-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 01/08/2016 07:46 AM, Ptits de Barbe wrote: > I believe you've wrongly interpreted the log. Let me describe how do I > understand it. >> 15:45:32.035381 IP 127.0.0.1.18520 > 127.0.2.1.5353: 1536+ A (QM)? >> dupaa.com. (27) > Something running on your router sends request to 127.0.2.1:5353. It's > dnscrypt there, so that most likely was a dnsmasq request. >> 15:45:37.040620 IP 127.0.0.1.18520 > 127.0.2.1.5353: 1536+ A (QM)? >> dupaa.com. (27) > Same. Have no idea why is there a second same request. >> 15:45:38.045687 IP 127.0.2.1.5353 > 127.0.0.1.18520: 1536 ServFail 0/0/1 (38) > dnscrypt responded. >> 15:45:38.046118 IP 192.168.1.150.6289 > 192.168.1.1.53: 57153+ A? >> dupaa.com.mhouse.lh. (37) > And there someone from outside of the router (192.168.1._150_) queries > dnsmasq running on router.
Actually there are two instances of dnsmasq. The first one is installed on my local machine and it acts just as a cache (IP 127.0.0.1). The second one is installed on my network router (192.168.1.1). So when my machine make a DNS query, it sends it to the local dnsmasq first. It then checks the domain of the query and decides where to send the query next. In this case the domain was "dupaa.com", so it should be delivered to the upstream DNS server, in this case dnscrypt-proxy, also installed on the local host, not the router. When it can't resolve the domain, it makes a new query, now "dupaa.com.mhouse.lh", and it sends it to the network router because the domain "mhouse.lh" should be answered by the network router, as configured. This works fine, but only for domains that are valid. The problem concerns only the domains that can't be answered by the upstream DNS server. The log above comprise actually of two separate logs. One is from tcpdump started on local external interface, and the other is started on loopback (lo) interface, also on local machine, not the router. That's why there was a space between them. > To my knowledge, clients always requery their configured DNS with local > network suffix appended in case first query wasn't resolved. > This is good, > because with small patch dnsmasq will resolve subdomains in local network > (like aba.caba.<hostname>). But when I remove "search mhouse.lh" from the /etc/resolv.conf file, the problem disappears, and there's no queries that have "mhouse.lh" appended. So when I try to make a DNS query and the domain can't be resolved by the upstream DNS server, there's no subsequent query with the local domain appended. I'm still able to send DNS queries to my network router, but I have to manually append "mhouse.lh" to the hostname. > Also, though I don't see further log, I suspect that there were no requests > like That's the full log. I mean, this is what happened after trying to use "ping dupaa.com". >> 15:45:32.035381 IP 127.0.0.1.18520 > 127.0.2.1.5353: 1536+ A (QM)? >> dupaa.com.mhouse.lh. (27) > meaning dnsmasq correctly filters local network domains and doesn't query > upstream servers for them. At least your configuration looks correct. So dnsmaq has nothing to do with the "dupaa.com.mhouse.lh" query? And it just passes what it gets from the client? So the client make the request? -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWj6uXAAoJEM0EaBB3G2UgiLsQAL6++3ZzCcSzZdLn/KXa6AwU 72OiMNSNkaSu2UIexRnawLFL17A2ERxTYrdfHrGAZwxgXvnv+Xn0NdpJVwTLbO3B 2Ddn46F1DaMFyoPYIn4RMplkIqjlhnP93/zdZzht9IGeGYBr8WSgUV3t+1Qae58w vOrve5zDSUiWZJkGXYHLuhvWUSRH09Z6JjMEQzbHVGChx+o4U4Ehm0y/sMduftRN 5M8PjGaMzlVu/sC3ZX94cl+bR4ASBf0klPSJfc3jNFn9hTSexaYOxj1818Igi+Sw YA9eAh+d4K/dRRMXBFgc543KbdNM1LSKLWfIYJgShuq68M5vXTgfwF782tH3cPIj QJqn9hbQSAfw579YLjXJLQnWNOd85qi4kXAGTwlhHkifWOVyBU7f7aCnfkE23ony t5MhKWyQFkvQDsJ5wEuKANbIj5R/0wmWBc1cc3EaQGKjd8cKm8xRhPvJdzHETWcB 5XGftpjGv3qjvOk6yxfNpZsTwyW8ek2gGHdwo9pbnXfOVNpUeqbH9dpd/vCeuMkw 3Iwr9PuuUJFCSaqeVcY23S9rWsXv7DRu3E36u+13xq2a7wcBqobSDPpk1v3VnJ60 F/w9FOh7ZYS2+irQGh0nfD6nlwjClWb2P60YJ2jKyiRZ2eP3N2SsmMoFsgFpa0Y3 OBN8x5iSfocrPOA7lM9C =+Oxq -----END PGP SIGNATURE----- _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss