Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dnsmasq - Ignoring query from non-local network

    Scheduled Pinned Locked Moved DHCP and DNS
    9 Posts 6 Posters 8.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bheinsius
      last edited by

      Hi,

      Last week i updated to 2.3.2-RELEASE (amd64) built on Wed Jul 20 10:29:55 CDT 2016 FreeBSD 10.3-RELEASE-p5

      When i connect using openvpn, dns does not work anymore from the openvpn client.
      From Status/System Logs/System/DNS Resolver:

      Aug 18 23:07:18 dnsmasq 3814 Ignoring query from non-local network

      In pfSense DNS Forwarder options i have Interfaces set to All.

      Any ideas on how to fix this?

      regards,
      Bart H

      1 Reply Last reply Reply Quote 0
      • R
        richardd
        last edited by

        I have the same problem after updating to pfSense 2.3.2. The workaround I found is to manually select all interfaces instead of 'All'.

        1 Reply Last reply Reply Quote 0
        • B
          bheinsius
          last edited by

          thanks i have created a support ticket https://redmine.pfsense.org/issues/6730

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Looks like this is due to /usr/local/etc/dnsmasq.conf being present. We don't use that or create it, but it is there and being read by dnsmasq and it contains an option causing this behavior ("local-service").

            I pushed a commit to pass "-C /dev/null" to dnsmasq when starting so it will ignore that dummy config file.

            If you remove /usr/local/etc/dnsmasq.conf and restart dnsmasq it will work, or apply that commit as a patch.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • P
              piwwo
              last edited by

              I uncommented it, would that be enough or will pfsense web configurator overwrite it again?

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Uncommented what? Where?

                This behavior has been corrected in the repository for any potential next release, so next upgrade will be OK, so it won't matter if your change gets reverted.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • Q
                  Quada
                  last edited by

                  Removing dnsmasq.conf did not work for me. Manually selecting the interfaces instead of "all" also didn't work for me.  After making these two changes I am no longer getting the query error message in the DNS resolver logs but my OVPN clients are still not able to use the DNS forwarder.  Any other suggestions?  Like others, this just started happening after upgrading to 2.3.2.

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    @Quada:

                    Removing dnsmasq.conf did not work for me. Manually selecting the interfaces instead of "all" also didn't work for me.  After making these two changes I am no longer getting the query error message in the DNS resolver logs but my OVPN clients are still not able to use the DNS forwarder.  Any other suggestions?  Like others, this just started happening after upgrading to 2.3.2.

                    Then your problem is unrelated to this beyond the changes you've already made. Start a new thread for the remaining issue.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      so I do not normally use dnsmasq, I use the resolver (unbound).  But I turned resolver off, and turned on dnsmasq (forwarder) and created a host overrride of test.pfdnsmasq.for and it resolves just fine from openvpn connection.

                      
                      C:\>dig test.pfdnsmasq.for
                      
                      ; <<>> DiG 9.10.4-P2 <<>> test.pfdnsmasq.for
                      ;; global options: +cmd
                      ;; Got answer:
                      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16481
                      ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
                      
                      ;; OPT PSEUDOSECTION:
                      ; EDNS: version: 0, flags:; udp: 4096
                      ;; QUESTION SECTION:
                      ;test.pfdnsmasq.for.            IN      A
                      
                      ;; ANSWER SECTION:
                      test.pfdnsmasq.for.     1       IN      A       10.0.0.1
                      
                      ;; Query time: 118 msec
                      ;; SERVER: 192.168.9.253#53(192.168.9.253)
                      ;; WHEN: Tue Sep 06 14:02:12 Central Daylight Time 2016
                      ;; MSG SIZE  rcvd: 63
                      
                      

                      You can see here my vpn connection

                      
                      Ethernet adapter Local Area Connection:
                      
                         Connection-specific DNS Suffix  . : local.lan
                         Description . . . . . . . . . . . : TAP-Windows Adapter V9
                         Physical Address. . . . . . . . . : 00-FF-EE-16-B9-3C
                         DHCP Enabled. . . . . . . . . . . : Yes
                         Autoconfiguration Enabled . . . . : Yes
                         Link-local IPv6 Address . . . . . : fe80::fd9b:6799:7fc9:2969%23(Preferred)
                         IPv4 Address. . . . . . . . . . . : 10.0.8.100(Preferred)
                         Subnet Mask . . . . . . . . . . . : 255.255.255.0
                         Lease Obtained. . . . . . . . . . : Tuesday, September 06, 2016 11:36:22 AM
                         Lease Expires . . . . . . . . . . : Wednesday, September 06, 2017 11:36:21 AM
                         Default Gateway . . . . . . . . . :
                         DHCP Server . . . . . . . . . . . : 10.0.8.254
                         DHCPv6 IAID . . . . . . . . . . . : 369164270
                         DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-4C-CA-26-3C-97-0E-99-DF-75
                         DNS Servers . . . . . . . . . . . : 192.168.9.253
                         NetBIOS over Tcpip. . . . . . . . : Enabled
                      
                      

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.