[opensuse] Too many DNS queries
Hi, I see every few minutes this in the log: <3.4> 2017-01-08 03:45:55 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 03:51:49 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 03:55:55 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 04:01:49 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 04:06:49 minas-tirith dnsmasq 2962 - - message repeated 2 times: [ Maximum number of concurrent DNS queries reached (max: 150)] <3.4> 2017-01-08 04:09:19 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 04:09:48 minas-tirith dnsmasq 2962 - - message repeated 3 times: [ Maximum number of concurrent DNS queries reached (max: 150)] The machine is a laptop, idling, with Leap 42.2 recently upgraded from 13.1. I have no idea where to look for culprits. :-? -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith))
On 01/07/2017 07:23 PM, Carlos E. R. wrote:
Hi,
I see every few minutes this in the log:
<3.4> 2017-01-08 03:45:55 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 03:51:49 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 03:55:55 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 04:01:49 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 04:06:49 minas-tirith dnsmasq 2962 - - message repeated 2 times: [ Maximum number of concurrent DNS queries reached (max: 150)] <3.4> 2017-01-08 04:09:19 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 04:09:48 minas-tirith dnsmasq 2962 - - message repeated 3 times: [ Maximum number of concurrent DNS queries reached (max: 150)]
The machine is a laptop, idling, with Leap 42.2 recently upgraded from 13.1.
I have no idea where to look for culprits. :-?
Malware infection? I once had a compromised Internet-facing server that flagged itself by making excessive DNS queries to Google. Are there any additional dnsmasq log entries? Maybe turn on log-queries and see what it's doing? Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-01-08 05:00, Lew Wolfgang wrote:
On 01/07/2017 07:23 PM, Carlos E. R. wrote:
Hi,
I see every few minutes this in the log:
<3.4> 2017-01-08 03:45:55 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 03:51:49 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 03:55:55 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 04:01:49 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 04:06:49 minas-tirith dnsmasq 2962 - - message repeated 2 times: [ Maximum number of concurrent DNS queries reached (max: 150)] <3.4> 2017-01-08 04:09:19 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 04:09:48 minas-tirith dnsmasq 2962 - - message repeated 3 times: [ Maximum number of concurrent DNS queries reached (max: 150)]
The machine is a laptop, idling, with Leap 42.2 recently upgraded from 13.1.
I have no idea where to look for culprits. :-?
Malware infection? I once had a compromised Internet-facing server that flagged itself by making excessive DNS queries to Google.
But it is not facing Internet. And the occurrences are rhythmic, not continuous.
Are there any additional dnsmasq log entries? Maybe turn on log-queries and see what it's doing?
No, the entries are those of above, but many more. Good idea, I'll see about log verbosity. I have just switched on the laptop and see no occurrences yet. # For debugging purposes, log each DNS query as it passes through # dnsmasq. log-queries I tried the setting with "host google.es", and it happened: <3.6> 2017-01-08 17:23:33 minas-tirith systemd 1 - - Reloading DNS caching server.. <3.6> 2017-01-08 17:23:33 minas-tirith systemd 1 - - Reloaded DNS caching server.. <3.6> 2017-01-08 17:23:33 minas-tirith dnsmasq 2962 - - read /etc/hosts - 20 addresses <3.6> 2017-01-08 17:24:01 minas-tirith systemd 1 - - Stopping DNS caching server.... <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 2962 - - exiting on receipt of SIGTERM <3.6> 2017-01-08 17:24:01 minas-tirith systemd 1 - - Stopped DNS caching server.. <3.6> 2017-01-08 17:24:01 minas-tirith systemd 1 - - Starting DNS caching server.... <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3576 - - dnsmasq: syntax check OK. <3.6> 2017-01-08 17:24:01 minas-tirith systemd 1 - - Started DNS caching server.. <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - started, version 2.71 cachesize 2000 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - compile time options: IPv6 GNU-getopt no-DBus i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - DBus support enabled: connected to system bus <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - asynchronous logging enabled, queue limit is 5 messages <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.4.4#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.8.8#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - reading /etc/resolv.conf <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.4.4#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.8.8#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 127.1.1.1#53 <3.4> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - ignoring nameserver ::1 - local interface <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - read /etc/hosts - 20 addresses <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 ... <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.4> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - Maximum number of concurrent DNS queries reached (max: 150) <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - cached google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - message repeated 6 times: [ reply google.es is 216.58.211.227] <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - message repeated 14 times: [ reply google.es is 216.58.211.227] <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - message repeated 111 times: [ reply google.es is 216.58.211.227] and later: <10.6> 2017-01-08 17:25:10 minas-tirith sshd 3773 - - pam_unix(sshd:session): session opened for user cer by (uid=0) <4.6> 2017-01-08 17:25:10 minas-tirith systemd-logind 2211 - - New session 74 of user cer. <3.6> 2017-01-08 17:25:10 minas-tirith systemd 1 - - Started Session 74 of user cer. <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 8.8.4.4 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 8.8.8.8 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 ... <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.4> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - Maximum number of concurrent DNS queries reached (max: 150) <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - cached conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 8.8.4.4 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - cached conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - cached hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 What is going on? -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
08.01.2017 19:30, Carlos E. R. пишет: ...
<3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.4.4#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.8.8#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 127.1.1.1#53
So you are using local dnsmasq and point it to itself?
<3.4> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - ignoring nameserver ::1 - local interface <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - read /etc/hosts - 20 addresses <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1
You have loop here. ...
<3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1
This is NetworkManager connectivity check. P.S. I hope I trimmed enough to avoid Linda's rage again ...
On 2017-01-08 18:42, Andrei Borzenkov wrote:
08.01.2017 19:30, Carlos E. R. пишет: ...
<3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.4.4#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.8.8#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 127.1.1.1#53
So you are using local dnsmasq and point it to itself?
No that I know. minas-tirith:~ # cat /etc/resolv.conf # Generated by NetworkManager search valinor nameserver 127.1.1.1 nameserver ::1 minas-tirith:~ # I tell the computer to resolv using localhost, I think this is correct. And dnsmasq does the solving: /etc/dnsmasq.conf: # Add other name servers here, with domain specs if they are for # non-public domains. #server=/localnet/192.168.0.1 server=8.8.8.8 server=8.8.4.4 This is the same configuration I had for years.
<3.4> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - ignoring nameserver ::1 - local interface <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - read /etc/hosts - 20 addresses <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1
You have loop here.
Yes, but where?
...
<3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1
This is NetworkManager connectivity check.
Yes, I though so.
P.S. I hope I trimmed enough to avoid Linda's rage again ...
:-) -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
08.01.2017 20:50, Carlos E. R. пишет: ...
You have loop here.
Yes, but where?
<3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - reading /etc/resolv.conf <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.4.4#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.8.8#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 127.1.1.1#53
See -r and -R options of dnsmasq.
On 2017-01-08 18:56, Andrei Borzenkov wrote:
08.01.2017 20:50, Carlos E. R. пишет: ...
You have loop here.
Yes, but where?
<3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - reading /etc/resolv.conf <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.4.4#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.8.8#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 127.1.1.1#53
See -r and -R options of dnsmasq.
-r, --resolv-file=<file> Read the IP addresses of the upstream nameservers from <file>, instead of /etc/resolv.conf. For the format of this file see resolv.conf(5). The only lines relevant to dnsmasq are sameserver ones. Dnsmasq can be told to poll more than one resolv.conf file, the first file name specified overrides the default, subsequent ones add to the list. This is only allowed when polling; the file with the currently latest modification time is the one used. -R, --no-resolv Don't read /etc/resolv.conf. Get upstream servers only from the command line or the dnsmasq configuration file. Ah, interesting, thanks. I would then use the configuration file option: # If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #no-resolv because a command line option means altering the systemd config file. Otherwise, what would be the correct method of configuring dnsmasq? The /etc/resolv file has to point to the local server, and the local server has to know the address of the upstream relay. For instance, network manager likes to modify the /etc/resolv.conf file, perhaps with upstream servers. These may change per connection, specially for a laptop. But this can not be allowed when one is using dnsmasq, it has to point always to localhost. Instead one has to configure the remote upstream servers as fixed in /etc/dnsmasq.conf, independent of the network the machine is connected at the time. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Carlos E. R. wrote:
-r, --resolv-file=<file>
Read the IP addresses of the upstream nameservers from <file>, instead of /etc/resolv.conf. For the format of this file see resolv.conf(5). The only lines relevant to dnsmasq are sameserver ones. Dnsmasq can be told to poll more than one resolv.conf file, the first file name specified overrides the default, subsequent ones add to the list. This is only allowed when polling; the file with the currently latest modification time is the one used.
-R, --no-resolv Don't read /etc/resolv.conf. Get upstream servers only from the command line or the dnsmasq configuration file.
Ah, interesting, thanks.
I would then use the configuration file option:
# If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #no-resolv
because a command line option means altering the systemd config file. Otherwise, what would be the correct method of configuring dnsmasq?
Sounds like one of these: a) /etc/dnsmasq.conf (or whatever it is) b) /etc/sysconfig/dnsmasq, c) a systemd drop-in.
The /etc/resolv file has to point to the local server, and the local server has to know the address of the upstream relay.
For instance, network manager likes to modify the /etc/resolv.conf file, perhaps with upstream servers. These may change per connection, specially for a laptop. But this can not be allowed when one is using dnsmasq, it has to point always to localhost.
Either this is a normal usage scenario with a standard solution, or you're using dnsmasq in an unusual setting. -- Per Jessen, Zürich (-2.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-01-09 08:12, Per Jessen wrote:
Carlos E. R. wrote:
-r, --resolv-file=<file>
Read the IP addresses of the upstream nameservers from <file>, instead of /etc/resolv.conf. For the format of this file see resolv.conf(5). The only lines relevant to dnsmasq are sameserver ones. Dnsmasq can be told to poll more than one resolv.conf file, the first file name specified overrides the default, subsequent ones add to the list. This is only allowed when polling; the file with the currently latest modification time is the one used.
-R, --no-resolv Don't read /etc/resolv.conf. Get upstream servers only from the command line or the dnsmasq configuration file.
Ah, interesting, thanks.
I would then use the configuration file option:
# If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #no-resolv
because a command line option means altering the systemd config file. Otherwise, what would be the correct method of configuring dnsmasq?
Sounds like one of these: a) /etc/dnsmasq.conf (or whatever it is) b) /etc/sysconfig/dnsmasq, c) a systemd drop-in.
Yes, I'm using 'a' now.
The /etc/resolv file has to point to the local server, and the local server has to know the address of the upstream relay.
For instance, network manager likes to modify the /etc/resolv.conf file, perhaps with upstream servers. These may change per connection, specially for a laptop. But this can not be allowed when one is using dnsmasq, it has to point always to localhost.
Either this is a normal usage scenario with a standard solution, or you're using dnsmasq in an unusual setting.
Yes, my question is what would be the proper configuration in the usual setting. Usual (trivial) setting: use dnsmasq to cache dns searches for one machine only. 2) same, for local network. (2) basically means open the firewall for queries. It is clear that when I read the documentation and configured it (1), I did it wrong, and the same wrong setting has been applied to all my machines. But that has only been detected now because of the error message on one machine. Maybe dnsmasq was previously more tolerant, or it had code to patch/ignore the loop somehow. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Carlos E. R. wrote:
The /etc/resolv file has to point to the local server, and the local server has to know the address of the upstream relay.
For instance, network manager likes to modify the /etc/resolv.conf file, perhaps with upstream servers. These may change per connection, specially for a laptop. But this can not be allowed when one is using dnsmasq, it has to point always to localhost.
