News: This forum is now permanently frozen.
Pages: [1] 2
Topic: adding DNS forwarder with alias causes name resolution to fail  (Read 2752 times)
« on: June 07, 2014, 16:41:05 »
yowsers *
Posts: 49

I am using 1.8.2b571.  I have 11 entries on the DNS forwarder page (from my previous config.)  I tried to add a DNS forwarder and included:

host, domain, ip, aliases, extra settings UNCHECKED, and a description.  hit save.  hit apply.  all my DNS name resolution on all my clients breaks immediately after I hit apply.

I was able to narrow it down to the aliases section.  If I do NOT provide an alias, it works flawlessly.

Either I am not understanding the aliases section OR that specific configuration/setting is not working as expected in 1.8.2b571.  Can anyone else reproduce?
« Reply #1 on: June 07, 2014, 16:42:19 »
yowsers *
Posts: 49

pshhh, wrong forum, is there a way to move this to the Bug Reports?
« Reply #2 on: June 07, 2014, 18:00:39 »
Fred Grayson *****
Posts: 994

It's better to leave a suspected bug here rather than move it to the Bug Reports forum. If it turns out to not be a bug, your post will likely be deleted from the Bug Reports forum.

--
Google is your friend and Bob's your uncle.
« Reply #3 on: June 12, 2014, 10:23:53 »
Pierre Nast *
Posts: 33

Hi,

I'm running 1.8.1 and I don't have the described behavior.
I have more than 50 forwarders override entries, 1 entry has 1 alias, 2 others have more than 2 aliases.
I have no domain override setup.

Could you provide more details on your configuration ?

--
Pierre
« Reply #4 on: June 14, 2014, 19:17:38 »
yowsers *
Posts: 49

If it happens again what should I do to help troubleshoot?  Maybe an export of /status.php ?

This is very odd.  All is working well now from the DNS forwarder page.  I did not change anything in my configuration.  My monowall has an uptime of 32 days so no reboot occurred.  I checked my syslog server to see if I noticed anything out of the ordinary during the few hours or so I was troubleshooting the issue and I did not notice anything out of the ordinary.  Very odd but all is working well now Smiley
« Reply #5 on: June 15, 2014, 17:56:02 »
wanderingidea *
Posts: 6

Same here:
During initial installation of 'M0n0wall 1.8.1 built on Wed Jan 15 13:32:38 CET 2014' I:
1. added an alias (firewall_aliases.php)
2. added a dns forwarder override host ('You may enter records that override the results from the forwarders below', services_dnsmasq_edit.php) with the same alias that I already added
Result: no dns resolving. Removing the alias from the 'dns forwarder override host' fixed the problem.
Maybe the problem is caused by the alias already added via firewall_aliases.php?
« Last Edit: June 16, 2014, 12:48:58 by wanderingidea »
« Reply #6 on: June 16, 2014, 10:56:04 »
Pierre Nast *
Posts: 33

wanderingidea: what do you mean by added a dns forwarder ?
Are you adding a host (first list) or are you adding a DNS domain override forwarder (second list) ?
Aliases in the firewall section is not the same as providing aliases to a host in the dns forwarders section:
1. as stated in the manual and in the online help, the aliases defined in the firewall section are usable _only_ in that section, they are aliases to IPs
2. aliases for a host in the edit host form of the dns forwarder section are aliases to a canonical name

yowsers: an export of your _anonymized_ configuration would be of some help.

--
Pierre
« Reply #7 on: June 16, 2014, 12:39:36 »
wanderingidea *
Posts: 6

wanderingidea: what do you mean by added a dns forwarder ?
Are you adding a host (first list) or are you adding a DNS domain override forwarder (second list) ?
Aliases in the firewall section is not the same as providing aliases to a host in the dns forwarders section:
1. as stated in the manual and in the online help, the aliases defined in the firewall section are usable _only_ in that section, they are aliases to IPs
2. aliases for a host in the edit host form of the dns forwarder section are aliases to a canonical name
Pierre,
I added an alias in the firewall section first, then I added a 'dns forwarder override host' (corrected my post) with an alias in the services section.
These aliases have the same name. Using an alias in the 'dns forwarder override host' made the difference.
I understand that these aliases in the different sections have a different meaning but this is what I did.
« Last Edit: June 16, 2014, 13:02:50 by wanderingidea »
« Reply #8 on: June 16, 2014, 13:06:07 »
wanderingidea *
Posts: 6

wanderingidea: what do you mean by added a dns forwarder ?
Are you adding a host (first list) or are you adding a DNS domain override forwarder (second list) ?
Aliases in the firewall section is not the same as providing aliases to a host in the dns forwarders section:
1. as stated in the manual and in the online help, the aliases defined in the firewall section are usable _only_ in that section, they are aliases to IPs
2. aliases for a host in the edit host form of the dns forwarder section are aliases to a canonical name
Pierre,
I added an alias in the firewall section first, then I added a 'dns forwarder override host' (corrected my post) with an alias in the services section.
These aliases have the same name. Removing the alias from the 'dns forwarder override host' made the difference.
I understand that these aliases in the different sections have a different meaning but this is what I did.
I did not test (not possible right now) by adding the alias to an 'dns forwarder override host' and removing the equally named alias from the firewall section.
« Last Edit: June 16, 2014, 13:11:05 by wanderingidea »
« Reply #9 on: June 16, 2014, 13:49:21 »
Pierre Nast *
Posts: 33

wanderingidea: Thanks for the details, I'll have a look at it.
In the mean time, can you activate the DNS logging option in the DNS forwarders section and provide some log outputs of both working and non working resolution?

--
Pierre
« Reply #10 on: June 16, 2014, 17:22:29 »
wanderingidea *
Posts: 6

wanderingidea: Thanks for the details, I'll have a look at it.
In the mean time, can you activate the DNS logging option in the DNS forwarders section and provide some log outputs of both working and non working resolution?

Pierre,

A test confirms there is no relation between adding an alias in the Firewall section and adding the same alias in a 'DNS forwarder override host' in the 'DNS forwarder' section.

Just adding an alias to a 'DNS forwarder override host' is sufficient for my client pc not to resolve anymore  (/etc/resolv.conf on my pc still points to the firewall).
However resolving at the firewall itself is still possible as I checked via Diagnostics - Ping.

When I remove the alias from the 'DNS forwarder override host' I can resolve at my client pc again.
Resolving at the firewall itself via Diagnostics  - Ping is still possible.

The logging, working situation, non-working situation and working again (notice dnsmasq exitting):

1. without alias, trying to resolve, working:
Code:
Jun 16 17:11:10 dnsmasq[811]: query[A] www.nu.nl from 192.168.1.2
Jun 16 17:11:10 dnsmasq[811]: forwarded www.nu.nl to 212.54.40.25
Jun 16 17:11:10 dnsmasq[811]: forwarded www.nu.nl to 212.54.44.54
Jun 16 17:11:10 dnsmasq[811]: forwarded www.nu.nl to 8.8.8.8
Jun 16 17:11:10 dnsmasq[811]: query[AAAA] www.nu.nl from 192.168.1.2
Jun 16 17:11:10 dnsmasq[811]: forwarded www.nu.nl to 212.54.44.54
Jun 16 17:11:10 dnsmasq[811]: reply www-nu-nl.gl.sanomaservices.nl is 62.69.174.78
Jun 16 17:11:10 dnsmasq[811]: reply www-nu-nl.gl.sanomaservices.nl is 62.69.166.15
Jun 16 17:11:10 dnsmasq[811]: reply www-nu-nl.gl.sanomaservices.nl is 62.69.166.18
Jun 16 17:11:10 dnsmasq[811]: reply www-nu-nl.gl.sanomaservices.nl is 62.69.174.75
Jun 16 17:11:10 dnsmasq[811]: reply www-nu-nl.gl.sanomaservices.nl is NODATA-IPv6
Jun 16 17:11:11 dnsmasq[811]: query[A] www.nu.nl from 192.168.1.2
Jun 16 17:11:11 dnsmasq[811]: cached www.nu.nl is <CNAME>
Jun 16 17:11:11 dnsmasq[811]: cached www-nu-nl.gl.sanomaservices.nl is 62.69.174.75
Jun 16 17:11:11 dnsmasq[811]: cached www-nu-nl.gl.sanomaservices.nl is 62.69.166.18
Jun 16 17:11:11 dnsmasq[811]: cached www-nu-nl.gl.sanomaservices.nl is 62.69.166.15
Jun 16 17:11:11 dnsmasq[811]: cached www-nu-nl.gl.sanomaservices.nl is 62.69.174.78
Jun 16 17:11:11 dnsmasq[811]: query[AAAA] www-nu-nl.gl.sanomaservices.nl from 192.168.1.2
Jun 16 17:11:11 dnsmasq[811]: cached www-nu-nl.gl.sanomaservices.nl is NODATA-IPv6
Jun 16 17:11:11 dnsmasq[811]: query[MX] www-nu-nl.gl.sanomaservices.nl from 192.168.1.2
Jun 16 17:11:11 dnsmasq[811]: forwarded www-nu-nl.gl.sanomaservices.nl to 212.54.44.54

2. after adding alias, trying to resolve, not working:
Code:
Jun 16 17:13:02 dnsmasq[957]: exiting on receipt of SIGTERM
Jun 16 17:13:03 dnsmasq[1024]: started, version 2.66 cachesize 150
Jun 16 17:13:03 dnsmasq[1024]: compile time options: IPv6 GNU-getopt ISC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua no-TFTP no-conntrack no-ipset no-auth
Jun 16 17:13:03 dnsmasq[1024]: reading /etc/resolv.conf
Jun 16 17:13:03 dnsmasq[1024]: using nameserver 8.8.8.8#53
Jun 16 17:13:03 dnsmasq[1024]: using nameserver 212.54.44.54#53
Jun 16 17:13:03 dnsmasq[1024]: using nameserver 212.54.40.25#53
Jun 16 17:13:05 dhcpd: Internet Systems Consortium DHCP Server 4.1-ESV-R7
Jun 16 17:13:05 dhcpd: Copyright 2004-2012 Internet Systems Consortium.
Jun 16 17:13:05 dhcpd: All rights reserved.
Jun 16 17:13:05 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Jun 16 17:13:11 kernel: pid 1024 (dnsmasq), uid 65534: exited on signal 11
notice: Jun 16 17:13:11    kernel: pid 1024 (dnsmasq), uid 65534: exited on signal 11

3. removed alias, trying to resolve, working again:
Code:
Jun 16 17:13:02 dnsmasq[957]: exiting on receipt of SIGTERM
Jun 16 17:13:03 dnsmasq[1024]: started, version 2.66 cachesize 150
Jun 16 17:13:03 dnsmasq[1024]: compile time options: IPv6 GNU-getopt ISC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua no-TFTP no-conntrack no-ipset no-auth
Jun 16 17:13:03 dnsmasq[1024]: reading /etc/resolv.conf
Jun 16 17:13:03 dnsmasq[1024]: using nameserver 8.8.8.8#53
Jun 16 17:13:03 dnsmasq[1024]: using nameserver 212.54.44.54#53
Jun 16 17:13:03 dnsmasq[1024]: using nameserver 212.54.40.25#53
Jun 16 17:13:05 dhcpd: Internet Systems Consortium DHCP Server 4.1-ESV-R7
Jun 16 17:13:05 dhcpd: Copyright 2004-2012 Internet Systems Consortium.
Jun 16 17:13:05 dhcpd: All rights reserved.
Jun 16 17:13:05 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Jun 16 17:13:11 kernel: pid 1024 (dnsmasq), uid 65534: exited on signal 11
Jun 16 17:14:07 dnsmasq[1082]: started, version 2.66 cachesize 150
Jun 16 17:14:07 dnsmasq[1082]: compile time options: IPv6 GNU-getopt ISC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua no-TFTP no-conntrack no-ipset no-auth
Jun 16 17:14:07 dnsmasq[1082]: reading /etc/resolv.conf
Jun 16 17:14:07 dnsmasq[1082]: using nameserver 8.8.8.8#53
Jun 16 17:14:07 dnsmasq[1082]: using nameserver 212.54.44.54#53
Jun 16 17:14:07 dnsmasq[1082]: using nameserver 212.54.40.25#53
Jun 16 17:14:07 dnsmasq[1082]: read /etc/hosts - 11 addresses
Jun 16 17:14:08 dhcpd: Internet Systems Consortium DHCP Server 4.1-ESV-R7
Jun 16 17:14:08 dhcpd: Copyright 2004-2012 Internet Systems Consortium.
Jun 16 17:14:08 dhcpd: All rights reserved.
Jun 16 17:14:08 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Jun 16 17:14:10 dnsmasq[1082]: query[A] www.nu.nl from 192.168.1.2
Jun 16 17:14:10 dnsmasq[1082]: forwarded www.nu.nl to 212.54.40.25
Jun 16 17:14:10 dnsmasq[1082]: forwarded www.nu.nl to 212.54.44.54
Jun 16 17:14:10 dnsmasq[1082]: forwarded www.nu.nl to 8.8.8.8
Jun 16 17:14:10 dnsmasq[1082]: query[AAAA] www.nu.nl from 192.168.1.2
Jun 16 17:14:10 dnsmasq[1082]: forwarded www.nu.nl to 212.54.40.25
Jun 16 17:14:10 dnsmasq[1082]: forwarded www.nu.nl to 212.54.44.54
Jun 16 17:14:10 dnsmasq[1082]: forwarded www.nu.nl to 8.8.8.8
Jun 16 17:14:10 dnsmasq[1082]: reply www-nu-nl.gl.sanomaservices.nl is 62.69.166.15
Jun 16 17:14:10 dnsmasq[1082]: reply www-nu-nl.gl.sanomaservices.nl is 62.69.166.18
Jun 16 17:14:10 dnsmasq[1082]: reply www-nu-nl.gl.sanomaservices.nl is 62.69.174.75
Jun 16 17:14:10 dnsmasq[1082]: reply www-nu-nl.gl.sanomaservices.nl is 62.69.174.78
Jun 16 17:14:10 dnsmasq[1082]: reply www-nu-nl.gl.sanomaservices.nl is NODATA-IPv6
« Last Edit: June 16, 2014, 17:30:25 by wanderingidea »
« Reply #11 on: June 16, 2014, 17:41:55 »
Pierre Nast *
Posts: 33

