dns query from localnetwork ignored
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dnsmasq (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
Hi,
I followed the following to config dnsmasq as DHCP and DNS server
http://
configuration-5/
It works well till Ubuntu 13.10. However, with Ubuntu 14.10, the dns
query from localnetwork will always timeout. The configurations are
exactly the same, What could be the problem?
From within localnetwork:
~~~
$ dig google.ca
; <<>> DiG 9.9.5-4.3-Ubuntu <<>> google.ca
;; global options: +cmd
;; connection timed out; no servers could be reached
dig @192.168.2.100 maroon
; <<>> DiG 9.9.5-4.3-Ubuntu <<>> @192.168.2.100 maroon
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
~~~
On the DNS sever itself:
~~~
$ dig google.ca @127.0.0.1
...
;; ANSWER SECTION:
google.ca. 299 IN A 173.194.43.111
...
;; Query time: 50 msec
;; SERVER: 127.0.0.
$ dig @192.168.2.100 maroon
...
;; ANSWER SECTION:
maroon. 0 IN A 192.168.2.100
;; Query time: 1 msec
;; SERVER: 192.168.
...
~~~
This is the debug output from dnsmasq log:
~~~
Jan 1 13:26:10 maroon dnsmasq[2833]: reply google.ca is 173.194.43.119
Jan 1 13:26:10 maroon dnsmasq[2833]: reply google.ca is 173.194.43.120
*** DEBUG 2015-01-01 13:26:21-05:00 DEBUG ***
Jan 1 13:27:42 maroon dnsmasq[2833]: query[A] maroon from 192.168.2.100
Jan 1 13:27:42 maroon dnsmasq[2833]: /etc/dnsmasq.hosts maroon is
192.168.2.100
*** DEBUG 2015-01-01 13:28:19-05:00 DEBUG ***
~~~
All other dns queries from localnetwork did not generate any log entries.
So, because the local dns query work, I think something is blocking the dnsmasq
from sending the dns query results back to localnetwork. What could it
be?
I didn't limit the dnsmasq listen address:
~~~
$ grep listen-address /etc/dnsmasq.conf /etc/dnsmasq.d/*
/etc/dnsmasq.
~~~
My /etc/hosts.deny and hosts.allow files are untouched either, and I can
ping my DNS server, and ssh into its IP address as well. So I think the
blocking is only at the DNS level since other access are just fine. It is
not because of iptables rules either:
$ sudo iptables-save | wc
0 0 0
I've installed dnsmasq on two different machines, one being freshly installed today, and both of them are showing exactly the same symptom. Again, it only happens to Ubuntu 14.10. It was working well till Ubuntu 13.10 before.
I've run out of all the possibilities.
What could be the problem?
Thanks
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.10
Release: 14.10
Codename: utopic
$ apt-cache policy dnsmasq
dnsmasq:
Installed: 2.71-1
Candidate: 2.71-1
Version table:
*** 2.71-1 0
500 http://
100 /var/lib/
description: | updated |
summary: |
- dns query from localnetwork are blocked + dns query from localnetwork ignored |
Ubuntu 13.10 (Saucy) included dnsmasq 2.66 or so. In dnsmasq 2.69 an important change was made which may be the cause of your problem. This change affects Ubuntu 14.10 and later, but not Ubuntu 14.04LTS (Trusty) which shipped with dnsmasq 2.68-1. The change is mentioned in the changelog (quoted below) and it should be obvious how this might be affecting you. Read the new dnsmasq manpage for a longer description of the "local-service" option.
dnsmasq (2.69-1) unstable; urgency=low
* New upstream. unconfigured installations, it stops dnsmasq
* Set --local-service. (closes: #732610)
This tells dnsmasq to ignore DNS requests that don't come
from a local network. It's automatically ignored if
--interface --except-interface, --listen-address or
--auth-server exist in the configuration, so for most
installations, it will have no effect, but for
otherwise-
from being vulnerable to DNS-reflection attacks.
-- Simon Kelley <email address hidden> Tue, 4 Feb 2014 16:28:12 +0000