Either this is a normal usage scenario with a standard solution, or you're using dnsmasq in an unusual setting.
Yes, my question is what would be the proper configuration in the usual setting.
Usual (trivial) setting: use dnsmasq to cache dns searches for one machine only.
Just thinking out loud - isn't that what nscd does too? Every call to the resolver tries nscd first. -- Per Jessen, Zürich (0.4°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-01-09 16:02, Per Jessen wrote:
Carlos E. R. wrote:
Usual (trivial) setting: use dnsmasq to cache dns searches for one machine only.
Just thinking out loud - isn't that what nscd does too? Every call to the resolver tries nscd first.
Well, apparently dnsmasq is more effective. Caches more entries and longer. Often I disable nscd. Also, dnsmasq reads the hosts file and adds entries in it as if done by a dns server, with both direct and reverse resolution. Once I allow the local network, these are available to local machines with a simple /etc/hosts, easier than using bind with it complex syntax. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Carlos E. R. wrote:
On 2017-01-09 16:02, Per Jessen wrote:
Carlos E. R. wrote:
Usual (trivial) setting: use dnsmasq to cache dns searches for one machine only.
Just thinking out loud - isn't that what nscd does too? Every call to the resolver tries nscd first.
Well, apparently dnsmasq is more effective. Caches more entries and longer. Often I disable nscd.
Okay - whoever does the caching should adhere to the TTL from DNS, but I guess dnsmasq could be "more efficient". I never had any reason to play with it. -- Per Jessen, Zürich (-0.2°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-01-09 19:35, Per Jessen wrote:
Carlos E. R. wrote:
On 2017-01-09 16:02, Per Jessen wrote:
Carlos E. R. wrote:
Usual (trivial) setting: use dnsmasq to cache dns searches for one machine only.
Just thinking out loud - isn't that what nscd does too? Every call to the resolver tries nscd first.
Well, apparently dnsmasq is more effective. Caches more entries and longer. Often I disable nscd.
Okay - whoever does the caching should adhere to the TTL from DNS, but I guess dnsmasq could be "more efficient". I never had any reason to play with it.
I always used bind as cache server (the default configuration) because it speedied things when using a modem. Dnsmasq is far easier to use. Whether this still happens with a fast Internet connection, I don't know. It would be interesting to have a comparison, and include nscd in the mix. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Carlos E. R. wrote:
On 2017-01-09 19:35, Per Jessen wrote:
Carlos E. R. wrote:
On 2017-01-09 16:02, Per Jessen wrote:
Carlos E. R. wrote:
Usual (trivial) setting: use dnsmasq to cache dns searches for one machine only.
Just thinking out loud - isn't that what nscd does too? Every call to the resolver tries nscd first.
Well, apparently dnsmasq is more effective. Caches more entries and longer. Often I disable nscd.
Okay - whoever does the caching should adhere to the TTL from DNS, but I guess dnsmasq could be "more efficient". I never had any reason to play with it.
I always used bind as cache server (the default configuration) because it speedied things when using a modem. Dnsmasq is far easier to use.
Yeah, bind is running here anyway, so that caches things too, nscd just takes a little load off it. If you have an upstream bind, they will also be caching.
Whether this still happens with a fast Internet connection, I don't know. It would be interesting to have a comparison, and include nscd in the mix.
A bit of an academic exercise, nscd is reached by local socket, anything that involves network traffic will be slower. Whatever the difference, it'll be a contrived situation with little or no bearing on reality. :-) -- Per Jessen, Zürich (-0.6°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
09.01.2017 01:34, Carlos E. R. пишет:
Otherwise, what would be the correct method of configuring dnsmasq? The
You know very well that the answer is "it depends".
/etc/resolv file has to point to the local server, and the local server has to know the address of the upstream relay.
NetworkManager can do it for you automatically.
For instance, network manager likes to modify the /etc/resolv.conf file, perhaps with upstream servers. These may change per connection, specially for a laptop. But this can not be allowed when one is using dnsmasq, it has to point always to localhost.
Then tell NM to manage dnsmasq and do not start it manually. You get exactly the desired behavior you describe above.
Instead one has to configure the remote upstream servers as fixed in /etc/dnsmasq.conf, independent of the network the machine is connected at the time.
Well, you can also tell your dnsmasq to use resolv.conf generated by NM and tell NM to not update system-wide resolv.conf. There is more than one way to skin a cat ...
On 2017-01-09 18:18, Andrei Borzenkov wrote:
09.01.2017 01:34, Carlos E. R. пишет:
Otherwise, what would be the correct method of configuring dnsmasq? The
You know very well that the answer is "it depends".
/etc/resolv file has to point to the local server, and the local server has to know the address of the upstream relay.
NetworkManager can do it for you automatically.
Yes, that is what I was and I am doing.
For instance, network manager likes to modify the /etc/resolv.conf file, perhaps with upstream servers. These may change per connection, specially for a laptop. But this can not be allowed when one is using dnsmasq, it has to point always to localhost.
Then tell NM to manage dnsmasq and do not start it manually. You get exactly the desired behavior you describe above.
Tell NM do manage dnsmasq? How?
Instead one has to configure the remote upstream servers as fixed in /etc/dnsmasq.conf, independent of the network the machine is connected at the time.
Well, you can also tell your dnsmasq to use resolv.conf generated by NM and tell NM to not update system-wide resolv.conf.
There is more than one way to skin a cat ...
Unless NM can generate a differently named resolv.conf file, I don't see how. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
09.01.2017 20:42, Carlos E. R. пишет:
On 2017-01-09 18:18, Andrei Borzenkov wrote:
09.01.2017 01:34, Carlos E. R. пишет:
Otherwise, what would be the correct method of configuring dnsmasq? The
You know very well that the answer is "it depends".
/etc/resolv file has to point to the local server, and the local server has to know the address of the upstream relay.
NetworkManager can do it for you automatically.
Yes, that is what I was and I am doing.
For instance, network manager likes to modify the /etc/resolv.conf file, perhaps with upstream servers. These may change per connection, specially for a laptop. But this can not be allowed when one is using dnsmasq, it has to point always to localhost.
Then tell NM to manage dnsmasq and do not start it manually. You get exactly the desired behavior you describe above.
Tell NM do manage dnsmasq? How?
Have you tried "man NetworkManager.conf"? bor@bor-Latitude-E5450:~/src/NetworkManager$ grep dns /etc/NetworkManager/NetworkManager.conf dns=dnsmasq
Instead one has to configure the remote upstream servers as fixed in /etc/dnsmasq.conf, independent of the network the machine is connected at the time.
Well, you can also tell your dnsmasq to use resolv.conf generated by NM and tell NM to not update system-wide resolv.conf.
There is more than one way to skin a cat ...
Unless NM can generate a differently named resolv.conf file, I don't see how.
Sorry, I was wrong here, this was added in NM 1.2.0, Leap has 1.0.x still.
On 2017-01-09 19:26, Andrei Borzenkov wrote:
09.01.2017 20:42, Carlos E. R. пишет:
Tell NM do manage dnsmasq? How?
Have you tried "man NetworkManager.conf"?
bor@bor-Latitude-E5450:~/src/NetworkManager$ grep dns /etc/NetworkManager/NetworkManager.conf dns=dnsmasq
No, I haven't. I don't usually read the man for a GUI program. I only use the GUI :-)) Ok, I'll have a look at it.
Unless NM can generate a differently named resolv.conf file, I don't see how.
Sorry, I was wrong here, this was added in NM 1.2.0, Leap has 1.0.x still.
Oh, pity. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
participants (4)
-
Andrei Borzenkov -
Carlos E. R. -
Lew Wolfgang -
Per Jessen