wanderingidea,

The SIGSEGV (signal 11) seems to explain why resolving doesn't work anymore: the dnsmasq process stopped.
Can you provide the runtime generated configuration of dnsmasq (under /var/etc/dnsmasq.conf)?

--
Pierre
« Reply #12 on: June 16, 2014, 17:53:51 »
wanderingidea *
Posts: 6

wanderingidea,

The SIGSEGV (signal 11) seems to explain why resolving doesn't work anymore: the dnsmasq process stopped.
Can you provide the runtime generated configuration of dnsmasq (under /var/etc/dnsmasq.conf)?

Pierre,

In a working situation, without alias are the contents of /var/etc/dnsmasq.conf:
Code:
edns-packet-max=4096
In a non-working situation, with alias are the contents of /var/etc/dnsmasq.conf:
Code:
$ cat /var/etc/dnsmasq.conf
edns-packet-max=4096
cname=guust,guust
cname=guust.wanderingidea.org,guust.wanderingidea.org

which explains the cause of the problem: an alias with the same name as the host itself is not logical.
If I change the alias to an other name everything is functioning properly.
Problem solved I think, thanks!
« Last Edit: June 16, 2014, 18:16:26 by wanderingidea »
« Reply #13 on: June 16, 2014, 18:44:01 »
Pierre Nast *
Posts: 33

wanderingidea,

Though it's a good point that you found a workaround, your "non-working" configuration shouldn't trigger a SIGSEGV.
If someone has spare time to dig into what seems to be a dnsmasq issue... Smiley

--
Pierre
« Reply #14 on: June 17, 2014, 22:42:45 »
Lee Sharp *****
Posts: 517

I am also having dnsmasp blow out on me.  I have not had time to troubleshoot it, but it never starts up right on it's onw and I have to start it manually from the exec.php which looses the "register leases in dnsforwarder" option.

This is on 1.8.2b568

Code:
Jun 17 15:39:12 dnsmasq[64815]: read /etc/hosts - 18 addresses
Jun 17 15:39:12 dnsmasq[64815]: using nameserver 4.2.2.2#53
Jun 17 15:39:12 dnsmasq[64815]: using nameserver 198.6.1.1#53
Jun 17 15:39:12 dnsmasq[64815]: reading /etc/resolv.conf
Jun 17 15:39:12 dnsmasq[64815]: compile time options: IPv6 GNU-getopt ISC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua no-TFTP no-conntrack no-ipset no-auth
Jun 17 15:39:12 dnsmasq[64815]: started, version 2.66 cachesize 150
Jun 17 15:36:35 kernel: pid 64768 (dnsmasq), uid 65534, was killed: out of swap space
Jun 17 15:36:26 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Jun 17 15:36:26 dhcpd: All rights reserved.
Jun 17 15:36:26 dhcpd: Copyright 2004-2012 Internet Systems Consortium.
Jun 17 15:36:26 dhcpd: Internet Systems Consortium DHCP Server 4.1-ESV-R7
Jun 17 15:36:24 dnsmasq[64768]: using nameserver 4.2.2.2#53
Jun 17 15:36:24 dnsmasq[64768]: using nameserver 198.6.1.1#53
Jun 17 15:36:24 dnsmasq[64768]: reading /etc/resolv.conf
Jun 17 15:36:24 dnsmasq[64768]: compile time options: IPv6 GNU-getopt ISC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua no-TFTP no-conntrack no-ipset no-auth
Jun 17 15:36:24 dnsmasq[64768]: started, version 2.66 cachesize 150
Jun 17 15:36:23 dnsmasq[228]: exiting on receipt of SIGTERM
 
Pages: [1] 2
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines