LEDE Project

  • Status Assigned
  • Percent Complete
    50%
  • Task Type Bug Report
  • Category Base system
  • Assigned To
    Hans Dedecker
  • Operating System All
  • Severity High
  • Priority Very Low
  • Reported Version lede-17.01
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: LEDE Project
Opened by Mi Feng - 13.06.2017
Last edited by Hans Dedecker - 14.06.2017

FS#841 - dnsmasq cannot resolve domain name if the first upstream dns server reply code is REFUSED

Supply the following if possible:
- Device problem occurs on
network gateway

- Software versions of LEDE release, packages, etc.
lede-17.01 and dnsmasq v2.77

- Steps to reproduce
1. boot up the gateway, got two upstream dns servers

  172.30.50.10
  172.30.50.21
  the first server(172.30.50.10) always relied REFUSED, and the second one can work well.

2. set the strict order option of dnsmasq, also disabled rebind-protection, and restarted dnsmasq

3. tried to resolve a domain name from LAN side host, but got REFUSED.

  I dumped the udp packets by tcpdump, and find NO dns query packet sent to the second server (172.30.50.21).
 But according to my understanding, if the first upstream server cannot work, dnsmasq should try the second one by sending query to it. But I did not see query packet to the second one. It's an issue.

See the resolve.conf.auto content, config file content and tcpdump log below

Thanks
Mi Feng

cat dnsmasq.conf.cfg02411c
# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
strict-order
localise-queries
read-ethers
expand-hosts
dhcp-script=/lib/dnsmasq/dhcp-event.sh
domain=lan
server=/lan/
dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.auto
dhcp-broadcast=tag:needs-broadcast
addn-hosts=/tmp/hosts
conf-dir=/tmp/dnsmasq.d
user=dnsmasq
group=dnsmasq

dhcp-range=lan,192.168.1.1,192.168.1.253,255.255.255.0,24h
dhcp-option=lan,tag:cpewan-id,vi-encap:3561,6,”389ac” dhcp-option=lan,tag:cpewan-id,vi-encap:3561,5,”CP1610UA89Y” dhcp-option=lan,tag:cpewan-id,vi-encap:3561,4,”C4EA1D” no-dhcp-interface=pppoe-wan
no-dhcp-interface=pppoe-wan

root@:/tmp# cat resolv.conf.auto
# Interface wan
nameserver 172.30.50.10
nameserver 172.30.50.21
root@:/tmp#
root@:/tmp#
root@:/tmp# tcpdump -i pppoe-wan udp
[ 2854.928000] device pppoe-wan entered promiscuous mode
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pppoe-wan, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
10:30:18.469665 IP 172.30.50.10.domain > 172.26.4.195.65213: 50131 Refused- 0/0/0 (30)
10:30:18.472748 IP 172.26.4.195.64289 > 172.30.50.10.domain: 1046+ PTR? 10.50.30.172.in-addr.arpa. (43)
10:30:18.473264 IP 172.30.50.10.domain > 172.26.4.195.64289: 1046 NXDomain*- 0/1/0 (97)
10:30:18.474169 IP 172.26.4.195.59346 > 172.30.50.10.domain: 28639+ A? www.qacc.net.ap.thmulti.com. (45)
10:30:18.474611 IP 172.30.50.10.domain > 172.26.4.195.59346: 28639 Refused- 0/0/0 (45)
10:30:18.477993 IP 172.26.4.195.14614 > 172.30.50.10.domain: 12337+ A? www.qacc.net.beijing.ap.thmulti.com. (53)
10:30:18.478583 IP 172.30.50.10.domain > 172.26.4.195.14614: 12337 Refused- 0/0/0 (53)

