Re: [Dnsmasq-discuss] Show host names in dnsmasq's log

[Simon Kelley]

There are two fundamental problems with doing this.

1) The whole architecture of dnsmasq in predicated on not blocking
whilst processing a DNS query, except when it's been punted on to an
upstream nameserver. Doing the reverse-DNS lookup requires blocking.
This problem was solved for DNSSEC (which might have to block whilst
doing subidiary DNS queries) but the solution is not general, and would
be hard to use. It's also only available when DNSSEC is compiled in and
activated.

2) The reverse DNS lookup, assuming you want the DNS to look the same as
the machine running dnsmasq sees, is eventually likely to end up back at
dnsmasq. In processing that query, dnsmasq may need to make another
query, and you could end up with, effectively infinite recursion.


IMHO it's much better to adapt something like logresolve  to
post-process the logs.


Cheers,

Simon.



On 04/02/18 17:15, Dominik Derigs, DL6ER wrote:
> Dear all,
> 
> I'm trying to show host names (rather than IP addresses, if available)
> in dnsmasq's log for A and  queries, as well as for the forward
> destinations, i.e. I want to replace
> 
> Feb  4 18:02:22 dnsmasq[14001]: query[A] clients6.google.com from 10.8.0.2
> Feb  4 18:02:22 dnsmasq[14001]: forwarded clients6.google.com to 2620:fe::fe
> 
> by
> 
> Feb  4 18:02:22 dnsmasq[14001]: query[A] clients6.google.com from
> android.lan
> Feb  4 18:02:22 dnsmasq[14001]: forwarded clients6.google.com to
> dns.quad9.net
> 
> For doing this, I tried various attempts:
> 
> Firstly, I tried a simple approach using gethostbyaddr() to resolve the
> IP addresses to host names. Unfortunately, it seems like gethostbyaddr()
> cannot be used inside the DNS resolver process itself, as it always
> immediately fails with Unknown host (error code 1) for everything (incl.
> e.g. 127.0.0.1). I know that this would have some drawbacks (like
> causing a PTR request on every logging), but I would have solved them
> with various tricks like building my own lookup tables, etc. I tested my
> code in a small standalone application and here name resolution works
> perfectly.
> 
> Secondly, I build a wrapper around dnsmasq's routine
> cache_find_by_addr() to query dnsmasq's log for the host name.
> Obviously, this has two major drawbacks: This code is kind of cumbersome
> (esp. for IPv6) as I first have to format the IPs in the format that is
> expected by this routine and secondly that does, of course, only work
> for entries that are already in the cache. If a cache entry for
> dns.quad9.net is already present (since someone queried that manually),
> then this works just fine. However, if nobody did that, then there will
> also be no cache entry and there is no result.
> 
> My question is now: I would, of course, prefer to use the first version
> ( using gethostbyaddr() ) but that does not seem to work at all. I'm not
> sure if it's maybe related to that a process cannot connect to its own
> UDP socket or something, but I'd obviously prefer a rather simple
> solution. Any suggestions are highly appreciated.
> 
> Best regards,
> Dominik
> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Show host names in dnsmasq's log

[Dominik Derigs, DL6ER]

Dear all,

I'm trying to show host names (rather than IP addresses, if available)
in dnsmasq's log for A and  queries, as well as for the forward
destinations, i.e. I want to replace

Feb  4 18:02:22 dnsmasq[14001]: query[A] clients6.google.com from 10.8.0.2
Feb  4 18:02:22 dnsmasq[14001]: forwarded clients6.google.com to 2620:fe::fe

by

Feb  4 18:02:22 dnsmasq[14001]: query[A] clients6.google.com from
android.lan
Feb  4 18:02:22 dnsmasq[14001]: forwarded clients6.google.com to
dns.quad9.net

For doing this, I tried various attempts:

Firstly, I tried a simple approach using gethostbyaddr() to resolve the
IP addresses to host names. Unfortunately, it seems like gethostbyaddr()
cannot be used inside the DNS resolver process itself, as it always
immediately fails with Unknown host (error code 1) for everything (incl.
e.g. 127.0.0.1). I know that this would have some drawbacks (like
causing a PTR request on every logging), but I would have solved them
with various tricks like building my own lookup tables, etc. I tested my
code in a small standalone application and here name resolution works
perfectly.

Secondly, I build a wrapper around dnsmasq's routine
cache_find_by_addr() to query dnsmasq's log for the host name.
Obviously, this has two major drawbacks: This code is kind of cumbersome
(esp. for IPv6) as I first have to format the IPs in the format that is
expected by this routine and secondly that does, of course, only work
for entries that are already in the cache. If a cache entry for
dns.quad9.net is already present (since someone queried that manually),
then this works just fine. However, if nobody did that, then there will
also be no cache entry and there is no result.

My question is now: I would, of course, prefer to use the first version
( using gethostbyaddr() ) but that does not seem to work at all. I'm not
sure if it's maybe related to that a process cannot connect to its own
UDP socket or something, but I'd obviously prefer a rather simple
solution. Any suggestions are highly appreciated.

Best regards,
Dominik


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq socket file disappearing

[Simon Kelley]

You're using --bind-dynamic, so dnsmasq creates a set of listener
sockets, one for each if the addresses on the machine's interfaces. When
such an address is removed or created, dnsmasq gets an event via
netlink, and it does two things,

1) Enumerates the current set of addresses on the machines interfaces.
2) Updates the set of listening sockets to reflect that set: creating
new sockets for new addresses, and deleting sockets for addresses which
are no longer in use.

That process is an obvious potential source of the behaviour you're seeing.

I'm slightly confused that your description talks about THE socket file:
there should be one for each address possessed by the machine. To try
and get a handle on what's happening, we need  to see what's happening
to all the members of that set.

"DNS resolutions sent to system[dnsmasq] (127.0.0.1:53) time out"

implies that 127.0.1:53 the socket listening on 127.0.0.1 is going, but
are there still sockets listening on port 53 for other addresses, or are
all the UDP sockets going?

There is a second set of sockets listening on the same addresses/ports
for TCP connections. It would be interesting to see if the TCP sockets
go as well, or is it's only the UDP socket that disappears?

Is the network config of docker containers changed at any time? If so,
forcing that is an obvious way of trying to reproduce this problem.
Given that 127.0.0.1 is an address which dispappears, anything which
fiddles with the lo interface is of particular suspicion.



Cheers,


Simon.




On 31/01/18 21:12, Zi Dvbelju wrote:
> *
> 
> I’m experiencing an issue where allDNS resolutions sent to dnsmasq
> timeout, but only after the dnsmasq service has been successfullyrunning
> for a period of time (anecdotally, after a few weeks of time). After a
> lot of digging, I’ve discovered that dnsmasq’s UDP socket file will
> eventually “disappear”. The issue can be resolved by restarting the
> dnsmasq service.
> 
> 
> I haven’t been able to reproduce it yet, but it has happened numerous
> times on servers which are running dozens of docker containers. From
> what I know, nothing should be removing this socket file and I can’t
> find anything relevant in the dnsmasq logs. Is anyone aware of any
> situations that can cause socket files to disappear?
> 
> 
> Environment
> 
> Ubuntu 16.04.3 LTS
> 
> 8 Cores, 16GB of RAM
> 
> Dnsmasq 2.75-1ubuntu0.16.04.4
> 
> 
> Background
> 
> I’m using dnsmasq to forward requests to Consul
> , which is used for
> service discovery. The Consul agent listens on port 8600 and is
> configured to bind to allinterfaces (the relevant interface here is
> 172.17.0.1, which docker creates).  
> 
> 
> Resolv.conf
> 
> ```
> 
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> 
> nameserver 127.0.0.1
> 
> ```
> 
> 
> Dnsmasq.conf
> 
> ```
> 
> server=/consul/172.17.0.1#8600 
> 
> server=/10.in-addr.arpa/172.17.0.1#8600 
> 
> bind-dynamic
> 
> ```
> 
> 
> Systemd config for Docker
> 
> ```
> 
> ExecStart=/usr/bin/dockerd --bip=172.17.0.1/24 
> --dns=172.17.0.1 -H fd://
> 
> ```
> 
> While investigating the servers in the broken state, I observed the
> following:
> 
> 
>   *
> 
> nslookup / dig DNS resolutions are timing out
> 
>   *
> 
> Docker logs show containers are also timing out on DNS resolutions
> 
>   *
> 
> Systemd reports that dnsmasq is still running, pid still exists
> 
>   *
> 
> DNS resolutions sent directly to the consul agent (127.0.0.1:8600
> ) succeed
> 
>   *
> 
> DNS resolutions sent to system[dnsmasq] (127.0.0.1:53
> ) time out
> 
>   *
> 
> IPV6 UDP (::1) resolutions sent to dnsmasq succeeded
> 
>   *
> 
> Netstat shows that the IPV4 UDP socket file for dnsmasq is missing
> 
>   *
> 
> No relevant messages in kernel log (specifically, no dnsmasq OOM
> kill events)
> 
>   *
> 
> File descriptor usage for the entire server was normal
> 
>   *
> 
> File descriptor usage for the individual dnsmasq process was normal
> 
>   *
> 
> CPU, RAM, and storage all look good
> 
> 
> Thanks in advance for any discussion at all - I've been really
> struggling with this one for a while now.
> 
> 
> Zach
> 
> *
> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] DNSMasq Wildcard Round-Robin DNS

[Asad Ali]

Hello I'm trying to achieve something here but I'm not sure if what I'm trying 
to do is even possible with DNSMasq or not so I need you guys help.


I need to assign multiple static IP addresses to Wildcard domains for example:


*.google.com should point to:

x.x.x.x

x.x.x.x

x.x.x.x


Example 2:

example.google.com should point to same addreses as 
above:

x.x.x.x

x.x.x.x

x.x.x.x


and so on


I can achieve that by using hosts file for fixed

domain like Google.com but not with Wildcard entries for it 
and if I use:


address=/google.com/x.x.x.x


that works with Wildcard domains but with only single IP.


So is there any way to combine them both together?


I really hope I made myself clear... :/


P.S I'm trying to do that on my routers DNSMASQ which is riding ASUS WRT-Merlin


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss