Re: [Dnsmasq-discuss] No more random source port

[Risto Suominen]

Hi Albert,

2017-03-21 22:47 UTC+02.00, Albert ARIBAUD :
>
> I can't see why your dnsmasq would only use one port. This would be the
> behavior for -Q0 (or -Q45807, but your dnsmasq does not have this option
> in its command line.
>
I took in the source package and added some log entries (from syslog):

Mar 20 22:11:59 risto-Macmini dnsmasq[30248]: main: port=53
Mar 20 22:11:59 risto-Macmini dnsmasq[30248]: pre_allocate_sfds: query_port=0
Mar 20 22:11:59 risto-Macmini dnsmasq[30248]: started, version 2.75
cache disabled
Mar 20 22:11:59 risto-Macmini dnsmasq[30248]: compile time options:
IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset
auth DNSSEC loop-detect inotify
Mar 20 22:11:59 risto-Macmini dnsmasq[30248]: DBus support enabled:
connected to system bus
Mar 20 22:11:59 risto-Macmini dnsmasq[30248]: warning: no upstream
servers configured
Mar 20 22:12:00 risto-Macmini dnsmasq[30248]: setting upstream servers from DBus
Mar 20 22:12:00 risto-Macmini dnsmasq[30248]: check_servers: flags=90
Mar 20 22:12:00 risto-Macmini dnsmasq[30248]: check_servers: sfd=(nil) (before)
Mar 20 22:12:00 risto-Macmini dnsmasq[30248]: check_servers:
sfd=0x555fbb7955a0 (after)
Mar 20 22:12:00 risto-Macmini dnsmasq[30248]: using nameserver
8.8.8.8#53(via eth0)

This shows that the 'sfd' is allocated in function 'check_servers' (in
file 'network.c'). This file descriptor is used later to send the
forwarded queries. It can be seen in 'netstat -ln --inet':

udp0  0 0.0.0.0:45807   0.0.0.0:*

> Did you check apparmor or SELinux?
>
No. How should I do that?

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

[Risto Suominen]

Hi Simon,

2017-03-23 0:04 UTC+02.00, Simon Kelley :
>
> This indicates that dnsmasq has been configured to force the packets to
> the upstream server via eth0. To do that requires an operation on the
> socket which can only be done as root, so the socket has to be
> pre-allocated and there's no random source port.
>
>From the comments in the source code I got the impression that root
priviledges are held in pre_allocate_sfds(), but not in
check_servers(). The latter is where the socket is allocated.

> It looks like dnsmasq is being configured by networkmanager via the
> DBus, and I guess it's that which is doing the configuration of the
> upstream server.
>
Yes. And this same seems to happen in at least Lubuntu 14.04 with
dnsmasq 2.68 (now 16.04/2.75). But it uses random ports. So, something
has changed, if not in dnsmasq, then possibly in NetworkManager.

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Debugging dnsmasq on Ubuntu

[Risto Suominen]

Hi Joel,

2017-03-29 17:43 UTC+03.00, Joel Whitehouse :
>
> Is there any way to get dnsmasq to log when it issues a new query to a 
> resolver?
>
You can run tcpdump on upstream interface and port 53.

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

[Risto Suominen]

Hi Albert,

Thanks for your help so far.

2017-03-20 22:18 UTC+02.00, Albert ARIBAUD :
>
> So, back to the basics: let's start with a capture of DNS traffic. Can
> you run wireshark or tcpdump on your Lubuntu and capture a few requests
> for resolution?
>
Attached a small pcap. What I did:
1) 'host google.com'
2) 'host google.fi'
3) 'host google.com 192.168.1.1'
4) 'host google.fi 192.168.1.1'

1) and 2) go through dnsmasq, and use same source port.

In this case I get an answer: this is a different router, a Zyxel.
I'll try to make this same test against TP-Link..

Risto


dns-01.pcap
Description: application/vnd.tcpdump.pcap
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

[Risto Suominen]

Ok, no pcap attachments, here is a link, I hope it gets through:

https://www.dropbox.com/s/3nfx2kr2kxsw0ud/dns-01.pcap?dl=1

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

[Risto Suominen]

This is the pcap against TP-link:

https://www.dropbox.com/s/c1edxlpmar8euvi/dns-02.pcap?dl=1

This time I only did:

1) 'host google.com 192.168.1.1'
2) 'host google.fi 192.168.1.1'

The rest of the requests came through dnsmasq, and received no answer.
They are repeated forever.

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

[Risto Suominen]

2017-03-20 21:05 UTC+02.00, Albert ARIBAUD :
>
> (I don't see the point of this restruction but hey, that's TP-Link's
> choice.)
>
I might use the word 'bug' instead of 'choice'.
>
> Ok, so the OS is not limiting the ports per se.
>
> You said the command line did not change. Which is it exactly? I
> usually do a "cat /proc//cmdline | tr '\0' '\n' to make
> sure I see the real command line of the running dnsmasq.
>
/usr/sbin/dnsmasq
--no-resolv
--keep-in-foreground
--no-hosts
--bind-interfaces
--pid-file=/var/run/NetworkManager/dnsmasq.pid
--listen-address=127.0.1.1
--cache-size=0
--conf-file=/dev/null
--proxy-dnssec
--enable-dbus=org.freedesktop.NetworkManager.dnsmasq
--conf-dir=/etc/NetworkManager/dnsmasq.d

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

[Risto Suominen]

Hi Albert,

2017-03-20 20:30 UTC+02.00, Albert ARIBAUD :
>
> I don't kow about dnsmasq per se, but the range of ports an application
> can use is controlled by the kernel -- on my 16.04 Xubuntu, that is
> defined by /proc/sys/net/ipv4/ip_local_port_range. Does your system
> limit this range?
>
32768 60999
>
> Not sure what you mean exactly. "Same port" as what?
>
Same as in previous request. The router is another forwarder for the
DNS requests (dnsmasq is the first).

To give an example:

- $ host xxx 127.0.1.1 -> no response (via dnsmasq to router)
- $ host xxx 192.168.1.1 -> response (directly to router)

The difference is that 'host' uses varying random source ports, and
'dnsmasq' uses one preallocated random source port.

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

[Risto Suominen]

Hi Albert,

2017-03-21 0:03 UTC+02.00, Albert ARIBAUD :
>
> Source IP is not the same in both pcaps. 1st pcap queries 8.8.8.8 and
> 192.168.1.1 from 192.168.1.33, while 2nd pcap queries are from
> 192.168.1.100. Can you clarify your network setup?
>
IP is differerent, but MAC is the same. I'm currently using Zyxel
router (pcap 1), because it's working. With TP-Link router (pcap 2) I
don't reach the Internet, because of the DNS problem.

So, I simply plugged my computer to different routers. In both cases
the router's DHCP server gave me IP and DNS addresses, Zyxel:
192.168.1.33 and 8.8.8.8 (its own address is 192.168.1.1). TP-Link:
192.168.1.100 and 192.168.1.1 (its own address).

Possibly the problem with TP-Link depends on this behaviour
(forwarding DNS requests). (NAT routers typically allocate random
ports internally for forwarded requests.)

I might change Zyxel's setup so that it gives me its own address as
DNS, to see how it behaves in that situation. In TP-Link I have not
found a way to do the opposite.

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

[Risto Suominen]

Zyxel doesn't have a problem with same source port:

https://www.dropbox.com/s/wxdl480hwr39j12/dns-03.pcap?dl=1

Same commands as in pcap-01.

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] No more random source port

[Risto Suominen]

Hi,

I'm running Lubuntu 16.04 with dnsmasq 2.75-1ubuntu0.16.04.1 under
NetworkManager's control.

When forwarding DNS requests, dnsmasq uses same source port (per
interface) every time.

Compared to Ubuntu 14.04 with dnsmasq 2.68-1ubuntu0.1, which used
different ports.

The command line options for dnsmasq have not changed between these
versions, and there is no config file either.

So, I wonder, is there some change in dnsmasq itself that could
explain this behaviour change?

My problem is that my 4G router (TP-Link TL-MR6400) won't answer to
the requests coming from same port.

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

[Risto Suominen]

Hi,

2017-03-21 16:23 UTC+02.00, /dev/rob0 :
>
> Did you ever show us the contents of this --conf-dir?  It could have
> a file with "query-port".
> --
Good point. I forgot. I did check it, though, and the directory was empty.

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss