DNS forwarder - WLAN on its own Subnet - CPU 100%
-
I have a strange problem..
I am using a domain name what resolved to a public IP from outside, on my LAN it resolves to a local IP.
My setup looks like this:
PFSENSE BOX IP: 10.10.1.254
GENERAL SETUP
–------- --------
hostname: fw
domain: example.comINTERFACES
WAN ISP-IP
LAN 10.10.1.254/24
WLAN 10.10.2.254/24DNS SERVER
208.67.222.222
208.67.220.220[OFF] Allow DNS server list to be overridden by DHCP/PPP on WAN
[OFF] Do not use the DNS Forwarder as a DNS server for the firewallDHCP SERVER
–--- ----------
[OFF] WAN
[ON] LAN 10.10.1.125 - 10.10.1.250
[ON] WLAN 10.10.2.125 - 10.10.2.250DNS FORWARDER
–--- --------------
[ON] Enable DNS forwarder
[ON] Register DHCP leases in DNS forwarderHost Overrides
example.com 10.10.1.100Domain Overrides
example.com 10.10.1.254If I connect to my network via a network cable, everything runs fine.
If I connect to my network via wireless, my cpu hits 100%
If I turn off DNS Forwarding the cpu goes back to normal?
If I bridge LAN & WLAN, the cpu is normal.
I don't want to bridge LAN & WLAN, I want to keep them separate with appropriate firewall rules.
Why is DNS Forwarding / dnsmasq hitting 100% when I connect to my network via wireless?
Something to do with the wireless subnet causing dnsmasq to create some kind of DNS loop maxing out the CPU? -
Imagine something on your wireless network looks up www.example.com. Your DNS forwarding configuration says anything on domain example.com DNS forwarder doesn't know about should go to 10.10.1.254 which is the LAN interface. I don't know the intricacies of DNS forwarder but it seems to me that you have likely created an infinite loop: DNS forwarder should ask itself to resolve domain example.com. but that is unlikely to terminate EXCEPT for names fw.example.com and example.com.
-
The netmask in the following items seems bizarre:
@wizbit:INTERFACES
–------------
WAN ISP-IP
LAN 10.10.1.254/0
WLAN 10.10.2.254/0 -
The netmask in the following items seems bizarre:
@wizbit:INTERFACES
–------------
WAN ISP-IP
LAN 10.10.1.254/0
WLAN 10.10.2.254/0That was a typo!! Changed now.
-
Imagine something on your wireless network looks up www.example.com. Your DNS forwarding configuration says anything on domain example.com DNS forwarder doesn't know about should go to 10.10.1.254 which is the LAN interface. I don't know the intricacies of DNS forwarder but it seems to me that you have likely created an infinite loop: DNS forwarder should ask itself to resolve domain example.com. but that is unlikely to terminate EXCEPT for names fw.example.com and example.com.
If i connect to my network via LAN (network cable) to 10.10.1.254/24, DNS Forwarder seems to be running OK, CPU usage is normal. The problem only occurs when i connect to my network via Wireless what uses the 10.10.2.254/24 network. My state table fills up and my CPU goes 100%, if i turn off DNS Forwarder / dnsmasq, the CPU goes back to normal.
-
PROBLEM SOLVED!!!
My state table had LOTS of this:
tcp 10.10.2.30:53227 -> 10.10.1.100:631 FIN_WAIT_2:FIN_WAIT_2
CUPS was sending LOTS of requests, I added the 10.10.2. network to CUPS on my
server and now everything is back to normal! :)