0

Using DD-WRT, dnsmasq seems to be failing to correctly resolve hosts, and I can not understand why.

root@gcs:~# cat /etc/resolv.conf
nameserver 192.168.1.1

root@gcs:~# cat /tmp/dnsmasq.conf
...
dhcp-option=6,10.3.4.10,10.4.4.10

root@gcs:~# nslookup mclarkdev.com
nslookup: can't resolve '(null)'
nslookup: can't resolve 'mclarkdev.com'

root@gcs:~# nslookup mclarkdev.com 10.3.4.10
Server:    10.3.4.10
Address 1: 10.3.4.10

nslookup: can't resolve 'mclarkdev.com'

root@gcs:~# ping 10.3.4.10
PING 10.3.4.10 (10.3.4.10): 56 data bytes
64 bytes from 10.3.4.10: seq=0 ttl=63 time=0.777 ms

But from a device on the host network, things resolve as expected:

Matt Clark@framework ~
$ nslookup mclarkdev.com 10.3.4.10
Server:  ns3.r3.mclarkdev.com
Address:  10.3.4.10

Name:    mclarkdev.com
Address:  10.3.68.100

Inspecting the upstream DNS server (10.3.4.10), I can see the request, however this still results in the failure.

Jan 31 17:37:10 ns3.r3.mclarkdev.com named[115329]: queries: info: client @0x7ffa4aeb08d0 10.3.111.155#51618 (mclarkdev.com): query: mclarkdev.com IN A + (10.3.4.10)

This is using all default options on DD-WRT, except the overridden DNS server (option 6).

Is there something I am missing here? Why can I not resolve anything via dnsmasq?

Matt Clark
  • 685
  • 1
  • 10
  • 26
  • are you saying that `dnsmasq` on `10.3.4.10` is the failure point? – Jaromanda X Feb 01 '23 at 06:32
  • As you can see on https://dnsviz.net/d/mclarkdev.com/Y9p_Pw/dnssec/ this domain is not configured correctly, the nameservers do not reply over TCP which is a fatal error. This needs to be fixed before anything else as it will produce random DNS errors. This is a typical error done by people thinking that DNS is only over UDP, which is false, it is ALWAYS over UDP **AND** TCP. – Patrick Mevzek Feb 01 '23 at 15:05

0 Answers0