Re: [Dnsmasq-discuss] No more random source port
Hi Albert, 2017-03-21 22:47 UTC+02.00, Albert ARIBAUD: > > I can't see why your dnsmasq would only use one port. This would be the > behavior for -Q0 (or -Q45807, but your dnsmasq does not have this option > in its command line. > I took in the source package and added some log entries (from syslog): Mar 20 22:11:59 risto-Macmini dnsmasq[30248]: main: port=53 Mar 20 22:11:59 risto-Macmini dnsmasq[30248]: pre_allocate_sfds: query_port=0 Mar 20 22:11:59 risto-Macmini dnsmasq[30248]: started, version 2.75 cache disabled Mar 20 22:11:59 risto-Macmini dnsmasq[30248]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify Mar 20 22:11:59 risto-Macmini dnsmasq[30248]: DBus support enabled: connected to system bus Mar 20 22:11:59 risto-Macmini dnsmasq[30248]: warning: no upstream servers configured Mar 20 22:12:00 risto-Macmini dnsmasq[30248]: setting upstream servers from DBus Mar 20 22:12:00 risto-Macmini dnsmasq[30248]: check_servers: flags=90 Mar 20 22:12:00 risto-Macmini dnsmasq[30248]: check_servers: sfd=(nil) (before) Mar 20 22:12:00 risto-Macmini dnsmasq[30248]: check_servers: sfd=0x555fbb7955a0 (after) Mar 20 22:12:00 risto-Macmini dnsmasq[30248]: using nameserver 8.8.8.8#53(via eth0) This shows that the 'sfd' is allocated in function 'check_servers' (in file 'network.c'). This file descriptor is used later to send the forwarded queries. It can be seen in 'netstat -ln --inet': udp0 0 0.0.0.0:45807 0.0.0.0:* > Did you check apparmor or SELinux? > No. How should I do that? Risto ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] No more random source port
Hi Simon, 2017-03-23 0:04 UTC+02.00, Simon Kelley: > > This indicates that dnsmasq has been configured to force the packets to > the upstream server via eth0. To do that requires an operation on the > socket which can only be done as root, so the socket has to be > pre-allocated and there's no random source port. > >From the comments in the source code I got the impression that root priviledges are held in pre_allocate_sfds(), but not in check_servers(). The latter is where the socket is allocated. > It looks like dnsmasq is being configured by networkmanager via the > DBus, and I guess it's that which is doing the configuration of the > upstream server. > Yes. And this same seems to happen in at least Lubuntu 14.04 with dnsmasq 2.68 (now 16.04/2.75). But it uses random ports. So, something has changed, if not in dnsmasq, then possibly in NetworkManager. Risto ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Debugging dnsmasq on Ubuntu
Hi Joel, 2017-03-29 17:43 UTC+03.00, Joel Whitehouse: > > Is there any way to get dnsmasq to log when it issues a new query to a > resolver? > You can run tcpdump on upstream interface and port 53. Risto ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] No more random source port
Hi Albert, Thanks for your help so far. 2017-03-20 22:18 UTC+02.00, Albert ARIBAUD: > > So, back to the basics: let's start with a capture of DNS traffic. Can > you run wireshark or tcpdump on your Lubuntu and capture a few requests > for resolution? > Attached a small pcap. What I did: 1) 'host google.com' 2) 'host google.fi' 3) 'host google.com 192.168.1.1' 4) 'host google.fi 192.168.1.1' 1) and 2) go through dnsmasq, and use same source port. In this case I get an answer: this is a different router, a Zyxel. I'll try to make this same test against TP-Link.. Risto dns-01.pcap Description: application/vnd.tcpdump.pcap ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] No more random source port
Ok, no pcap attachments, here is a link, I hope it gets through: https://www.dropbox.com/s/3nfx2kr2kxsw0ud/dns-01.pcap?dl=1 Risto ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] No more random source port
This is the pcap against TP-link: https://www.dropbox.com/s/c1edxlpmar8euvi/dns-02.pcap?dl=1 This time I only did: 1) 'host google.com 192.168.1.1' 2) 'host google.fi 192.168.1.1' The rest of the requests came through dnsmasq, and received no answer. They are repeated forever. Risto ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] No more random source port
2017-03-20 21:05 UTC+02.00, Albert ARIBAUD: > > (I don't see the point of this restruction but hey, that's TP-Link's > choice.) > I might use the word 'bug' instead of 'choice'. > > Ok, so the OS is not limiting the ports per se. > > You said the command line did not change. Which is it exactly? I > usually do a "cat /proc//cmdline | tr '\0' '\n' to make > sure I see the real command line of the running dnsmasq. > /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d Risto ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] No more random source port
Hi Albert, 2017-03-20 20:30 UTC+02.00, Albert ARIBAUD: > > I don't kow about dnsmasq per se, but the range of ports an application > can use is controlled by the kernel -- on my 16.04 Xubuntu, that is > defined by /proc/sys/net/ipv4/ip_local_port_range. Does your system > limit this range? > 32768 60999 > > Not sure what you mean exactly. "Same port" as what? > Same as in previous request. The router is another forwarder for the DNS requests (dnsmasq is the first). To give an example: - $ host xxx 127.0.1.1 -> no response (via dnsmasq to router) - $ host xxx 192.168.1.1 -> response (directly to router) The difference is that 'host' uses varying random source ports, and 'dnsmasq' uses one preallocated random source port. Risto ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] No more random source port
Hi Albert, 2017-03-21 0:03 UTC+02.00, Albert ARIBAUD: > > Source IP is not the same in both pcaps. 1st pcap queries 8.8.8.8 and > 192.168.1.1 from 192.168.1.33, while 2nd pcap queries are from > 192.168.1.100. Can you clarify your network setup? > IP is differerent, but MAC is the same. I'm currently using Zyxel router (pcap 1), because it's working. With TP-Link router (pcap 2) I don't reach the Internet, because of the DNS problem. So, I simply plugged my computer to different routers. In both cases the router's DHCP server gave me IP and DNS addresses, Zyxel: 192.168.1.33 and 8.8.8.8 (its own address is 192.168.1.1). TP-Link: 192.168.1.100 and 192.168.1.1 (its own address). Possibly the problem with TP-Link depends on this behaviour (forwarding DNS requests). (NAT routers typically allocate random ports internally for forwarded requests.) I might change Zyxel's setup so that it gives me its own address as DNS, to see how it behaves in that situation. In TP-Link I have not found a way to do the opposite. Risto ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] No more random source port
Zyxel doesn't have a problem with same source port: https://www.dropbox.com/s/wxdl480hwr39j12/dns-03.pcap?dl=1 Same commands as in pcap-01. Risto ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] No more random source port
Hi, I'm running Lubuntu 16.04 with dnsmasq 2.75-1ubuntu0.16.04.1 under NetworkManager's control. When forwarding DNS requests, dnsmasq uses same source port (per interface) every time. Compared to Ubuntu 14.04 with dnsmasq 2.68-1ubuntu0.1, which used different ports. The command line options for dnsmasq have not changed between these versions, and there is no config file either. So, I wonder, is there some change in dnsmasq itself that could explain this behaviour change? My problem is that my 4G router (TP-Link TL-MR6400) won't answer to the requests coming from same port. Risto ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] No more random source port
Hi, 2017-03-21 16:23 UTC+02.00, /dev/rob0: > > Did you ever show us the contents of this --conf-dir? It could have > a file with "query-port". > -- Good point. I forgot. I did check it, though, and the directory was empty. Risto ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss