Modify

Opened 2 years ago

#20825 new defect

dnsmasq with dnscrypt-proxy: unstable name resolution

Reported by: mikoyan Owned by: developers
Priority: normal Milestone:
Component: packages Version: Chaos Calmer 15.05
Keywords: dns, dnsmasq, dnscrypt, dnscrypt-proxy, dnssec Cc:

Description

My setup with dnscrypt-full and dnscrypt-proxy packages works perfect in general.
However, an annoying issue pops up from time to time.

Requests for *some* hostnames start failing with SERVFAIL sometimes.

If I restart dnsmasq on OpenWRT box, these resolutions work again.

Looking at my traffic capture, it seems like TCP connection is suddenly reset between dnsmasq and dnscrypt-proxy on localhost! I don't have enough knowledge to dig deeper into this. Please look at what happens here.

I include a tcpdump capture. IP address ending with :8062::ee is the client. ...8062::1 is OpenWRT box.

Also attaching dnsmasq section of /etc/config/dhcp:

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        #option local '/lan/'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option domain 'xtsubasa.org'
        list addnhosts '/etc/hosts.add'
        list addnhosts '/tmp/hosts/dhcp'
        option noresolv '1'
        option dnssec '1'
        option dnsseccheckunsigned '1'
        list server '127.0.0.1#4400'
        list server '/google.com/8.8.8.8'
        list server '/google.ru/8.8.8.8'
        list server '/googleusercontent.com/8.8.8.8'
        list server '/gstatic.com/8.8.8.8'
        list server '/googleapis.com/8.8.8.8'
        list server '/gmail.com/8.8.8.8'
        list server '/doubleclick.net/8.8.8.8'
        list server '/youtube.com/8.8.8.8'
        list server '/youtu.be/8.8.8.8'
        list server '/youtube-nocookie.com/8.8.8.8'
        list server '/ytimg.com/8.8.8.8'
        list server '/ggpht.com/8.8.8.8'
        list server '/googlevideo.com/8.8.8.8'

Attachments (1)

dns-monitor.cap (10.5 KB) - added by mikoyan 2 years ago.
tcpdump capture

Download all attachments as: .zip

Change History (1)

Changed 2 years ago by mikoyan

tcpdump capture

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.