Re: [Dnsmasq-discuss] multiple upstream servers
Hey folks, Thank you all for the replies. Initially I expected that dhcp-option would work dynamically or take effect every time the IP of an upstream server was changed. This was a misunderstanding. If understood right from all the replies, dhcp-option plays a role only when a dhcp request is made. Sam On 7/29/2020 6:25 PM, S Irlapati wrote: Here are a few experiments that have been done. Config file: port=53 bogus-priv no-resolv local=/localnet/ user=dnsmasq group=dnsmasq interface=enp5s0 listen-address=127.0.0.1,192.168.13.1 expand-hosts domain=irlanet.org dhcp-range=192.168.13.224,192.168.13.255,2h dhcp-authoritative cache-size=0 cname=win-sji,MOEDW1CKH5 log-queries log-dhcp dhcp-host=40:16:7e:63:60:d1,Salem,set:red,192.168.13.102 dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 dhcp-option=option:dns-server,10.88.13.4 server=10.88.13.4#53 From the host Salem when forcing a quiery: @salem 558]>curl ident.me 154.21.57.55 From dnsmasq server log files Jul 29 18:17:56 xroads dnsmasq[3822653]: query[A] ident.me from 192.168.13.102 Jul 29 18:17:56 xroads dnsmasq[3822653]: forwarded ident.me to 10.88.13.4 Jul 29 18:17:56 xroads dnsmasq[3822653]: query[] ident.me from 192.168.13.102 Jul 29 18:17:56 xroads dnsmasq[3822653]: forwarded ident.me to 10.88.13.4 Jul 29 18:17:56 xroads dnsmasq[3822653]: reply ident.me is 176.58.123.25 Jul 29 18:17:56 xroads dnsmasq[3822653]: reply ident.me is 2a01:7e00::f03c:91ff:fe70:2b9d The goal is to make queries from Salem to be forwared to 10.88.13.4 From here only the serveer lines will be changed. dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 dhcp-option=option:dns-server,10.88.13.4 # server=10.88.13.4#53 Query from Salem results: @salem 558]>curl ident.me curl: (6) Could not resolve host: ident.me Dnsmasq log file output: Jul 29 18:20:57 xroads dnsmasq[4042096]: query[A] ident.me from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[] ident.me from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[A] ident.me from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[] ident.me from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[A] ident.me.irlanet.org from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[] ident.me.irlanet.org from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[A] ident.me.irlanet.org from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[] ident.me.irlanet.org from 192.168.13.102 It looks like dnsmasq does not know where to forward the requests. Changing the servers again: dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 dhcp-option=option:dns-server,10.88.13.4 server=10.88.13.3#53 Querying from Salem: @salem 558]>curl ident.me 154.21.57.55 Dnsmasq log file: Jul 29 18:23:36 xroads dnsmasq[4105784]: query[A] ident.me from 192.168.13.102 Jul 29 18:23:36 xroads dnsmasq[4105784]: forwarded ident.me to 10.88.13.3 Jul 29 18:23:36 xroads dnsmasq[4105784]: query[] ident.me from 192.168.13.102 Jul 29 18:23:36 xroads dnsmasq[4105784]: forwarded ident.me to 10.88.13.3 Jul 29 18:23:36 xroads dnsmasq[4105784]: reply ident.me is 176.58.123.25 Jul 29 18:23:36 xroads dnsmasq[4105784]: reply ident.me is 2a01:7e00::f03c:91ff:fe70:2b9d From the above experiments it looks like dhcp-option is completely ignored. Does anyone see a problem with the config? ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers
On 2020-07-30 08:09, wkitt...@gmail.com wrote: On 7/29/20 7:59 PM, Dan Schaper wrote: You've told dnsmasq to send a lease with option 6 (DNS) set to 10.88.13.3. Where dnsmasq forwards the queries to is not relevant to your issue, you only have one upstream server configured. are you saying that this dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 is not defining two upstream servers? dhcp-option=option:dns-server,10.88.13.4 server=10.88.13.4#53 or is one of both of these overriding that? No - what you are specifying is that the client's DNS server IP will get set to 10.88.13.3 or 10.88.13.4. Otherwise, the client will get the IP address of the dnsmasq server which will use 10.88.13.4 always, as that is what you have configured. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers
On Thu, Jul 30, 2020 at 02:20:42PM +, Horn Bucking wrote: > > On 7/30/20, wkitt...@gmail.com wrote: > > > On 7/29/20 7:59 PM, Dan Schaper wrote: > > > You've told dnsmasq to send a lease with option 6 (DNS) set to > > > 10.88.13.3. Where dnsmasq forwards the queries to is not relevant to > > > your issue, you only have one upstream server configured. > > > > are you saying that this > > > > > > dhcp-option=tag:red,option:dns-server,10.88.13.3 > > > > dhcp-option=tag:green,option:dns-server,10.88.13.4 > > > > is not defining two upstream servers? > If you'd expect dnsmasq's DNS server to switch its upstream DNS based on > those options, that expectation would be entirely unjustified: > Those lines configure DHCP, not DNS. > > That first line instructs the DHCP server to hand out 10.88.13.3 as DNS > server when a red DHCP client is requesting that DHCP information, e.g. > during initial DHCP lease negotiation - likewise the second with 10.88.13.4 > for green clients. > A client will then send its DNS queries to that respective DNS server. > > S Irlapati, you did force your client to request a new DHCP lease to put > those options into effect, didn't you? Original Poster: How can we, this mailinglist, make you less shy? Regards Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers
On 7/30/20, wkitt...@gmail.com wrote: On 7/29/20 7:59 PM, Dan Schaper wrote: You've told dnsmasq to send a lease with option 6 (DNS) set to 10.88.13.3. Where dnsmasq forwards the queries to is not relevant to your issue, you only have one upstream server configured. are you saying that this dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 is not defining two upstream servers? If you'd expect dnsmasq's DNS server to switch its upstream DNS based on those options, that expectation would be entirely unjustified: Those lines configure DHCP, not DNS. That first line instructs the DHCP server to hand out 10.88.13.3 as DNS server when a red DHCP client is requesting that DHCP information, e.g. during initial DHCP lease negotiation - likewise the second with 10.88.13.4 for green clients. A client will then send its DNS queries to that respective DNS server. S Irlapati, you did force your client to request a new DHCP lease to put those options into effect, didn't you? ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers
On 7/29/20 7:59 PM, Dan Schaper wrote: You've told dnsmasq to send a lease with option 6 (DNS) set to 10.88.13.3. Where dnsmasq forwards the queries to is not relevant to your issue, you only have one upstream server configured. are you saying that this dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 is not defining two upstream servers? dhcp-option=option:dns-server,10.88.13.4 server=10.88.13.4#53 or is one of both of these overriding that? -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers
What DNS server does the client MOEDW1CKH5 think is it's DNS? If it's a linux client then check /etc/resolv.conf to see or sniff the wire for the DHCP request/response. You've told dnsmasq to send a lease with option 6 (DNS) set to 10.88.13.3. Where dnsmasq forwards the queries to is not relevant to your issue, you only have one upstream server configured. S Irlapati wrote on 7/29/2020 3:29 PM: > Yes, that was a cut and paste error. I have simplified the file to > make things easier to debug. > > Here is what it looks like now, I will paste the whole file here > > port=53 > bogus-priv > no-resolv > local=/localnet/ > user=dnsmasq > group=dnsmasq > interface=enp5s0 > listen-address=127.0.0.1,192.168.13.1 > expand-hosts > domain=irlanet.org > dhcp-range=192.168.13.224,192.168.13.255,2h > dhcp-authoritative > cache-size=0 > cname=win-sji,MOEDW1CKH5 > log-queries > log-dhcp > > dhcp-host=00:68:eb:3b:32:33,MOEDW1CKH5,set:red,192.168.13.192 > > dhcp-option=tag:red,option:dns-server,10.88.13.3 > dhcp-option=tag:green,option:dns-server,10.88.13.4 > dhcp-option=option:dns-server,10.88.13.4 > server=10.88.13.4#53 > > Here is how dnsmasq is tested from MODEW1CKH5 > > [si@MOEDW1CKH5 593]>curl ident.me > 97.90.236.142 > > Here is what shows up in the log files > > Jul 29 17:26:16 xroads dnsmasq[2612016]: query[A] ident.me from > 192.168.13.192 > Jul 29 17:26:16 xroads dnsmasq[2612016]: forwarded ident.me to 10.88.13.4 > Jul 29 17:26:16 xroads dnsmasq[2612016]: query[] ident.me from > 192.168.13.192 > Jul 29 17:26:16 xroads dnsmasq[2612016]: forwarded ident.me to 10.88.13.4 > Jul 29 17:26:16 xroads dnsmasq[2612016]: reply ident.me is 176.58.123.25 > Jul 29 17:26:16 xroads dnsmasq[2612016]: reply ident.me is > 2a01:7e00::f03c:91ff:fe70:2b9d > > Does the order of the statements in the config files matter? > > On 7/29/2020 2:42 PM, Daryl Richards wrote: >> On 2020-07-29 2:40 p.m., S Irlapati wrote: >>> Thanks for the quick reply. >>> >>> I have changed it to >>> >>> dhcp-host=00:a1:b0:08:61:67,floater,tag:red,192.168.13.109 >>> dhcp-host=00:c0:a8:be:ed:d0,Ziong,tag:green,192.168.13.110 >>> >>> dhcp-option=tag:red,option:dns-server,10.88.13.3 >>> dhcp-option=tag:green,option:dns-server,10.88.13.4 >>> server=10.88.13.4#53 >>> >>> It still does the same thing. >>> >>> When querying from machine floater, it get forwarded it to 10.88.13.4 >>> >>> Any other suggestions? Could there be something else that is being >>> missed? >> >> I'm not sure if this is a cut/paste error - but the line looks the >> same as before with tag: instead of set:.. Also looking at the man >> page it shows the options in a slighty different order (don't know if >> that matters). So, it should be: >> >> dhcp-host=00:a1:b0:08:61:67,set:red,192.168.13.109,floater >> dhcp-host=00:c0:a8:be:ed:d0,set:green,192.168.13.110,Ziong >> > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss smime.p7s Description: S/MIME Cryptographic Signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers
Here are a few experiments that have been done. Config file: port=53 bogus-priv no-resolv local=/localnet/ user=dnsmasq group=dnsmasq interface=enp5s0 listen-address=127.0.0.1,192.168.13.1 expand-hosts domain=irlanet.org dhcp-range=192.168.13.224,192.168.13.255,2h dhcp-authoritative cache-size=0 cname=win-sji,MOEDW1CKH5 log-queries log-dhcp dhcp-host=40:16:7e:63:60:d1,Salem,set:red,192.168.13.102 dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 dhcp-option=option:dns-server,10.88.13.4 server=10.88.13.4#53 From the host Salem when forcing a quiery: @salem 558]>curl ident.me 154.21.57.55 From dnsmasq server log files Jul 29 18:17:56 xroads dnsmasq[3822653]: query[A] ident.me from 192.168.13.102 Jul 29 18:17:56 xroads dnsmasq[3822653]: forwarded ident.me to 10.88.13.4 Jul 29 18:17:56 xroads dnsmasq[3822653]: query[] ident.me from 192.168.13.102 Jul 29 18:17:56 xroads dnsmasq[3822653]: forwarded ident.me to 10.88.13.4 Jul 29 18:17:56 xroads dnsmasq[3822653]: reply ident.me is 176.58.123.25 Jul 29 18:17:56 xroads dnsmasq[3822653]: reply ident.me is 2a01:7e00::f03c:91ff:fe70:2b9d The goal is to make queries from Salem to be forwared to 10.88.13.4 From here only the serveer lines will be changed. dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 dhcp-option=option:dns-server,10.88.13.4 # server=10.88.13.4#53 Query from Salem results: @salem 558]>curl ident.me curl: (6) Could not resolve host: ident.me Dnsmasq log file output: Jul 29 18:20:57 xroads dnsmasq[4042096]: query[A] ident.me from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[] ident.me from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[A] ident.me from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[] ident.me from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[A] ident.me.irlanet.org from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[] ident.me.irlanet.org from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[A] ident.me.irlanet.org from 192.168.13.102 Jul 29 18:20:57 xroads dnsmasq[4042096]: query[] ident.me.irlanet.org from 192.168.13.102 It looks like dnsmasq does not know where to forward the requests. Changing the servers again: dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 dhcp-option=option:dns-server,10.88.13.4 server=10.88.13.3#53 Querying from Salem: @salem 558]>curl ident.me 154.21.57.55 Dnsmasq log file: Jul 29 18:23:36 xroads dnsmasq[4105784]: query[A] ident.me from 192.168.13.102 Jul 29 18:23:36 xroads dnsmasq[4105784]: forwarded ident.me to 10.88.13.3 Jul 29 18:23:36 xroads dnsmasq[4105784]: query[] ident.me from 192.168.13.102 Jul 29 18:23:36 xroads dnsmasq[4105784]: forwarded ident.me to 10.88.13.3 Jul 29 18:23:36 xroads dnsmasq[4105784]: reply ident.me is 176.58.123.25 Jul 29 18:23:36 xroads dnsmasq[4105784]: reply ident.me is 2a01:7e00::f03c:91ff:fe70:2b9d From the above experiments it looks like dhcp-option is completely ignored. Does anyone see a problem with the config? ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers
On 2020-07-29 2:40 p.m., S Irlapati wrote: Thanks for the quick reply. I have changed it to dhcp-host=00:a1:b0:08:61:67,floater,tag:red,192.168.13.109 dhcp-host=00:c0:a8:be:ed:d0,Ziong,tag:green,192.168.13.110 dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 server=10.88.13.4#53 It still does the same thing. When querying from machine floater, it get forwarded it to 10.88.13.4 Any other suggestions? Could there be something else that is being missed? I'm not sure if this is a cut/paste error - but the line looks the same as before with tag: instead of set:.. Also looking at the man page it shows the options in a slighty different order (don't know if that matters). So, it should be: dhcp-host=00:a1:b0:08:61:67,set:red,192.168.13.109,floater dhcp-host=00:c0:a8:be:ed:d0,set:green,192.168.13.110,Ziong -- Daryl Richards Isle Technical Services Inc. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers
Yes, that was a cut and paste error. I have simplified the file to make things easier to debug. Here is what it looks like now, I will paste the whole file here port=53 bogus-priv no-resolv local=/localnet/ user=dnsmasq group=dnsmasq interface=enp5s0 listen-address=127.0.0.1,192.168.13.1 expand-hosts domain=irlanet.org dhcp-range=192.168.13.224,192.168.13.255,2h dhcp-authoritative cache-size=0 cname=win-sji,MOEDW1CKH5 log-queries log-dhcp dhcp-host=00:68:eb:3b:32:33,MOEDW1CKH5,set:red,192.168.13.192 dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 dhcp-option=option:dns-server,10.88.13.4 server=10.88.13.4#53 Here is how dnsmasq is tested from MODEW1CKH5 [si@MOEDW1CKH5 593]>curl ident.me 97.90.236.142 Here is what shows up in the log files Jul 29 17:26:16 xroads dnsmasq[2612016]: query[A] ident.me from 192.168.13.192 Jul 29 17:26:16 xroads dnsmasq[2612016]: forwarded ident.me to 10.88.13.4 Jul 29 17:26:16 xroads dnsmasq[2612016]: query[] ident.me from 192.168.13.192 Jul 29 17:26:16 xroads dnsmasq[2612016]: forwarded ident.me to 10.88.13.4 Jul 29 17:26:16 xroads dnsmasq[2612016]: reply ident.me is 176.58.123.25 Jul 29 17:26:16 xroads dnsmasq[2612016]: reply ident.me is 2a01:7e00::f03c:91ff:fe70:2b9d Does the order of the statements in the config files matter? On 7/29/2020 2:42 PM, Daryl Richards wrote: On 2020-07-29 2:40 p.m., S Irlapati wrote: Thanks for the quick reply. I have changed it to dhcp-host=00:a1:b0:08:61:67,floater,tag:red,192.168.13.109 dhcp-host=00:c0:a8:be:ed:d0,Ziong,tag:green,192.168.13.110 dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 server=10.88.13.4#53 It still does the same thing. When querying from machine floater, it get forwarded it to 10.88.13.4 Any other suggestions? Could there be something else that is being missed? I'm not sure if this is a cut/paste error - but the line looks the same as before with tag: instead of set:.. Also looking at the man page it shows the options in a slighty different order (don't know if that matters). So, it should be: dhcp-host=00:a1:b0:08:61:67,set:red,192.168.13.109,floater dhcp-host=00:c0:a8:be:ed:d0,set:green,192.168.13.110,Ziong ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers
On Wed, Jul 29, 2020 at 03:42:27PM -0400, Daryl Richards wrote: > On 2020-07-29 2:40 p.m., S Irlapati wrote: > > Thanks for the quick reply. > > > > I have changed it to > > > > dhcp-host=00:a1:b0:08:61:67,floater,tag:red,192.168.13.109 > > dhcp-host=00:c0:a8:be:ed:d0,Ziong,tag:green,192.168.13.110 > > > > dhcp-option=tag:red,option:dns-server,10.88.13.3 > > dhcp-option=tag:green,option:dns-server,10.88.13.4 > > server=10.88.13.4#53 > > > > It still does the same thing. > > > > When querying from machine floater, it get forwarded it to 10.88.13.4 > > > > Any other suggestions? Could there be something else that is being missed? > > I'm not sure if this is a cut/paste error - but the line looks the same as > before with tag: instead of set:.. Also looking at the man page it shows the > options in a slighty different order (don't know if that matters). So, it > should be: > > dhcp-host=00:a1:b0:08:61:67,set:red,192.168.13.109,floater > dhcp-host=00:c0:a8:be:ed:d0,set:green,192.168.13.110,Ziong > You are invited to report a "Yes, that works" Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers
dhcp-host=00:a1:b0:08:61:67,floater,set:red,192.168.13.109 > The set: construct sets the tag whenever this *--dhcp-host* > directive is in use. This can be used to selectively send DHCP options > just for this host. More than one tag can be set in a *--dhcp-host* > directive (but not in other places where "set:" is allowed). When > a host matches any *--dhcp-host* directive (or one implied by > /etc/ethers) then the special tag "known" is set. This allows dnsmasq > to be configured to ignore requests from unknown machines using > *--dhcp-ignore=tag:!known* If the host matches only a *--dhcp-host* > directive which cannot be used because it specifies an address on > different subnet, the tag "known-othernet" is set. > > The tag: construct filters which dhcp-host directives are used. > Tagged directives are used in preference to untagged ones. > S Irlapati wrote on 7/29/2020 11:40 AM: > Thanks for the quick reply. > > On 7/29/2020 1:02 PM, Daryl Richards wrote: >> >> The proper syntax on the dhcp-host lines is 'set:red' and 'set:green' >> to set the tags that you then use on the options.. >> > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss smime.p7s Description: S/MIME Cryptographic Signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers
On 7/29/20 1:21 PM, S Irlapati wrote: dhcp-host=00:a1:b0:08:61:67,floater,tag:red,192.168.13.109 dhcp-host=00:c0:a8:be:ed:d0,Ziong,tag:green,192.168.13.110 dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 server=10.88.13.4#53 The above does not work. I can make query from floater and it still uses sever 10.88.13.4 what happens if you move the server line higher? do the others override it, then? -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers
Thanks for the quick reply. I have changed it to dhcp-host=00:a1:b0:08:61:67,floater,tag:red,192.168.13.109 dhcp-host=00:c0:a8:be:ed:d0,Ziong,tag:green,192.168.13.110 dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 server=10.88.13.4#53 It still does the same thing. When querying from machine floater, it get forwarded it to 10.88.13.4 Any other suggestions? Could there be something else that is being missed? On 7/29/2020 1:02 PM, Daryl Richards wrote: On 2020-07-29 1:21 p.m., S Irlapati wrote: dhcp-host=00:a1:b0:08:61:67,floater,tag:red,192.168.13.109 dhcp-host=00:c0:a8:be:ed:d0,Ziong,tag:green,192.168.13.110 dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 server=10.88.13.4#53 The above does not work. I can make query from floater and it still uses > sever 10.88.13.4 The proper syntax on the dhcp-host lines is 'set:red' and 'set:green' to set the tags that you then use on the options.. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] multiple upstream servers
Hi Folks, I am trying to configure dnsmasq to selectively send requests to different upstream servers based on their IP addresses which have been given by them by dnsmasq. Here are the relevant lines of code. dhcp-host=00:a1:b0:08:61:67,floater,tag:red,192.168.13.109 dhcp-host=00:c0:a8:be:ed:d0,Ziong,tag:green,192.168.13.110 dhcp-option=tag:red,option:dns-server,10.88.13.3 dhcp-option=tag:green,option:dns-server,10.88.13.4 server=10.88.13.4#53 The above does not work. I can make query from floater and it still uses sever 10.88.13.4 If the server option is taken out, then dnsmasq does not forward the queries anywhere. It is like the dhcp-option has no effect. I came with this kind of configuration by doing google searches, but they were 7 year old posts. Can someone please help find the right configuration or guess what could be wrong with the configuration? Sam ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple upstream servers from behind NAT
On 28/09/17 17:35, Jeff wrote: > I have a server my.natted.server NAT'ed behind a public firewall, with > config lines for both of my upstream ISP nameservers: > server= > server= > > I chose to use both ISP nameservers for redundancy, but this is not a > requirement. > > I see dnsmasq query either upstream server, without issue. Here are 2 > successful examples: > > successful example: > 15:41:50.958340 IP my.natted.server.54406 > ns01.my-isp.com.domain: > 21145+ A? www.apple.com. (31) > 15:41:50.987324 IP ns01.my-isp.com.domain > my.natted.server.54406: > 21145 4/0/0 CNAME www.apple.com.edgekey.net., CNAME > www.apple.com.edgekey.net.globalredir.akadns.net., CNAME > e6858.dsce9.akamaiedge.net., A 23.36.67.187 (182) > > successful example: > 15:44:04.098088 IP my.natted.server.41451 > ns02.my-isp.com.domain: > 30158+ A? www.apple.com. (31) > 15:44:04.125471 IP ns02.my-isp.com.domain > my.natted.server.41451: > 30158 4/0/0 CNAME www.apple.com.edgekey.net., CNAME > www.apple.com.edgekey.net.globalredir.akadns.net., CNAME > e6858.dsce9.akamaiedge.net., A 23.222.204.41 (182) > > Occasionally I see a failure where dnsmasq sends out queries to both > upstream ISP nameservers, instructing each to reply to the same port. > The first one to reply "wins" and the 2nd to replay elicits an ICMP > "port unreachable". Here are 2 failure examples: > > failure example: > 15:36:49.835378 IP my.natted.server.17990 > ns01.my-isp.com.domain: > 65330+ A? ns01.my-isp.com. (35) > 15:36:49.835391 IP my.natted.server.17990 > ns02.my-isp.com.domain: > 65330+ A? ns01.my-isp.com. (35) > 15:36:49.863241 IP ns02.my-isp.com.domain > my.natted.server.17990: > 65330 1/0/0 A 71.10.216.1 (51) > 15:36:49.867784 IP ns01.my-isp.com.domain > my.natted.server.17990: > 65330 1/0/0 A 71.10.216.1 (51) > 15:36:49.867804 IP my.natted.server > ns01.my-isp.com: ICMP > my.natted.server udp port 17990 unreachable, length 87 > > failure example: > 15:37:32.910884 IP my.natted.server.48523 > ns01.my-isp.com.domain: > 51470+ A? ns02.my-isp.com. (35) > 15:37:32.910915 IP my.natted.server.48523 > ns02.my-isp.com.domain: > 51470+ A? ns02.my-isp.com. (35) > 15:37:32.938315 IP ns01.my-isp.com.domain > my.natted.server.48523: > 51470 1/0/0 A 71.10.216.2 (51) > 15:37:32.942897 IP ns02.my-isp.com.domain > my.natted.server.48523: > 51470 1/0/0 A 71.10.216.2 (51) > 15:37:32.942930 IP my.natted.server > ns02.my-isp.com: ICMP > my.natted.server udp port 48523 unreachable, length 87 > > Question: > Is this an issue with: > 1) My dnsmasq configuration? > 2) dnsmasq? > 3) my NAT'ing firewall? > > Question: > For the failure examples above, is the DNS client successfully > resolving the query? > (implies the ICMP responses can be safely ignored) Yes. Every so often, dnsmasq send the query to both servers, to see which one is fastest (that server then becomes preferred until it's time to run the race again.). Once the first server replies, dnsmasq sends the reply back to the original requestor, and closes the port it was listening on. When the second, slow, server's reply arrives, it gets ICMP port unreachable because the port is already closed. It's nothing to do with NAT, and it's not a problem. Cheers, Simon. > > I am running dnsmasq-2.66 on CentOS-7 Linux. > > TIA, > Jeff > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > signature.asc Description: OpenPGP digital signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Multiple upstream servers
Jay Guerette wrote: In my dnsmasq.conf I have the following lines: server=199.2.252.10 server=204.97.212.10 server=204.117.214.10 If I run tcpdump to examine the DNS traffic, I'll see something like this right after dnsmasq starts: 15:50:06.302001 IP 10.0.2.10.33109 199.2.252.10.53: 35868+ A? www.google.com. (32) 15:50:06.302330 IP 10.0.2.10.33109 204.97.212.10.53: 35868+ A? www.google.com. (32) 15:50:06.302363 IP 10.0.2.10.33109 204.117.214.10.53: 35868+ A? www.google.com. (32) It seems to test all the servers; but then, it always uses the 1st entry, and never uses the others: 15:50:33.629819 IP 10.0.2.10.33109 199.2.252.10.53: 27414+ A? www.vonage.com. (32) snip If I change the order of the server= lines in my .conf, it will repeat the initial 'test' behavior and then use the new 1st entry again. Enabling/disabling 'strict-order' has no impact. I have tested on RH 9 with v2.38, and Ubuntu 6.06 with v2.25. I'm not sure what your question is. You are right that dnsmasq tests the servers on the first query: whichever replys first gets used. If the server in use stops responding or responds very slowly, the test will be done again, and a new server will be selected. It's likely that all three of your servers are about equal, so the first one tends to win the race, because the query gets sent to it first. strict-order should stop the testing - the first server will always be used, and if it does not respond, then the query will go to the second one when it is re-tried. Have you seen different results to this? HTH Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Multiple upstream servers
On 3/14/07, Simon Kelley si...@thekelleys.org.uk wrote: Jay Guerette wrote: In my dnsmasq.conf I have the following lines: server=199.2.252.10 server=204.97.212.10 server=204.117.214.10 If I run tcpdump to examine the DNS traffic, I'll see something like this right after dnsmasq starts: 15:50:06.302001 IP 10.0.2.10.33109 199.2.252.10.53: 35868+ A? www.google.com. (32) 15:50:06.302330 IP 10.0.2.10.33109 204.97.212.10.53: 35868+ A? www.google.com. (32) 15:50:06.302363 IP 10.0.2.10.33109 204.117.214.10.53: 35868+ A? www.google.com. (32) It seems to test all the servers; but then, it always uses the 1st entry, and never uses the others: 15:50:33.629819 IP 10.0.2.10.33109 199.2.252.10.53: 27414+ A? www.vonage.com. (32) snip If I change the order of the server= lines in my .conf, it will repeat the initial 'test' behavior and then use the new 1st entry again. Enabling/disabling 'strict-order' has no impact. I have tested on RH 9 with v2.38, and Ubuntu 6.06 with v2.25. I'm not sure what your question is. You are right that dnsmasq tests the servers on the first query: whichever replys first gets used. If the server in use stops responding or responds very slowly, the test will be done again, and a new server will be selected. It's likely that all three of your servers are about equal, so the first one tends to win the race, because the query gets sent to it first. strict-order should stop the testing - the first server will always be used, and if it does not respond, then the query will go to the second one when it is re-tried. Have you seen different results to this? I'm sorry, I did not actually ask a question; I meant to ask: Is this the expected behaviour? I was surprised; and expecting a load balancing of the 3 configured servers. The man entry for the 'strict-order' option says: ... dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers to are known to be up... I interpreted this to mean it would use all the servers that are up, and tune the load on each in the pool based on it's response times. Specifically the words favour servers, lead me to believe it would use more than one. I interpreted the use of the 'strict-order' option was to strictly round-robin, with no attention paid to response times. Now I know, this is the expected behaviour. Thank you for your reply.
Re: [Dnsmasq-discuss] Multiple upstream servers
Jay Guerette wrote: I was surprised; and expecting a load balancing of the 3 configured servers. The man entry for the 'strict-order' option says: ... dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers to are known to be up... I interpreted this to mean it would use all the servers that are up, and tune the load on each in the pool based on it's response times. There's a trade-off here with complexity, load-balancing and robustness. The existing algorithm tries hard to be simple and not to send a query to just one server unless it's known to be up. It therefore copes well with a list of servers, some of which are dead, without accidentally loosing queries or causing long time-outs. To do better load balancing, it would either cope less well with dead servers, or need more complex and longer-lasting state about each query. Specifically the words favour servers, lead me to believe it would use more than one. I interpreted the use of the 'strict-order' option was to strictly round-robin, with no attention paid to response times. Now I know, this is the expected behaviour. Thank you for your reply. No problem, cheers, Simon.
