You're hitting the rebind protection filter; see http://en.wikipedia.org/wiki/DNS_rebinding
Either disable rebind_protection or change the IP addresses returned by your DNS server in the wan On Thu, Oct 30, 2014 at 9:32 PM, Kao Kevin <[email protected]> wrote: > Hi, > > > > While Running tests in an openwrt based IP gateway, we noticed a dns > problem running openwrt in a gateway. > > When DNS proxy ( dnsmasq) forward the DNS reply, the Answer of section was > extracted. > > Please refer to the following tests for the problem description. > > > > 192.168.42.135 ------------------------ (192.168.42.1 GATEWAY > 10.10.200.2)------………… (1.1.1.1 DNS server) > > 1. The Gateway LAN interface pre-configured as 192.168.42.1. The > Gateway LAN section is in 192.168.42.0/255.255.255.0 subnet > > 2. A LAN Device is assigned IP to 192.168.42.135 from the DHCP > server in the gateway. > > 3. Have Gateway wan link set to network in subnet 10.10.200.xx/ > 255.255.255.0. > > 4. Set up a DNS Server in WAN with IP: 1.1.1.1 > > 5. DHCP server (not in the picture) in the WAN subnet assign Gateway > wan IP as 10.10.200.2 > > 6. The LAN client initiates a DNS query. The query has source IP > 192.168.42.135 and destination IP 192.268.42.1 (in lan.cap message 1) > > 7. The Gateway forwards the query to dns server. The forwarded query > has the source IP 10.10.200.2 and destination 1.1.1.1 (in wan.cap msg 1) > > 8. DNS server 1.1.1.1 sends DNS resolution response with resolved > dns address. The response sends to the Gateway 10.10.200.2. (in wan.cap msg > 2) > > 9. The Gateway forwards the response to the client; but the > forwarded response does not have the Answer. (in lan.cap msg 2) > > > > Please review the attached wireshark. > > > > Questions: > > I wonder if this problem is due to: > > 1. My tested openwrt is an older version; OR > > 2. A simple config problem > > 3. The worst case is a S/W problem in dnsmasq that requires code > modification > > > > Anyone know the solution or ever see this problem, please gives us a reply. > > > > Here is the version./release information the openwrt I am using: > > The etc/banner file > > Release : 14.3 > > Version: 14.44 > > > > The /etc/openwrt_version file > > 12.09.1 > > > > The /etc/openwrt_release file > > DISTRIB_REVISION="r42647" > > > ISTRIB_CODENAME="attitude_adjustment" > > DISTRIB_TARGET="brcm63xx-arm-tch/HG1XPROTO" > > DISTRIB_DESCRIPTION="OpenWrt Attitude Adjustment 12.09.1" > > > > And the “uci show” related to the dnsmasq > > dhcp.@dnsmasq[0]=dnsmasq > > dhcp.@dnsmasq[0].domainneeded=1 > > dhcp.@dnsmasq[0].filterwin2k=0 > > dhcp.@dnsmasq[0].localise_queries=1 > > dhcp.@dnsmasq[0].rebind_protection=1 > > dhcp.@dnsmasq[0].rebind_localhost=1 > > dhcp.@dnsmasq[0].local=/lan/ > > dhcp.@dnsmasq[0].expandhosts=1 > > dhcp.@dnsmasq[0].nonegcache=0 > > dhcp.@dnsmasq[0].authoritative=1 > > dhcp.@dnsmasq[0].readethers=1 > > dhcp.@dnsmasq[0].leasefile=/tmp/dhcp.leases > > dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto > > dhcp.@dnsmasq[0].dhcpscript=/lib/dnsmasq/dhcp-event.sh > > dhcp.@dnsmasq[0].domain=qacafe.com > > dhcp.@dnsmasq[0].boguspriv=0 > > dhcp.@dnsmasq[0].strictorder=1 > > > > _______________________________________________ > openwrt-devel mailing list > [email protected] > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > >
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
