dnsmasq: cannot resolve external hosts

Started by Curly060, August 11, 2017, 12:48:19 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 11, 2017, 12:48:19 AM
Hi,

first of all thanks a lot for the new release. Everything works like a charm, except DNS resolving of external hosts. I am using dnsmasq DNS. My settings are as follows:

  • System: Settings: General: no manual DNS server entries
  • System: Settings: General:  [X] Allow DNS server list to be overridden by DHCP/PPP on WAN

Now I make a query to an external host:
Code Select
ingo@router:~ % drill google.de
;; ->>HEADER<<- opcode: QUERY, rcode: REFUSED, id: 36706
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.de. IN A

;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 127.0.0.1
;; WHEN: Fri Aug 11 00:35:47 2017
;; MSG SIZE  rcvd: 27


Why am I getting rcode: REFUSED?

For hosts in the LAN everything works as expected.

If I manually add DNS servers in "System: Settings: General" then it also works, however, I did not have to do this in the 17.1 version.

Any suggestions (apart from switching to Unbound which currently is not yet an option for me).

Cheers, Ingo =;->
August 12, 2017, 01:55:17 AM #1
I spoke too soon. Over night DNS resolving stopped to work, so I guess I am having the same problem as others already reported...

Only way to make it work is to manually specify DNS servers and disable " Allow DNS server list to be overridden by DHCP/PPP on WAN"

Cheers, Curly060 =;->
August 12, 2017, 08:46:43 AM #2
Quote from: Curly060 on August 12, 2017, 01:55:17 AMOnly way to make it work is to manually specify DNS servers and disable " Allow DNS server list to be overridden by DHCP/PPP on WAN"
Surely that should always be specified if you're running a DNS server on the firewall? Although I use my own DNS servers inside the LAN and not dnsmasq I should also ask (just in case), I assume that dnsmasq is not listening on the WAN interface as well is it?
Regards


Bill
August 12, 2017, 12:13:29 PM #3
refused in DNS usually means that your client is not allowed to query the server. Maybe an upstream issue or a misconfiguration.
August 13, 2017, 09:50:26 AM #4
Quote from: phoenix on August 12, 2017, 08:46:43 AM
Surely that should always be specified if you're running a DNS server on the firewall?

Why? The DNS servers come from my ISP and that's why I had enabled the setting "Allow DNS server list to be overridden by DHCP/PPP on WAN " in System: Settings: General.
In 16.7 and 17.1 this worked perfectly. Since I haven't changed anything during the upgrade from 17.1 to 17.7 I guess something changed in 17.7.

Quote from: phoenix on August 12, 2017, 08:46:43 AM
Although I use my own DNS servers inside the LAN and not dnsmasq I should also ask (just in case), I assume that dnsmasq is not listening on the WAN interface as well is it?

Indeed it is not listening on the WAN interface:
Services: Dnsmasq DNS: Settings: Interfaces: DMZ, LAN, Localhost, OpenVPN

Cheers, Curly060 =;->
Print
Go Up Pages1
User actions