some dnsmasq problems
This is a discussion on some dnsmasq problems within the Linux Networking forums, part of the Linux Forums category; Hi, I just installed dnsmasq at home and I have a strange problem. My setup: - a router/gateway machine with ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-29-2004
|
|||
|
|||
some dnsmasq problems
Hi,
I just installed dnsmasq at home and I have a strange problem. My setup: - a router/gateway machine with an external ip (let's call it my_ip) with an internal ip (192.168.1.1) - several machines in the 192.168.1.0 network On the gatway /etc/resolv.conf is generated by the DHCP client on the external interface and the /etc/hosts contains the local machines: [root@gateway root]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 192.168.1.1 gateway 192.168.1.10 patrick 192.168.1.20 matteo 192.168.1.30 andreas 192.168.1.254 ap On the "internal machines" i simply have set up the DNS server to be 192.168.1.1 Everything seems to work but: On a local machine: > host myname.mydomain returns my_ip wanderful! > telnet myname.mydomain 80 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused And here telnet (but also mozilla, ssh, ...) resolves myname.mydomain to localhost. I am puzzled: are host and other linux programs using different methods to resolv domain names (host seems to use libresolv but I didn't really get what telnet is doing). On the dns server everything seems ok: [root@gateway root]# host myname.mydomain casa.dyndns.info has address my_ip [root@gateway root]# telnet myname.mydomain 80 Trying my_ip... Connected to myname.mydomain. Escape character is '^]'. I'm pretty sure that problem is pretty simple but at the moment I am clueless... Many thanks for any hint. Matteo -- Matteo Corti Computer Systems Institute Swiss Federal Institute of Technology Zurich 
|
|
11-29-2004
|
|||
|
|||
|
Re: some dnsmasq problems
Matteo Corti wrote:
> Hi, > > I just installed dnsmasq at home and I have a strange problem. > > My setup: > > - a router/gateway machine with an external ip (let's call it > my_ip) with an internal ip (192.168.1.1) > - several machines in the 192.168.1.0 network > > On the gatway /etc/resolv.conf is generated by the DHCP client on the > external interface and the /etc/hosts contains the local machines: > > [root@gateway root]# cat /etc/hosts > # Do not remove the following line, or various programs > # that require network functionality will fail. > 127.0.0.1 localhost.localdomain localhost > > 192.168.1.1 gateway > 192.168.1.10 patrick > 192.168.1.20 matteo > 192.168.1.30 andreas > 192.168.1.254 ap > > On the "internal machines" i simply have set up the DNS server to be > 192.168.1.1 > > Everything seems to work but: > > On a local machine: > > >>host myname.mydomain > > returns my_ip wanderful! > > >>telnet myname.mydomain 80 > > Trying 127.0.0.1... > telnet: connect to address 127.0.0.1: Connection refused > > And here telnet (but also mozilla, ssh, ...) resolves myname.mydomain > to localhost. > > I am puzzled: are host and other linux programs using different > methods to resolv domain names (host seems to use libresolv but I > didn't really get what telnet is doing). > > On the dns server everything seems ok: > [root@gateway root]# host myname.mydomain > casa.dyndns.info has address my_ip > [root@gateway root]# telnet myname.mydomain 80 > Trying my_ip... > Connected to myname.mydomain. > Escape character is '^]'. > > I'm pretty sure that problem is pretty simple but at the moment I am > clueless... > > Many thanks for any hint. > > Matteo > Did you read the dnsmasq documentation about using it for the host housing the daemon? Are you trying to Telnet/SSH the computer with its external IP address from the same machine? The IP stack is smart enough to route packets to *any* of the local addresses via the loopback interface. Does the computer have the Telnet / SSH server daemon running? Does the computer have a firewall up? For more specific answers, please post: - the output of ifconfig -a - the output of route -n - the output of iptables -nvL An afterthought: PLEASE do not use publicly accessible Telnet server, you'll be cracked in no time. -- Tauno Voipio tauno voipio (at) iki fi
