Dnsmasq - Ignoring query from non-local network



  • Hi,

    Last week i updated to 2.3.2-RELEASE (amd64) built on Wed Jul 20 10:29:55 CDT 2016 FreeBSD 10.3-RELEASE-p5

    When i connect using openvpn, dns does not work anymore from the openvpn client.
    From Status/System Logs/System/DNS Resolver:

    Aug 18 23:07:18 dnsmasq 3814 Ignoring query from non-local network

    In pfSense DNS Forwarder options i have Interfaces set to All.

    Any ideas on how to fix this?

    regards,
    Bart H



  • I have the same problem after updating to pfSense 2.3.2. The workaround I found is to manually select all interfaces instead of 'All'.



  • thanks i have created a support ticket https://redmine.pfsense.org/issues/6730


  • Rebel Alliance Developer Netgate

    Looks like this is due to /usr/local/etc/dnsmasq.conf being present. We don't use that or create it, but it is there and being read by dnsmasq and it contains an option causing this behavior ("local-service").

    I pushed a commit to pass "-C /dev/null" to dnsmasq when starting so it will ignore that dummy config file.

    If you remove /usr/local/etc/dnsmasq.conf and restart dnsmasq it will work, or apply that commit as a patch.



  • I uncommented it, would that be enough or will pfsense web configurator overwrite it again?


  • Rebel Alliance Developer Netgate

    Uncommented what? Where?

    This behavior has been corrected in the repository for any potential next release, so next upgrade will be OK, so it won't matter if your change gets reverted.



  • Removing dnsmasq.conf did not work for me. Manually selecting the interfaces instead of "all" also didn't work for me.  After making these two changes I am no longer getting the query error message in the DNS resolver logs but my OVPN clients are still not able to use the DNS forwarder.  Any other suggestions?  Like others, this just started happening after upgrading to 2.3.2.


  • Rebel Alliance Developer Netgate

    @Quada:

    Removing dnsmasq.conf did not work for me. Manually selecting the interfaces instead of "all" also didn't work for me.  After making these two changes I am no longer getting the query error message in the DNS resolver logs but my OVPN clients are still not able to use the DNS forwarder.  Any other suggestions?  Like others, this just started happening after upgrading to 2.3.2.

    Then your problem is unrelated to this beyond the changes you've already made. Start a new thread for the remaining issue.


  • Rebel Alliance Global Moderator

    so I do not normally use dnsmasq, I use the resolver (unbound).  But I turned resolver off, and turned on dnsmasq (forwarder) and created a host overrride of test.pfdnsmasq.for and it resolves just fine from openvpn connection.

    
    C:\>dig test.pfdnsmasq.for
    
    ; <<>> DiG 9.10.4-P2 <<>> test.pfdnsmasq.for
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16481
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;test.pfdnsmasq.for.            IN      A
    
    ;; ANSWER SECTION:
    test.pfdnsmasq.for.     1       IN      A       10.0.0.1
    
    ;; Query time: 118 msec
    ;; SERVER: 192.168.9.253#53(192.168.9.253)
    ;; WHEN: Tue Sep 06 14:02:12 Central Daylight Time 2016
    ;; MSG SIZE  rcvd: 63
    
    

    You can see here my vpn connection

    
    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . : local.lan
       Description . . . . . . . . . . . : TAP-Windows Adapter V9
       Physical Address. . . . . . . . . : 00-FF-EE-16-B9-3C
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::fd9b:6799:7fc9:2969%23(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.0.8.100(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Tuesday, September 06, 2016 11:36:22 AM
       Lease Expires . . . . . . . . . . : Wednesday, September 06, 2017 11:36:21 AM
       Default Gateway . . . . . . . . . :
       DHCP Server . . . . . . . . . . . : 10.0.8.254
       DHCPv6 IAID . . . . . . . . . . . : 369164270
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-4C-CA-26-3C-97-0E-99-DF-75
       DNS Servers . . . . . . . . . . . : 192.168.9.253
       NetBIOS over Tcpip. . . . . . . . : Enabled