OpenWrt Forum Archive

Topic: dnsmasq and dns forwarding

The content of this topic has been archived on 7 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
cptdondo
19 Oct 2009, 00:41

I've got one openwrt box that acts as a gateway.  It runs dnsmasq and serves IPs to machines behind it.  Call it A.

root@roadtrek:~# cat /etc/resolv.conf
search seiner.lan
nameserver 192.168.128.6
nameserver 66.178.167.27
nameserver 66.178.152.14
root@roadtrek:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.128.0   0.0.0.0         255.255.255.0   U     0      0        0 wl0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
0.0.0.0         192.168.128.19  0.0.0.0         UG    0      0        0 wl0

I've got another openwrt box that sits behind this one. Call it B.  B has a static IP.  Here's it's stuff:

root@roadtrekAP:~# cat /etc/resolv.conf
nameserver 192.168.1.1
root@roadtrekAP:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 br-lan

I've got a xubutu box that sits behind A.  Call it C.  C gets it IP from A.

root@mythtvrt:~# cat /etc/resolv.conf
domain lan
search lan
nameserver 192.168.1.1
root@mythtvrt:~# route -n
Sm?rovací tabulka v jádru pro IP
Adresát         Brána           Maska           P?ízn Metrik Odkaz  Užt Rozhraní
10.10.0.1       0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eth2

DNS works fine on A, but fails on both B and C.

the box at 192.168.1.1 is dong NAT, so is the box at 192.168.128.19 (the gateway for the main network.)  But still, DNS itself should work as the main DNS server is at 192.168.128.6, and that's reachable from all 3 machines.

I can ping both the DNS server and the gateway from B and C.

root@roadtrekAP:/etc/config# ping 192.168.128.6   
PING 192.168.128.6 (192.168.128.6): 56 data bytes
64 bytes from 192.168.128.6: seq=0 ttl=63 time=2.155 ms
64 bytes from 192.168.128.6: seq=1 ttl=63 time=3.769 ms
64 bytes from 192.168.128.6: seq=2 ttl=63 time=35.895 ms
64 bytes from 192.168.128.6: seq=3 ttl=63 time=2.740 ms
^C
--- 192.168.128.6 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 2.155/11.139/35.895 ms
root@roadtrekAP:/etc/config# ping 192.168.128.19
PING 192.168.128.19 (192.168.128.19): 56 data bytes
64 bytes from 192.168.128.19: seq=0 ttl=63 time=3.289 ms
64 bytes from 192.168.128.19: seq=1 ttl=63 time=2.808 ms

I can traceroute from B and C all the way to google, as long as I use the IP and not google.com:

root@roadtrekAP:/etc/config# traceroute 74.125.53.100
traceroute to 74.125.53.100 (74.125.53.100), 30 hops max, 38 byte packets
1  RoadTrek.lan (192.168.1.1)  0.751 ms  0.579 ms  0.623 ms
2  192.168.128.19 (192.168.128.19)  3.057 ms  2.377 ms  3.539 ms
3  66-178-130-210.eugnor53.rio.com (66.178.130.210)  5.263 ms  3.692 ms  3.636 ms
4  a4-0.sm01.eugnor53.rio.com (66.178.148.62)  14.733 ms  12.331 ms  13.433 ms
5  f1-0-17.cs01.eugnor53.rio.com (66.178.174.54)  13.843 ms  12.542 ms  14.531 ms
6  g0-3.cr01.eugnor53.rio.com (66.178.174.57)  14.633 ms  14.469 ms  12.545 ms
7  Ge0-2.cr01.ptldorpb.rio.com (66.178.128.238)  16.202 ms  15.716 ms  15.572 ms
8  Ge2-0.br01.ptldorpb.rio.com (66.178.145.93)  15.507 ms  16.209 ms  17.834 ms
9  216.110.207.237 (216.110.207.237)  17.383 ms  16.876 ms  142.833 ms
10  216.110.192.210 (216.110.192.210)  18.506 ms  17.538 ms  17.446 ms
11  198.32.195.34 (198.32.195.34)  82.822 ms  33.606 ms  33.565 ms
12  209.85.250.146 (209.85.250.146)  37.210 ms  43.639 ms  35.402 ms
13  216.239.48.165 (216.239.48.165)  37.333 ms  35.780 ms  35.140 ms
14  72.14.232.70 (72.14.232.70)  48.633 ms  35.545 ms 72.14.232.2 (72.14.232.2)  45.002 ms
15  74.125.53.100 (74.125.53.100)  36.902 ms  43.691 ms  36.059 ms

But here's where it gets bizarre:

On B:

root@roadtrekAP:/etc/config# ping rio.com
PING rio.com (66.178.169.141): 56 data bytes
64 bytes from 66.178.169.141: seq=0 ttl=55 time=15.204 ms
64 bytes from 66.178.169.141: seq=1 ttl=55 time=16.536 ms

So I can resolve names close to me, but further away fails:

root@roadtrekAP:/etc/config# ping www.google.com
ping: bad address 'www.google.com'

But A can resolve it just fine:

root@roadtrek:~# ping google.com
PING google.com (74.125.45.100): 56 data bytes
64 bytes from 74.125.45.100: seq=0 ttl=40 time=107.954 ms
64 bytes from 74.125.45.100: seq=1 ttl=40 time=107.303 ms

Any idea what is going on?

Post #2
cptdondo
19 Oct 2009, 03:02

Never mind.  Must have been some "feature" of the internet.  A beer truck hit a telephone pole or something.  It all works now....  Go figure.

Post #3
cptdondo
19 Oct 2009, 16:22

HAH! The problem came back.  Turned out that one of the nameservers in the rotation refused to do recursive lookups, so evey so ofthen the lookup would fail.  I've taken it out and all is well.  Why it only refused to do this on behalf of this one box and not the other DNS server on the network is a mystery.

The discussion might have continued from here.