Re: [Dnsmasq-discuss] DNS refused when internet is down
On Mon, Dec 14, 2020 at 06:51:18AM +0100, Duncan Webb wrote: $ host s3 s3.example.net has address 10.99.0.103 Host s3.example.net not found: 5(REFUSED) Host s3.example.net not found: 5(REFUSED) well, if this is the problem, you have already posted the answer below... dig noes not report an error. $ dig +short s3 @10.99.0.1 10.99.0.103 Also check_dns nagios plugin reports and error that it cannot resolve the address. the question is: how you run check_dns? ...it has syntax a bit different from other check_* monitoring plugins. On 14/12/2020 08:25, Geert Stappers wrote: At which device was the `host s3` executed? At which device was the `dig +short s3 @10.99.0.1` executed? On 14.12.20 11:07, Duncan Webb wrote: By device to you mean host? If so then all the requests were executed from a workstation 10.99.0.210 Why not `host s3 10.99.0.1` for better comparison? The "host -d s3" command was also run. When the internet was connected this following was seen: as you can see, if you run "host" without "-t" option, it by default queries for "a", "" and "mx" records the "a" is apparently processes by dnsmasq which returns locally configured name. the "" and "mx" queries are forwarded, if possible, otherwise dnsmasq returns refused. the "" can be set by providing ipv6 address of host in /etc/hosts (I don't know if/how to disable response for a host) the "mx" can be worked around by using -e, --selfmx, -L, --localmx options. you should be able to disable forwarding for a domain by using "--auth-zone" option, in which case dnsmasq will apparently return NODATA/NXDOMAIN. $ host -d s3 ;; QUESTION SECTION: ;s3.example.net. IN A ;; ANSWER SECTION: s3.example.net. 1 IN A 10.99.0.103 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39237 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;s3.example.net. IN ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63206 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;s3.example.net. IN MX When disconnected from the internet then this was the result $ host -d s3 ;; QUESTION SECTION: ;s3.example.net. IN A ;; ANSWER SECTION: s3.example.net. 1 IN A 10.99.0.103 Trying "s3.example.net" Host s3.example.net not found: 5(REFUSED) Trying "s3.example.net" Host s3.example.net not found: 5(REFUSED) I didn't try the command "host s3 10.99.0.1". -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
On 14/12/2020 08:25, Geert Stappers wrote: On Mon, Dec 14, 2020 at 06:51:18AM +0100, Duncan Webb wrote: On 05/12/2020 15:01, Geert Stappers wrote: On Sat, Dec 05, 2020 at 11:21:19AM +0100, Duncan Webb wrote: On 02/12/2020 15:03, Geert Stappers wrote: On Wed, Dec 02, 2020 at 02:45:04PM +0100, Matus UHLAR - fantomas wrote: . but for now get proper message from proper command. And add information at which network component it is. What do you mean? That just copy-and-paste the command and the output from somewhere in a ((too? complex?) network is useless. That proper message from proper command should be provided with additional information on which device (a.k.a. network component) it was executed. Do you mean this? /usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts --listen-address=192.168.0.254 --listen-address=10.99.2.1 --listen-address=10.99.0.1 --listen-address=10.99.128.1 --listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces --server=/example.net/10.99.0.1 --server=/opcase1.private/10.99.144.1 --server=/144.99.10.in-addr.arpa/10.99.144.1 --log-queries=extra --dns-forward-max=5000 --cache-size=1 --local-ttl=1 --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf . "Works for me" Here too today, OK next is to add some .conf files and see if an option causes the refused message. I suspect that it is no-negcache that got removed after an upgrade of the firewall software. First is to check the syntax of the conf files. I did some more tests this weekend and when testing host returns this $ host s3 s3.example.net has address 10.99.0.103 Host s3.example.net not found: 5(REFUSED) Host s3.example.net not found: 5(REFUSED) dig noes not report an error. $ dig +short s3 @10.99.0.1 10.99.0.103 Also check_dns nagios plugin reports and error that it cannot resolve the address. At this stage there are no *.conf Thanks and kind regards, Duncan At which device was the `host s3` executed? At which device was the `dig +short s3 @10.99.0.1` executed? By device to you mean host? If so then all the requests were executed from a workstation 10.99.0.210 Why not `host s3 10.99.0.1` for better comparison? The "host -d s3" command was also run. When the internet was connected this following was seen: $ host -d s3 Trying "s3.example.net" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57543 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;s3.example.net. IN A ;; ANSWER SECTION: s3.example.net. 1 IN A 10.99.0.103 Received 49 bytes from 10.99.0.1#53 in 0 ms Trying "s3.example.net" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39237 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;s3.example.net. IN Received 33 bytes from 10.99.0.1#53 in 6 ms Trying "s3.example.net" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63206 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;s3.example.net. IN MX Received 33 bytes from 10.99.0.1#53 in 6 ms When disconnected from the internet then this was the result $ host -d s3 Trying "s3.example.net" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42726 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;s3.example.net. IN A ;; ANSWER SECTION: s3.example.net. 1 IN A 10.99.0.103 Received 49 bytes from 10.99.0.1#53 in 0 ms Trying "s3.example.net" Host s3.example.net not found: 5(REFUSED) Received 33 bytes from 10.99.0.1#53 in 0 ms Trying "s3.example.net" Host s3.example.net not found: 5(REFUSED) Received 33 bytes from 10.99.0.1#53 in 0 ms I didn't try the command "host s3 10.99.0.1". Many thank and kind regards, Duncan ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
On Mon, Dec 14, 2020 at 06:51:18AM +0100, Duncan Webb wrote: > On 05/12/2020 15:01, Geert Stappers wrote: > > On Sat, Dec 05, 2020 at 11:21:19AM +0100, Duncan Webb wrote: > > > On 02/12/2020 15:03, Geert Stappers wrote: > > > > On Wed, Dec 02, 2020 at 02:45:04PM +0100, Matus UHLAR - fantomas wrote: > > . > > > > > but for now get proper message from proper command. > > > > And add information at which network component it is. > > > What do you mean? > > That just copy-and-paste the command and the output > > from somewhere in a ((too? complex?) network is useless. > > > > That proper message from proper command should be provided > > with additional information on which device (a.k.a. network component) > > it was executed. > > Do you mean this? > > /usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts > --listen-address=192.168.0.254 --listen-address=10.99.2.1 > --listen-address=10.99.0.1 --listen-address=10.99.128.1 > --listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces > --server=/example.net/10.99.0.1 --server=/opcase1.private/10.99.144.1 > --server=/144.99.10.in-addr.arpa/10.99.144.1 --log-queries=extra > --dns-forward-max=5000 --cache-size=1 --local-ttl=1 > --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf > > >. > > > > "Works for me" > > > Here too today, > > OK > > > > > > > next is to add some .conf files and see if an option causes > > > the refused message. I suspect that it is no-negcache that got removed > > > after > > > an upgrade of the firewall software. > > > First is to check the syntax of the conf files. > > I did some more tests this weekend and when > testing host returns this > > $ host s3 > s3.example.net has address 10.99.0.103 > Host s3.example.net not found: 5(REFUSED) > Host s3.example.net not found: 5(REFUSED) > > dig noes not report an error. > > $ dig +short s3 @10.99.0.1 > 10.99.0.103 > > Also check_dns nagios plugin reports and error that it cannot resolve the > address. > > At this stage there are no *.conf > > Thanks and kind regards, > Duncan At which device was the `host s3` executed? At which device was the `dig +short s3 @10.99.0.1` executed? Why not `host s3 10.99.0.1` for better comparison? Regards Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
