[Dnsmasq-discuss] Finding actual DNS server used

Hi Lars,

Le Sat, 14 Jan 2017 14:40:14 +0200

Post by Lars NoodÃ©n
How can I get an already running instance of Dnsmasq to tell which DNS
servers it is using to resolve new queries upstream?
Specifically how can this be done in distros like Ubuntu and Linux
# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
OVERWRITTEN nameserver 127.0.1.1
# ps auxw |grep dnsmasq
nobody 2711 0.0 0.0 31028 3276 ? S 13:27 0:00
/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts
--bind-interfaces
--pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid
--listen-address=127.0.1.1
--conf-file=/var/run/NetworkManager/dnsmasq.conf --cache-size=0
--proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq
--conf-dir=/etc/NetworkManager/dnsmasq.d
I've not spotted anything in the manual page that stands out for that
purpose.

There is not much point for it, is there? I mean, if dnsmasq has
upstream servers (possibly per request domain) and acts as a local
server, it is so that DNS clients on the LAN do *not* have to know
these upstream servers.

Or maybe I am missing something. What is your use case?

Post by Lars NoodÃ©n
Regards,
Lars

Amicalement,

--
Albert.

Chris Green

2017-01-14 16:06:39 UTC

Post by Lars NoodÃ©n
I've not spotted anything in the manual page that stands out for that
purpose.

There is not much point for it, is there? I mean, if dnsmasq has
upstream servers (possibly per request domain) and acts as a local
server, it is so that DNS clients on the LAN do *not* have to know
these upstream servers.
Or maybe I am missing something. What is your use case?

Well for one it's useful to be able to check whether dnsmasq is using
a sensible DNS server.

On my home LAN I have a full dnsmasq running on a Raspberry Pi and
point all the other systems at that for DNS. The other systems
include a number of xubuntu Linux systems which run the 'local only'
dnsmasq which is run automatically by Network Manager.

Thus in my case, to prove that everything is working as intended, I'd
like to be able to see that all systems (except the Raspberry Pi) are
using the Raspberry Pi as their DNS server. In addition I might also
want to check what upstream servers the Pi is using.

--
Chris Green

Lars Noodén

2017-01-14 18:18:13 UTC

[snip]

Post by Albert ARIBAUD
Or maybe I am missing something. What is your use case?

Well for one it's useful to be able to check whether dnsmasq is using
a sensible DNS server.

[snip]

That's what I'm aiming for. There is an application on a remote
computer that is failing because it appears to initially get a working
nameserver but then somewhere early on the DNS fails. I think it would
help the diagnosis to see which nameservers dnsmasq is actually calling
or caching. Because it's not my system and it is remote, I have to go
step by step, slowly. Since everything on that system, in regards to
DNS, is going via Dnsmasq, I'd like to see what it has loaded and is using.

Regards,
Lars

Lars Noodén

2017-01-15 08:21:01 UTC

Post by Albert ARIBAUD
Hi Lars,
Le Sat, 14 Jan 2017 20:18:13 +0200
...

Post by Lars NoodÃ©n
Because it's not my system and it is remote, I
have to go step by step, slowly.

... Do you mean that you have good control of the remote system but
have to go there physically to run tests, or that you do not have
control of the system and must ask someone else to perform tests there?
This makes a difference in the way you can run your tests

I have to describe the steps in e-mail and they are then carried out on
site by a non-technical person.

Post by Lars NoodÃ©n
Since everything on that system, in
regards to DNS, is going via Dnsmasq, I'd like to see what it has
loaded and is using.

This bring me back to your description of the bug above: "somewhere
early on the DNS fails". What do you mean with that? Did you check
that the client keeps sinding DNS requests to your dnsmasq?

The client application (Blink) will apparently default to Google's DNS
if it cannot connect to the server right away. What's happening is that
half the time DNS replies, half the time it times out. Thus the client
can start to register with the SIP server, but then fails to publish its
presence or be able to initiate a call.

Post by Albert ARIBAUD
... Or is
it that they come back from your dnsmasq with an error code for domains
which you know your dns should resolve properly?

It seems to be this -- sometimes.

So is the short answer that there's no direct or easy way to poll a
running Dnsmasq instance and see what it's pointing to? If so, then
I'll not bother the list more with this issue. However, may I put in a
feature request if there is a wish list?

Regards,
/Lars

Albert ARIBAUD

2017-01-15 08:58:38 UTC

Hi Lars,

Le Sun, 15 Jan 2017 10:21:01 +0200

Post by Lars NoodÃ©n

Post by Albert ARIBAUD
Hi Lars,
Le Sat, 14 Jan 2017 20:18:13 +0200
...

Post by Lars NoodÃ©n
Because it's not my system and it is remote, I
have to go step by step, slowly.

... Do you mean that you have good control of the remote system but
have to go there physically to run tests, or that you do not have
control of the system and must ask someone else to perform tests
there? This makes a difference in the way you can run your tests

I have to describe the steps in e-mail and they are then carried out
on site by a non-technical person.

Argh.

Post by Lars NoodÃ©n

Post by Lars NoodÃ©n
Since everything on that system, in
regards to DNS, is going via Dnsmasq, I'd like to see what it has
loaded and is using.

This bring me back to your description of the bug above: "somewhere
early on the DNS fails". What do you mean with that? Did you check
that the client keeps sinding DNS requests to your dnsmasq?

The client application (Blink) will apparently default to Google's DNS
if it cannot connect to the server right away. What's happening is
that half the time DNS replies, half the time it times out. Thus the
client can start to register with the SIP server, but then fails to
publish its presence or be able to initiate a call.

Post by Albert ARIBAUD
... Or is
it that they come back from your dnsmasq with an error code for
domains which you know your dns should resolve properly?

It seems to be this -- sometimes.
So is the short answer that there's no direct or easy way to poll a
running Dnsmasq instance and see what it's pointing to? If so, then
I'll not bother the list more with this issue. However, may I put in
a feature request if there is a wish list?

See my other replies, but I'll make the main suggestion: the way to get
the info you want (and more, which might be useful for your diagnostics)
is to run tcpdump on the dnsmasq host on the "any' interface (or run
two tcpdumps, one on the interface used to talk to the client, one on
the interface used to talk to the Internet) with a capture filter set
for DHCP and DNS protocols, and write the capture into a file (or two,
if running two tcpdump instances). Then if you have two captures you
can use Wireshark's mergecap tool to merge them into a single one. Last,
you open the single capture file in Wireshark and see:

- whether your client was sent out a DHCP reply configuring DNS servers

- which DNS requests your client sent to dnsmasq

- which DNS requests your dnsmasq sent to which upstream server

- which DNS replies your dnsmasq received from which upstream server

- which DNS replies your client received from dnsmasq

That's the info you're asking for (of course, I assume you have control
of the host running dnsmasq) and much more. The method can be useful
for diagnosing other network or protocol issues as well.

Speaking of which, my first hunch re your problem is that it's not a
dnsmasq problem, but a problem with the client's networking
configuration. I suspect it connects through some VPN and gets an
additional (or replacement) DNS, and that at some point the VPN
connection goes bad and the client reverts (in part or in full) to its
original DNS.

In any case, the test above will give you a hint about that too: if you
see that the client stops sending requests at some point, you can
pretty much conclude it stopped using your dnsmasq as its DNS (you can
even know when it last did, and compare that with logs from the client
if you can get the non-tech person to do it.

BTW: I suspect there is no way to get the non-tech person to install a
remote access client (even ssh would be enough) and also no way for
you to get root privileges on it?

Post by Lars NoodÃ©n
Regards,
/Lars

Amicalement,

--
Albert.

Albert ARIBAUD

2017-01-15 09:16:15 UTC

Le Sun, 15 Jan 2017 09:58:38 +0100

Post by Albert ARIBAUD
Speaking of which, my first hunch re your problem is that it's not a
dnsmasq problem, but a problem with the client's networking
configuration. I suspect it connects through some VPN and gets an
additional (or replacement) DNS, and that at some point the VPN
connection goes bad and the client reverts (in part or in full) to its
original DNS.

... or it could be that the VPN connection still runs OK but your
client screwed up its DNS setup upon renewal of its local DHCP lease.

Amicalement,

--
Albert.

Albert ARIBAUD

2017-01-14 18:29:47 UTC

Hi again Chris,

Le Sat, 14 Jan 2017 16:06:39 +0000

Post by Lars NoodÃ©n
I've not spotted anything in the manual page that stands out for
that purpose.

There is not much point for it, is there? I mean, if dnsmasq has
upstream servers (possibly per request domain) and acts as a local
server, it is so that DNS clients on the LAN do *not* have to know
these upstream servers.
Or maybe I am missing something. What is your use case?

Well for one it's useful to be able to check whether dnsmasq is using
a sensible DNS server.

Whatever server dnsmasq uses, it does so because its configuration
tells it to. The servers in this configuration are there either
because they were put in there by the dnamasq host admin (e.g., for
handling unqualified names as LAN names), or because the host has one
or more interfaces on which it is a DHCP client, not server, and the
actual DHCP server announces a DNS server which e.g. the Network
Manager added to the dnsmasq config. Do you see another case?

Post by Chris Green
On my home LAN I have a full dnsmasq running on a Raspberry Pi and
point all the other systems at that for DNS. The other systems
include a number of xubuntu Linux systems which run the 'local only'
dnsmasq which is run automatically by Network Manager.

Pretty much the same here on the very machine I am typing on right
now except my LAN's dnsmasq does not run on a RPi. :)

Post by Chris Green
Thus in my case, to prove that everything is working as intended, I'd
like to be able to see that all systems (except the Raspberry Pi) are
using the Raspberry Pi as their DNS server. In addition I might also
want to check what upstream servers the Pi is using.

I don't understand your problem... The local dnsmasq on my Xubuntu
machine takes its servers from its only source of DNS server IPs: the
DHCP (and RA) info it receives from my LAN's dnsmasq, and I control that
(as you control that on your RPi's dnsmasq), therefore I *know* which
DNS servers my Xubuntu machine can use.

Why do you think any of your Xubuntu machine would use a DNS server it
was not provided through DHCP or RA ?

Amicalement,

--
Albert.

Chris Green

2017-01-14 19:27:28 UTC

Post by Albert ARIBAUD
Hi again Chris,
Le Sat, 14 Jan 2017 16:06:39 +0000

Post by Lars NoodÃ©n
I've not spotted anything in the manual page that stands out for
that purpose.

There is not much point for it, is there? I mean, if dnsmasq has
upstream servers (possibly per request domain) and acts as a local
server, it is so that DNS clients on the LAN do *not* have to know
these upstream servers.
Or maybe I am missing something. What is your use case?

Well for one it's useful to be able to check whether dnsmasq is using
a sensible DNS server.

Yes, so I want to check that the DNS server I *think* it should be
using from the configuration or DHCP is *actually* what it's using.

Pretty much the same here on the very machine I am typing on right
now except my LAN's dnsmasq does not run on a RPi. :)

If it's working right and as you expected, yes. However it could be,
for example, that your desktop machine is getting the wrong DHCP
server (I have routers that might, if misconfigured, provide DHCP).

Post by Albert ARIBAUD
Why do you think any of your Xubuntu machine would use a DNS server it
was not provided through DHCP or RA ?

I don't, but it *might* not have used the DHCP server I thought it did.

Why is is so difficult to provide this information? At the very least
it would provide a confidence check that all is working as intended.
It might very well help if something isn't working too.

For example if my machine can't connect to another machine on the LAN
but can see the outside world it suggests it's getting DNS from
something other than my Pi DNS server. If I could check what DNS it
is using then it would confirm that either it has got it's DNS set up
from somewhere else or that it has got the right DNS (the Pi) but that
the Pi is set up wrong somehow.

--
Chris Green

Albert ARIBAUD

2017-01-15 08:21:25 UTC

Hi Chris,

Le Sat, 14 Jan 2017 19:27:28 +0000
Chris Green <***@isbd.net> a écrit:

(re getting dnsmasq to say which upstream servers it uses)

Post by Chris Green
Why is is so difficult to provide this information? At the very least
it would provide a confidence check that all is working as intended.
It might very well help if something isn't working too.

It is not difficult at all to get this information. It's just that
dnsmasq does not provide any "API" to get it, because it's easy to get
it otherwise for diagnosis purposes.

For diagnosis, the operator can:

- read the configuration file(s) dnsmasq uses and find "server="
lines in it, and read the /etc/resolv* tree, if dnsmasq uses them,
and that will give the list of servers dnmasq uses at any point in
time.

- log DNS queries, which will give the additional info about
which client actually queried dnsmasq, which queries were cached vs
sent upstream (to which server), and what the answer was.

- run tcpdump or wireshark on the dnsmasq host or on the DNS client (or
both for troubleshooting e.g. timing-related issues). This will give
a full view of DNS exchanges on the considerd machine, to the last
bit, litterally.

So, from a diagnosis point of view, pulling the actual list of servers
from a running dnsmasq is not that much of a need.

I don't mean to say that such an "API" would be unneeded for other
requirements than network troubleshooting, and if it existed, I would
use and suggest it for troubleshooting too; but here, I mean to say
that helping solving Lars' problem does not require such an "API".

I feel that Lars' question was more "How can I troubleshoot my possibly
dnsmasq-related issue?" rather than "How can I find which servers my
dnsmasq uses?", and for this, we have the means above, which emcompass
the one Lars asks for and go well beyond -- plus, the first step to
troubleshooting an issue is to get the situation as precise as
possible, possibly ignoring the initially assumed cause (here the list
of upstream servers may be actually correct and the issue may be on the
client side, so the "API" question should be set aside, and getting a
more precise view of the issue should come first).

Post by Chris Green
For example if my machine can't connect to another machine on the LAN
but can see the outside world it suggests it's getting DNS from
something other than my Pi DNS server. If I could check what DNS it
is using then it would confirm that either it has got it's DNS set up
from somewhere else or that it has got the right DNS (the Pi) but that
the Pi is set up wrong somehow.

This case can be tested (and boy do I know it) with the host command on
the client as Jim suggested (although I personally use dig).

Amicalement,

--
Albert.

Lars Noodén

2017-01-15 08:34:49 UTC

Post by Albert ARIBAUD
I feel that Lars' question was more "How can I troubleshoot my possibly
dnsmasq-related issue?" rather than "How can I find which servers my
dnsmasq uses?",

I am interested in the latter. This is the first time I have asked on
the list but it is not the first time I have tried to find an answer to
this question over the years. I'm quite pleased with dnsmasq, just not
well-versed in all its capabilities and so finally ask on the list if it
is possible to show which DNS servers are being used. As mentioned in
the first message, /etc/resolv.conf is not of use here.

Regards,
Lars

Chris Green

2017-01-15 09:53:00 UTC

Post by Albert ARIBAUD
Hi Chris,
Le Sat, 14 Jan 2017 19:27:28 +0000
(re getting dnsmasq to say which upstream servers it uses)

It is not difficult at all to get this information. It's just that
dnsmasq does not provide any "API" to get it, because it's easy to get
it otherwise for diagnosis purposes.
- read the configuration file(s) dnsmasq uses and find "server="
lines in it, and read the /etc/resolv* tree, if dnsmasq uses them,
and that will give the list of servers dnmasq uses at any point in
time.

There aren't any! These are systems where dnsmasq is run by Network
Manager rather than directly, thus there is no spcific dnsmasq
configuration file.

Post by Albert ARIBAUD
- log DNS queries, which will give the additional info about
which client actually queried dnsmasq, which queries were cached vs
sent upstream (to which server), and what the answer was.
- run tcpdump or wireshark on the dnsmasq host or on the DNS client (or
both for troubleshooting e.g. timing-related issues). This will give
a full view of DNS exchanges on the considerd machine, to the last
bit, litterally.
So, from a diagnosis point of view, pulling the actual list of servers
from a running dnsmasq is not that much of a need.

It would be a whole lot easier than the above though wouldn't it?

To 'log DNS queries' one may have to actually stop and start the
system and that may well make the problem one is trying to look at
disappear.

Both tcpdump and wireshark are quite esoteric utilities, it would take
quite a bit of knowledge of using them to extract the required
information.

Surely there's a case for something that simply lists the upstream DNS
servers that a dnsmasq instance is using.

--
Chris Green

Albert ARIBAUD

2017-01-15 11:14:42 UTC

Hi Chris,

Le Sun, 15 Jan 2017 09:53:00 +0000

Post by Albert ARIBAUD
Hi Chris,
Le Sat, 14 Jan 2017 19:27:28 +0000
(re getting dnsmasq to say which upstream servers it uses)

Post by Chris Green
Why is is so difficult to provide this information? At the very
least it would provide a confidence check that all is working as
intended. It might very well help if something isn't working
too.

It is not difficult at all to get this information. It's just that
dnsmasq does not provide any "API" to get it, because it's easy to
get it otherwise for diagnosis purposes.
- read the configuration file(s) dnsmasq uses and find "server="
lines in it, and read the /etc/resolv* tree, if dnsmasq uses them,
and that will give the list of servers dnmasq uses at any point in
time.

There aren't any! These are systems where dnsmasq is run by Network
Manager rather than directly, thus there is no spcific dnsmasq
configuration file.

... and then the configuration is known from the dnsmasq process command
line. So let me amend my statement above: "... read the configuration
options, from the dnsmasq process command line if it contains any, and
from the configuration file or files if applicable".

Post by Albert ARIBAUD
- log DNS queries, which will give the additional info about
which client actually queried dnsmasq, which queries were cached
vs sent upstream (to which server), and what the answer was.
- run tcpdump or wireshark on the dnsmasq host or on the DNS client
(or both for troubleshooting e.g. timing-related issues). This will
give a full view of DNS exchanges on the considerd machine, to the
last bit, litterally.
So, from a diagnosis point of view, pulling the actual list of
servers from a running dnsmasq is not that much of a need.

It would be a whole lot easier than the above though wouldn't it?

It would be more straightforward, but not a whole lot easier: the
tcpdump command is dead simple, as is reading the wireshark log.

To 'log DNS queries' one may have to actually stop and start the
system and that may well make the problem one is trying to look at
disappear.

So would modifying the dnsmasq code to add diagnostics-related
features, actually. :)

Seriously, though: diagnostics always run the risk of affecting the
issue anyway. Even doing a tcpdump could stop a time-sensitive bug fom
appearing.

So I don't personally consider the 'debugging risks affecting the
issue' criterion much.

Besides, in my empirical experience, the specific act of turning
logging on for DNS or DHCP never affected any issue I ever came
across, except in the sense that it helped pinpoint the root cause, but
of course YMMV.

Note: if stopping/starting the dnsmasq server [without any logging
added or removed] makes Lars' client work again, then it is valuable
input to diagnosing the issue.

Both tcpdump and wireshark are quite esoteric utilities, it would take
quite a bit of knowledge of using them to extract the required
information.

I would disagree on the 'esoteric' point, or at least I would make a
difference between becoming generally proficient with tcpdump/wireshark
and using it for a given purpose.

Indeed, if trying to master all of tcpdump/wireshark's features, these
tool will look quite esoteric.

But one does not need to /master/ tcpdump in order to get a capture of
DNS traffic; one does just need to install the tools (which is *not*
esoteric) and to know which commands to run (and finding thes commands
it not an esoteric task either; it takes less than a minute's googling).

Granted, that won't make this person a tcpdump guru, but it will get
the DNS diagnostic job done.

Surely there's a case for something that simply lists the upstream DNS
servers that a dnsmasq instance is using.

Which would it be? For DNS troubleshooting, equally simple tools can be
used (and put to good profit later on for other network issues).

Amicalement,

--
Albert.

Chris Green

2017-01-15 12:36:47 UTC

Post by Albert ARIBAUD
- read the configuration file(s) dnsmasq uses and find "server="
lines in it, and read the /etc/resolv* tree, if dnsmasq uses them,
and that will give the list of servers dnmasq uses at any point in
time.

There aren't any! These are systems where dnsmasq is run by Network
Manager rather than directly, thus there is no spcific dnsmasq
configuration file.

***@t430$ ps -ef | grep dnsmasq
nobody 1579 1031 0 Jan14 ? 00:00:01 /usr/sbin/dnsmasq
--no-resolv --keep-in-foreground --no-hosts --bind-interfaces
--pid-file=/var/run/NetworkManager/dnsmasq.pid
--listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null
--proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq
--conf-dir=/etc/NetworkManager/dnsmasq.d
***@t430$

... and there's nothing in /etc/NetworkManager/dnsmasq.d

--
Chris Green

Albert ARIBAUD

2017-01-15 15:54:11 UTC

Bonjour,

Le Sun, 15 Jan 2017 12:36:47 +0000

Post by Albert ARIBAUD
- read the configuration file(s) dnsmasq uses and find "server="
lines in it, and read the /etc/resolv* tree, if dnsmasq uses
them, and that will give the list of servers dnmasq uses at any
point in time.

There aren't any! These are systems where dnsmasq is run by
Network Manager rather than directly, thus there is no spcific
dnsmasq configuration file.

... and then the configuration is known from the dnsmasq process
command line. So let me amend my statement above: "... read the
configuration options, from the dnsmasq process command line if it
contains any, and from the configuration file or files if
applicable".

nobody 1579 1031 0 Jan14 ? 00:00:01 /usr/sbin/dnsmasq
--no-resolv --keep-in-foreground --no-hosts --bind-interfaces
--pid-file=/var/run/NetworkManager/dnsmasq.pid
--listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null
--proxy-dnssec
--enable-dbus=org.freedesktop.NetworkManager.dnsmasq
... and there's nothing in /etc/NetworkManager/dnsmasq.d

Then Network Manager sets the DNS via DBus, as the configuration
(on command line) allows it. You can most probably find which DNS
servers are set by spying on DBus, using dbus-monitor. You can even set
up a bash script which shows a list of them in real time.

Amicalement,

--
Albert.

Chris Green

2017-01-15 20:31:28 UTC

Post by Albert ARIBAUD
Bonjour,
Le Sun, 15 Jan 2017 12:36:47 +0000

Post by Albert ARIBAUD
- read the configuration file(s) dnsmasq uses and find "server="
lines in it, and read the /etc/resolv* tree, if dnsmasq uses
them, and that will give the list of servers dnmasq uses at any
point in time.

There aren't any! These are systems where dnsmasq is run by
Network Manager rather than directly, thus there is no spcific
dnsmasq configuration file.

... and then the configuration is known from the dnsmasq process
command line. So let me amend my statement above: "... read the
configuration options, from the dnsmasq process command line if it
contains any, and from the configuration file or files if
applicable".

Is there any description anywhere of how to do this?

--
Chris Green

Albert ARIBAUD

2017-01-15 21:44:55 UTC

Hi Chris,

Le Sun, 15 Jan 2017 20:31:28 +0000

Post by Albert ARIBAUD
Bonjour,
Le Sun, 15 Jan 2017 12:36:47 +0000

Post by Albert ARIBAUD
- read the configuration file(s) dnsmasq uses and find
"server=" lines in it, and read the /etc/resolv* tree, if
dnsmasq uses them, and that will give the list of servers
dnmasq uses at any point in time.

There aren't any! These are systems where dnsmasq is run by
Network Manager rather than directly, thus there is no spcific
dnsmasq configuration file.

... and then the configuration is known from the dnsmasq process
command line. So let me amend my statement above: "... read the
configuration options, from the dnsmasq process command line if
it contains any, and from the configuration file or files if
applicable".

nobody 1579 1031 0 Jan14 ?
00:00:01 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground
--no-hosts --bind-interfaces
--pid-file=/var/run/NetworkManager/dnsmasq.pid
--listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null
--proxy-dnssec
--enable-dbus=org.freedesktop.NetworkManager.dnsmasq
... and there's nothing in /etc/NetworkManager/dnsmasq.d

Then Network Manager sets the DNS via DBus, as the configuration
(on command line) allows it. You can most probably find which DNS
servers are set by spying on DBus, using dbus-monitor. You can even
set up a bash script which shows a list of them in real time.

Is there any description anywhere of how to do this?

A ready-made solution with zero effort? Non, there is none.

A solution with some effort? In my case, 10 minutes of searching how to
filter dbus-monitor by interface, starting with near-zero knowledge of
DBus, and strictly zero knowledge of dbus-monitor, and ending up with
the following proof-of-concept running on my machine:

1. Run this command in a shell:

sudo dbus-monitor --system \
"interface=org.freedesktop.NetworkManager.dnsmasq"

(your interface may not be the same. Run

dbus-send --system --dest=org.freedesktop.DBus
--type=method_call --print-reply /org/freedesktop/DBus
org.freedesktop.DBus.ListNames | grep dnsmasq

and you'll know the interface to use.

2. Force a connection renewal through Network Manager (or by unplugging
and replugging the client's RJ45 if that's how it gets network
access).

3. See the dbus-monitor running in the shell display dumps of the
SetServersEx method calls, complete with server IPs as arguments.