10:30:22.720009 IP 172.26.4.195.41357 > 172.30.50.10.domain: 47184+ AAAA? 1.asia.pool.ntp.org. (37)
10:30:22.720583 IP 172.30.50.10.domain > 172.26.4.195.41357: 47184 Refused- 0/0/0 (37)
10:30:22.722887 IP 172.26.4.195.55007 > 172.30.50.10.domain: 33873+ AAAA? 1.asia.pool.ntp.org. (37)
10:30:22.723378 IP 172.30.50.10.domain > 172.26.4.195.55007: 33873 Refused- 0/0/0 (37)
10:30:22.729899 IP 172.26.4.195.55853 > 172.30.50.10.domain: 55831+ AAAA? 1.asia.pool.ntp.org. (37)
10:30:22.730430 IP 172.30.50.10.domain > 172.26.4.195.55853: 55831 Refused- 0/0/0 (37)
10:30:22.737220 IP 172.26.4.195.43685 > 172.30.50.10.domain: 36592+ A? 1.asia.pool.ntp.org. (37)
10:30:22.737813 IP 172.30.50.10.domain > 172.26.4.195.43685: 36592 Refused- 0/0/0 (37)
10:30:22.741757 IP 172.26.4.195.16960 > 172.30.50.10.domain: 37960+ A? 1.asia.pool.ntp.org. (37)
10:30:22.742329 IP 172.30.50.10.domain > 172.26.4.195.16960: 37960 Refused- 0/0/0 (37)
10:30:22.747418 IP 172.26.4.195.30333 > 172.30.50.10.domain: 5884+ A? 1.asia.pool.ntp.org. (37)
10:30:22.748037 IP 172.30.50.10.domain > 172.26.4.195.30333: 5884 Refused- 0/0/0 (37)
10:30:22.753650 IP 172.26.4.195.29589 > 172.30.50.10.domain: 44902+ AAAA? 0.asia.pool.ntp.org. (37)
10:30:22.754422 IP 172.30.50.10.domain > 172.26.4.195.29589: 44902 Refused- 0/0/0 (37)
10:30:22.759628 IP 172.26.4.195.3053 > 172.30.50.10.domain: 61986+ AAAA? 0.asia.pool.ntp.org. (37)
10:30:22.760258 IP 172.30.50.10.domain > 172.26.4.195.3053: 61986 Refused- 0/0/0 (37)
10:30:22.764139 IP 172.26.4.195.33678 > 172.30.50.10.domain: 15850+ AAAA? 0.asia.pool.ntp.org. (37)
10:30:22.764729 IP 172.30.50.10.domain > 172.26.4.195.33678: 15850 Refused- 0/0/0 (37)
10:30:22.768688 IP 172.26.4.195.5053 > 172.30.50.10.domain: 35088+ A? 0.asia.pool.ntp.org. (37)
10:30:22.769275 IP 172.30.50.10.domain > 172.26.4.195.5053: 35088 Refused- 0/0/0 (37)
10:30:22.772201 IP 172.26.4.195.64996 > 172.30.50.10.domain: 65307+ A? 0.asia.pool.ntp.org. (37)
10:30:22.772687 IP 172.30.50.10.domain > 172.26.4.195.64996: 65307 Refused- 0/0/0 (37)
10:30:22.775676 IP 172.26.4.195.20981 > 172.30.50.10.domain: 10204+ A? 0.asia.pool.ntp.org. (37)
10:30:22.776243 IP 172.30.50.10.domain > 172.26.4.195.20981: 10204 Refused- 0/0/0 (37)
10:30:22.780325 IP 172.26.4.195.38297 > 172.30.50.10.domain: 46081+ AAAA? my.pool.ntp.org. (33)
10:30:22.780868 IP 172.30.50.10.domain > 172.26.4.195.38297: 46081 Refused- 0/0/0 (33)
10:30:22.783857 IP 172.26.4.195.56965 > 172.30.50.10.domain: 6840+ AAAA? my.pool.ntp.org. (33)
10:30:22.784429 IP 172.30.50.10.domain > 172.26.4.195.56965: 6840 Refused- 0/0/0 (33)
10:30:22.791442 IP 172.26.4.195.35406 > 172.30.50.10.domain: 11467+ AAAA? my.pool.ntp.org. (33)
10:30:22.792167 IP 172.30.50.10.domain > 172.26.4.195.35406: 11467 Refused- 0/0/0 (33)
10:30:22.798293 IP 172.26.4.195.1555 > 172.30.50.10.domain: 28498+ A? my.pool.ntp.org. (33)
10:30:22.798942 IP 172.30.50.10.domain > 172.26.4.195.1555: 28498 Refused- 0/0/0 (33)
10:30:22.803558 IP 172.26.4.195.44915 > 172.30.50.10.domain: 35218+ A? my.pool.ntp.org. (33)
10:30:22.804149 IP 172.30.50.10.domain > 172.26.4.195.44915: 35218 Refused- 0/0/0 (33)
10:30:22.808304 IP 172.26.4.195.4340 > 172.30.50.10.domain: 50022+ A? my.pool.ntp.org. (33)
10:30:22.808944 IP 172.30.50.10.domain > 172.26.4.195.4340: 50022 Refused- 0/0/0 (33)
10:30:22.942953 IP 172.26.4.195.7506 > 172.30.50.10.domain: 38495+ A? qacc.net. (26)
10:30:22.943548 IP 172.30.50.10.domain > 172.26.4.195.7506: 38495 Refused- 0/0/0 (26)
10:30:22.946667 IP 172.26.4.195.23129 > 172.30.50.10.domain: 22257+ A? qacc.net.ap.thmulti.com. (41)
10:30:22.947214 IP 172.30.50.10.domain > 172.26.4.195.23129: 22257 Refused- 0/0/0 (41)
10:30:22.949874 IP 172.26.4.195.18398 > 172.30.50.10.domain: 24945+ A? qacc.net.beijing.ap.thmulti.com. (49)
10:30:22.950345 IP 172.30.50.10.domain > 172.26.4.195.18398: 24945 Refused- 0/0/0 (49)


netprince commented on 13.06.2017 18:36

Try adding

option nonegcache '1'

to /etc/config/dhcp under dnsmasq section and restart dnsmasq

Project Manager
Hans Dedecker commented on 13.06.2017 21:06

After looking into the dnsmasq code this looks like an issue in the function reply_query (http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/forward.c;h=83f392ddca27f845a1937dbcd73acd0d9800faa1;hb=HEAD#l792). Needs to be discussed on the dnsmasq mailing list

Project Manager
Hans Dedecker commented on 14.06.2017 14:56

Patch has been pushed to the dnsmasq mailing list (http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q2/011559.html) fixing the issue

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing