[OpenWrt-Tickets] [OpenWrt] #20825: dnsmasq with dnscrypt-proxy: unstable name resolution

Fri, 30 Oct 2015 00:47:31 -0700 

#20825: dnsmasq with dnscrypt-proxy: unstable name resolution
-------------------------------------------------+-------------------------
 Reporter:  mikoyan                              |      Owner:  developers
     Type:  defect                               |     Status:  new
 Priority:  normal                               |  Milestone:
Component:  packages                             |    Version:  Chaos
 Keywords:  dns, dnsmasq, dnscrypt, dnscrypt-    |  Calmer 15.05
  proxy, dnssec                                  |
-------------------------------------------------+-------------------------
 My setup with dnscrypt-full and dnscrypt-proxy packages works perfect in
 general.
 However, an annoying issue pops up from time to time.

 Requests for *some* hostnames start failing with SERVFAIL sometimes.

 If I restart dnsmasq on OpenWRT box, these resolutions work again.

 Looking at my traffic capture, it seems like TCP connection is suddenly
 reset between dnsmasq and dnscrypt-proxy on localhost! I don't have enough
 knowledge to dig deeper into this. Please look at what happens here.

 I include a tcpdump capture. IP address ending with :8062::ee is the
 client. ...8062::1 is OpenWRT box.

 Also attaching dnsmasq section of /etc/config/dhcp:


 {{{
 config dnsmasq
         option domainneeded '1'
         option boguspriv '1'
         option filterwin2k '0'
         option localise_queries '1'
         option rebind_protection '1'
         option rebind_localhost '1'
         #option local '/lan/'
         option expandhosts '1'
         option nonegcache '0'
         option authoritative '1'
         option readethers '1'
         option leasefile '/tmp/dhcp.leases'
         option resolvfile '/tmp/resolv.conf.auto'
         option domain 'xtsubasa.org'
         list addnhosts '/etc/hosts.add'
         list addnhosts '/tmp/hosts/dhcp'
         option noresolv '1'
         option dnssec '1'
         option dnsseccheckunsigned '1'
         list server '127.0.0.1#4400'
         list server '/google.com/8.8.8.8'
         list server '/google.ru/8.8.8.8'
         list server '/googleusercontent.com/8.8.8.8'
         list server '/gstatic.com/8.8.8.8'
         list server '/googleapis.com/8.8.8.8'
         list server '/gmail.com/8.8.8.8'
         list server '/doubleclick.net/8.8.8.8'
         list server '/youtube.com/8.8.8.8'
         list server '/youtu.be/8.8.8.8'
         list server '/youtube-nocookie.com/8.8.8.8'
         list server '/ytimg.com/8.8.8.8'
         list server '/ggpht.com/8.8.8.8'
         list server '/googlevideo.com/8.8.8.8'
 }}}

--
Ticket URL: <https://dev.openwrt.org/ticket/20825>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets

Reply via email to