Dnsmasq: failed to send packet: Host is down error
-
I too am looking for a way to find out what is causing this same error.. Here is a snip from my log.
Jun 10 21:09:39 dnsmasq[44493]: failed to send packet: Host is down
Jun 10 21:09:39 dnsmasq[44493]: failed to send packet: Host is downWhere should I be looking to find out what is sending this packet that is failing. I am still new to pfsense but have a decent working knowledge of computers and some limited knowledge of how linux works..
Jon
-
I am not very familiar with dnsmasq but this is what I could find… ( I get these occasionally too so I also am curious )
I looked at the source for dnsmasq. Dnsmasq is executing a sendmsg() call to send data over the network and getting an EHOSTDOWN error. According the the Freebsd documentation I have found that means a local host on the network is not responding. According to that same documentation for ARP if it were traffic through a router not responding there should be a EHOSTUNREACH error which you are not getting.
http://www.unix.com/man-page/freebsd/4/ARP/A theory I have is maybe a client that was on the local network requested a DNS query and disappeared off the local network for some reason by the time the query came back from the WAN side (maybe the local client wifi signal is weak or not in range at the time).
I sure wish the programmers of dnsmasq would have taken at least a few moments to include the destination IP that it was trying to contact in that error message. It would be easy to know which IP is associated with the error.
-
I am not very familiar with dnsmasq but this is what I could find… ( I get these occasionally too so I also am curious )
I looked at the source for dnsmasq. Dnsmasq is executing a sendmsg() call to send data over the network and getting an EHOSTDOWN error. According the the Freebsd documentation I have found that means a local host on the network is not responding. According to that same documentation for ARP if it were traffic through a router not responding there should be a EHOSTUNREACH error which you are not getting.
http://www.unix.com/man-page/freebsd/4/ARP/A theory I have is maybe a client that was on the local network requested a DNS query and disappeared off the local network for some reason by the time the query came back from the WAN side (maybe the local client wifi signal is weak or not in range at the time).
I sure wish the programmers of dnsmasq would have taken at least a few moments to include the destination IP that it was trying to contact in that error message. It would be easy to know which IP is associated with the error.
So then it is safe to say that something on the inside of my network is causing this issue and it is not an attack from outside the network. That is how I read what you are saying. I think you are right that it would be nice if dnsmasq provided the ip address that is generating this error..
Thanks for the tidbit of ideas and where to look.. Will have to see what I can find that is accessing the internet during that time and see if I can narrow it down and find the culprit. If I do I will return and give my findings..
Jon
-
I am fairly confident it is not an attack. The error is from the firewall sending a DNS response or query that it could not send because it could not communicate with an IP on the local subnet/network. I am also fairly certain of that.
If you get a ton of these all the time then I would be concerned about config or network issues but occasionally seeing them I think it is not something to worry about as long as you don't experience any issues from your client computer/devices. I tend to only get these errors on systems where wifi is used which makes me think it is likely just clients dropping off the wifi network and the firewall's dnsmasq service is trying to send a response because it has an ARP entry for the host but the host has dropped off the network before that ARP entry has expired.
That is my theory anyway. I haven't actually looked at the network traffic to verify it. It would be great if the pfsense dev team could add a single simple patch to dnsmasq to log the IP that it could not send the packet to. I am sure they have much more important things to do though :).
-
It sounds like 'Host is down' could also be a remote host and not just a host on a local subnet. I think I have interpreted that incorrectly but I really don't know for sure. So it could be the response from the external DNS server that failed.
"The error is EHOSTDOWN for a non-responding destination host, and EHOSTUNREACH for a non-responding router."
Regardless it is related to a DNS query communication problem at the time. If only the debug output included an IP address we would know specifically which IP there was no response from.
-
Seems i have the same error, i know this post is really old, but there seems no soluion for the problem?
Jan 21 09:48:53 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:39 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:38 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:35 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:32 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:29 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:28 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:21 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:21 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:21 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:21 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:21 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:21 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:21 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:20 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:20 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:12 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:12 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:12 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:11 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:11 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:11 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:11 dnsmasq 19072 failed to send packet: Host is down
Jan 21 09:48:11 dnsmasq 19072 failed to send packet: Host is downWhere to find more information on this?
-
Wooow.
Undying a 6 years old thread !Probably because the DNS servers you are forwarding to took a break.
This solution is still valid : use the Resolver. Or, at least, use other DNS servers that are not off line.
Also : upstream hosts will be down if your WAN is down .... -
@gertjan Well, first of all i searched the forum and this was the latest post about this.
Also the forwarding dns server is then taking a break all the time, its continue happening.
Jan 21 12:21:15 dnsmasq 19072 failed to send packet: Host is down
Jan 21 12:21:10 dnsmasq 19072 failed to send packet: Host is down
Jan 21 11:43:06 dnsmasq 19072 failed to send packet: Host is down
Jan 21 11:43:06 dnsmasq 19072 failed to send packet: Host is downRight now im using opendns server. But i will try another one to see if it fix the problem.
My WAN is not down at all :-) -
Changing the dns server just changed the PID, but still same error.
Changed to google dns.Jan 21 12:27:43 dnsmasq 92971 failed to send packet: Host is down
Jan 21 12:27:39 dnsmasq 92971 failed to send packet: Host is down
Jan 21 12:27:37 dnsmasq 92971 failed to send packet: Host is down
Jan 21 12:26:56 dnsmasq 92971 failed to send packet: Host is down -
True, the message isn't clear at all : nothing is said about the host, neither on what interface it happens, if it was IPv4 or IPv6, UDP or TCP, etc.
So, let's start at the beginning.
Your setup details ?Check : what is returned by :
ps ax | grep '[u]nbound\|[d]nsmasq'
-
What interface(s) is dnsmasq using - maybe it is down, or doesn't have an IP, etc. Where is dnsmasq forwarding too, how does it get there?
-
This message is logged by
dnsmasq
when it fails to send a UDP message (i.e. DNS response) to a host. Specifically, "host is down" (EHOSTDOWN
) will arise when ARP fails or expires for a host (and probably for other situations).In particular for my situation, we had configured dnsmasq to use selected interfaces; one of which was not configured. Switching the Services > DNS Forwarder > "Interfaces" list to "All" removes the extraneous log messages. (doing that removes the explicit list of interfaces that dnsmasq listens on, and let's dnsmasq figure out the list instead).
-
The workaround of selecting 'All' interfaces no longer works; pfsense now explicitly adds
--server
arguments for every interface when 'All' is selected. As such dnsmasq will complain when one or more of those are actually down.