Ahoj,
mam problem s padajicim dnsmasq na Debian 8.5 jessie. Dela mi DNS a DHCP pro asi 10 zarizeni v LAN.
Nekdy jede 2 dny v kuse, jindy 3x za den spadne.
Na hlidani pouzivam monit, takze mi vzdy prijde info mail o padu:
# cat /etc/monit/monitrc
check process dnsmasq with pidfile /var/run/dnsmasq.pid
start program = "/usr/sbin/dnsmasq --conf-dir=/etc/dnsmasq.d"
stop program = "/usr/bin/killall dnsmasq"
if failed
host 127.0.0.1
port 53 use type udp
protocol dns
with timeout 10 seconds
then alert
Z monitu pak prijde mail a dnsmasq se znova nahodi:
Connection failed Service dnsmasq
Date: Sat, 03 Sep 2016 09:12:24
Action: alert
Host: localhost
Description: failed protocol test [DNS] at INET[127.0.0.1:53] via UDP -- DNS: error receiving response -- Resource temporarily unavailable
Your faithful employee,
Monit
Otazka zni, proc se to deje. Zkousel jsem v dnsmasq zapnout co nejvice logovani:
log-dhcp
log-queries
log-facility=/var/log/dnsmasq
ale, v dobe padu jsou jen bezne DNS dotazy:
Sep 3 09:11:31 dnsmasq[19979]: forwarded play.googleapis.com to 8.8.8.8
Sep 3 09:11:31 dnsmasq[19979]: dnssec-query[DS] play.googleapis.com to 8.8.8.8
Sep 3 09:11:31 dnsmasq[19979]: dnssec-query[DS] googleapis.com to 8.8.8.8
Sep 3 09:11:31 dnsmasq[19979]: validation result is INSECURE
Sep 3 09:11:31 dnsmasq[19979]: reply play.googleapis.com is <CNAME>
Sep 3 09:11:31 dnsmasq[19979]: reply googleapis.l.google.com is 216.58.214.202
Sep 3 09:11:31 dnsmasq[19979]: reply googleapis.l.google.com is 216.58.214.234
Sep 3 09:11:31 dnsmasq[19979]: reply googleapis.l.google.com is 216.58.209.170
Sep 3 09:11:32 dnsmasq[19979]: query[A] www.google.cz from 10.123.1.103
Sep 3 09:11:32 dnsmasq[19979]: forwarded www.google.cz to 8.8.8.8
Sep 3 09:11:32 dnsmasq[19979]: dnssec-query[DS] www.google.cz to 8.8.8.8
Sep 3 09:11:32 dnsmasq[19979]: dnssec-query[DS] google.cz to 8.8.8.8
Sep 3 09:11:32 dnsmasq[19979]: dnssec-query[DS] baidu.com to 8.8.8.8
Sep 3 09:11:32 dnsmasq[19979]: validation result is INSECURE
Sep 3 09:11:32 dnsmasq[19979]: reply dxp.baidu.com is <CNAME>
Sep 3 09:11:32 dnsmasq[19979]: reply dxp.e.shifen.com is 202.108.23.24
Sep 3 09:11:32 dnsmasq[19979]: validation result is INSECURE
Sep 3 09:11:32 dnsmasq[19979]: reply www.google.cz is 172.217.18.67
Sep 3 09:11:34 dnsmasq[19979]: query[A] android.googleapis.com from 10.123.1.103
Sep 3 09:11:34 dnsmasq[19979]: forwarded android.googleapis.com to 8.8.8.8
Sep 3 09:11:35 dnsmasq[19979]: dnssec-query[DS] android.googleapis.com to 8.8.8.8
Sep 3 09:11:35 dnsmasq[19979]: dnssec-query[DS] googleapis.com to 8.8.8.8
Sep 3 09:11:35 dnsmasq[19979]: validation result is INSECURE
Sep 3 09:11:35 dnsmasq[19979]: reply android.googleapis.com is <CNAME>
Sep 3 09:11:35 dnsmasq[19979]: reply googleapis.l.google.com is 216.58.209.202
Sep 3 09:11:35 dnsmasq[19979]: reply googleapis.l.google.com is 216.58.214.202
Sep 3 09:11:35 dnsmasq[19979]: reply googleapis.l.google.com is 216.58.214.234
Sep 3 09:11:46 dnsmasq[19979]: query[A] portal.fb.com from 10.123.1.100
Sep 3 09:11:46 dnsmasq[19979]: cached portal.fb.com is <CNAME>
Sep 3 09:11:46 dnsmasq[19979]: forwarded portal.fb.com to 8.8.8.8
Sep 3 09:11:46 dnsmasq[19979]: validation result is INSECURE
Sep 3 09:11:46 dnsmasq[19979]: reply portal.fb.com is <CNAME>
Sep 3 09:11:46 dnsmasq[19979]: reply star.c10r.facebook.com is 31.13.93.3
Sep 3 09:11:49 dnsmasq[19979]: query[A] data.flurry.com from 10.123.1.103
Sep 3 09:11:49 dnsmasq[19979]: cached data.flurry.com is <CNAME>
Sep 3 09:11:49 dnsmasq[19979]: forwarded data.flurry.com to 8.8.8.8
Sep 3 09:11:49 dnsmasq[19979]: validation result is INSECURE
Sep 3 09:11:49 dnsmasq[19979]: reply data.flurry.com is <CNAME>
Sep 3 09:11:49 dnsmasq[19979]: reply flurry.agentportal.prod.g04.yahoodns.net is 74.6.34.30
Sep 3 09:11:52 dnsmasq[19979]: query[A] www.gstatic.com from 10.123.1.103
Sep 3 09:11:52 dnsmasq[19979]: forwarded www.gstatic.com to 8.8.8.8
Sep 3 09:11:52 dnsmasq[19979]: dnssec-query[DS] www.gstatic.com to 8.8.8.8
Sep 3 09:11:52 dnsmasq[19979]: dnssec-query[DS] gstatic.com to 8.8.8.8
Sep 3 09:11:52 dnsmasq[19979]: validation result is INSECURE
Sep 3 09:11:52 dnsmasq[19979]: reply www.gstatic.com is 172.217.16.99
Sep 3 09:12:04 dnsmasq[19979]: query[A] openrcv.baidu.com from 10.123.1.103
Sep 3 09:12:04 dnsmasq[19979]: forwarded openrcv.baidu.com to 8.8.8.8
Sep 3 09:12:04 dnsmasq[19979]: dnssec-query[DS] openrcv.baidu.com to 8.8.8.8
Sep 3 09:12:05 dnsmasq[19979]: dnssec-query[DS] baidu.com to 8.8.8.8
Sep 3 09:12:05 dnsmasq[19979]: validation result is INSECURE
Sep 3 09:12:05 dnsmasq[19979]: reply openrcv.baidu.com is <CNAME>
Sep 3 09:12:05 dnsmasq[19979]: reply openrcv.e.shifen.com is 111.202.114.38
Sep 3 09:12:21 dnsmasq[19979]: query[A] r4---sn-2gb7ln7e.gvt1.com from 10.123.1.103
Sep 3 09:12:21 dnsmasq[19979]: forwarded r4---sn-2gb7ln7e.gvt1.com to 8.8.8.8
Sep 3 09:12:21 dnsmasq[19979]: dnssec-query[DS] r4---sn-2gb7ln7e.gvt1.com to 8.8.8.8
Sep 3 09:12:21 dnsmasq[19979]: dnssec-query[DS] gvt1.com to 8.8.8.8
Sep 3 09:12:21 dnsmasq[19979]: validation result is INSECURE
Sep 3 09:12:21 dnsmasq[19979]: reply r4---sn-2gb7ln7e.gvt1.com is <CNAME>
Sep 3 09:12:21 dnsmasq[19979]: reply r4.sn-2gb7ln7e.gvt1.com is 173.194.10.9
Sep 3 09:12:23 dnsmasq[19979]: query[NS] . from 127.0.0.1
Sep 3 09:12:23 dnsmasq[19979]: forwarded . to 8.8.8.8
Tady jsou me konfiguraky:
#___________________________________________________________
# cat dnsmasq.conf
no-resolv
no-hosts
port=53
bind-interfaces
pid-file=/var/run/dnsmasq.pid
no-dhcp-interface=
listen-address=0.0.0.0
server=8.8.8.8
domain=lan
local=/lan/
local=/123.10.in-addr.arpa/
expand-hosts
domain-needed
bogus-priv
addn-hosts=/etc/dnsmasq.d/dnsmasq.hosts
conf-file=/etc/dnsmasq.d/dnsmasq.dns_zaznamy
dnssec
dnssec-check-unsigned
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
# https://blog.nic.cz/2014/05/15/validace-dnssec-pomoci-dnsmasq/
#___________________________________________________________
# cat /etc/dnsmasq.d/dnsmasq.hosts
#redirect:
#10.123.1.1 server.lan
#___________________________________________________________
# cat /etc/dnsmasq.d/dnsmasq.dns_zaznamy
#-----------
address=/moje.domena.cz/10.123.1.1
address=/server.lan/10.123.1.1
address=/pc.lan/10.123.1.10
#-----------
cname=*.server,server
cname=*.pc,pc
#-----------
ptr-record=1.1.123.10.in-addr.arpa.,server.lan
ptr-record=10.1.123.10.in-addr.arpa.,pc.lan
#-----------
#___________________________________________________________
Mate nekdo tuseni, co delam spatne? A hlavne jak to spravit. Zkousel jsem googlit, ale asi spatne.