dnsmasq: cannot resolve external hosts

[Curly060]

Hi,

first of all thanks a lot for the new release. Everything works like a charm, except DNS resolving of external hosts. I am using dnsmasq DNS. My settings are as follows:

• System: Settings: General: no manual DNS server entries
• System: Settings: General:  [X] Allow DNS server list to be overridden by DHCP/PPP on WAN

Now I make a query to an external host:

Code: [Select]

ingo@router:~ % drill google.de
;; ->>HEADER<<- opcode: QUERY, rcode: REFUSED, id: 36706
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.de. IN A

;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 127.0.0.1
;; WHEN: Fri Aug 11 00:35:47 2017
;; MSG SIZE  rcvd: 27

Why am I getting rcode: REFUSED?

For hosts in the LAN everything works as expected.

If I manually add DNS servers in "System: Settings: General" then it also works, however, I did not have to do this in the 17.1 version.

Any suggestions (apart from switching to Unbound which currently is not yet an option for me).

Cheers, Ingo =;->

[Curly060]

I spoke too soon. Over night DNS resolving stopped to work, so I guess I am having the same problem as others already reported...

Only way to make it work is to manually specify DNS servers and disable " Allow DNS server list to be overridden by DHCP/PPP on WAN"

Cheers, Curly060 =;->

[phoenix]

Only way to make it work is to manually specify DNS servers and disable " Allow DNS server list to be overridden by DHCP/PPP on WAN"

Surely that should always be specified if you're running a DNS server on the firewall? Although I use my own DNS servers inside the LAN and not dnsmasq I should also ask (just in case), I assume that dnsmasq is not listening on the WAN interface as well is it?

[fabian]

refused in DNS usually means that your client is not allowed to query the server. Maybe an upstream issue or a misconfiguration.

[Curly060]

Surely that should always be specified if you're running a DNS server on the firewall?

Why? The DNS servers come from my ISP and that's why I had enabled the setting "Allow DNS server list to be overridden by DHCP/PPP on WAN " in System: Settings: General.
In 16.7 and 17.1 this worked perfectly. Since I haven't changed anything during the upgrade from 17.1 to 17.7 I guess something changed in 17.7.

Although I use my own DNS servers inside the LAN and not dnsmasq I should also ask (just in case), I assume that dnsmasq is not listening on the WAN interface as well is it?

Indeed it is not listening on the WAN interface:
Services: Dnsmasq DNS: Settings: Interfaces: DMZ, LAN, Localhost, OpenVPN

Cheers, Curly060 =;->