Discussion:
[Dnsmasq-discuss] Debugging dnsmasq on Ubuntu
Joel Whitehouse
2017-03-29 14:43:33 UTC
Permalink
I'm running ubuntu 14, which uses dnsmasq as a local resolver on
127.0.1.1. When I issue a dig query, dig informs me it's using
127.0.1.1 as its resolver:

;; Query time: 3 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Mar 29 09:36:06 CDT 2017
;; MSG SIZE rcvd: 63


However, I would like to know what host dnsmasq is using as its
resolver. On my system, `ps ax' shows that dnsmasq is started with the
command:

/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts
--bind-interfaces
--pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid
--listen-address=127.0.1.1
--conf-file=/var/run/NetworkManager/dnsmasq.conf --cache-size=0
--proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq
–conf-dir=/etc/NetworkManager/dnsmasq.d


Both the file /var/run/NetworkManager/dnsmasq.conf and the directory
/etc/NetworkManager/dnsmasq.d/ are empty, so it's likely that dnsmasq is
receiving its resovlers from Network Manager over the dbus interface.


Is there any way to get dnsmasq to log when it issues a new query to a
resolver?

-Joel
Pali Rohár
2017-03-29 15:11:23 UTC
Permalink
Post by Joel Whitehouse
Both the file /var/run/NetworkManager/dnsmasq.conf and the directory
/etc/NetworkManager/dnsmasq.d/ are empty, so it's likely that dnsmasq is
receiving its resovlers from Network Manager over the dbus interface.
Right.
Post by Joel Whitehouse
Is there any way to get dnsmasq to log when it issues a new query to a
resolver?
I have all information in syslog.

dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 21
dhclient: DHCPREQUEST of X.X.X.X on wlan0 to 255.255.255.255 port 67
dhclient: DHCPOFFER of X.X.X.X from X.X.X.X
dhclient: DHCPACK of X.X.X.X from X.X.X.X
dhclient: bound to X.X.X.X -- renewal in X seconds.
NetworkManager[1977]: <info> (wlan0): DHCPv4 state changed preinit -> bound
NetworkManager[1977]: <info> address X.X.X.X
NetworkManager[1977]: <info> prefix X (X.X.X.X)
NetworkManager[1977]: <info> gateway X.X.X.X
NetworkManager[1977]: <info> nameserver 'X.X.X.X'
NetworkManager[1977]: <info> domain name 'X'
NetworkManager[1977]: <info> Activation (wlan0) Stage 5 of 5 (IPv4 Configure Commit) scheduled...
NetworkManager[1977]: <info> Activation (wlan0) Stage 5 of 5 (IPv4 Commit) started...
NetworkManager[1977]: <info> (wlan0): writing resolv.conf to /sbin/resolvconf
dnsmasq[4160]: setting upstream servers from DBus
dnsmasq[4160]: using nameserver X.X.X.X#53

So when NetworkManager via dbus reconfigure list of nameservers then
dnsmasq logs them into syslog.
--
Pali Rohár
***@gmail.com
Joel Whitehouse
2017-03-30 07:43:30 UTC
Permalink
I had tried dbus-monitor but message sniffing was disabled on my system
and it gave me no useful information.

I also considered tcpdump/wireshark to watch for outbound traffic on
port 53 but I also wanted to know when queries were being resolved from
cache, not just when they were resolved through external dns servers.

Syslog was exactly what I needed.

Thanks Pali!

-Joel
Post by Pali Rohár
Post by Joel Whitehouse
Both the file /var/run/NetworkManager/dnsmasq.conf and the directory
/etc/NetworkManager/dnsmasq.d/ are empty, so it's likely that dnsmasq is
receiving its resovlers from Network Manager over the dbus interface.
Right.
Post by Joel Whitehouse
Is there any way to get dnsmasq to log when it issues a new query to a
resolver?
I have all information in syslog.
dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 21
dhclient: DHCPREQUEST of X.X.X.X on wlan0 to 255.255.255.255 port 67
dhclient: DHCPOFFER of X.X.X.X from X.X.X.X
dhclient: DHCPACK of X.X.X.X from X.X.X.X
dhclient: bound to X.X.X.X -- renewal in X seconds.
NetworkManager[1977]: <info> (wlan0): DHCPv4 state changed preinit -> bound
NetworkManager[1977]: <info> address X.X.X.X
NetworkManager[1977]: <info> prefix X (X.X.X.X)
NetworkManager[1977]: <info> gateway X.X.X.X
NetworkManager[1977]: <info> nameserver 'X.X.X.X'
NetworkManager[1977]: <info> domain name 'X'
NetworkManager[1977]: <info> Activation (wlan0) Stage 5 of 5 (IPv4 Configure Commit) scheduled...
NetworkManager[1977]: <info> Activation (wlan0) Stage 5 of 5 (IPv4 Commit) started...
NetworkManager[1977]: <info> (wlan0): writing resolv.conf to /sbin/resolvconf
dnsmasq[4160]: setting upstream servers from DBus
dnsmasq[4160]: using nameserver X.X.X.X#53
So when NetworkManager via dbus reconfigure list of nameservers then
dnsmasq logs them into syslog.
Albert ARIBAUD
2017-03-29 15:52:27 UTC
Permalink
Hi Joel,

Le Wed, 29 Mar 2017 09:43:33 -0500
Post by Joel Whitehouse
I'm running ubuntu 14, which uses dnsmasq as a local resolver on
127.0.1.1. When I issue a dig query, dig informs me it's using
;; Query time: 3 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Mar 29 09:36:06 CDT 2017
;; MSG SIZE rcvd: 63
However, I would like to know what host dnsmasq is using as its
resolver. On my system, `ps ax' shows that dnsmasq is started with
/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts
--bind-interfaces
--pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid
--listen-address=127.0.1.1
--conf-file=/var/run/NetworkManager/dnsmasq.conf --cache-size=0
--proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq
–conf-dir=/etc/NetworkManager/dnsmasq.d
Both the file /var/run/NetworkManager/dnsmasq.conf and the directory
/etc/NetworkManager/dnsmasq.d/ are empty, so it's likely that dnsmasq
is receiving its resovlers from Network Manager over the dbus
interface.
Is there any way to get dnsmasq to log when it issues a new query to
a resolver?
You can spy on DBus -- I think that's what Network Manager uses to
configure dnsmasq on the fly.
Post by Joel Whitehouse
-Joel
Amicalement,
--
Albert.
Beniamino Galvani
2017-03-29 15:21:59 UTC
Permalink
I'm running ubuntu 14, which uses dnsmasq as a local resolver on 127.0.1.1.
When I issue a dig query, dig informs me it's using 127.0.1.1 as its
;; Query time: 3 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Mar 29 09:36:06 CDT 2017
;; MSG SIZE rcvd: 63
However, I would like to know what host dnsmasq is using as its resolver.
/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts
--bind-interfaces
--pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid
--listen-address=127.0.1.1 --conf-file=/var/run/NetworkManager/dnsmasq.conf
--cache-size=0 --proxy-dnssec
--enable-dbus=org.freedesktop.NetworkManager.dnsmasq
–conf-dir=/etc/NetworkManager/dnsmasq.d
Both the file /var/run/NetworkManager/dnsmasq.conf and the directory
/etc/NetworkManager/dnsmasq.d/ are empty, so it's likely that dnsmasq is
receiving its resovlers from Network Manager over the dbus interface.
Correct. You should find in system logs the list of name servers pushed
by NM to dnsmasq through D-Bus:

dnsmasq[6620]: setting upstream servers from DBus
dnsmasq[6620]: using nameserver 192.168.10.1#53(via ens3)

With NM > 1.6 name servers in use are also printed in the 'nmcli'
output.
Is there any way to get dnsmasq to log when it issues a new query to a
resolver?
Try:

echo log-queries > /etc/NetworkManager/dnsmasq.d/log-queries

and restart NetworkManager.

Beniamino
Chris Green
2017-03-29 15:51:38 UTC
Permalink
I'm running ubuntu 14, which uses dnsmasq as a local resolver on 127.0.1.1.
When I issue a dig query, dig informs me it's using 127.0.1.1 as its
;; Query time: 3 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Mar 29 09:36:06 CDT 2017
;; MSG SIZE rcvd: 63
However, I would like to know what host dnsmasq is using as its resolver.
/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts
--bind-interfaces
--pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid
--listen-address=127.0.1.1 --conf-file=/var/run/NetworkManager/dnsmasq.conf
--cache-size=0 --proxy-dnssec
--enable-dbus=org.freedesktop.NetworkManager.dnsmasq
–conf-dir=/etc/NetworkManager/dnsmasq.d
Both the file /var/run/NetworkManager/dnsmasq.conf and the directory
/etc/NetworkManager/dnsmasq.d/ are empty, so it's likely that dnsmasq is
receiving its resovlers from Network Manager over the dbus interface.
Is there any way to get dnsmasq to log when it issues a new query to a
resolver?
This is basically the same question that I asked a few weeks ago, the
answer was to look in syslog for dnsmasq messages. You should be able
to find messages like:-

syslog.1:Mar 28 09:08:53 t430 dnsmasq[1501]: setting upstream servers from DBus
syslog.1:Mar 28 09:08:53 t430 dnsmasq[1501]: using nameserver 192.168.1.2#53(via wlan0)

(On my LAN there's a Raspberry Pi at 192.168.1.2 running dnsmasq for
local name resolution)

What I see on the Raspberry Pi at startup is:-

Mar 29 16:48:35 pi dnsmasq[2086]: using local addresses only for domain zbmc.eu
Mar 29 16:48:35 pi dnsmasq[2086]: reading /etc/resolv.conf
Mar 29 16:48:35 pi dnsmasq[2086]: using nameserver 208.67.220.220#53
Mar 29 16:48:35 pi dnsmasq[2086]: using nameserver 216.146.36.36#53
Mar 29 16:48:35 pi dnsmasq[2086]: using nameserver 212.159.13.49#53

However I think in your case you should be looking for the 'setting
upstream servers' message.
--
Chris Green
Risto Suominen
2017-03-29 17:06:37 UTC
Permalink
Hi Joel,
Is there any way to get dnsmasq to log when it issues a new query to a resolver?
You can run tcpdump on upstream interface and port 53.

Risto
Loading...