[FS#841] dnsmasq cannot resolve domain name if the first upstream dns server reply code is REFUSED

LEDE Bugs lede-bugs at lists.infradead.org
Mon Jun 12 23:52:11 PDT 2017 

A new Flyspray task has been opened.  Details are below. 

User who did this - Mi Feng (bearmi) 

Attached to Project - LEDE Project
Summary - dnsmasq cannot resolve domain name if the first upstream dns server reply code is REFUSED
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - High
Priority - Very Low
Reported Version - lede-17.01
Due in Version - Undecided
Due Date - Undecided
Details - Supply the following if possible:
 - Device problem occurs on
network gateway

 - Software versions of LEDE release, packages, etc.
lede-17.01 and dnsmasq v2.77

 - Steps to reproduce
 1. boot up the gateway, got two upstream dns servers
    172.30.50.10
    172.30.50.21
    the first server(172.30.50.10) always relied REFUSED, and the second one can work well.

 2. set the strict order option of dnsmasq, also disabled rebind-protection, and restarted dnsmasq

 3. tried to resolve a domain name from LAN side host, but got REFUSED.
    I dumped the udp packets by tcpdump, and find NO dns query packet sent to the second server (172.30.50.21).

   But according to my understanding, if the first upstream server cannot work, dnsmasq should try the second one by sending query to it. But I did not see query packet to the second one. It's an issue.

See the resolve.conf.auto content, config file content and tcpdump log below

Thanks
Mi Feng



cat dnsmasq.conf.cfg02411c 
# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
strict-order
localise-queries
read-ethers
expand-hosts
dhcp-script=/lib/dnsmasq/dhcp-event.sh
domain=lan
server=/lan/
dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.auto
dhcp-broadcast=tag:needs-broadcast
addn-hosts=/tmp/hosts
conf-dir=/tmp/dnsmasq.d
user=dnsmasq
group=dnsmasq




dhcp-range=lan,192.168.1.1,192.168.1.253,255.255.255.0,24h
dhcp-option=lan,tag:cpewan-id,vi-encap:3561,6,"389ac"
dhcp-option=lan,tag:cpewan-id,vi-encap:3561,5,"CP1610UA89Y"
dhcp-option=lan,tag:cpewan-id,vi-encap:3561,4,"C4EA1D"
no-dhcp-interface=pppoe-wan
no-dhcp-interface=pppoe-wan

root@:/tmp# cat resolv.conf.auto 
# Interface wan
nameserver 172.30.50.10
nameserver 172.30.50.21
root@:/tmp# 
root@:/tmp# 
root@:/tmp# tcpdump -i pppoe-wan udp
[ 2854.928000] device pppoe-wan entered promiscuous mode
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pppoe-wan, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
10:30:18.469665 IP 172.30.50.10.domain > 172.26.4.195.65213: 50131 Refused- 0/0/0 (30)
10:30:18.472748 IP 172.26.4.195.64289 > 172.30.50.10.domain: 1046+ PTR? 10.50.30.172.in-addr.arpa. (43)
10:30:18.473264 IP 172.30.50.10.domain > 172.26.4.195.64289: 1046 NXDomain*- 0/1/0 (97)
10:30:18.474169 IP 172.26.4.195.59346 > 172.30.50.10.domain: 28639+ A? www.qacc.net.ap.thmulti.com. (45)
10:30:18.474611 IP 172.30.50.10.domain > 172.26.4.195.59346: 28639 Refused- 0/0/0 (45)
10:30:18.477993 IP 172.26.4.195.14614 > 172.30.50.10.domain: 12337+ A? www.qacc.net.beijing.ap.thmulti.com. (53)
10:30:18.478583 IP 172.30.50.10.domain > 172.26.4.195.14614: 12337 Refused- 0/0/0 (53)



10:30:22.720009 IP 172.26.4.195.41357 > 172.30.50.10.domain: 47184+ AAAA? 1.asia.pool.ntp.org. (37)
10:30:22.720583 IP 172.30.50.10.domain > 172.26.4.195.41357: 47184 Refused- 0/0/0 (37)
10:30:22.722887 IP 172.26.4.195.55007 > 172.30.50.10.domain: 33873+ AAAA? 1.asia.pool.ntp.org. (37)
10:30:22.723378 IP 172.30.50.10.domain > 172.26.4.195.55007: 33873 Refused- 0/0/0 (37)
10:30:22.729899 IP 172.26.4.195.55853 > 172.30.50.10.domain: 55831+ AAAA? 1.asia.pool.ntp.org. (37)
10:30:22.730430 IP 172.30.50.10.domain > 172.26.4.195.55853: 55831 Refused- 0/0/0 (37)
10:30:22.737220 IP 172.26.4.195.43685 > 172.30.50.10.domain: 36592+ A? 1.asia.pool.ntp.org. (37)
10:30:22.737813 IP 172.30.50.10.domain > 172.26.4.195.43685: 36592 Refused- 0/0/0 (37)
10:30:22.741757 IP 172.26.4.195.16960 > 172.30.50.10.domain: 37960+ A? 1.asia.pool.ntp.org. (37)
10:30:22.742329 IP 172.30.50.10.domain > 172.26.4.195.16960: 37960 Refused- 0/0/0 (37)
10:30:22.747418 IP 172.26.4.195.30333 > 172.30.50.10.domain: 5884+ A? 1.asia.pool.ntp.org. (37)
10:30:22.748037 IP 172.30.50.10.domain > 172.26.4.195.30333: 5884 Refused- 0/0/0 (37)
10:30:22.753650 IP 172.26.4.195.29589 > 172.30.50.10.domain: 44902+ AAAA? 0.asia.pool.ntp.org. (37)
10:30:22.754422 IP 172.30.50.10.domain > 172.26.4.195.29589: 44902 Refused- 0/0/0 (37)
10:30:22.759628 IP 172.26.4.195.3053 > 172.30.50.10.domain: 61986+ AAAA? 0.asia.pool.ntp.org. (37)
10:30:22.760258 IP 172.30.50.10.domain > 172.26.4.195.3053: 61986 Refused- 0/0/0 (37)
10:30:22.764139 IP 172.26.4.195.33678 > 172.30.50.10.domain: 15850+ AAAA? 0.asia.pool.ntp.org. (37)
10:30:22.764729 IP 172.30.50.10.domain > 172.26.4.195.33678: 15850 Refused- 0/0/0 (37)
10:30:22.768688 IP 172.26.4.195.5053 > 172.30.50.10.domain: 35088+ A? 0.asia.pool.ntp.org. (37)
10:30:22.769275 IP 172.30.50.10.domain > 172.26.4.195.5053: 35088 Refused- 0/0/0 (37)
10:30:22.772201 IP 172.26.4.195.64996 > 172.30.50.10.domain: 65307+ A? 0.asia.pool.ntp.org. (37)
10:30:22.772687 IP 172.30.50.10.domain > 172.26.4.195.64996: 65307 Refused- 0/0/0 (37)
10:30:22.775676 IP 172.26.4.195.20981 > 172.30.50.10.domain: 10204+ A? 0.asia.pool.ntp.org. (37)
10:30:22.776243 IP 172.30.50.10.domain > 172.26.4.195.20981: 10204 Refused- 0/0/0 (37)
10:30:22.780325 IP 172.26.4.195.38297 > 172.30.50.10.domain: 46081+ AAAA? my.pool.ntp.org. (33)
10:30:22.780868 IP 172.30.50.10.domain > 172.26.4.195.38297: 46081 Refused- 0/0/0 (33)
10:30:22.783857 IP 172.26.4.195.56965 > 172.30.50.10.domain: 6840+ AAAA? my.pool.ntp.org. (33)
10:30:22.784429 IP 172.30.50.10.domain > 172.26.4.195.56965: 6840 Refused- 0/0/0 (33)
10:30:22.791442 IP 172.26.4.195.35406 > 172.30.50.10.domain: 11467+ AAAA? my.pool.ntp.org. (33)
10:30:22.792167 IP 172.30.50.10.domain > 172.26.4.195.35406: 11467 Refused- 0/0/0 (33)
10:30:22.798293 IP 172.26.4.195.1555 > 172.30.50.10.domain: 28498+ A? my.pool.ntp.org. (33)
10:30:22.798942 IP 172.30.50.10.domain > 172.26.4.195.1555: 28498 Refused- 0/0/0 (33)
10:30:22.803558 IP 172.26.4.195.44915 > 172.30.50.10.domain: 35218+ A? my.pool.ntp.org. (33)
10:30:22.804149 IP 172.30.50.10.domain > 172.26.4.195.44915: 35218 Refused- 0/0/0 (33)
10:30:22.808304 IP 172.26.4.195.4340 > 172.30.50.10.domain: 50022+ A? my.pool.ntp.org. (33)
10:30:22.808944 IP 172.30.50.10.domain > 172.26.4.195.4340: 50022 Refused- 0/0/0 (33)
10:30:22.942953 IP 172.26.4.195.7506 > 172.30.50.10.domain: 38495+ A? qacc.net. (26)
10:30:22.943548 IP 172.30.50.10.domain > 172.26.4.195.7506: 38495 Refused- 0/0/0 (26)
10:30:22.946667 IP 172.26.4.195.23129 > 172.30.50.10.domain: 22257+ A? qacc.net.ap.thmulti.com. (41)
10:30:22.947214 IP 172.30.50.10.domain > 172.26.4.195.23129: 22257 Refused- 0/0/0 (41)
10:30:22.949874 IP 172.26.4.195.18398 > 172.30.50.10.domain: 24945+ A? qacc.net.beijing.ap.thmulti.com. (49)
10:30:22.950345 IP 172.30.50.10.domain > 172.26.4.195.18398: 24945 Refused- 0/0/0 (49)


 

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=841

More information about the lede-bugs mailing list