• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Dnsmasq - Ignoring query from non-local network

Scheduled Pinned Locked Moved DHCP and DNS
9 Posts 6 Posters 8.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bheinsius
    last edited by Aug 18, 2016, 9:22 PM

    Hi,

    Last week i updated to 2.3.2-RELEASE (amd64) built on Wed Jul 20 10:29:55 CDT 2016 FreeBSD 10.3-RELEASE-p5

    When i connect using openvpn, dns does not work anymore from the openvpn client.
    From Status/System Logs/System/DNS Resolver:

    Aug 18 23:07:18 dnsmasq 3814 Ignoring query from non-local network

    In pfSense DNS Forwarder options i have Interfaces set to All.

    Any ideas on how to fix this?

    regards,
    Bart H

    1 Reply Last reply Reply Quote 0
    • R
      richardd
      last edited by Aug 19, 2016, 9:18 AM

      I have the same problem after updating to pfSense 2.3.2. The workaround I found is to manually select all interfaces instead of 'All'.

      1 Reply Last reply Reply Quote 0
      • B
        bheinsius
        last edited by Aug 19, 2016, 12:31 PM

        thanks i have created a support ticket https://redmine.pfsense.org/issues/6730

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Aug 19, 2016, 2:15 PM

          Looks like this is due to /usr/local/etc/dnsmasq.conf being present. We don't use that or create it, but it is there and being read by dnsmasq and it contains an option causing this behavior ("local-service").

          I pushed a commit to pass "-C /dev/null" to dnsmasq when starting so it will ignore that dummy config file.

          If you remove /usr/local/etc/dnsmasq.conf and restart dnsmasq it will work, or apply that commit as a patch.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • P
            piwwo
            last edited by Sep 1, 2016, 8:16 AM

            I uncommented it, would that be enough or will pfsense web configurator overwrite it again?

            1 Reply Last reply Reply Quote 0
            • J
              jimp Rebel Alliance Developer Netgate
              last edited by Sep 1, 2016, 11:45 AM

              Uncommented what? Where?

              This behavior has been corrected in the repository for any potential next release, so next upgrade will be OK, so it won't matter if your change gets reverted.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • Q
                Quada
                last edited by Sep 5, 2016, 4:28 PM

                Removing dnsmasq.conf did not work for me. Manually selecting the interfaces instead of "all" also didn't work for me.  After making these two changes I am no longer getting the query error message in the DNS resolver logs but my OVPN clients are still not able to use the DNS forwarder.  Any other suggestions?  Like others, this just started happening after upgrading to 2.3.2.

                1 Reply Last reply Reply Quote 0
                • J
                  jimp Rebel Alliance Developer Netgate
                  last edited by Sep 6, 2016, 5:58 PM

                  @Quada:

                  Removing dnsmasq.conf did not work for me. Manually selecting the interfaces instead of "all" also didn't work for me.  After making these two changes I am no longer getting the query error message in the DNS resolver logs but my OVPN clients are still not able to use the DNS forwarder.  Any other suggestions?  Like others, this just started happening after upgrading to 2.3.2.

                  Then your problem is unrelated to this beyond the changes you've already made. Start a new thread for the remaining issue.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • J
                    johnpoz LAYER 8 Global Moderator
                    last edited by Sep 6, 2016, 7:02 PM

                    so I do not normally use dnsmasq, I use the resolver (unbound).  But I turned resolver off, and turned on dnsmasq (forwarder) and created a host overrride of test.pfdnsmasq.for and it resolves just fine from openvpn connection.

                    
                    C:\>dig test.pfdnsmasq.for
                    
                    ; <<>> DiG 9.10.4-P2 <<>> test.pfdnsmasq.for
                    ;; global options: +cmd
                    ;; Got answer:
                    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16481
                    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
                    
                    ;; OPT PSEUDOSECTION:
                    ; EDNS: version: 0, flags:; udp: 4096
                    ;; QUESTION SECTION:
                    ;test.pfdnsmasq.for.            IN      A
                    
                    ;; ANSWER SECTION:
                    test.pfdnsmasq.for.     1       IN      A       10.0.0.1
                    
                    ;; Query time: 118 msec
                    ;; SERVER: 192.168.9.253#53(192.168.9.253)
                    ;; WHEN: Tue Sep 06 14:02:12 Central Daylight Time 2016
                    ;; MSG SIZE  rcvd: 63
                    
                    

                    You can see here my vpn connection

                    
                    Ethernet adapter Local Area Connection:
                    
                       Connection-specific DNS Suffix  . : local.lan
                       Description . . . . . . . . . . . : TAP-Windows Adapter V9
                       Physical Address. . . . . . . . . : 00-FF-EE-16-B9-3C
                       DHCP Enabled. . . . . . . . . . . : Yes
                       Autoconfiguration Enabled . . . . : Yes
                       Link-local IPv6 Address . . . . . : fe80::fd9b:6799:7fc9:2969%23(Preferred)
                       IPv4 Address. . . . . . . . . . . : 10.0.8.100(Preferred)
                       Subnet Mask . . . . . . . . . . . : 255.255.255.0
                       Lease Obtained. . . . . . . . . . : Tuesday, September 06, 2016 11:36:22 AM
                       Lease Expires . . . . . . . . . . : Wednesday, September 06, 2017 11:36:21 AM
                       Default Gateway . . . . . . . . . :
                       DHCP Server . . . . . . . . . . . : 10.0.8.254
                       DHCPv6 IAID . . . . . . . . . . . : 369164270
                       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-4C-CA-26-3C-97-0E-99-DF-75
                       DNS Servers . . . . . . . . . . . : 192.168.9.253
                       NetBIOS over Tcpip. . . . . . . . : Enabled
                    
                    

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received