Discussion:
[Dnsmasq-discuss] Dnsmaq giving default gateway address as dns server on DHCP offer
Anoop Ravi
2017-08-05 04:53:52 UTC
Permalink
Hi,

I am using dnsmasq as dns and dhcp server on my device. Somehow dnsmasq is not giving correct dns server address to my clients. Instead it is giving default gateway ip. I have correct dns servers listed in resolv.conf and my dnsmasq.conf is pointing to correct resolv file using "resolv-file" parameter. I am running dnsmasq as below.

dnsmasq -u nobody -q --dhcp-authoritative -C /var/dnsmasq.conf

From the logs,I could see that it is reading resolv.conf

reading /etc/resolv.conf
using nameserver xx.xx.xx.xx#53
using nameserver xx.xx.xx.xx#53
using nameserver xx.xx.xx.xx#53

While client connects, I can see that dnsmasq offering default gateway address as dns-server ip.

sent size: 4 option: 6 dns-server x.x.x.x

Is there anything wrong in my parameters? why is not giving correct dns servers?

Thanks
Anoop


Sent from my iPhone
Anoop Ravi
2017-08-05 13:53:43 UTC
Permalink
Post by Anoop Ravi
Hi,
I am using dnsmasq as dns and dhcp server on my device. Somehow dnsmasq is not giving correct dns server address to my clients. Instead it is giving default gateway ip. I have correct dns servers listed in resolv.conf and my dnsmasq.conf is pointing to correct resolv file using "resolv-file" parameter. I am running dnsmasq as below.
dnsmasq -u nobody -q --dhcp-authoritative -C /var/dnsmasq.conf
From the logs,I could see that it is reading resolv.conf
reading /etc/resolv.conf
using nameserver xx.xx.xx.xx#53
using nameserver xx.xx.xx.xx#53
using nameserver xx.xx.xx.xx#53
While client connects, I can see that dnsmasq offering default gateway address as dns-server ip.
sent size: 4 option: 6 dns-server x.x.x.x
Is there anything wrong in my parameters? why is not giving correct dns servers?
Thanks
Anoop
/dev/rob0
2017-08-05 15:43:53 UTC
Permalink
Post by Anoop Ravi
I am using dnsmasq as dns and dhcp server on my device. Somehow
dnsmasq is not giving correct dns server address to my clients.
Instead it is giving default gateway ip. I have correct dns servers
listed in resolv.conf and my dnsmasq.conf is pointing to correct
resolv file using "resolv-file" parameter. I am running dnsmasq as
below.
dnsmasq -u nobody -q --dhcp-authoritative -C /var/dnsmasq.conf
From the logs,I could see that it is reading resolv.conf
reading /etc/resolv.conf
using nameserver xx.xx.xx.xx#53
using nameserver xx.xx.xx.xx#53
using nameserver xx.xx.xx.xx#53
While client connects, I can see that dnsmasq offering default
gateway address as dns-server ip.
sent size: 4 option: 6 dns-server x.x.x.x
Is there anything wrong in my parameters? why is not giving
correct dns servers?
Nothing in your post indicates why you think that's incorrect;
dnsmasq IS a DNS server. Typically that's what you want, for all
local DHCP clients to use dnsmasq as DNS server. The point being: to
have local name resolution and to have one central cache for external
names.

Yes, there is an option you can use in dnsmasq.conf to change the
nameserver[s] given to DHCP clients, but why do you want that? See
the dnsmasq(8) manual for details.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
w***@gmail.com
2017-08-05 17:35:32 UTC
Permalink
Post by /dev/rob0
Yes, there is an option you can use in dnsmasq.conf to change the
nameserver[s] given to DHCP clients, but why do you want that? See the
dnsmasq(8) manual for details.
one possibility is on an AD network where all device DNS lookups go through the
AD controller... the AD controller then talks to dnsmasq running on the
perimeter firewall and handles the lookups to outside DNS servers... everything
inside the AD network being restricted to the AD network so no individual
devices can make lookups outside... they can only talk to the AD controller for
DNS and the AD controller can only talk to dnsmasq for DNS... the AD controller
is not the perimeter device for traffic headed outside of the AD network... the
perimeter firewall running dnsmasq is, though...
--
NOTE: No off-list assistance is given without prior approval.
*Please keep mailing list traffic on the list unless*
*a signed and pre-paid contract is in effect with us.*
r***@gmail.com
2017-08-06 01:33:04 UTC
Permalink
dnsmasq is capable of being the first DNS for clients and determining which
requests should go to the AD controller and which to external DNS. Or, the
configuration you describe is also possible.


Where Ravi appears to have gone wrong is in thinking that /etc/resolv.conf
addresses would be sent to client. dnsmasq never does that.
Post by w***@gmail.com
Post by /dev/rob0
Yes, there is an option you can use in dnsmasq.conf to change the
nameserver[s] given to DHCP clients, but why do you want that? See the
dnsmasq(8) manual for details.
one possibility is on an AD network where all device DNS lookups go
through the AD controller... the AD controller then talks to dnsmasq
running on the perimeter firewall and handles the lookups to outside DNS
servers... everything inside the AD network being restricted to the AD
network so no individual devices can make lookups outside... they can only
talk to the AD controller for DNS and the AD controller can only talk to
dnsmasq for DNS... the AD controller is not the perimeter device for
traffic headed outside of the AD network... the perimeter firewall running
dnsmasq is, though...
--
NOTE: No off-list assistance is given without prior approval.
*Please keep mailing list traffic on the list unless*
*a signed and pre-paid contract is in effect with us.*
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Anoop Ravi
2017-08-06 06:43:31 UTC
Permalink
Hi,

Richard,
As you said, I was under an impression that dnsmasq will provide all the nameserver entries in resolv.conf to the clients. Thank you for correcting me.

But, my clients are not resoving the names with this configuration. It is getting correct domain name and server ip as dns server. If I manually add resolv.conf entries into dnsmasq.conf using dhcp-option 6, then it will start resolving. I can see clients getting nameserver ip at this time.

What could be the reason for this behaviour?

Thanks
r***@gmail.com
2017-08-06 15:33:54 UTC
Permalink
The default configuration of dnsmasq is to act as a caching proxy server
(this behavior of dnsmasq has existed before dhcp support). There are a
few reasons the proxying could fail, chief among them being firewall
rules. If that isn't the problem, increasing the logging detail may give
further clues.

If you want to use dnsmasq only as a DHCP server and not a DNS cache, then
configuring dhcp-option 6 is the right approach. Note that in this case
you won't be able to look up computers by their dhcp hostname.

A quick summary of nameserver settings:

Lookups from other software on the dnsmasq server: uses /etc/resolv.conf
Lookups from dnsmasq (proxy on behalf of clients): defaults to using
/etc/resolv.conf, can be overridden via --server and/or --resolv-file
options
option "DNS server" sent to DHCP clients: defaults to the IP address of the
dnsmasq server that's in the same block as the address given out, can be
overridden with --dhcp-option 6
Post by Anoop Ravi
Hi,
Richard,
As you said, I was under an impression that dnsmasq will provide all the
nameserver entries in resolv.conf to the clients. Thank you for correcting
me.
But, my clients are not resoving the names with this configuration. It is
getting correct domain name and server ip as dns server. If I manually add
resolv.conf entries into dnsmasq.conf using dhcp-option 6, then it will
start resolving. I can see clients getting nameserver ip at this time.
What could be the reason for this behaviour?
Thanks
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
r***@gmail.com
2017-08-06 19:16:51 UTC
Permalink
If it doesn't work when started at boot, but does if you started it
manually, the most likely reason is that the boot scripts are passing
command-line options such as a different config file. If you edited the
default config file, when you start dnsmasq by hand, that's the one it
finds.

The command line arguments of the auto-launched dnsmasq instance should
give further information (the 'ps' command should show the command lines of
running processes)
That seems to be correct. That may be the reason why it is working
when i give dhcp-option 6.
Do you have any guess what could be going wrong? Is there any flag
which I need to enable to make dnsmasq work as dns server as well?
I have seen a strage behavior as well. Resolution wont work on bootup.
But when I restart dnsmasq(killing PID and starting commandline) it
works. Do you have any clue?
Any help is much appreciated.
Thanks,
Anoop
One clear difference is that the query that succeeded is for a different
name than the one that failed.
But the bigger problem is that the reply is somehow going straight to the
1. the client sends a query to dnsmasq
2. dnsmasq checks its cache and doesn't find a match
3. dnsmasq sends a query to the upstream server
4. the upstream server sends a reply to dnsmasq
5. dnsmasq adds the information to its cache
6. dnsmasq sends a reply to the client
In your capture, #4 isn't happening -- the reply destination address is
wrong.
Hi Richard,
I dont want to use dhcp-option 6 to override nameservers. I took a
packet capture on both local lan interface and the interface which
talks to outside world. I could see that in both scenarios (working
and nonworking), names are getting resolved at the outer interface.
But somehow query is getting refused at the local interface. Do you
have any clue why this is happening?
Attaching screenshot of comparison on local interface packet capture.
Thanks,
Anoop
--
Anoop.
Loading...