[Dnsmasq-discuss] Serving two domains from DHCP
Hi all, Is it possible to serve dhcp names for two different domains from a single dnsmasq server? For example, can I give host1.foo.com and host2.bar.com from a single dnsmasq instance? Many thanks, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. [+44 | 0] 7942633361 The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.
Re: [Dnsmasq-discuss] Serving two domains from DHCP
Thanks Ferenc Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. [+44 | 0] 7942633361 -Original Message- From: Ferenc Wagner [mailto:wf...@niif.hu] Sent: 31 August 2010 15:50 To: Alberto Cuesta-Canada Cc: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Serving two domains from DHCP Alberto Cuesta-Canada alberto.cue...@excelian.com writes: Is it possible to serve dhcp names for two different domains from a single dnsmasq server? For example, can I give host1.foo.com and host2.bar.com from a single dnsmasq instance? Sure, try something like domain=foo.com,1.2.3.4/5 domain=bar.com,6.7.8.9/10 -- Regards, Feri. The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.
[Dnsmasq-discuss] Can I serve two different DHCP domains from a single dnsmasq server?
Hi all, does anyone know if it is possible to send via DHCP hostnames in two different domains from a single dnsmasq server? It should be something like: domain=foo,192.168.0.0/24 domain=bar,192.168.1.0/24 dhcp-range=foo-range,192.168.0.0,192.168.0.255,infinite dhcp-range=bar-range,192.168.1.0,192.168.1.255,infinite dhcp-host=02:00:0A:00:00:00,net:foo-range,host1,192.168.0.1,static dhcp-host=02:00:0A:00:10:00,net:bar-range,host2,192.168.1.1,static So what I would have is that host1 would get the fqdn host1.foo and the 192.168.0.1 address, while host2 would be host2.bar and get the 192.168.1.1 address. Many thanks, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 Date: Wed, 04 Aug 2010 20:02:07 -0700 From: Paul Chambers dnsm...@lists.bod.org Subject: [Dnsmasq-discuss] wildcard subdomains for a DHCP-assigned host To: Dnsmasq List dnsmasq-discuss@lists.thekelleys.org.uk Message-ID: 4c5a29af.9050...@lists.bod.org Content-Type: text/plain; charset=UTF-8; format=flowed This may be a dumb question, but I'm no wiser after skimming the man page and experimenting a little... I have a development box I'm using to develop some virtual host stuff. I'd like to set up a wildcard subdomain for it. Essentially anything.dev.foo.bar would resolve to dev.foo.bar's IP address (assigned by DHCP). Its IP address does move on occasion, just often enough to be irritating/fragile to use an IP directly. For now, I've worked around it by adding 'address=/dev.foo.bar/current IP addr' to the config, but that's fragile and seems like a bad idea. I could give the box a static IP I suppose, but I much prefer keeping the number of static assignments to a minimum. Plus it's a laptop, so I'd keep it configured for DHCP and set up a static DHCP assignment based on MAC address. Somehow none of this feels very satisfying, just workarounds. Is there a better way I've missed? If not, is there a reason dnsmasq doesn't do this? would it be hard to add? (perhaps support wildcards for cname?) -- Paul -- ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss End of Dnsmasq-discuss Digest, Vol 63, Issue 4 ** The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.winmail.dat
Re: [Dnsmasq-discuss] Can I serve two different DHCP domains from a single dnsmasq server?
Hi Santiago, I've indeed tested it extensively before posting, at least as much as I can without disturbing the production environments around. With the configuration below, and ensuring that there were no leases around to mess up anything, the machine in the bar domain would instead get a random ip in the foo domain, no hostname, and foo dns domain. On Sunday, when production is stopped, I can swap the order of the domain lines to see if dnsmasq recognises only the first, and do other more dangerous tests. Regards, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 From: santiago.j.zar...@gmail.com on behalf of Santiago Zarate Sent: Thu 05/08/2010 15:56 To: Alberto Cuesta-Canada Cc: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Can I serve two different DHCP domains from a single dnsmasq server? if i'm not mistaken, this is possible... but its matter of begin testing... 2010/8/5 Alberto Cuesta-Canada alberto.cue...@excelian.com: Hi all, does anyone know if it is possible to send via DHCP hostnames in two different domains from a single dnsmasq server? It should be something like: domain=foo,192.168.0.0/24 domain=bar,192.168.1.0/24 dhcp-range=foo-range,192.168.0.0,192.168.0.255,infinite dhcp-range=bar-range,192.168.1.0,192.168.1.255,infinite dhcp-host=02:00:0A:00:00:00,net:foo-range,host1,192.168.0.1,static dhcp-host=02:00:0A:00:10:00,net:bar-range,host2,192.168.1.1,static So what I would have is that host1 would get the fqdn host1.foo and the 192.168.0.1 address, while host2 would be host2.bar and get the 192.168.1.1 address. Many thanks, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 Date: Wed, 04 Aug 2010 20:02:07 -0700 From: Paul Chambers dnsm...@lists.bod.org Subject: [Dnsmasq-discuss] wildcard subdomains for a DHCP-assigned host To: Dnsmasq List dnsmasq-discuss@lists.thekelleys.org.uk Message-ID: 4c5a29af.9050...@lists.bod.org Content-Type: text/plain; charset=UTF-8; format=flowed This may be a dumb question, but I'm no wiser after skimming the man page and experimenting a little... I have a development box I'm using to develop some virtual host stuff. I'd like to set up a wildcard subdomain for it. Essentially anything.dev.foo.bar would resolve to dev.foo.bar's IP address (assigned by DHCP). Its IP address does move on occasion, just often enough to be irritating/fragile to use an IP directly. For now, I've worked around it by adding 'address=/dev.foo.bar/current IP addr' to the config, but that's fragile and seems like a bad idea. I could give the box a static IP I suppose, but I much prefer keeping the number of static assignments to a minimum. Plus it's a laptop, so I'd keep it configured for DHCP and set up a static DHCP assignment based on MAC address. Somehow none of this feels very satisfying, just workarounds. Is there a better way I've missed? If not, is there a reason dnsmasq doesn't do this? would it be hard to add? (perhaps support wildcards for cname?) -- Paul -- ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss End of Dnsmasq-discuss Digest, Vol 63, Issue 4 ** The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com http://www.messagelabs.com/ Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to. ___ Dnsmasq-discuss mailing list Dnsmasq
Re: [Dnsmasq-discuss] Dynamic DNS
On Mon, Jun 28, 2010 at 11:14 AM, Don Muller d...@djmuller.com wrote: Why not run a Microsoft DNS server? It?ll save you the hassle of manual work. Don Hi Don, I have a fairly large setup running in production, and use dnsmasq for DNS, DHCP and PXE. Replacing it for Microsoft DNS server is a much larger piece of work than manually installing AD, and I'm not sure if the results would be worth it. If manually installing AD doesn't work we will try other single sign on mechanisms before considering migration, we actually like dnsmasq :) Many thanks all for your help, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.
Re: [Dnsmasq-discuss] Dynamic DNS
Thanks Simon, time to roll up my sleeves and start doing it manually :) Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 From: Simon Kelley [mailto:si...@thekelleys.org.uk] Sent: Mon 28/06/2010 16:23 To: Alberto Cuesta-Canada Cc: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Dynamic DNS Alberto Cuesta-Canada wrote: So my question should have been: Is RFC2136 supported or in the roadmap? (And a no for an answer is perfectly understood, the simplicity of dnsmasq is something to be safeguarded). and the answer is no, for precisely the reason you give, and because the main use of dynamic DNS (updates from a DHCP server) is covered instead by dnsmasq DNS-DHCP integration. Cheers, Simon. The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.
[Dnsmasq-discuss] Dynamic DNS
Hi Simon, are there any plans of implementing Dynamic DNS for dnsmasq? There is a perl script that adds that functionality here: http://psydev.syw4e.info/new/dynamic-dnsmasq/dynamic-dnsmasq.pl http://psydev.syw4e.info/new/dynamic-dnsmasq/dynamic-dnsmasq.pl Thanks for all the great work, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.
[Dnsmasq-discuss] Is there an all-servers parameter for downstream servers?
Hi all, Is there an all-servers parameter for downstream servers? I have a configuration with three DNS domains, each one served by two dnsmasq servers (complete description at the end). I'm trying to set up a redundant structure, with cron jobs that ensure that both DNS servers for each domain are identical, so if one fails, the other will serve the requests. All the machines under my control repeat the query in rapid sucession if it doesn't come immediately answered, and the DNS servers seem to understand that so the behaviour is that any query from a machine in my domain reaches all dns servers in the network and it is always answered, regardless of which machines are down. For the size of my systems this is fine, it doesn't matter if it is unefficient. The problem I have is that the corporate servers don't work that way. We have three of them, and when a machine outside my domains makes a query, all of them are queried and route to one of my main servers. Unfortunately they always ask to the first one, and never repeat the query. The round-robin protocol seems to reset for each query, so my main servers only ask the primary servers downstream, fail, and the corporate servers return (and cache) a failure, thus rendering my failover structure useless for other domains. This could be solved modifying the configuration on the corporate server (politics!), or instructing the my main dns servers to always route queries to all servers downstream, and to serve the first result coming up. It's the same as using all-servers, but downstream. Here is a small diagram (use monospace to see it): CORPORATE172.30.0.1(corporate.local) 172.30.0.2 172.30.1.1 || || *.mydomain.local || MAIN192.168.0.250(main.mydomain.local) 192.168.0.251 || || sub1.mydomain.local || || sub2.mydomain.local || || SUB1192.168.1.250 192.168.2.250SUB2 192.168.1.251 192.168.2.251 server=/sub1.mydomain.local/192.168.1.250 server=/sub1.mydomain.local/192.168.1.251 server=/sub2.mydomain.local/192.168.2.250 server=/sub2.mydomain.local/192.168.2.251 Many thanks, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.
[Dnsmasq-discuss] server forwarding all traffic to parents after a successful PTR query of itself
Hi guys, I saw a weird scenario in one of our dnsmasq servers yesterday. As the logs below show, the server was all happy doing its thing, until a set of PTR queries came from normal servers in our network. The last of it would ask for the hostname of the dns server giving the IP, and from that point dnsmasq would route all traffic to the parents. Restarting the dnsmasq service would restore the server to normal operations. This has happened 4 times in the last 10 days, always with the same pattern. Feb 17 01:35:51 dnsmasq[28538]: query[A] grdvpm3.dselgrid.local from 172.30.158.98 Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts grdvpm3.dselgrid.local is 172.30.158.93 Feb 17 01:35:51 dnsmasq[28538]: query[PTR] 93.158.30.172.in-addr.arpa from 172.30.158.98 Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts 172.30.158.93 is grdvpm3.dselgrid.local Feb 17 01:35:51 dnsmasq[28538]: query[A] grdvpm3.dselgrid.local from 172.30.158.98 Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts grdvpm3.dselgrid.local is 172.30.158.93 Feb 17 01:37:16 dnsmasq[28538]: query[MX] smtpmail.daiwaeurope.local from 127.0.0.1 Feb 17 01:37:16 dnsmasq[28538]: forwarded smtpmail.daiwaeurope.local to 172.30.48.192 Feb 17 01:37:16 dnsmasq[28538]: query[MX] vsmtpmail.daiwaeurope.local from 127.0.0.1 Feb 17 01:37:16 dnsmasq[28538]: forwarded vsmtpmail.daiwaeurope.local to 172.30.48.192 Feb 17 01:37:16 dnsmasq[28538]: query[A] smtpmail.daiwaeurope.local from 127.0.0.1 Feb 17 01:37:16 dnsmasq[28538]: forwarded smtpmail.daiwaeurope.local to 172.30.48.192 Feb 17 01:37:16 dnsmasq[28538]: reply smtpmail.daiwaeurope.local is CNAME Feb 17 01:37:16 dnsmasq[28538]: reply vsmtpmail.daiwaeurope.local is 172.30.19.221 Feb 17 01:37:52 dnsmasq[28538]: query[PTR] 250.158.30.172.in-addr.arpa from 172.30.158.94 Feb 17 01:37:52 dnsmasq[28538]: /etc/hosts 172.30.158.250 is grdxk-mgmt1.dselgrid.local Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Any idea what would be going on? Is that PTR query a signal that some other service could be asking the DNS server to stop reading the hosts file? Many thanks, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.
Re: [Dnsmasq-discuss] server forwarding all traffic to parents after a successful PTR query of itself
Hi Simon, 2.47 Cheers, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 From: Simon Kelley [mailto:si...@thekelleys.org.uk] Sent: Wed 17/02/2010 09:46 To: Alberto Cuesta-Canada Cc: dnsmasq-discuss@lists.thekelleys.org.uk; Grid Support Subject: Re: [Dnsmasq-discuss] server forwarding all traffic to parents after a successful PTR query of itself Alberto Cuesta-Canada wrote: Hi guys, I saw a weird scenario in one of our dnsmasq servers yesterday. As the logs below show, the server was all happy doing its thing, until a set of PTR queries came from normal servers in our network. The last of it would ask for the hostname of the dns server giving the IP, and from that point dnsmasq would route all traffic to the parents. Restarting the dnsmasq service would restore the server to normal operations. This has happened 4 times in the last 10 days, always with the same pattern. Feb 17 01:35:51 dnsmasq[28538]: query[A] grdvpm3.dselgrid.local from 172.30.158.98 Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts grdvpm3.dselgrid.local is 172.30.158.93 Feb 17 01:35:51 dnsmasq[28538]: query[PTR] 93.158.30.172.in-addr.arpa from 172.30.158.98 Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts 172.30.158.93 is grdvpm3.dselgrid.local Feb 17 01:35:51 dnsmasq[28538]: query[A] grdvpm3.dselgrid.local from 172.30.158.98 Feb 17 01:35:51 dnsmasq[28538]: /etc/hosts grdvpm3.dselgrid.local is 172.30.158.93 Feb 17 01:37:16 dnsmasq[28538]: query[MX] smtpmail.daiwaeurope.local from 127.0.0.1 Feb 17 01:37:16 dnsmasq[28538]: forwarded smtpmail.daiwaeurope.local to 172.30.48.192 Feb 17 01:37:16 dnsmasq[28538]: query[MX] vsmtpmail.daiwaeurope.local from 127.0.0.1 Feb 17 01:37:16 dnsmasq[28538]: forwarded vsmtpmail.daiwaeurope.local to 172.30.48.192 Feb 17 01:37:16 dnsmasq[28538]: query[A] smtpmail.daiwaeurope.local from 127.0.0.1 Feb 17 01:37:16 dnsmasq[28538]: forwarded smtpmail.daiwaeurope.local to 172.30.48.192 Feb 17 01:37:16 dnsmasq[28538]: reply smtpmail.daiwaeurope.local is CNAME Feb 17 01:37:16 dnsmasq[28538]: reply vsmtpmail.daiwaeurope.local is 172.30.19.221 Feb 17 01:37:52 dnsmasq[28538]: query[PTR] 250.158.30.172.in-addr.arpa from 172.30.158.94 Feb 17 01:37:52 dnsmasq[28538]: /etc/hosts 172.30.158.250 is grdxk-mgmt1.dselgrid.local Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Feb 17 01:37:52 dnsmasq[28538]: forwarded query to 172.30.48.192 Any idea what would be going on? Is that PTR query a signal that some other service could be asking the DNS server to stop reading the hosts file? Which version of dnsmasq are you using? Simon. The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.
Re: [Dnsmasq-discuss] server forwarding all traffic to parents after a successful PTR query of itself
Hi Simon, the parents of 250 (my dnsmasq server) have forwarding rules for the dselgrid.local domain, that I run. So I assumed that the queries pushed upstream would be routed down again, and timeout in a loop. That said, in the logs I could still see successful PTR and A queries, outnumbered 10 to 1 by forwards. I'm not sure about the behaviour of local queries, I don't remember from yesterday, but I think they worked. 94 is a Platform Grid Master, that is a W2K3 machine which runs only one application. It keeps a cache of machines but it doesn't give DNS services, or anything similar. The interesting thing is that the PTR request doesn't always produce this effect. I have enterprise support for that software, so I will ask them. dnsmasq is running in a quite complicated setup. We have a XenServer host running a Ubuntu 9.04 VM. I have just 1GB free on that machine and out of disk space scenarios are fatal, so I can't tcpdump. There is a rebuild of it coming in the next two weeks that will give me another 50GB. Any idea on what to look for, or any hypothesis of what could be happening should be enough, I can keep investigating and contain it with workarounds for a while. Many thanks, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 From: Simon Kelley [mailto:si...@thekelleys.org.uk] Sent: Wed 17/02/2010 10:04 To: Alberto Cuesta-Canada Cc: dnsmasq-discuss@lists.thekelleys.org.uk; Grid Support Subject: Re: [Dnsmasq-discuss] server forwarding all traffic to parents after a successful PTR query of itself It's not clear to me what is going on here. How does the pattern continue? Do you just see forwarded query to 172.30.48.192 from now on until the server is restarted, or do you still see query[A] and query[PTR} lines? Do queries which get pushed upstream continue to work? How about queries which should be answered locally? What is 172.30.158.94? Is it running anything that may generate odd DNS queries? The holy grail would be to able prod that machine to reproduce this at will. What sort of machine are you running dnsmasq on? Does it have a reasonable amount of spare storage so that you could tcpdump all traffic to/from port 53,UDP for offline analysis? Simon. The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.
Re: [Dnsmasq-discuss] server forwarding all traffic to parents after a successful PTR query of itself
Cool, that makes a lot of sense. I'm actually reengineering the DNS infrastructure here, so it will be easy to account for and trace that at this stage. I'll let you know when I find the rogue queries, many thanks, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 From: Simon Kelley [mailto:si...@thekelleys.org.uk] Sent: Wed 17/02/2010 10:30 To: Alberto Cuesta-Canada Cc: dnsmasq-discuss@lists.thekelleys.org.uk; Grid Support Subject: Re: [Dnsmasq-discuss] server forwarding all traffic to parents after a successful PTR query of itself Alberto Cuesta-Canada wrote: Hi Simon, the parents of 250 (my dnsmasq server) have forwarding rules for the dselgrid.local domain, that I run. So I assumed that the queries pushed upstream would be routed down again, and timeout in a loop. Ahh, that could easily be the problem. If you generate a loop between two DNS servers, each forwarding to the other, then the queries can easily bounce back-and-forth forever. Dnsmasq will manage this situation reasonably well, and manage to server other traffic, but the circulating queries will eat bandwidth and CPU. The logs would seem to show a strange query of some sort (dnsmasq can't parse a domain-name from the query, hence forwarded query rather than forwarded domain-name) If such queries can circulate forever then you have a problem. That said, in the logs I could still see successful PTR and A queries, outnumbered 10 to 1 by forwards. I'm not sure about the behaviour of local queries, I don't remember from yesterday, but I think they worked. 94 is a Platform Grid Master, that is a W2K3 machine which runs only one application. It keeps a cache of machines but it doesn't give DNS services, or anything similar. The interesting thing is that the PTR request doesn't always produce this effect. I have enterprise support for that software, so I will ask them. dnsmasq is running in a quite complicated setup. We have a XenServer host running a Ubuntu 9.04 VM. I have just 1GB free on that machine and out of disk space scenarios are fatal, so I can't tcpdump. There is a rebuild of it coming in the next two weeks that will give me another 50GB. Any idea on what to look for, or any hypothesis of what could be happening should be enough, I can keep investigating and contain it with workarounds for a while. See above. a loop, possibly only of odd queries. Cheers, Simon. Many thanks, *Alberto Cuesta-Canada* GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 *From:* Simon Kelley [mailto:si...@thekelleys.org.uk] *Sent:* Wed 17/02/2010 10:04 *To:* Alberto Cuesta-Canada *Cc:* dnsmasq-discuss@lists.thekelleys.org.uk; Grid Support *Subject:* Re: [Dnsmasq-discuss] server forwarding all traffic to parents after a successful PTR query of itself It's not clear to me what is going on here. How does the pattern continue? Do you just see forwarded query to 172.30.48.192 from now on until the server is restarted, or do you still see query[A] and query[PTR} lines? Do queries which get pushed upstream continue to work? How about queries which should be answered locally? What is 172.30.158.94? Is it running anything that may generate odd DNS queries? The holy grail would be to able prod that machine to reproduce this at will. What sort of machine are you running dnsmasq on? Does it have a reasonable amount of spare storage so that you could tcpdump all traffic to/from port 53,UDP for offline analysis? Simon. The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com http://www.messagelabs.com/ Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't
[Dnsmasq-discuss] Setting dnsmasq as a orwarder
Dear all, we want to set up a dnsmasq server to forward dns requests for two given domains to other dnsmasq servers in different networks. I assume that that is possible, but I couldn't find how in the conig file or searching the web. The config is: Network 0: dnsdomain net0.local, dns server at 192.168.0.2 (dns0.net0.local) Network 1: dnsdomain net1.local, dns server at 192.168.1.2 (dns1.net1.local) Network 2: dnsdomain net2.local, dns server at 192.168.2.2 (dns2.net2.local) The topology would be that dns1 and dns2 are only able to locally resolve requests for their respective domains, and any other requests are routed to dns0, that then forwards them to dns1 or dns2 as appropiate. Is that possible? Many thanks, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.
Re: [Dnsmasq-discuss] Setting dnsmasq as a orwarder
It's exactly that, and it was explained in the dnsmasq.conf file after all: # Add other name servers here, with domain specs if they are for # non-public domains. #server=/localnet/192.168.0.1 It seems I missed it when I read the config file before, being a newbie to dns terms didn't help :P Many thanks Simon, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 From: Simon Kelley [mailto:si...@thekelleys.org.uk] Sent: Fri 05/02/2010 09:19 To: Alberto Cuesta-Canada Cc: dnsmasq-discuss@lists.thekelleys.org.uk; Grid Support Subject: Re: [Dnsmasq-discuss] Setting dnsmasq as a orwarder Alberto Cuesta-Canada wrote: Dear all, we want to set up a dnsmasq server to forward dns requests for two given domains to other dnsmasq servers in different networks. I assume that that is possible, but I couldn't find how in the conig file or searching the web. The config is: Network 0: dnsdomain net0.local, dns server at 192.168.0.2 (dns0.net0.local) Network 1: dnsdomain net1.local, dns server at 192.168.1.2 (dns1.net1.local) Network 2: dnsdomain net2.local, dns server at 192.168.2.2 (dns2.net2.local) The topology would be that dns1 and dns2 are only able to locally resolve requests for their respective domains, and any other requests are routed to dns0, that then forwards them to dns1 or dns2 as appropiate. Is that possible? server=/net1.local/192.168.1.2 That seems sufficiently simple that I fear I've misunderstood the requirement.. Simon. The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.