On 05/12/2020 15:01, Geert Stappers wrote: On Sat, Dec 05, 2020 at 11:21:19AM +0100, Duncan Webb wrote: On 02/12/2020 15:03, Geert Stappers wrote: On Wed, Dec 02, 2020 at 02:45:04PM +0100, Matus UHLAR - fantomas wrote: . but for now get proper message from proper command. And add information at which network component it is. What do you mean? That just copy-and-paste the command and the output from somewhere in a ((too? complex?) network is useless. That proper message from proper command should be provided with additional information on which device (a.k.a. network component) it was executed. Do you mean this? /usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts --listen-address=192.168.0.254 --listen-address=10.99.2.1 --listen-address=10.99.0.1 --listen-address=10.99.128.1 --listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces --server=/example.net/10.99.0.1 --server=/opcase1.private/10.99.144.1 --server=/144.99.10.in-addr.arpa/10.99.144.1 --log-queries=extra --dns-forward-max=5000 --cache-size=1 --local-ttl=1 --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf . "Works for me" Here too today, OK next is to add some .conf files and see if an option causes the refused message. I suspect that it is no-negcache that got removed after an upgrade of the firewall software. First is to check the syntax of the conf files. I did some more tests this weekend (difficult during the week) and when testing host returns this $ host s3 s3.example.net has address 10.99.0.103 Host s3.example.net not found: 5(REFUSED) Host s3.example.net not found: 5(REFUSED) dig noes not report an error. $ dig +short s3 @10.99.0.1 10.99.0.103 Also check_dns nagios plugin reports and error that it cannot resolve the address. At this stage there are no *.conf Thanks and kind regards, Duncan ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
On Sat, Dec 05, 2020 at 11:21:19AM +0100, Duncan Webb wrote: > On 02/12/2020 15:03, Geert Stappers wrote: > > On Wed, Dec 02, 2020 at 02:45:04PM +0100, Matus UHLAR - fantomas wrote: . > > > but for now get proper message from proper command. > > And add information at which network component it is. > What do you mean? That just copy-and-paste the command and the output from somewhere in a ((too? complex?) network is useless. That proper message from proper command should be provided with additional information on which device (a.k.a. network component) it was executed. . > > "Works for me" > > Here too today, OK > next is to add some .conf files and see if an option causes > the refused message. I suspect that it is no-negcache that got removed after > an upgrade of the firewall software. > First is to check the syntax of the conf files. > > Thanks and kind regards, > Duncan Regards Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
On 02/12/2020 15:03, Geert Stappers wrote: On Wed, Dec 02, 2020 at 02:45:04PM +0100, Matus UHLAR - fantomas wrote: On 11/25/2020 9:31 AM, Duncan Webb wrote: When the internet is down for some external reason nslookup is returning "Connection to DNS 10.0.0.1 was refused" when looking up a host on the LAN that has its IP from DHCP. Both DHCP and DNS are provided by dnsmasq. Is this the expected behaviour or a misconfiguration? On Wed, Nov 25, 2020 at 10:44:34AM +0100, john doe wrote: No, this is not the expected behavior. On 26/11/2020 08:31, Geert Stappers wrote: Also my first impression, on second thought: "It could be" ... We can not say where the issue lies with the little information you have provided. So please make your problem an interesting challenge for the ML ;-) On 01.12.20 09:32, Duncan Webb wrote: The problem can be reproduced by disconnecting the cable to the ADSL router. As soon as the cable is removed then a nslookup will return a "Connection to DNS 10.0.0.1 was refused" reply for every query. On 01/12/2020 10:24, Matus UHLAR - fantomas wrote: which server does 10.0.0.1 belong to? apparently not to your router, as I don't see this address as argument to --listen-address. On 01.12.20 10:52, Duncan Webb wrote: Sorry this was a typo should have been 10.99.0.1 (can't pull that cable out at the moment to get the exact message) is 10.99.0.1 your external IP address? I guess you'll need the exact error message. Also you should use "host" instead of "nslookup", because there are different nslookup implementations, when some provide non-sensical error messages (might be your case). I would expect that hosts on the LAN that have been provided an IP address from the dnsmasq DHCP server to resolve. hosts on the lan should be resolved by dnsmasq, but unreachable address can't resolve them. The configuration is all on the command line and this is /usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts --listen-address=192.168.0.254 --listen-address=10.99.2.1 --listen-address=10.99.0.1 --listen-address=10.99.128.1 --listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces --server=/example.net/10.99.0.1 --server=/opcase.private/10.99.130.1 --server=/130.99.10.in-addr.arpa/10.99.130.1 --server=/opcase1.private/10.99.144.1 --server=/144.99.10.in-addr.arpa/10.99.144.1 --dns-forward-max=5000 --cache-size=1 --local-ttl=1 --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf I don't think that the options --server=/opcase.private/10.99.130.1 where the server is offline could be causing this but for completeness both the servers 10.99.130.1 and 10.99.144.1 are offline. The --conf-dir directory has no .conf files. The firewall is OPNsense which based on BSD and I don't think this is relevant to this specific problem. btw, the firewall may cause different behaviour when the external link is down. but for now get proper message from proper command. And add information at which network component it is. What do you mean? example.net is not the real domain. The contents of /var/etc/dnsmasq-hosts contains lines like this: 10.99.0.201 w1.example.net w1 10.99.0.202 w2.example.net w2 10.99.0.203 w3.example.net w3 It is these addresses that I would expect to be resolved. "Works for me" Here too today, next is to add some .conf files and see if an option causes the refused message. I suspect that it is no-negcache that got removed after an upgrade of the firewall software. First is to check the syntax of the conf files. Thanks and kind regards, Duncan ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
On 02/12/2020 14:45, Matus UHLAR - fantomas wrote: On 11/25/2020 9:31 AM, Duncan Webb wrote: When the internet is down for some external reason nslookup is returning "Connection to DNS 10.0.0.1 was refused" when looking up a host on the LAN that has its IP from DHCP. Both DHCP and DNS are provided by dnsmasq. Is this the expected behaviour or a misconfiguration? On Wed, Nov 25, 2020 at 10:44:34AM +0100, john doe wrote: No, this is not the expected behavior. On 26/11/2020 08:31, Geert Stappers wrote: Also my first impression, on second thought: "It could be" ... We can not say where the issue lies with the little information you have provided. So please make your problem an interesting challenge for the ML ;-) On 01.12.20 09:32, Duncan Webb wrote: The problem can be reproduced by disconnecting the cable to the ADSL router. As soon as the cable is removed then a nslookup will return a "Connection to DNS 10.0.0.1 was refused" reply for every query. On 01/12/2020 10:24, Matus UHLAR - fantomas wrote: which server does 10.0.0.1 belong to? apparently not to your router, as I don't see this address as argument to --listen-address. On 01.12.20 10:52, Duncan Webb wrote: Sorry this was a typo should have been 10.99.0.1 (can't pull that cable out at the moment to get the exact message) is 10.99.0.1 your external IP address? This is the LAN address of the Firewall, the WAN address is the external address. I guess you'll need the exact error message. Also you should use "host" instead of "nslookup", because there are different nslookup implementations, when some provide non-sensical error messages (might be your case). Thanks I have noticed differences between host and nslookup. I would expect that hosts on the LAN that have been provided an IP address from the dnsmasq DHCP server to resolve. hosts on the lan should be resolved by dnsmasq, but unreachable address can't resolve them. The configuration is all on the command line and this is /usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts --listen-address=192.168.0.254 --listen-address=10.99.2.1 --listen-address=10.99.0.1 --listen-address=10.99.128.1 --listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces --server=/example.net/10.99.0.1 --server=/opcase.private/10.99.130.1 --server=/130.99.10.in-addr.arpa/10.99.130.1 --server=/opcase1.private/10.99.144.1 --server=/144.99.10.in-addr.arpa/10.99.144.1 --dns-forward-max=5000 --cache-size=1 --local-ttl=1 --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf I don't think that the options --server=/opcase.private/10.99.130.1 where the server is offline could be causing this but for completeness both the servers 10.99.130.1 and 10.99.144.1 are offline. The --conf-dir directory has no .conf files. The firewall is OPNsense which based on BSD and I don't think this is relevant to this specific problem. btw, the firewall may cause different behaviour when the external link is down. but for now get proper message from proper command. Today I cannot reproduce the error. This could be because the Firewall software was updated a couple of weeks ago and the settings for dnsmasq have changed. There used to be a text box for additional options and this has now gone so the additional settings have also been removed. The settings were mostly srv-host options and the other was no-negcache. Could it be that removing no-negcache has changed the behaviour. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
On Wed, Dec 02, 2020 at 02:45:04PM +0100, Matus UHLAR - fantomas wrote: > > > > > > On 11/25/2020 9:31 AM, Duncan Webb wrote: > > > > > > > When the internet is down for some external reason > > > > > > > nslookup is returning > > > > > > > "Connection to DNS 10.0.0.1 was refused" when > > > > > > > looking up a host on the > > > > > > > LAN that has its IP from DHCP. Both DHCP and DNS are > > > > > > > provided by dnsmasq. > > > > > > > > > > > > > > Is this the expected behaviour or a misconfiguration? > > > > > > > > On Wed, Nov 25, 2020 at 10:44:34AM +0100, john doe wrote: > > > > > > No, this is not the expected behavior. > > > > > > > On 26/11/2020 08:31, Geert Stappers wrote: > > > > > Also my first impression, on second thought: "It could be" ... > > > > > > > > > We can not say > > > > > > where the issue lies with the little information you have provided. > > > > > > > > So please make your problem an interesting challenge for the ML ;-) > > > > > > On 01.12.20 09:32, Duncan Webb wrote: > > > > The problem can be reproduced by disconnecting the cable to the > > > > ADSL router. As soon as the cable is removed then a nslookup > > > > will return a "Connection to DNS 10.0.0.1 was refused" reply for > > > > every query. > > > On 01/12/2020 10:24, Matus UHLAR - fantomas wrote: > > > which server does 10.0.0.1 belong to? apparently not to your router, as > > > I don't see this address as argument to --listen-address. > > On 01.12.20 10:52, Duncan Webb wrote: > > Sorry this was a typo should have been 10.99.0.1 (can't pull that cable > > out at the moment to get the exact message) > > is 10.99.0.1 your external IP address? > > I guess you'll need the exact error message. > > Also you should use "host" instead of "nslookup", because there are > different nslookup implementations, when some provide non-sensical error > messages (might be your case). > > > > > I would expect that hosts on the LAN that have been provided an > > > > IP address from the dnsmasq DHCP server to resolve. > > > > > > hosts on the lan should be resolved by dnsmasq, but unreachable address > > > can't resolve them. > > > > > > > The configuration is all on the command line and this is > > > > > > > > /usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts > > > > --listen-address=192.168.0.254 --listen-address=10.99.2.1 > > > > --listen-address=10.99.0.1 --listen-address=10.99.128.1 > > > > --listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces > > > > --server=/example.net/10.99.0.1 --server=/opcase.private/10.99.130.1 > > > > --server=/130.99.10.in-addr.arpa/10.99.130.1 > > > > --server=/opcase1.private/10.99.144.1 > > > > --server=/144.99.10.in-addr.arpa/10.99.144.1 --dns-forward-max=5000 > > > > --cache-size=1 --local-ttl=1 > > > > --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf > > > > > > > > I don't think that the options > > > > --server=/opcase.private/10.99.130.1 where the server is offline > > > > could be causing this but for completeness both the servers > > > > 10.99.130.1 and 10.99.144.1 are offline. > > > > > > > > The --conf-dir directory has no .conf files. > > > > > > > > The firewall is OPNsense which based on BSD and I don't think > > > > this is relevant to this specific problem. > > btw, > the firewall may cause different behaviour when the external link is down. > but for now get proper message from proper command. And add information at which network component it is. > > > > example.net is not the real domain. The contents of > > > > /var/etc/dnsmasq-hosts contains lines like this: > > > > > > > > 10.99.0.201 w1.example.net w1 > > > > 10.99.0.202 w2.example.net w2 > > > > 10.99.0.203 w3.example.net w3 > > > > > > > > It is these addresses that I would expect to be resolved. "Works for me" Regards Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
On 11/25/2020 9:31 AM, Duncan Webb wrote: When the internet is down for some external reason nslookup is returning "Connection to DNS 10.0.0.1 was refused" when looking up a host on the LAN that has its IP from DHCP. Both DHCP and DNS are provided by dnsmasq. Is this the expected behaviour or a misconfiguration? On Wed, Nov 25, 2020 at 10:44:34AM +0100, john doe wrote: No, this is not the expected behavior. On 26/11/2020 08:31, Geert Stappers wrote: Also my first impression, on second thought: "It could be" ... We can not say where the issue lies with the little information you have provided. So please make your problem an interesting challenge for the ML ;-) On 01.12.20 09:32, Duncan Webb wrote: The problem can be reproduced by disconnecting the cable to the ADSL router. As soon as the cable is removed then a nslookup will return a "Connection to DNS 10.0.0.1 was refused" reply for every query. On 01/12/2020 10:24, Matus UHLAR - fantomas wrote: which server does 10.0.0.1 belong to? apparently not to your router, as I don't see this address as argument to --listen-address. On 01.12.20 10:52, Duncan Webb wrote: Sorry this was a typo should have been 10.99.0.1 (can't pull that cable out at the moment to get the exact message) is 10.99.0.1 your external IP address? I guess you'll need the exact error message. Also you should use "host" instead of "nslookup", because there are different nslookup implementations, when some provide non-sensical error messages (might be your case). I would expect that hosts on the LAN that have been provided an IP address from the dnsmasq DHCP server to resolve. hosts on the lan should be resolved by dnsmasq, but unreachable address can't resolve them. The configuration is all on the command line and this is /usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts --listen-address=192.168.0.254 --listen-address=10.99.2.1 --listen-address=10.99.0.1 --listen-address=10.99.128.1 --listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces --server=/example.net/10.99.0.1 --server=/opcase.private/10.99.130.1 --server=/130.99.10.in-addr.arpa/10.99.130.1 --server=/opcase1.private/10.99.144.1 --server=/144.99.10.in-addr.arpa/10.99.144.1 --dns-forward-max=5000 --cache-size=1 --local-ttl=1 --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf I don't think that the options --server=/opcase.private/10.99.130.1 where the server is offline could be causing this but for completeness both the servers 10.99.130.1 and 10.99.144.1 are offline. The --conf-dir directory has no .conf files. The firewall is OPNsense which based on BSD and I don't think this is relevant to this specific problem. btw, the firewall may cause different behaviour when the external link is down. but for now get proper message from proper command. example.net is not the real domain. The contents of /var/etc/dnsmasq-hosts contains lines like this: 10.99.0.201 w1.example.net w1 10.99.0.202 w2.example.net w2 10.99.0.203 w3.example.net w3 It is these addresses that I would expect to be resolved. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Due to unexpected conditions Windows 2000 will be released in first quarter of year 1901 ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
On 01/12/2020 10:24, Matus UHLAR - fantomas wrote: On 11/25/2020 9:31 AM, Duncan Webb wrote: When the internet is down for some external reason nslookup is returning "Connection to DNS 10.0.0.1 was refused" when looking up a host on the LAN that has its IP from DHCP. Both DHCP and DNS are provided by dnsmasq. Is this the expected behaviour or a misconfiguration? On Wed, Nov 25, 2020 at 10:44:34AM +0100, john doe wrote: No, this is not the expected behavior. On 26/11/2020 08:31, Geert Stappers wrote: Also my first impression, on second thought: "It could be" ... We can not say where the issue lies with the little information you have provided. So please make your problem an interesting challenge for the ML ;-) On 01.12.20 09:32, Duncan Webb wrote: The problem can be reproduced by disconnecting the cable to the ADSL router. As soon as the cable is removed then a nslookup will return a "Connection to DNS 10.0.0.1 was refused" reply for every query. which server does 10.0.0.1 belong to? apparently not to your router, as I don't see this address as argument to --listen-address. Sorry this was a typo should have been 10.99.0.1 (can't pull that cable out at the moment to get the exact message) I would expect that hosts on the LAN that have been provided an IP address from the dnsmasq DHCP server to resolve. hosts on the lan should be resolved by dnsmasq, but unreachable address can't resolve them. The configuration is all on the command line and this is /usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts --listen-address=192.168.0.254 --listen-address=10.99.2.1 --listen-address=10.99.0.1 --listen-address=10.99.128.1 --listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces --server=/example.net/10.99.0.1 --server=/opcase.private/10.99.130.1 --server=/130.99.10.in-addr.arpa/10.99.130.1 --server=/opcase1.private/10.99.144.1 --server=/144.99.10.in-addr.arpa/10.99.144.1 --dns-forward-max=5000 --cache-size=1 --local-ttl=1 --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf I don't think that the options --server=/opcase.private/10.99.130.1 where the server is offline could be causing this but for completeness both the servers 10.99.130.1 and 10.99.144.1 are offline. The --conf-dir directory has no .conf files. The firewall is OPNsense which based on BSD and I don't think this is relevant to this specific problem. example.net is not the real domain. The contents of /var/etc/dnsmasq-hosts contains lines like this: 10.99.0.201 w1.example.net w1 10.99.0.202 w2.example.net w2 10.99.0.203 w3.example.net w3 It is these addresses that I would expect to be resolved. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
On 11/25/2020 9:31 AM, Duncan Webb wrote: When the internet is down for some external reason nslookup is returning "Connection to DNS 10.0.0.1 was refused" when looking up a host on the LAN that has its IP from DHCP. Both DHCP and DNS are provided by dnsmasq. Is this the expected behaviour or a misconfiguration? On Wed, Nov 25, 2020 at 10:44:34AM +0100, john doe wrote: No, this is not the expected behavior. On 26/11/2020 08:31, Geert Stappers wrote: Also my first impression, on second thought: "It could be" ... We can not say where the issue lies with the little information you have provided. So please make your problem an interesting challenge for the ML ;-) On 01.12.20 09:32, Duncan Webb wrote: The problem can be reproduced by disconnecting the cable to the ADSL router. As soon as the cable is removed then a nslookup will return a "Connection to DNS 10.0.0.1 was refused" reply for every query. which server does 10.0.0.1 belong to? apparently not to your router, as I don't see this address as argument to --listen-address. I would expect that hosts on the LAN that have been provided an IP address from the dnsmasq DHCP server to resolve. hosts on the lan should be resolved by dnsmasq, but unreachable address can't resolve them. The configuration is all on the command line and this is /usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts --listen-address=192.168.0.254 --listen-address=10.99.2.1 --listen-address=10.99.0.1 --listen-address=10.99.128.1 --listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces --server=/example.net/10.99.0.1 --server=/opcase.private/10.99.130.1 --server=/130.99.10.in-addr.arpa/10.99.130.1 --server=/opcase1.private/10.99.144.1 --server=/144.99.10.in-addr.arpa/10.99.144.1 --dns-forward-max=5000 --cache-size=1 --local-ttl=1 --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf I don't think that the options --server=/opcase.private/10.99.130.1 where the server is offline could be causing this but for completeness both the servers 10.99.130.1 and 10.99.144.1 are offline. The --conf-dir directory has no .conf files. The firewall is OPNsense which based on BSD and I don't think this is relevant to this specific problem. example.net is not the real domain. The contents of /var/etc/dnsmasq-hosts contains lines like this: 10.99.0.201 w1.example.net w1 10.99.0.202 w2.example.net w2 10.99.0.203 w3.example.net w3 It is these addresses that I would expect to be resolved. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside... ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