If you want to automate that, you'll need to do some parsing. Or maybe
use Python, which provides a dbus module; this should make extracting
the method arguments easier.

Amicalement,

--
Albert.

Weedy

2017-01-15 22:04:37 UTC

Post by Albert ARIBAUD
Hi Chris,
Le Sat, 14 Jan 2017 19:27:28 +0000
(re getting dnsmasq to say which upstream servers it uses)

It is not difficult at all to get this information. It's just that
dnsmasq does not provide any "API" to get it, because it's easy to get
it otherwise for diagnosis purposes.

http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html#lbAG

An API of sorts was added some time last year

Albert ARIBAUD

2017-01-15 22:15:48 UTC

Hi Weedy,

Le Sun, 15 Jan 2017 17:04:37 -0500

Post by Weedy

Post by Albert ARIBAUD
Hi Chris,
Le Sat, 14 Jan 2017 19:27:28 +0000
(re getting dnsmasq to say which upstream servers it uses)

Post by Chris Green
Why is is so difficult to provide this information? At the very
least it would provide a confidence check that all is working as
intended. It might very well help if something isn't working too.

It is not difficult at all to get this information. It's just that
dnsmasq does not provide any "API" to get it, because it's easy to
get it otherwise for diagnosis purposes.

http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html#lbAG
An API of sorts was added some time last year

I've gone through the NOTES section you are referring to, but I don't
see exactly which API you are referring to. Could you provide more
precise indications?

Amicalement,

--
Albert.

Weedy

2017-01-15 22:23:18 UTC

Post by Albert ARIBAUD
Hi Weedy,
Le Sun, 15 Jan 2017 17:04:37 -0500

Post by Weedy

Post by Albert ARIBAUD
Hi Chris,
Le Sat, 14 Jan 2017 19:27:28 +0000
(re getting dnsmasq to say which upstream servers it uses)

Post by Chris Green
Why is is so difficult to provide this information? At the very
least it would provide a confidence check that all is working as
intended. It might very well help if something isn't working too.

It is not difficult at all to get this information. It's just that
dnsmasq does not provide any "API" to get it, because it's easy to
get it otherwise for diagnosis purposes.

http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html#lbAG
An API of sorts was added some time last year

I've gone through the NOTES section you are referring to, but I don't
see exactly which API you are referring to. Could you provide more
precise indications?

I was talking about "statistics are also available in the DNS as
answers to queries of class CHAOS and type TXT in domain bind". Which
is why I said API of sorts.

You already went into detail on DBus control, that would be considered
a more legit API

Albert ARIBAUD

2017-01-15 23:02:16 UTC

Hi Weedy,

Le Sun, 15 Jan 2017 17:23:18 -0500

Post by Weedy

Post by Weedy
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html#lbAG
An API of sorts was added some time last year

I've gone through the NOTES section you are referring to, but I
don't see exactly which API you are referring to. Could you provide
more precise indications?

I was talking about "statistics are also available in the DNS as
answers to queries of class CHAOS and type TXT in domain bind". Which
is why I said API of sorts.

Hey, it does indeed work!

$ dig +short chaos txt servers.bind
"fe80::xxxx:xxxx:xxxx:xxxx%enp4s0#53 144 0" "192.168.x.x#53 126 0"

Post by Weedy
You already went into detail on DBus control, that would be considered
a more legit API

I would not say one is 'more legit' than the other, as both are
legitimate uses of valid protocol features; and yours has the advantage
that it's easier to parse.

Thanks!

Amicalement,

--
Albert.

Lars Noodén

2017-01-16 06:36:05 UTC

Post by Albert ARIBAUD
Hi Weedy,

[snip]

Post by Weedy
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html#lbAG
An API of sorts was added some time last year

I've gone through the NOTES section you are referring to, but I
don't see exactly which API you are referring to. Could you provide
more precise indications?

I was talking about "statistics are also available in the DNS as
answers to queries of class CHAOS and type TXT in domain bind".
Which is why I said API of sorts.

[snip]

Thanks. That's it. I somehow missed it there in the manual page:

When it receives a SIGUSR1, dnsmasq writes statistics
to the system log. … For each upstream server
it gives the number of queries sent, and the
number which resulted in an error.
…

That gives me the information I was looking for regarding verifying
which server dnsmasq is using.

Regards,
Lars

Beniamino Galvani

2017-01-16 13:10:05 UTC

Post by Lars NoodÃ©n
When it receives a SIGUSR1, dnsmasq writes statistics
to the system log. … For each upstream server
it gives the number of queries sent, and the
number which resulted in an error.
…
That gives me the information I was looking for regarding verifying
which server dnsmasq is using.

Hi,

in addition to the suggested methods, an alternative way is to grep
system logs for:

dnsmasq[6620]: setting upstream servers from DBus
dnsmasq[6620]: using nameserver 192.168.10.1#53(via ens3)

In the next version of NetworkManager (1.6) it will be possible to
show the DNS configuration in the output of 'nmcli' [1], as:

$ nmcli
ens3: connected to internet+
"Realtek RTL-8100/8101L/8139 PCI Fast Ethernet Adapter (QEMU Virtual Machine)"
ethernet (8139cp), 52:54:00:F1:61:81, hw, mtu 1500
ip4 default
inet4 192.168.10.166/24
[...]
DNS configuration:
servers: 10.0.0.1
domains: foobar.com
interface: tun0
type: vpn

servers: 192.168.10.1
interface: ens3

Beniamino

[1] https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=20bf5ce35907e2a59fd1f1f9595b8eb202facc0f

Chris Green

2017-01-16 18:32:36 UTC

Post by Beniamino Galvani
In the next version of NetworkManager (1.6) it will be possible to

Ah, now that seems to be a sensible approach. :-)

--
Chris Green

Jim Alles

2017-01-14 22:43:38 UTC

Lars,

Post by Lars NoodÃ©n
How can I get an already running instance of Dnsmasq to tell which DNS
servers it is using to resolve new queries upstream?
âI am not sure that is the most reliable way to get the information you

are looking for.â Any client App can try to use whatever DNS server it
wants to resolve names. That isn't polite, but it happens a lot with
smartphones, and IoT in general.

As far as the desktop OS, a user can override the DNS entries that DHCP
provides.

I lock my network clients into OpenDNS by using dnsmasq on my router
(Untangle's NGFW) pointed to their servers, and the firewall to block any
other attempts besides dnsmasq. The firewall then provides a handy log of
attempts to bypass my wishes.

Another way to see what is going on, is to run wireshark and filter for UDP
port 53.

dnsmasq can't know about things going around it.

Peace,

Jim A.

David Forrest

2017-01-15 03:33:12 UTC

I just run the host command on a questionable resolution target with a
defined dns and compare it with with the default (which should be 127.0.0.1
in my case: as I do have a bunch of undesirables in my hosts file resolving
to the loopback per: http://someonewhocares.org/hosts/).

***@raspberrypi:~ $ host cyberscat.com
cyberscat.com has address 127.0.0.1
cyberscat.com has IPv6 address ::1
***@raspberrypi:~ $ host cyberscat.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

cyberscat.com has address 69.162.80.55
***@raspberrypi:~ $

Amicalement,
Dave F.

Post by Jim Alles
Lars,

are looking for.â Any client App can try to use whatever DNS server it
wants to resolve names. That isn't polite, but it happens a lot with
smartphones, and IoT in general.
As far as the desktop OS, a user can override the DNS entries that DHCP
provides.
I lock my network clients into OpenDNS by using dnsmasq on my router
(Untangle's NGFW) pointed to their servers, and the firewall to block any
other attempts besides dnsmasq. The firewall then provides a handy log of
attempts to bypass my wishes.
Another way to see what is going on, is to run wireshark and filter for
UDP port 53.
dnsmasq can't know about things going around it.
Peace,
Jim A.
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Chris Green

2017-01-15 09:42:19 UTC

Post by Jim Alles
As far as the desktop OS, a user can override the DNS entries that DHCP
provides.

Not easily on most modern systems. This is really where we came in!

All my xubuntu Linux boxes have the following in /etc/resolv.conf :-

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search zbmc.eu

I.e. the nameserver is 'me' and somewhere in the guts of the Network
Manager and dnsmasq configuration is something that specifies the
upstream server.

It's definitely *not* trivial to change the DNS being used.

--
Chris Green

Weedy

2017-01-15 21:58:25 UTC