Dnsmasq - Ignoring query from non-local network
-
Hi,
Last week i updated to 2.3.2-RELEASE (amd64) built on Wed Jul 20 10:29:55 CDT 2016 FreeBSD 10.3-RELEASE-p5
When i connect using openvpn, dns does not work anymore from the openvpn client.
From Status/System Logs/System/DNS Resolver:Aug 18 23:07:18 dnsmasq 3814 Ignoring query from non-local network
In pfSense DNS Forwarder options i have Interfaces set to All.
Any ideas on how to fix this?
regards,
Bart H -
I have the same problem after updating to pfSense 2.3.2. The workaround I found is to manually select all interfaces instead of 'All'.
-
thanks i have created a support ticket https://redmine.pfsense.org/issues/6730
-
Looks like this is due to /usr/local/etc/dnsmasq.conf being present. We don't use that or create it, but it is there and being read by dnsmasq and it contains an option causing this behavior ("local-service").
I pushed a commit to pass "-C /dev/null" to dnsmasq when starting so it will ignore that dummy config file.
If you remove /usr/local/etc/dnsmasq.conf and restart dnsmasq it will work, or apply that commit as a patch.
-
I uncommented it, would that be enough or will pfsense web configurator overwrite it again?
-
Uncommented what? Where?
This behavior has been corrected in the repository for any potential next release, so next upgrade will be OK, so it won't matter if your change gets reverted.
-
Removing dnsmasq.conf did not work for me. Manually selecting the interfaces instead of "all" also didn't work for me. After making these two changes I am no longer getting the query error message in the DNS resolver logs but my OVPN clients are still not able to use the DNS forwarder. Any other suggestions? Like others, this just started happening after upgrading to 2.3.2.
-
Removing dnsmasq.conf did not work for me. Manually selecting the interfaces instead of "all" also didn't work for me. After making these two changes I am no longer getting the query error message in the DNS resolver logs but my OVPN clients are still not able to use the DNS forwarder. Any other suggestions? Like others, this just started happening after upgrading to 2.3.2.
Then your problem is unrelated to this beyond the changes you've already made. Start a new thread for the remaining issue.
-
so I do not normally use dnsmasq, I use the resolver (unbound). But I turned resolver off, and turned on dnsmasq (forwarder) and created a host overrride of test.pfdnsmasq.for and it resolves just fine from openvpn connection.
C:\>dig test.pfdnsmasq.for ; <<>> DiG 9.10.4-P2 <<>> test.pfdnsmasq.for ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16481 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;test.pfdnsmasq.for. IN A ;; ANSWER SECTION: test.pfdnsmasq.for. 1 IN A 10.0.0.1 ;; Query time: 118 msec ;; SERVER: 192.168.9.253#53(192.168.9.253) ;; WHEN: Tue Sep 06 14:02:12 Central Daylight Time 2016 ;; MSG SIZE rcvd: 63You can see here my vpn connection
Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : local.lan Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-EE-16-B9-3C DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::fd9b:6799:7fc9:2969%23(Preferred) IPv4 Address. . . . . . . . . . . : 10.0.8.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Tuesday, September 06, 2016 11:36:22 AM Lease Expires . . . . . . . . . . : Wednesday, September 06, 2017 11:36:21 AM Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.0.8.254 DHCPv6 IAID . . . . . . . . . . . : 369164270 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-4C-CA-26-3C-97-0E-99-DF-75 DNS Servers . . . . . . . . . . . : 192.168.9.253 NetBIOS over Tcpip. . . . . . . . : Enabled