Discussion:
[Dnsmasq-discuss] Getting 'REFUSED' from dnsmasq - possible reasons?
Chris Green
2017-06-21 12:33:06 UTC
Permalink
I have dnsmasq 2.62 on a RasberryPi on my LAN, it's been doing DHCP
and DNS quite happily for some years now.

I've suddenly started getting REFUSED back, sometimes, e.g.:-

***@esprimo$ host news.plus.net
Host news.plus.net not found: 5(REFUSED)
***@esprimo$

but another system on the same LAN gets an address:-

chris$ host news.plus.net
news.plus.net is an alias for usenet.plus.net.
usenet.plus.net is an alias for europe.isp.giganews.com.
europe.isp.giganews.com has address 216.166.105.145
chris$

It's not always the same system that's getting the 'REFUSED' message
so I *think* something odd may be happening to dnsmasq. Does anyone
have any idea what the problem might be?


Further information, wierdly 'dig' works OK:-

***@esprimo$ dig news.plus.net

; <<>> DiG 9.10.3-P4-Ubuntu <<>> news.plus.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59408
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;news.plus.net. IN A

;; ANSWER SECTION:
news.plus.net. 34838 IN CNAME usenet.plus.net.
usenet.plus.net. 184 IN CNAME europe.isp.giganews.com.
europe.isp.giganews.com. 58 IN A 216.166.105.145

;; AUTHORITY SECTION:
isp.giganews.com. 520 IN NS ns1.dca1.giganews.com.
isp.giganews.com. 520 IN NS ns1.ams1.giganews.com.

;; Query time: 13 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Jun 21 13:31:27 BST 2017
;; MSG SIZE rcvd: 162

***@esprimo$ host news.plus.net
Host news.plus.net not found: 5(REFUSED)
***@esprimo$
--
Chris Green
Simon Kelley
2017-06-25 20:53:55 UTC
Permalink
REFUSED is returned if dnsmasq has no upstream server configured it can
send to, or if there are a very large number of queries in flight, and
the internal table tracking them is full. You could try bumping the

dns-forward-max

parameter if you have a very busy network.



Cheers,

Simon.
Post by Chris Green
I have dnsmasq 2.62 on a RasberryPi on my LAN, it's been doing DHCP
and DNS quite happily for some years now.
I've suddenly started getting REFUSED back, sometimes, e.g.:-
Host news.plus.net not found: 5(REFUSED)
but another system on the same LAN gets an address:-
chris$ host news.plus.net
news.plus.net is an alias for usenet.plus.net.
usenet.plus.net is an alias for europe.isp.giganews.com.
europe.isp.giganews.com has address 216.166.105.145
chris$
It's not always the same system that's getting the 'REFUSED' message
so I *think* something odd may be happening to dnsmasq. Does anyone
have any idea what the problem might be?
Further information, wierdly 'dig' works OK:-
; <<>> DiG 9.10.3-P4-Ubuntu <<>> news.plus.net
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59408
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 1
; EDNS: version: 0, flags:; udp: 4096
;news.plus.net. IN A
news.plus.net. 34838 IN CNAME usenet.plus.net.
usenet.plus.net. 184 IN CNAME europe.isp.giganews.com.
europe.isp.giganews.com. 58 IN A 216.166.105.145
isp.giganews.com. 520 IN NS ns1.dca1.giganews.com.
isp.giganews.com. 520 IN NS ns1.ams1.giganews.com.
;; Query time: 13 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Jun 21 13:31:27 BST 2017
;; MSG SIZE rcvd: 162
Host news.plus.net not found: 5(REFUSED)
Chris Green
2017-06-26 07:55:28 UTC
Permalink
Post by Simon Kelley
REFUSED is returned if dnsmasq has no upstream server configured it can
send to, or if there are a very large number of queries in flight, and
the internal table tracking them is full. You could try bumping the
dns-forward-max
parameter if you have a very busy network.
Thanks Simon. The REFUSE *seems* to be a symptom of other problems on
the LAN actually, not to mention a silly introduced by systemd. I
don't think my ome LAN should need a larger dns-forward-max as there's
only a dozen or so systems and two or three users at most.
--
Chris Green
Loading...