Humble apologies for my poor post and thank you for the better posting tips. I have searched for similar problems but haven't found any. On 26/11/2020 08:31, Geert Stappers wrote: On Wed, Nov 25, 2020 at 10:44:34AM +0100, john doe wrote: On 11/25/2020 9:31 AM, Duncan Webb wrote: Dear all, When the internet is down for some external reason nslookup is returning "Connection to DNS 10.0.0.1 was refused" when looking up a host on the LAN that has its IP from DHCP. Both DHCP and DNS are provided by dnsmasq. Is this the expected behaviour or a misconfiguration? No, this is not the expected behavior. Also my first impression, on second thought: "It could be" ... We can not say where the issue lies with the little information you have provided. So please make your problem an interesting challenge for the ML ;-) The problem can be reproduced by disconnecting the cable to the ADSL router. As soon as the cable is removed then a nslookup will return a "Connection to DNS 10.0.0.1 was refused" reply for every query. I would expect that hosts on the LAN that have been provided an IP address from the dnsmasq DHCP server to resolve. The configuration is all on the command line and this is /usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts --listen-address=192.168.0.254 --listen-address=10.99.2.1 --listen-address=10.99.0.1 --listen-address=10.99.128.1 --listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces --server=/example.net/10.99.0.1 --server=/opcase.private/10.99.130.1 --server=/130.99.10.in-addr.arpa/10.99.130.1 --server=/opcase1.private/10.99.144.1 --server=/144.99.10.in-addr.arpa/10.99.144.1 --dns-forward-max=5000 --cache-size=1 --local-ttl=1 --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf I don't think that the options --server=/opcase.private/10.99.130.1 where the server is offline could be causing this but for completeness both the servers 10.99.130.1 and 10.99.144.1 are offline. The --conf-dir directory has no .conf files. The firewall is OPNsense which based on BSD and I don't think this is relevant to this specific problem. example.net is not the real domain. The contents of /var/etc/dnsmasq-hosts contains lines like this: 10.99.0.201 w1.example.net w1 10.99.0.202 w2.example.net w2 10.99.0.203 w3.example.net w3 It is these addresses that I would expect to be resolved. Thank you Duncan ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
On Wed, Nov 25, 2020 at 10:44:34AM +0100, john doe wrote: > On 11/25/2020 9:31 AM, Duncan Webb wrote: > > Dear all, > > > > When the internet is down for some external reason nslookup is returning > > "Connection to DNS 10.0.0.1 was refused" when looking up a host on the > > LAN that has its IP from DHCP. Both DHCP and DNS are provided by dnsmasq. > > > > Is this the expected behaviour or a misconfiguration? > > > > No, this is not the expected behavior. Also my first impression, on second thought: "It could be" ... > We can not say > where the issue lies with the little information you have provided. So please make your problem an interesting challenge for the ML ;-) Regards Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNS refused when internet is down
On 11/25/2020 9:31 AM, Duncan Webb wrote: Dear all, When the internet is down for some external reason nslookup is returning "Connection to DNS 10.0.0.1 was refused" when looking up a host on the LAN that has its IP from DHCP. Both DHCP and DNS are provided by dnsmasq. Is this the expected behaviour or a misconfiguration? No, this is not the expected behavior. We can not say where the issue lies with the little information you have provided. -- John Doe ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] DNS refused when internet is down
Dear all, When the internet is down for some external reason nslookup is returning "Connection to DNS 10.0.0.1 was refused" when looking up a host on the LAN that has its IP from DHCP. Both DHCP and DNS are provided by dnsmasq. Is this the expected behaviour or a misconfiguration? TIA, Duncan ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss