DNSMASQ not answering DNS queries from routed subnet
up vote
3
down vote
favorite
I have two sub-nets connected together using two DD-WRT APs - The remote AP is in
Client-Routed mode so it has a separate subnet its IP are 192.168.2.1/24 and 192.168.0.5/24. The local AP is in AP mode
The DD-WRT DHCP settings are in forward mode for the remote AP
I have DNSMASQ setup within the first subnet on IP 192.168.0.2/24 it is also the DHCP server for the second subnet - this works and my remote clients get the correct router. The DNSMasq machine can ping the PC on the second subnet and the reverse is also true
I can also RDP from a PC on the first subnet to the PC on the second subnet - so it appears to me most of the first to second subnet comms is working
My problem is DNSMasq does not send DNS replies to the second subnet - it does work to the first subnet. Can anyone suggest why?
One thing to note is that the route for the second network was on the gateway device (192.168.0.1 ) but I found this dropped many packets - so each of the first sub-net devices has a local static route for the second subnet added to it.
route add 192.168.2.0 mask 255.255.255.0 192.168.0.5
I've yet to test the DHCP assigned route at this point due to my current problem
This is a sketch of what I have 
DNSMASQ Config
# Configuration file for dnsmasq.
domain-needed
bogus-priv
addn-hosts=/etc/dnsmasq.hosts
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. This option only affects forwarding, SRV records originating for dnsmasq (via srv-host= lines) are not
# suppressed by it.
filterwin2k
dhcp-range=set:house,192.168.0.1,192.168.0.254,infinite
dhcp-range=set:backyard,192.168.2.1,192.168.2.254,infinite
# Change this line if you want dns to get its upstream servers from somewhere other that /etc/resolv.conf
resolv-file=/var/run/dnsmasq/resolv.conf
# server=61.9.134.49
# server=61.9.133.193 setup the default gateway
dhcp-option=tag:house,option:router,192.168.0.1
dhcp-option=tag:backyard,option:router,192.168.2.1
# option 42?
dhcp-option=option:ntp-server,192.168.0.2
expand-hosts
domain=wilson.lan
dhcp-range=192.168.0.100,192.168.0.150,12h
dhcp-range=192.168.2.100,192.168.2.150,255.255.255.0,12h
# DO NOT Set The route to that network Done on Gateway
#dhcp-option=121,192.168.2.0/24,192.168.0.5
#Send microsoft-specific option to tell windows to release the DHCP lease when it shuts down. Note the "i" flag,
# to tell dnsmasq to send the value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i
# Set the DHCP server to authoritative mode. In this mode it will barge in and take over the lease for any client
# which broadcasts on the network, whether it has a record
# of the lease or not. This avoids long timeouts when a machine wakes up on a new network.
# DO NOT enable this if there's the slightest chance that you might end up
# accidentally configuring a DHCP server for your campus/company accidentally.
# The ISC server uses the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
dhcp-authoritative
# Log lots of extra information about DHCP transactions.
log-dhcp
networking dnsmasq
asked Oct 1 '17 at 4:17
Ross
940718
add a comment |
up vote
3
down vote
favorite
I have two sub-nets connected together using two DD-WRT APs - The remote AP is in
Client-Routed mode so it has a separate subnet its IP are 192.168.2.1/24 and 192.168.0.5/24. The local AP is in AP mode
The DD-WRT DHCP settings are in forward mode for the remote AP
I have DNSMASQ setup within the first subnet on IP 192.168.0.2/24 it is also the DHCP server for the second subnet - this works and my remote clients get the correct router. The DNSMasq machine can ping the PC on the second subnet and the reverse is also true
I can also RDP from a PC on the first subnet to the PC on the second subnet - so it appears to me most of the first to second subnet comms is working
My problem is DNSMasq does not send DNS replies to the second subnet - it does work to the first subnet. Can anyone suggest why?
One thing to note is that the route for the second network was on the gateway device (192.168.0.1 ) but I found this dropped many packets - so each of the first sub-net devices has a local static route for the second subnet added to it.
route add 192.168.2.0 mask 255.255.255.0 192.168.0.5
I've yet to test the DHCP assigned route at this point due to my current problem
This is a sketch of what I have
DNSMASQ Config
# Configuration file for dnsmasq.
domain-needed
bogus-priv
addn-hosts=/etc/dnsmasq.hosts
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. This option only affects forwarding, SRV records originating for dnsmasq (via srv-host= lines) are not
# suppressed by it.
filterwin2k
dhcp-range=set:house,192.168.0.1,192.168.0.254,infinite
dhcp-range=set:backyard,192.168.2.1,192.168.2.254,infinite
# Change this line if you want dns to get its upstream servers from somewhere other that /etc/resolv.conf
resolv-file=/var/run/dnsmasq/resolv.conf
# server=61.9.134.49
# server=61.9.133.193 setup the default gateway
dhcp-option=tag:house,option:router,192.168.0.1
dhcp-option=tag:backyard,option:router,192.168.2.1
# option 42?
dhcp-option=option:ntp-server,192.168.0.2
expand-hosts
domain=wilson.lan
dhcp-range=192.168.0.100,192.168.0.150,12h
dhcp-range=192.168.2.100,192.168.2.150,255.255.255.0,12h
# DO NOT Set The route to that network Done on Gateway
#dhcp-option=121,192.168.2.0/24,192.168.0.5
#Send microsoft-specific option to tell windows to release the DHCP lease when it shuts down. Note the "i" flag,
# to tell dnsmasq to send the value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i
# Set the DHCP server to authoritative mode. In this mode it will barge in and take over the lease for any client
# which broadcasts on the network, whether it has a record
# of the lease or not. This avoids long timeouts when a machine wakes up on a new network.
# DO NOT enable this if there's the slightest chance that you might end up
# accidentally configuring a DHCP server for your campus/company accidentally.
# The ISC server uses the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
dhcp-authoritative
# Log lots of extra information about DHCP transactions.
log-dhcp
networking dnsmasq
asked Oct 1 '17 at 4:17
Ross
940718
I also tried on the second subnet a nslookup from 8.8.8.8 and that works -
– Ross
Oct 1 '17 at 4:35
add a comment |
up vote
3
down vote
favorite
up vote
3
down vote
favorite
I have two sub-nets connected together using two DD-WRT APs - The remote AP is in
Client-Routed mode so it has a separate subnet its IP are 192.168.2.1/24 and 192.168.0.5/24. The local AP is in AP mode
The DD-WRT DHCP settings are in forward mode for the remote AP
I have DNSMASQ setup within the first subnet on IP 192.168.0.2/24 it is also the DHCP server for the second subnet - this works and my remote clients get the correct router. The DNSMasq machine can ping the PC on the second subnet and the reverse is also true
I can also RDP from a PC on the first subnet to the PC on the second subnet - so it appears to me most of the first to second subnet comms is working
My problem is DNSMasq does not send DNS replies to the second subnet - it does work to the first subnet. Can anyone suggest why?
One thing to note is that the route for the second network was on the gateway device (192.168.0.1 ) but I found this dropped many packets - so each of the first sub-net devices has a local static route for the second subnet added to it.
route add 192.168.2.0 mask 255.255.255.0 192.168.0.5
I've yet to test the DHCP assigned route at this point due to my current problem
This is a sketch of what I have
DNSMASQ Config
# Configuration file for dnsmasq.
domain-needed
bogus-priv
addn-hosts=/etc/dnsmasq.hosts
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. This option only affects forwarding, SRV records originating for dnsmasq (via srv-host= lines) are not
# suppressed by it.
filterwin2k
dhcp-range=set:house,192.168.0.1,192.168.0.254,infinite
dhcp-range=set:backyard,192.168.2.1,192.168.2.254,infinite
# Change this line if you want dns to get its upstream servers from somewhere other that /etc/resolv.conf
resolv-file=/var/run/dnsmasq/resolv.conf
# server=61.9.134.49
# server=61.9.133.193 setup the default gateway
dhcp-option=tag:house,option:router,192.168.0.1
dhcp-option=tag:backyard,option:router,192.168.2.1
# option 42?
dhcp-option=option:ntp-server,192.168.0.2
expand-hosts
domain=wilson.lan
dhcp-range=192.168.0.100,192.168.0.150,12h
dhcp-range=192.168.2.100,192.168.2.150,255.255.255.0,12h
# DO NOT Set The route to that network Done on Gateway
#dhcp-option=121,192.168.2.0/24,192.168.0.5
#Send microsoft-specific option to tell windows to release the DHCP lease when it shuts down. Note the "i" flag,
# to tell dnsmasq to send the value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i
# Set the DHCP server to authoritative mode. In this mode it will barge in and take over the lease for any client
# which broadcasts on the network, whether it has a record
# of the lease or not. This avoids long timeouts when a machine wakes up on a new network.
# DO NOT enable this if there's the slightest chance that you might end up
# accidentally configuring a DHCP server for your campus/company accidentally.
# The ISC server uses the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
dhcp-authoritative
# Log lots of extra information about DHCP transactions.
log-dhcp
networking dnsmasq
asked Oct 1 '17 at 4:17
Ross
940718
I have two sub-nets connected together using two DD-WRT APs - The remote AP is in
Client-Routed mode so it has a separate subnet its IP are 192.168.2.1/24 and 192.168.0.5/24. The local AP is in AP mode
The DD-WRT DHCP settings are in forward mode for the remote AP
I have DNSMASQ setup within the first subnet on IP 192.168.0.2/24 it is also the DHCP server for the second subnet - this works and my remote clients get the correct router. The DNSMasq machine can ping the PC on the second subnet and the reverse is also true
I can also RDP from a PC on the first subnet to the PC on the second subnet - so it appears to me most of the first to second subnet comms is working
My problem is DNSMasq does not send DNS replies to the second subnet - it does work to the first subnet. Can anyone suggest why?
One thing to note is that the route for the second network was on the gateway device (192.168.0.1 ) but I found this dropped many packets - so each of the first sub-net devices has a local static route for the second subnet added to it.
route add 192.168.2.0 mask 255.255.255.0 192.168.0.5
I've yet to test the DHCP assigned route at this point due to my current problem
This is a sketch of what I have
DNSMASQ Config
# Configuration file for dnsmasq.
domain-needed
bogus-priv
addn-hosts=/etc/dnsmasq.hosts
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. This option only affects forwarding, SRV records originating for dnsmasq (via srv-host= lines) are not
# suppressed by it.
filterwin2k
dhcp-range=set:house,192.168.0.1,192.168.0.254,infinite
dhcp-range=set:backyard,192.168.2.1,192.168.2.254,infinite
# Change this line if you want dns to get its upstream servers from somewhere other that /etc/resolv.conf
resolv-file=/var/run/dnsmasq/resolv.conf
# server=61.9.134.49
# server=61.9.133.193 setup the default gateway
dhcp-option=tag:house,option:router,192.168.0.1
dhcp-option=tag:backyard,option:router,192.168.2.1
# option 42?
dhcp-option=option:ntp-server,192.168.0.2
expand-hosts
domain=wilson.lan
dhcp-range=192.168.0.100,192.168.0.150,12h
dhcp-range=192.168.2.100,192.168.2.150,255.255.255.0,12h
# DO NOT Set The route to that network Done on Gateway
#dhcp-option=121,192.168.2.0/24,192.168.0.5
#Send microsoft-specific option to tell windows to release the DHCP lease when it shuts down. Note the "i" flag,
# to tell dnsmasq to send the value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i
# Set the DHCP server to authoritative mode. In this mode it will barge in and take over the lease for any client
# which broadcasts on the network, whether it has a record
# of the lease or not. This avoids long timeouts when a machine wakes up on a new network.
# DO NOT enable this if there's the slightest chance that you might end up
# accidentally configuring a DHCP server for your campus/company accidentally.
# The ISC server uses the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
dhcp-authoritative
# Log lots of extra information about DHCP transactions.
log-dhcp
networking dnsmasq
networking dnsmasq
asked Oct 1 '17 at 4:17
Ross
940718
asked Oct 1 '17 at 4:17
Ross
940718
asked Oct 1 '17 at 4:17
Ross
940718
asked Oct 1 '17 at 4:17
Ross
940718
asked Oct 1 '17 at 4:17
Ross
940718
940718
I also tried on the second subnet a nslookup from 8.8.8.8 and that works -
– Ross
Oct 1 '17 at 4:35
add a comment |
I also tried on the second subnet a nslookup from 8.8.8.8 and that works -
– Ross
Oct 1 '17 at 4:35
I also tried on the second subnet a nslookup from 8.8.8.8 and that works -
– Ross
Oct 1 '17 at 4:35
I also tried on the second subnet a nslookup from 8.8.8.8 and that works -
– Ross
Oct 1 '17 at 4:35
add a comment |
1 Answer
1
active
oldest
votes
up vote
4
down vote
accepted
Ok so after reading the manual better I need to add in something to override the default of only answer local sub-nets (--local-service) a default option which has no negation so for example I tried
listen-address=192.168.0.2
However as resolve.conf has the line
nameserver 127.0.0.1
my change stopped DNSMASQ answering queries from itself - so strangely enough the DNS server no longer could resolve any dns name whilst all other machines were successfully using it as a dns server. I fixed this by adding the following line instead
listen-address=192.168.0.2,127.0.0.1
as I could not work out a simple way to fix what resolveconf was doing
answered Oct 13 '17 at 8:01
Ross
940718
The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
– Jonathan Komar
Nov 15 '17 at 12:27
Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
– Ross
Nov 15 '17 at 19:56
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
accepted
Ok so after reading the manual better I need to add in something to override the default of only answer local sub-nets (--local-service) a default option which has no negation so for example I tried
listen-address=192.168.0.2
However as resolve.conf has the line
nameserver 127.0.0.1
my change stopped DNSMASQ answering queries from itself - so strangely enough the DNS server no longer could resolve any dns name whilst all other machines were successfully using it as a dns server. I fixed this by adding the following line instead
listen-address=192.168.0.2,127.0.0.1
as I could not work out a simple way to fix what resolveconf was doing
answered Oct 13 '17 at 8:01
Ross
940718
The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
– Jonathan Komar
Nov 15 '17 at 12:27
Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
– Ross
Nov 15 '17 at 19:56
add a comment |
up vote
4
down vote
accepted
Ok so after reading the manual better I need to add in something to override the default of only answer local sub-nets (--local-service) a default option which has no negation so for example I tried
listen-address=192.168.0.2
However as resolve.conf has the line
nameserver 127.0.0.1
my change stopped DNSMASQ answering queries from itself - so strangely enough the DNS server no longer could resolve any dns name whilst all other machines were successfully using it as a dns server. I fixed this by adding the following line instead
listen-address=192.168.0.2,127.0.0.1
as I could not work out a simple way to fix what resolveconf was doing
answered Oct 13 '17 at 8:01
Ross
940718
The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
– Jonathan Komar
Nov 15 '17 at 12:27
Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
– Ross
Nov 15 '17 at 19:56
add a comment |
up vote
4
down vote
accepted
up vote
4
down vote
accepted
Ok so after reading the manual better I need to add in something to override the default of only answer local sub-nets (--local-service) a default option which has no negation so for example I tried
listen-address=192.168.0.2
However as resolve.conf has the line
nameserver 127.0.0.1
my change stopped DNSMASQ answering queries from itself - so strangely enough the DNS server no longer could resolve any dns name whilst all other machines were successfully using it as a dns server. I fixed this by adding the following line instead
listen-address=192.168.0.2,127.0.0.1
as I could not work out a simple way to fix what resolveconf was doing
answered Oct 13 '17 at 8:01
Ross
940718
Ok so after reading the manual better I need to add in something to override the default of only answer local sub-nets (--local-service) a default option which has no negation so for example I tried
listen-address=192.168.0.2
However as resolve.conf has the line
nameserver 127.0.0.1
my change stopped DNSMASQ answering queries from itself - so strangely enough the DNS server no longer could resolve any dns name whilst all other machines were successfully using it as a dns server. I fixed this by adding the following line instead
listen-address=192.168.0.2,127.0.0.1
as I could not work out a simple way to fix what resolveconf was doing
answered Oct 13 '17 at 8:01
Ross
940718
answered Oct 13 '17 at 8:01
Ross
940718
answered Oct 13 '17 at 8:01
Ross
940718
answered Oct 13 '17 at 8:01
Ross
940718
940718
The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
– Jonathan Komar
Nov 15 '17 at 12:27
Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
– Ross
Nov 15 '17 at 19:56
add a comment |
The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
– Jonathan Komar
Nov 15 '17 at 12:27
Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
– Ross
Nov 15 '17 at 19:56
The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
– Jonathan Komar
Nov 15 '17 at 12:27
The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
– Jonathan Komar
Nov 15 '17 at 12:27
Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
– Ross
Nov 15 '17 at 19:56
Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
– Ross
Nov 15 '17 at 19:56
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1255211%2fdnsmasq-not-answering-dns-queries-from-routed-subnet%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I also tried on the second subnet a nslookup from 8.8.8.8 and that works -
– Ross
Oct 1 '17 at 4:35