On Thu, 2017-03-23 at 09:54 +0100, Beniamino Galvani wrote: > > What does it mean that the local DNS service is returning REFUSED? How > > can I debug this further? Or, does anyone know how to fix it? > > You can enable logging of queries in dnsmasq with: > > echo log-queries > /etc/NetworkManager/dnsmasq.d/log-queries > killall -HUP NetworkManager > > After this, you should see in logs queries sent by dnsmasq and > responses from name servers.
Thank you for this info. I see that when this problem is happening I get a single line in the log: query[A] git.my.domain.com from 127.0.0.1 and that's it, nothing else. It seems that dnsmasq sends the REFUSED response without even trying to pass along the request any further. When things are working properly, I get a set of responses in the log for each lookup including forwarding to the upstream DNS server and the final answer. Also a belated, but heartfelt, thank-you to Thomas Haller for his reply to a similar question I asked last November; his email had a wealth of fantastic information for debugging NM issues and I still refer to it constantly. https://mail.gnome.org/archives/networkmanager-list/2016-November/msg00081.html > Which dnsmasq version are you using? There was a bug in the way > dnsmasq cached sockets for queries that caused problems when the VPN > interface is recreated by kernel with a different ifindex; see [1] [2] > for more details. This could be the cause of the problem you see. After I sent my email I realized I had forgotten to include dnsmasq info. I'm using 2.76 (Ubuntu package dnsmasq-base 2.76-4). From what I can tell the fixes you refer to are not available in any dnsmasq release yet but will be in the next release (2.77), and the version I have does not backport this patch. I will try building a dnsmasq with this patch applied and see if it helps. FWIW, I'm currently working around this issue by adding a script to /etc/NetworkManager/dispatcher.d that sends a SIGHUP to NetworkManager. It seems to work, although it's obviously not ideal. _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list