tcpdump -i lo port 53 -w /path/to/dns-lo.pcap > $ tcpdump -i <ifname> port 53 -w /path/to/dns-ext.pcap > Highly possible that trigger query (or reply) can't be logged in usual way, > but will be captured by tcpdump. > Next, I'd like to take a look at them, will there be something after/near the > last logged query before spinning starts. > > p.s. Caution, pcap files will contain all your dns traffic, sending it to > mail list might be not a really good idea.
Hi, PCAP attached. I used «tcpdump -i any», so it's a single file with the internal and external traffic interleaved. It is apparent that the initial SSHFP query is not forwarded upstream, and that the subsequent queries from the stub resolver (a retransmission of the SSHFP query plus some other unrelated queries) are neither logged nor forwarded. Here are the corresponding log lines from Dnsmasq: nov. 29 07:15:53.964856 sloth.fud.no dnsmasq[48069]: query[A] l1-g9-osl2.n.bitbit.net from 127.0.0.1 nov. 29 07:15:53.965060 sloth.fud.no dnsmasq[48069]: forwarded l1-g9-osl2.n.bitbit.net to 87.238.33.1 nov. 29 07:15:53.965155 sloth.fud.no dnsmasq[48069]: query[AAAA] l1-g9-osl2.n.bitbit.net from 127.0.0.1 nov. 29 07:15:53.965273 sloth.fud.no dnsmasq[48069]: forwarded l1-g9-osl2.n.bitbit.net to 87.238.33.1 nov. 29 07:15:54.039407 sloth.fud.no dnsmasq[48069]: reply l1-g9-osl2.n.bitbit.net is <CNAME> nov. 29 07:15:54.039461 sloth.fud.no dnsmasq[48069]: reply eth0.l1-g9-osl2.n.bitbit.net is 10.20.120.102 nov. 29 07:15:54.039666 sloth.fud.no dnsmasq[48069]: reply l1-g9-osl2.n.bitbit.net is <CNAME> nov. 29 07:15:54.039700 sloth.fud.no dnsmasq[48069]: reply eth0.l1-g9-osl2.n.bitbit.net is NODATA-IPv6 nov. 29 07:15:54.964042 sloth.fud.no dnsmasq[48069]: query[type=44] l1-g9-osl2.n.bitbit.net from 127.0.0.1 (CPU starts spinning at this point, no further log lines appear) Tore
cpu-spin.pcap.gz
Description: application/gzip
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
