hi,
very strange.
If in the dracut config kernel_cmdline a nameserver is specified for a
static ip adress assignment (we are using network bound disk encryption,
that's why), then dnsmasq does not forward the queries. Remove the
nameserver directive, then it works (we disable the ifcfg module as well,
so dracut does not manage our network settings).
Ok, fixed it, strange but it works.
On Tue, Dec 14, 2021 at 4:50 PM Natxo Asenjo <natxo.ase...@gmail.com> wrote:
> hi,
>
> Apologies if this is not the proper forum for asking this question.
>
> on a rhel 7.9 host, dnsmasq is not properly forwarding queries to some
> internal domains.
>
> If I run dnsmasq on the foreground with the same configuration, it works
> fine (only resolving the specified domains)
>
> Let's see:
>
> interface=some-bridge-name
> #bind-dynamic
>
>
> domain-needed # do not forward short names
> bogus-priv # drop non routed address spaces
> no-resolv # do not resolve anything, only whitelist allowed which
> follows
>
> # whitelisted dns domains
> server=/domain.local/10.xxx.xxx.xx
> server=/domain.local/10.1xxx.xxx.xx
> server=/other.sub.tld/10.1xxx.xxx.xx
> server=/other.sub.tld/10.1xxx.xxx.xx
>
> # all other domains go to localhost
> address=/#/127.0.0.1
>
> cache-size=1000
>
> log-queries
> log-facility=/var/log/dnsmasq.log
>
>
> And obviously in /etc/resolv.conf
>
> nameserver 127.0.0.1
>
> So, if I restart NetworkMangager, because I added
>
> # cat /etc/NetworkManager/conf.d/00-use-dnsmasq.conf
> # FILE MANAGED BY TEMPLATE
> # DO NOT MODIFY LOCALLY ALL CHANGES WILL BE OVERWRITTEN
>
> [main]
> dns=dnsmasq
>
> dnsmasq is automatically started (the dnsmaqs systemd service unit is
> disabled)
>
>
> I query a host in the sub.domain.tld and I have a timeout in dig, no
> servers could be reached.
>
>
> in the dnsmasq.log:
> Dec 14 16:36:41 dnsmasq[7508]: query[A] host.sub.domain.tld from 127.0.0.1
> Dec 14 16:36:41 dnsmasq[7508]: forwarded host.sub.domain.tld to
> 10.xxx.xxx.xx
> Dec 14 16:36:41 dnsmasq[7508]: forwarded host.sub.domain.tld to
> 10.xxx.xxx.xx
> Dec 14 16:36:46 dnsmasq[7508]: query[A] host.sub.domain.tld from 127.0.0.1
> Dec 14 16:36:46 dnsmasq[7508]: forwarded host.sub.domain.tld to
> 10.xxx.xxx.xx
> Dec 14 16:36:46 dnsmasq[7508]: forwarded host.sub.domain.tld to
> 10.xxx.xxx.xx
>
> Ok, nou I kill dnsmasq, start it with --no-daemon
>
> and then it works, dnsmasq forwards correctly.
>
> In both cases I see a listening socket on the right interface port 53
> {udp,tcp}.
>
> What am I doing wrong?
>
> Selinux shows no denials (avc empty). I turned it off (permissive), still
> no improvement.
>
> Any help greatly appreciated.
>
> --
> Regards,
> natxo
>
--
--
Groeten,
natxo
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
