[Dnsmasq-discuss] dnsmasq returns addresses for non-existent hosts - what have I mis-configured?
I have dnsmasq working quite happily on a Ubuntu Server 9.10 system providing dns for my small SoHo network. I have just noticed however that if I ask for the address of a non-existent name dnsmasq returns the name of one of my hosting service's machines. It always returns the same address for any non-existent name, e.g.:- chris$ host abcde.isbd.net abcde.isbd.net has address 195.74.61.93 abcde.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. chris$ host xyz xyz.isbd.net has address 195.74.61.93 xyz.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. chris$ host xyz.isbd.net xyz.isbd.net has address 195.74.61.93 xyz.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. I have isbd.net and isbd.co.uk hosted at Gradwell so I do have a connection with them. In fact things are becoming clearer now, 195.74.61.93 is the (quite correct) address returned when you look up isbd.net. So, how can I prevent dnsmasq from returning the parent domain address when I look up anyOldRubbish.isbd.net ? Presumably it can't find the name locally and sends off the request to the upstream name server which (sort of correctly) returns 195.74.61.93. However it means that if I mis-type a name or if one of my machines dies then I may not notice immediately because DNS still succeeds. -- Chris Green
Re: [Dnsmasq-discuss] dhcp-option 120, sip server, how?
HS, The phone will have to request option 120 from the server or DNSMasq will not send the option. Alternatively, you may use dhcp-option-force to have the server send the option whether the client requests it or not. Thank You, Justin McAteer On Fri, Nov 6, 2009 at 7:40 PM, H. S. hs.sa...@gmail.com wrote: On Fri, Nov 6, 2009 at 8:30 PM, H. S. hs.sa...@gmail.com wrote: On Sun, Nov 1, 2009 at 4:41 PM, Simon Kelley si...@thekelleys.org.uk wrote: Current version of dnsmasq know about the peculiar format of option 120, so you can just do: dhcp-option=120,192.168.5.1 dnsmasq had no problem with this. Yet to try with the Nokia phone. Despite giving that option in dnsmasq and restarting it, the phone still did not grab a DHCP offer :( ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dnsmasq returns addresses for non-existent hosts - what have I mis-configured?
It looks like your provider has set up a wildcard A record, which is similar to DNS hijacking as a helpful feature to users who miskey a domain name. It's not isolated to you: mugenshi:etc x10$ host ghijk.isbd.net ghijk.isbd.net has address 195.74.61.93 ghijk.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. You could check Gradwell's support pages, but I doubt there is an option to shut it off, since the DNS is published this way. It's a publication problem/feature, not a bug in dnsmasq. Dnsmasq does have a a bogus-nxdomain option, which you give some IP addresses and those addresses are translated into NXDOMAIN non- existent domain responses. However, if isbd.net (without leading characters) is actually a useful server to you, this solution is not viable because the valid use shares the same IP as the bogus responses. Perette On 2009年11月08日, at 7:08, Chris G wrote: I have dnsmasq working quite happily on a Ubuntu Server 9.10 system providing dns for my small SoHo network. I have just noticed however that if I ask for the address of a non-existent name dnsmasq returns the name of one of my hosting service's machines. It always returns the same address for any non-existent name, e.g.:- chris$ host abcde.isbd.net abcde.isbd.net has address 195.74.61.93 abcde.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. chris$ host xyz xyz.isbd.net has address 195.74.61.93 xyz.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. chris$ host xyz.isbd.net xyz.isbd.net has address 195.74.61.93 xyz.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. I have isbd.net and isbd.co.uk hosted at Gradwell so I do have a connection with them. In fact things are becoming clearer now, 195.74.61.93 is the (quite correct) address returned when you look up isbd.net. So, how can I prevent dnsmasq from returning the parent domain address when I look up anyOldRubbish.isbd.net ? Presumably it can't find the name locally and sends off the request to the upstream name server which (sort of correctly) returns 195.74.61.93. However it means that if I mis-type a name or if one of my machines dies then I may not notice immediately because DNS still succeeds. -- Chris Green ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] server=... remote reverse DNS fails
I have a local dnsmasq and another one connected via VPN. The local names and DHCP'ed IP addresses resolve at each place. Each is set up to refer to the other's forward and reverse zone. It seems to work fully going one way, but only for the forward zone from the other. Cast of Characters: +-+ 192.168.8.97 Chestnut.pirate.lan, slamd64 [1] 12.2 192.168.4.9gazoo.lan, openwrt Kamikaze 8.09.1 (brcm-2.4) 192.168.4.173 sip.gazoo.lan, Sipura SPA-2000 192.168.3.1Chestnut's OpenVPN IP (the server) 192.168.3.8gazoo's VPN IP Routing works. Chestnut is the openvpn server, and hosts in gazoo.lan can get to pirate.lan hosts and to other openvpn clients elsewhere. I noticed the problem when setting up gazoo and sip to do remote syslog to chestnut; gazoo appears in logs as gazoo, sip by IP. Testing from a host in pirate.lan: $ host 192.168.4.173 Host 173.4.168.192.in-addr.arpa. not found: 3(NXDOMAIN) $ host 192.168.4.173 192.168.4.9 Using domain server: Name: 192.168.4.9 Address: 192.168.4.9#53 Aliases: 173.4.168.192.in-addr.arpa domain name pointer sip.gazoo.lan. $ host sip.gazoo.lan. sip.lan has address 192.168.4.173 The dnsmasq.d directory on chestnut.pirate.lan has a file gazoo, with this: server=/gazoo.lan/192.168.3.8 server=/4.168.192.in-addr.arpa/192.168.3.8 192.168.3.8 is the VPN IP address for the remote dnsmasq, which is a/k/a 192.168.4.9 . The gazoo.lan names resolve, but reverse doesn't work, and test results are the same with either of the VPN or LAN IP addresses. Continuing tests, we see that both forward and reverse work from the other side: $ host 192.168.8.172 172.8.168.192.in-addr.arpa domain name pointer Wii.pirate.lan. $ host 192.168.8.172 192.168.4.9 Using domain server: Name: 192.168.4.9 Address: 192.168.4.9#53 Aliases: 172.8.168.192.in-addr.arpa domain name pointer Wii.pirate.lan. $ host Wii.pirate.lan. Wii.pirate.lan has address 192.168.8.172 ws@whn:~$ host Wii.pirate.lan. 192.168.4.9 Using domain server: Name: 192.168.4.9 Address: 192.168.4.9#53 Aliases: Wii.pirate.lan has address 192.168.8.172 The dnsmasq which is not working properly, Slamd64 12.2: root@chestnut:~# dnsmasq --version Dnsmasq version 2.46 Copyright (C) 2000-2008 Simon Kelley Compile time options IPv6 GNU-getopt no-DBus I18N TFTP The one which is working, openwrt Kamikaze 8.09.1: root@gazoo:~# dnsmasq --version Dnsmasq version 2.47 Copyright (C) 2000-2009 Simon Kelley Compile time options IPv6 GNU-getopt no-DBus no-I18N TFTP I'll try upgrading and report back if that helps. Oh, here's another test: $ dig -x +trace 192.168.4.173 ; DiG 9.4.2-P2 -x +trace 192.168.4.173 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 28788 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;+trace.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: in-addr.arpa. 10800 IN SOA A.ROOT-SERVERS.NET. dns-ops.ARIN.NET. 2009110804 1800 900 691200 10800 ;; Query time: 166 msec ;; SERVER: 192.168.8.97#53(192.168.8.97) ;; WHEN: Sun Nov 8 15:45:37 2009 ;; MSG SIZE rcvd: 104 ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 31979 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;192.168.4.173. IN A ;; ANSWER SECTION: 192.168.4.173. 7200IN A 192.168.4.173 ;; Query time: 2 msec ;; SERVER: 192.168.8.97#53(192.168.8.97) ;; WHEN: Sun Nov 8 15:45:37 2009 ;; MSG SIZE rcvd: 47 Note, all of these tests were done from clients on the pirate.lan side. ATM there's no dig(1) on the gazoo.lan side, and gazoo itself lacks storage capacity to install it. (The busybox implementation of nslookup(1) is even worse than BIND's.) I think the directed queries Curious that there would be an A query and answer. Using ptr for the in-addr.arpa. name rather than -x, it appears to be ignoring the server declaration for the reverse zone: $ dig +trace 173.4.168.192.in-addr.arpa. ptr ; DiG 9.4.2-P2 +trace 173.4.168.192.in-addr.arpa. ptr ;; global options: printcmd . 372212 IN NS G.ROOT-SERVERS.NET. . 372212 IN NS B.ROOT-SERVERS.NET. . 372212 IN NS A.ROOT-SERVERS.NET. . 372212 IN NS F.ROOT-SERVERS.NET. . 372212 IN NS I.ROOT-SERVERS.NET. . 372212 IN NS C.ROOT-SERVERS.NET. . 372212 IN NS H.ROOT-SERVERS.NET. . 372212 IN NS M.ROOT-SERVERS.NET. . 372212 IN NS J.ROOT-SERVERS.NET. . 372212 IN NS L.ROOT-SERVERS.NET. . 372212 IN NS D.ROOT-SERVERS.NET. . 372212 IN NS K.ROOT-SERVERS.NET. . 372212 IN NS
