Hi,
On a fresh install of Debian 9 I was seeing the folowing in my logs:
Dec 06 01:55:18 dnsmasq[952]: Maximum number of concurrent DNS queries
reached (max: 150)
Dec 06 01:58:12 dnsmasq[952]: Maximum number of concurrent DNS queries
reached (max: 150)
Dec 06 04:42:17 kernel: nf_conntrack: nf_conntrack: table full, dropping
packet
Dec 06 05:16:30 kernel: nf_conntrack: nf_conntrack: table full, dropping
packet
Those only appeard when I use the 'resolvconf' package.
I'm using 'dnsmasq', 'resolvconf' and 'systemd-resolved' for my upstream
dns.
Setting 'Cache=no' in '/etc/systemd/resolved.conf' eliminates those
"errors".
According to:
https://github.com/systemd/systemd/issues/5352
the following messages are related to DNSSEC ( if I'm understanding
correctly) :
Dec 10 15:45:41 systemd-resolved[893]: Using degraded feature set (UDP)
for DNS server 127.0.0.1.
Dec 10 15:45:57 systemd-resolved[893]: Using degraded feature set (TCP)
for DNS server 127.0.0.1.
Dec 10 23:28:04 systemd-resolved[2610]: Grace period over, resuming full
feature set (UDP+EDNS0+DO+LARGE) for DNS server 127.0.0.1.
Those messages are apparently armeless?
If I don't use the resolvconf package I don't get those messages at all
though.
As recommended by systemd-resolved.service(8) resolv.conf(5) is to be a
symbolic link to '/run/systemd/resolve/resolv.conf'.
$ ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
$ rm -rf /run/systemd/resolve
$ systemctl restart dnsmasq
"Job for dnsmasq.service failed because the control process exited with
error code.
See "systemctl status dnsmasq.service" and "journalctl -xe" for details."
$ journalctl -x -t dnsmasq -n 4 --no-hostname
Dec 07 08:44:13 dnsmasq[904]: dnsmasq: syntax check OK.
Dec 07 08:44:13 dnsmasq[914]: directory /etc/resolv.conf for resolv-file
is missing, cannot poll
Dec 07 08:44:13 dnsmasq[914]: dnsmasq: directory /etc/resolv.conf for
resolv-file is missing, cannot poll
Dec 07 08:44:13 dnsmasq[914]: FAILED to start up
Given that dnsmasq is started before systemd-resolved dnsmasq should not
fail if '/run/systemd/resolve' does not exist.
I didn't report it as a bug because I'm not sure if it's already fixed
in a later release of dnsmasq.
--
John Doe