|
|
11-29-2004
|
|||
|
|||
|
Re: some dnsmasq problems
On 2004-11-29, Tauno Voipio <tauno.voipio@iki.fi.NOSPAM.invalid> wrote:
> Matteo Corti wrote: >> >> I just installed dnsmasq at home and I have a strange problem. >> >> My setup: >> >> - a router/gateway machine with an external ip (let's call it >> my_ip) with an internal ip (192.168.1.1) >> - several machines in the 192.168.1.0 network >> >> On the gatway /etc/resolv.conf is generated by the DHCP client on the >> external interface and the /etc/hosts contains the local machines: >> >> [root@gateway root]# cat /etc/hosts >> # Do not remove the following line, or various programs >> # that require network functionality will fail. >> 127.0.0.1 localhost.localdomain localhost >> >> 192.168.1.1 gateway >> 192.168.1.10 patrick >> 192.168.1.20 matteo >> 192.168.1.30 andreas >> 192.168.1.254 ap >> >> On the "internal machines" i simply have set up the DNS server to be >> 192.168.1.1 >> >> Everything seems to work but: >> >> On a local machine: >> >> >>>host myname.mydomain >> >> returns my_ip wanderful! >> >> >>>telnet myname.mydomain 80 >> >> Trying 127.0.0.1... >> telnet: connect to address 127.0.0.1: Connection refused >> >> And here telnet (but also mozilla, ssh, ...) resolves myname.mydomain >> to localhost. >> >> I am puzzled: are host and other linux programs using different >> methods to resolv domain names (host seems to use libresolv but I >> didn't really get what telnet is doing). >> >> On the dns server everything seems ok: >> [root@gateway root]# host myname.mydomain >> casa.dyndns.info has address my_ip >> [root@gateway root]# telnet myname.mydomain 80 >> Trying my_ip... >> Connected to myname.mydomain. >> Escape character is '^]'. >> >> I'm pretty sure that problem is pretty simple but at the moment I am >> clueless... >> >> Many thanks for any hint. >> >> Matteo >> > > Did you read the dnsmasq documentation about using it > for the host housing the daemon? Yes > Are you trying to Telnet/SSH the computer with its external > IP address from the same machine? No, I am trying to connect from a machine in the internal network (let's say 192.168.1.10). > The IP stack is smart enough to route packets to *any* of > the local addresses via the loopback interface. Yes but I am connect from a second machine: - on 192.168.1.1 I do 'host casa.dyndns.info' and I get casa.dyndns.info has address 192.33.99.76 using the DNS server configured in /etc/resolv conf (and not 127.0.0.1, -> my IP stack is not smart enough :-) - on 192.168.1.10 (another machine) I do the same and I get again casa.dyndns.info has address 192.33.99.76 this time using 192.168.1.1 as a DNS server - on 192.168.1.10 I do 'telnet casa.dyndns.info 80' and telnet relsoves to 127.0.0.1: I don't get why.. Shouldn't telnet try to resolv the name using the same server as host? > Does the computer have the Telnet / SSH server daemon running? Yes of course but the error message is pretty clear: cannot connect to 127.0.0.1! This is not a problem with the server. > > Does the computer have a firewall up? Of course, I need it for NAT. But the DNS queries are not filtered out: % host www.cisco.com 192.168.1.1 works from the internal network (i.e., I can reach the DNS on 192.168.1.1) > For more specific answers, please post: > - the output of ifconfig -a on the gateway (192.168.1.1): eth0 Link encap:Ethernet HWaddr 00:C0:26:15:72:A5 inet addr:192.33.99.76 Bcast:192.33.99.127 Mask:255.255.255.192 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:86988 errors:0 dropped:0 overruns:0 frame:0 TX packets:44579 errors:0 dropped:0 overruns:0 carrier:0 collisions:366 txqueuelen:1000 RX bytes:20152755 (19.2 Mb) TX bytes:14967317 (14.2 Mb) Interrupt:11 Base address:0xd000 eth1 Link encap:Ethernet HWaddr 00:02:44:35:86:A5 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:44289 errors:0 dropped:0 overruns:0 frame:0 TX packets:42426 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:15243268 (14.5 Mb) TX bytes:17334175 (16.5 Mb) Interrupt:10 Base address:0xd400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:102 errors:0 dropped:0 overruns:0 frame:0 TX packets:102 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:7100 (6.9 Kb) TX bytes:7100 (6.9 Kb) on the "others" eth0 Link encap:Ethernet HWaddr 00:30:1B:B3:4B:E0 inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::230:1bff:feb3:4be0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:967 errors:0 dropped:0 overruns:0 frame:0 TX packets:1094 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:260198 (254.0 KiB) TX bytes:127865 (124.8 KiB) Interrupt:177 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:67 errors:0 dropped:0 overruns:0 frame:0 TX packets:67 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5004 (4.8 KiB) TX bytes:5004 (4.8 KiB) > - the output of iptables -nvL Chain INPUT (policy DROP 4 packets, 192 bytes) pkts bytes target prot opt in out source destination 102 7100 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 817 85623 ACCEPT all -- eth1 * 192.168.1.0/24 0.0.0.0/0 0 0 drop-and-log-it all -- eth0 * 192.168.1.0/24 0.0.0.0/0 568 17292 ACCEPT icmp -- eth0 * 0.0.0.0/0 192.33.99.76 791 213K ACCEPT all -- eth0 * 0.0.0.0/0 192.33.99.76 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67 0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67 8 480 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.33.99.76 state NEW,RELATED,ESTABLISHED tcp dpt:22 6 360 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.33.99.76 state NEW,RELATED,ESTABLISHED tcp dpt:25 11 588 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.33.99.76 state NEW,RELATED,ESTABLISHED tcp dpt:80 5 300 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.33.99.76 state NEW,RELATED,ESTABLISHED tcp dpt:443 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.33.99.76 state NEW,RELATED,ESTABLISHED tcp dpt:8080 435 93169 drop-and-log-it all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 3 packets, 132 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 14506 2499K ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 69625 22M ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 0 0 drop-and-log-it all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 102 7100 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * eth1 192.33.99.76 192.168.1.0/24 681 159K ACCEPT all -- * eth1 192.168.1.0/24 192.168.1.0/24 0 0 drop-and-log-it all -- * eth0 0.0.0.0/0 192.168.1.0/24 1656 170K ACCEPT all -- * eth0 192.33.99.76 0.0.0.0/0 0 0 ACCEPT tcp -- * eth1 192.168.1.0/24 255.255.255.255 tcp spt:67 dpt:68 0 0 ACCEPT udp -- * eth1 192.168.1.0/24 255.255.255.255 udp spt:67 dpt:68 0 0 drop-and-log-it all -- * * 0.0.0.0/0 0.0.0.0/0 Chain drop-and-log-it (5 references) pkts bytes target prot opt in out source destination 435 93169 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable > An afterthought: PLEASE do not use publicly accessible Telnet server, > you'll be cracked in no time. Don't worry: I used telnet to port 80 (http) only to do a simple test :-) Telnet is closed since a long time ... Many thanks for your help. Matteo -- Matteo Corti Computer Systems Institute Swiss Federal Institute of Technology Zurich
|
|
11-30-2004
|
|||
|
|||
|
Re: some dnsmasq problems
On 29 Nov 2004 23:55:39 +0100, Matteo Corti <corti@inf.ethz.ch> wrote:
>On 2004-11-29, Tauno Voipio <tauno.voipio@iki.fi.NOSPAM.invalid> wrote: >> Matteo Corti wrote: Content snipped. The computer on which dnsmasq runs should have a resolv.conf containing "nameserver 127.0.0.1" (and NOTHING ELSE) - assuming you want it to cache for itself as well as other computers on your LAN. Every other computer should have a resolv.conf containing the ip of the dnsmasq machine in its "nameserver" line I bet your DHCP is overwriting your resolv.conf file(s). "ALL" programs do resolution based on resolv.conf and host.conf, so unless you've done something stupid like filling up hosts with 127.0.0.1 entries your setup should work. You also need no--resolv server=ns.ip.goes.here server=ns2.ip.goes.here in dnsmasq.conf You might want to turn on log-queries and see if the computer where dnsmasq is running is actually getting DNS requests and replying to them. If none of that helps, subscribe the mailing list and get help from Simon. gypsy
|
|
11-30-2004
|
|||
|
|||
|
Re: some dnsmasq problems
buck <buck@private.mil> wrote:
> On 29 Nov 2004 23:55:39 +0100, Matteo Corti <corti@inf.ethz.ch> wrote: > > >On 2004-11-29, Tauno Voipio <tauno.voipio@iki.fi.NOSPAM.invalid> wrote: > >> Matteo Corti wrote: > Content snipped. > > The computer on which dnsmasq runs should have a resolv.conf > containing "nameserver 127.0.0.1" (and NOTHING ELSE) - assuming you > want it to cache for itself as well as other computers on your LAN. Eh? How would it know who to use as dns forwarder if that were the case? No - it can have all it likes, PLUS 127.0.0.1. Dnsmasq reads resolv.conf to figure out the forwarders. -r, --resolv-file=<file> Read the IP addresses of the upstream nameservers from <file>, instead of /etc/resolv.conf. > Every other computer should have a resolv.conf containing the ip of > the dnsmasq machine in its "nameserver" line That's right. > I bet your DHCP is overwriting your resolv.conf file(s). Probably. Peter
|
|
11-30-2004
|
|||
|
|||
|
Re: some dnsmasq problems
On 2004-11-30, Peter T. Breuer <ptb@lab.it.uc3m.es> wrote:
> buck <buck@private.mil> wrote: >> On 29 Nov 2004 23:55:39 +0100, Matteo Corti <corti@inf.ethz.ch> wrote: >> >> >On 2004-11-29, Tauno Voipio <tauno.voipio@iki.fi.NOSPAM.invalid> wrote: >> >> Matteo Corti wrote: >> Content snipped. >> >> The computer on which dnsmasq runs should have a resolv.conf >> containing "nameserver 127.0.0.1" (and NOTHING ELSE) - assuming you >> want it to cache for itself as well as other computers on your LAN. > > Eh? How would it know who to use as dns forwarder if that were the case? > No - it can have all it likes, PLUS 127.0.0.1. Dnsmasq reads > resolv.conf to figure out the forwarders. > > -r, --resolv-file=<file> > Read the IP addresses of the upstream nameservers from > <file>, instead of /etc/resolv.conf. > >> Every other computer should have a resolv.conf containing the ip of >> the dnsmasq machine in its "nameserver" line > > That's right. > >> I bet your DHCP is overwriting your resolv.conf file(s). > > Probably. Hi, I got the solution. The problem was the NIS (YP) server on the gateway. Some NIS servers are able to do dns queries but not the one coming with fedora. in ypserv.conf: # Should we do DNS lookups for hosts not found in the hosts table ? # This option is ignored in the moment. dns: no but RedHat cleverly sets nis as an option for the dns lookup in /etc/nsswitch.conf: hosts: files nis dns With the consequence that: * host was using the correct dns server * all the others where using nis before dns but the nis server was answering 127.0.0.1 for my ip. I changed /etc/nsswitch.conf and everything works like a charm :-) BTW: if you have the DNS servers in the resolv.conf of the machine running dnsmasq nothing happens (you just lookup on the remote server instead of the local dns, not useful but not harmful). Many many thanks to everybody that tried to help. Matteo -- Matteo Corti Computer Systems Institute Swiss Federal Institute of Technology Zurich
|
|
11-30-2004
|
|||
|
|||
|
Re: some dnsmasq problems
On Tue, 30 Nov 2004 04:42:20 +0100, ptb@lab.it.uc3m.es (Peter T.
Breuer) wrote: >buck <buck@private.mil> wrote: >> On 29 Nov 2004 23:55:39 +0100, Matteo Corti <corti@inf.ethz.ch> wrote: >> >> >On 2004-11-29, Tauno Voipio <tauno.voipio@iki.fi.NOSPAM.invalid> wrote: >> >> Matteo Corti wrote: >> Content snipped. >> >> The computer on which dnsmasq runs should have a resolv.conf >> containing "nameserver 127.0.0.1" (and NOTHING ELSE) - assuming you >> want it to cache for itself as well as other computers on your LAN. > >Eh? How would it know who to use as dns forwarder if that were the case? >No - it can have all it likes, PLUS 127.0.0.1. Dnsmasq reads >resolv.conf to figure out the forwarders. Peter, Read what I said, which was server=ns.ip.goes.here Which is where the forwarders come from.
|
|
11-30-2004
|
|||
|
|||
|
Re: some dnsmasq problems
buck <buck@private.mil> wrote:
> On Tue, 30 Nov 2004 04:42:20 +0100, ptb@lab.it.uc3m.es (Peter T. > Breuer) wrote: > > >buck <buck@private.mil> wrote: > >> On 29 Nov 2004 23:55:39 +0100, Matteo Corti <corti@inf.ethz.ch> wrote: > >> > >> >On 2004-11-29, Tauno Voipio <tauno.voipio@iki.fi.NOSPAM.invalid> wrote: > >> >> Matteo Corti wrote: > >> Content snipped. > >> > >> The computer on which dnsmasq runs should have a resolv.conf > >> containing "nameserver 127.0.0.1" (and NOTHING ELSE) - assuming you > >> want it to cache for itself as well as other computers on your LAN. > > > >Eh? How would it know who to use as dns forwarder if that were the case? > >No - it can have all it likes, PLUS 127.0.0.1. Dnsmasq reads > >resolv.conf to figure out the forwarders. > > Peter, > > Read what I said, which was > server=ns.ip.goes.here You did not say it, and I quoted what you said (whoever "you" are, "buck"). > Which is where the forwarders come from. I have no idea exactly what you are talking about there, but it looks like a line from some configuration file or tool. What has that got to do with dnsmasq? How about speaking in complete sentences? Might it be a line from dnsmasq.conf? If so, why put it there? The right place for it is as an entry in resolv.conf, where dnsmasq will pick it up, cache for it, and forward to it, as it is designed to do, and where dhcp will add the entry if it is allowed to! May I draw your attention to another line in the dnsmasq.conf file: # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv # files for changes and re-read them then uncomment this. #no-pol Or indeed: # If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers for this file instead (see below), then # uncomment this #no-resolv So what on earth makes you go for that piffling line of yours rather than the above? And what good excuse can you offer for wishing to subvert the way dnsmasq works? It works just fine the way it is intended to! Peter
|
|
11-30-2004
|
|||
|
|||
|
Re: some dnsmasq problems
[snip]
>> >> The computer on which dnsmasq runs should have a resolv.conf >> >> containing "nameserver 127.0.0.1" (and NOTHING ELSE) - assuming you >> >> want it to cache for itself as well as other computers on your LAN. >> > >> >Eh? How would it know who to use as dns forwarder if that were the case? >> >No - it can have all it likes, PLUS 127.0.0.1. Dnsmasq reads >> >resolv.conf to figure out the forwarders. >> >> Peter, >> >> Read what I said, which was >> server=ns.ip.goes.here > > You did not say it, and I quoted what you said (whoever "you" are, > "buck"). > >> Which is where the forwarders come from. > > I have no idea exactly what you are talking about there, but it looks > like a line from some configuration file or tool. What has that got to > do with dnsmasq? How about speaking in complete sentences? Might it be > a line from dnsmasq.conf? If so, why put it there? The right place for > it is as an entry in resolv.conf, where dnsmasq will pick it up, cache > for it, and forward to it, as it is designed to do, and where dhcp will > add the entry if it is allowed to! May I draw your attention to another > line in the dnsmasq.conf file: Sorry but Buck is right: server= is an option of dnsmasq (in dnsmasq.conf). What you are suggesting (letting the servers in the resolf.conf file) is ok in the sense that all the machines using the machine where dnsmasq is installed will be using dnsmasq (I know that this is not the better explanation but ...) The problem with what you are suggesting is that all the requests made on the machine where dnsmasq is installed will bypass dnsmasq (they will use the external DNS servers found in resolv.conf) If we instruct dnsmaq with no-resolv *and* servers=.... not to use /etc/resolv conf we will have a working dnsmasq and more important we will be able to put 127.0.0.1 in resolv.conf to allow the machine itself to use dnsconf. Matteo -- Matteo Corti Computer Systems Institute Swiss Federal Institute of Technology Zurich
|
|
11-30-2004
|
|||
|
|||
|
Re: some dnsmasq problems
Matteo Corti <corti@inf.ethz.ch> wrote:
> [snip] > >> >> The computer on which dnsmasq runs should have a resolv.conf > >> >> containing "nameserver 127.0.0.1" (and NOTHING ELSE) - assuming you > >> >> want it to cache for itself as well as other computers on your LAN. > >> > > >> >Eh? How would it know who to use as dns forwarder if that were the case? > >> >No - it can have all it likes, PLUS 127.0.0.1. Dnsmasq reads > >> >resolv.conf to figure out the forwarders. > >> > >> Read what I said, which was > >> server=ns.ip.goes.here > > > > You did not say it, and I quoted what you said (whoever "you" are, > > "buck"). > > > >> Which is where the forwarders come from. > > > > I have no idea exactly what you are talking about there, but it looks > > like a line from some configuration file or tool. What has that got to > > do with dnsmasq? How about speaking in complete sentences? Might it be > > a line from dnsmasq.conf? If so, why put it there? The right place for > > it is as an entry in resolv.conf, where dnsmasq will pick it up, cache > > for it, and forward to it, as it is designed to do, and where dhcp will > > add the entry if it is allowed to! May I draw your attention to another > > line in the dnsmasq.conf file: > > Sorry but Buck is right: server= is an option of dnsmasq (in > dnsmasq.conf). *HE* did not say so - *I* did. You even quoted me saying so and him NOT saying so. > What you are suggesting (letting the servers in the resolf.conf file) > is ok in the sense that all the machines using the machine where Uh .. "machines using the machine"? > dnsmasq is installed will be using dnsmasq (I know > that this is not the better explanation but ...) It's incomprehensible. Machines do not use machines. Am I going to have to guess what somebody intended to write and did NOT write again? My guess is that you mean to say "all the machines using the machine with dnsmasq on as their dnsserver". However the rest of the sentence is then incomprehensible. Dnsmasq is a one-machine dnsserver. I don't know if it responds to external queries or not! Its intended use is on a portable that moves from place to place and gets its configuration via dhcp. So the idea of using it as a dns server to OTHER machines in a network is simply out-of-field as far as I am concerned! > The problem with what you are suggesting is that all the requests made > on the machine where dnsmasq is installed will bypass dnsmasq > (they will use the external DNS servers found in resolv.conf) No they won't. They will all go to dnsmasq. 127.0.0.1 is listed first, hence they go to dnsmasq. Dnsmasq forwards the requests to the servers named second and third. Now, if you were to ask me "what happens in case of dns timeouts on the servers", well, you'd ordinarily get three times the normal timeout, but I suspect dnsmasq caches negative responses after the first such and possibly converts dns timeouts into negatives, so that the remaining server entries are not consulted. After all, that is what it is for! Hence my surmise as to the detail of how it works. -N, --no-negcache Disable negative caching. Negative caching allows dnsmasq to remember "no such domain" answers from upstream nameservers and answer identical queries without forwarding them again. This flag disables negative caching. Well, that says part of what I surmise. I guess there is more too. Dnsmasq is a DNS query forwarder: it it not capable of recursively answering arbitrary queries starting from the root servers but forwards such queries to a fully recur* sive upstream DNS server which is typically provided by an ISP. By default, dnsmasq reads /etc/resolv.conf to dis* cover the IP addresses of the upstream nameservers it should use, since the information is typically stored there. Unless --no-poll is used, dnsmasq checks the modi* fication time of /etc/resolv.conf ... and that says more of what you should know. > If we instruct dnsmaq with no-resolv *and* servers=.... not to use > /etc/resolv conf we will have a working dnsmasq and more important we There is no point to this! Dnsmasq is designed to get the server addresses from resolv.conf (and to disregard the 127.0.0.1 entry, which should be first) and to forward to them and to cache for them, etc. and so you will ALREADY have a "working dnsmasq". > will be able to put 127.0.0.1 in resolv.conf to allow the machine You would have put it there anyway! That is what dnsmasq is supposed to expect there! I quote: In order to configure dnsmasq to act as cache for the host on which it is running, put "nameserver 127.0.0.1" in /etc/resolv.conf to force local processes to send queries to dnsmasq. > itself to use dnsconf. Why go round the houses on this? You have offered no reasons for what you want to do - indeed, all the reasoning you have offered has been manifestly false! See above for the rebuttals! There ARE arguments why you might want to configure dnsmasq to NOT look in resolv.conf and use a fixed server configuration instead, but you haven't made any of them. Indeed, whatever you might say is contraindicated by the fact that dhcp will put dns servers gleaned from the net in resolv.conf, so dnsmasq MUST read that file to find them. Getting around THAT takes some configuring - you'd have to engineer the dhcp scripts to put server info in a different file, and tell dnsmasq to look in that file. But again that would have nothing to do with your proposed server= line, so why on earth suggest such a thing? Where do you get your _reasoning_? Peter
|
Linear Mode
