DNSMASQ not answering DNS queries from routed subnet











up vote
3
down vote

favorite
1












I have two sub-nets connected together using two DD-WRT APs - The remote AP is in
Client-Routed mode so it has a separate subnet its IP are 192.168.2.1/24 and 192.168.0.5/24. The local AP is in AP mode
The DD-WRT DHCP settings are in forward mode for the remote AP



I have DNSMASQ setup within the first subnet on IP 192.168.0.2/24 it is also the DHCP server for the second subnet - this works and my remote clients get the correct router. The DNSMasq machine can ping the PC on the second subnet and the reverse is also true
I can also RDP from a PC on the first subnet to the PC on the second subnet - so it appears to me most of the first to second subnet comms is working



My problem is DNSMasq does not send DNS replies to the second subnet - it does work to the first subnet. Can anyone suggest why?



One thing to note is that the route for the second network was on the gateway device (192.168.0.1 ) but I found this dropped many packets - so each of the first sub-net devices has a local static route for the second subnet added to it.



route add 192.168.2.0 mask 255.255.255.0 192.168.0.5


I've yet to test the DHCP assigned route at this point due to my current problem



This is a sketch of what I have Sketch network



DNSMASQ Config



# Configuration file for dnsmasq.
domain-needed
bogus-priv
addn-hosts=/etc/dnsmasq.hosts
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. This option only affects forwarding, SRV records originating for dnsmasq (via srv-host= lines) are not
# suppressed by it.
filterwin2k

dhcp-range=set:house,192.168.0.1,192.168.0.254,infinite
dhcp-range=set:backyard,192.168.2.1,192.168.2.254,infinite

# Change this line if you want dns to get its upstream servers from somewhere other that /etc/resolv.conf
resolv-file=/var/run/dnsmasq/resolv.conf
# server=61.9.134.49
# server=61.9.133.193 setup the default gateway
dhcp-option=tag:house,option:router,192.168.0.1
dhcp-option=tag:backyard,option:router,192.168.2.1

# option 42?
dhcp-option=option:ntp-server,192.168.0.2
expand-hosts
domain=wilson.lan
dhcp-range=192.168.0.100,192.168.0.150,12h
dhcp-range=192.168.2.100,192.168.2.150,255.255.255.0,12h


# DO NOT Set The route to that network Done on Gateway
#dhcp-option=121,192.168.2.0/24,192.168.0.5
#Send microsoft-specific option to tell windows to release the DHCP lease when it shuts down. Note the "i" flag,
# to tell dnsmasq to send the value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i
# Set the DHCP server to authoritative mode. In this mode it will barge in and take over the lease for any client
# which broadcasts on the network, whether it has a record
# of the lease or not. This avoids long timeouts when a machine wakes up on a new network.
# DO NOT enable this if there's the slightest chance that you might end up
# accidentally configuring a DHCP server for your campus/company accidentally.
# The ISC server uses the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
dhcp-authoritative
# Log lots of extra information about DHCP transactions.
log-dhcp









share|improve this question






















  • I also tried on the second subnet a nslookup from 8.8.8.8 and that works -
    – Ross
    Oct 1 '17 at 4:35















up vote
3
down vote

favorite
1












I have two sub-nets connected together using two DD-WRT APs - The remote AP is in
Client-Routed mode so it has a separate subnet its IP are 192.168.2.1/24 and 192.168.0.5/24. The local AP is in AP mode
The DD-WRT DHCP settings are in forward mode for the remote AP



I have DNSMASQ setup within the first subnet on IP 192.168.0.2/24 it is also the DHCP server for the second subnet - this works and my remote clients get the correct router. The DNSMasq machine can ping the PC on the second subnet and the reverse is also true
I can also RDP from a PC on the first subnet to the PC on the second subnet - so it appears to me most of the first to second subnet comms is working



My problem is DNSMasq does not send DNS replies to the second subnet - it does work to the first subnet. Can anyone suggest why?



One thing to note is that the route for the second network was on the gateway device (192.168.0.1 ) but I found this dropped many packets - so each of the first sub-net devices has a local static route for the second subnet added to it.



route add 192.168.2.0 mask 255.255.255.0 192.168.0.5


I've yet to test the DHCP assigned route at this point due to my current problem



This is a sketch of what I have Sketch network



DNSMASQ Config



# Configuration file for dnsmasq.
domain-needed
bogus-priv
addn-hosts=/etc/dnsmasq.hosts
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. This option only affects forwarding, SRV records originating for dnsmasq (via srv-host= lines) are not
# suppressed by it.
filterwin2k

dhcp-range=set:house,192.168.0.1,192.168.0.254,infinite
dhcp-range=set:backyard,192.168.2.1,192.168.2.254,infinite

# Change this line if you want dns to get its upstream servers from somewhere other that /etc/resolv.conf
resolv-file=/var/run/dnsmasq/resolv.conf
# server=61.9.134.49
# server=61.9.133.193 setup the default gateway
dhcp-option=tag:house,option:router,192.168.0.1
dhcp-option=tag:backyard,option:router,192.168.2.1

# option 42?
dhcp-option=option:ntp-server,192.168.0.2
expand-hosts
domain=wilson.lan
dhcp-range=192.168.0.100,192.168.0.150,12h
dhcp-range=192.168.2.100,192.168.2.150,255.255.255.0,12h


# DO NOT Set The route to that network Done on Gateway
#dhcp-option=121,192.168.2.0/24,192.168.0.5
#Send microsoft-specific option to tell windows to release the DHCP lease when it shuts down. Note the "i" flag,
# to tell dnsmasq to send the value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i
# Set the DHCP server to authoritative mode. In this mode it will barge in and take over the lease for any client
# which broadcasts on the network, whether it has a record
# of the lease or not. This avoids long timeouts when a machine wakes up on a new network.
# DO NOT enable this if there's the slightest chance that you might end up
# accidentally configuring a DHCP server for your campus/company accidentally.
# The ISC server uses the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
dhcp-authoritative
# Log lots of extra information about DHCP transactions.
log-dhcp









share|improve this question






















  • I also tried on the second subnet a nslookup from 8.8.8.8 and that works -
    – Ross
    Oct 1 '17 at 4:35













up vote
3
down vote

favorite
1









up vote
3
down vote

favorite
1






1





I have two sub-nets connected together using two DD-WRT APs - The remote AP is in
Client-Routed mode so it has a separate subnet its IP are 192.168.2.1/24 and 192.168.0.5/24. The local AP is in AP mode
The DD-WRT DHCP settings are in forward mode for the remote AP



I have DNSMASQ setup within the first subnet on IP 192.168.0.2/24 it is also the DHCP server for the second subnet - this works and my remote clients get the correct router. The DNSMasq machine can ping the PC on the second subnet and the reverse is also true
I can also RDP from a PC on the first subnet to the PC on the second subnet - so it appears to me most of the first to second subnet comms is working



My problem is DNSMasq does not send DNS replies to the second subnet - it does work to the first subnet. Can anyone suggest why?



One thing to note is that the route for the second network was on the gateway device (192.168.0.1 ) but I found this dropped many packets - so each of the first sub-net devices has a local static route for the second subnet added to it.



route add 192.168.2.0 mask 255.255.255.0 192.168.0.5


I've yet to test the DHCP assigned route at this point due to my current problem



This is a sketch of what I have Sketch network



DNSMASQ Config



# Configuration file for dnsmasq.
domain-needed
bogus-priv
addn-hosts=/etc/dnsmasq.hosts
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. This option only affects forwarding, SRV records originating for dnsmasq (via srv-host= lines) are not
# suppressed by it.
filterwin2k

dhcp-range=set:house,192.168.0.1,192.168.0.254,infinite
dhcp-range=set:backyard,192.168.2.1,192.168.2.254,infinite

# Change this line if you want dns to get its upstream servers from somewhere other that /etc/resolv.conf
resolv-file=/var/run/dnsmasq/resolv.conf
# server=61.9.134.49
# server=61.9.133.193 setup the default gateway
dhcp-option=tag:house,option:router,192.168.0.1
dhcp-option=tag:backyard,option:router,192.168.2.1

# option 42?
dhcp-option=option:ntp-server,192.168.0.2
expand-hosts
domain=wilson.lan
dhcp-range=192.168.0.100,192.168.0.150,12h
dhcp-range=192.168.2.100,192.168.2.150,255.255.255.0,12h


# DO NOT Set The route to that network Done on Gateway
#dhcp-option=121,192.168.2.0/24,192.168.0.5
#Send microsoft-specific option to tell windows to release the DHCP lease when it shuts down. Note the "i" flag,
# to tell dnsmasq to send the value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i
# Set the DHCP server to authoritative mode. In this mode it will barge in and take over the lease for any client
# which broadcasts on the network, whether it has a record
# of the lease or not. This avoids long timeouts when a machine wakes up on a new network.
# DO NOT enable this if there's the slightest chance that you might end up
# accidentally configuring a DHCP server for your campus/company accidentally.
# The ISC server uses the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
dhcp-authoritative
# Log lots of extra information about DHCP transactions.
log-dhcp









share|improve this question













I have two sub-nets connected together using two DD-WRT APs - The remote AP is in
Client-Routed mode so it has a separate subnet its IP are 192.168.2.1/24 and 192.168.0.5/24. The local AP is in AP mode
The DD-WRT DHCP settings are in forward mode for the remote AP



I have DNSMASQ setup within the first subnet on IP 192.168.0.2/24 it is also the DHCP server for the second subnet - this works and my remote clients get the correct router. The DNSMasq machine can ping the PC on the second subnet and the reverse is also true
I can also RDP from a PC on the first subnet to the PC on the second subnet - so it appears to me most of the first to second subnet comms is working



My problem is DNSMasq does not send DNS replies to the second subnet - it does work to the first subnet. Can anyone suggest why?



One thing to note is that the route for the second network was on the gateway device (192.168.0.1 ) but I found this dropped many packets - so each of the first sub-net devices has a local static route for the second subnet added to it.



route add 192.168.2.0 mask 255.255.255.0 192.168.0.5


I've yet to test the DHCP assigned route at this point due to my current problem



This is a sketch of what I have Sketch network



DNSMASQ Config



# Configuration file for dnsmasq.
domain-needed
bogus-priv
addn-hosts=/etc/dnsmasq.hosts
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. This option only affects forwarding, SRV records originating for dnsmasq (via srv-host= lines) are not
# suppressed by it.
filterwin2k

dhcp-range=set:house,192.168.0.1,192.168.0.254,infinite
dhcp-range=set:backyard,192.168.2.1,192.168.2.254,infinite

# Change this line if you want dns to get its upstream servers from somewhere other that /etc/resolv.conf
resolv-file=/var/run/dnsmasq/resolv.conf
# server=61.9.134.49
# server=61.9.133.193 setup the default gateway
dhcp-option=tag:house,option:router,192.168.0.1
dhcp-option=tag:backyard,option:router,192.168.2.1

# option 42?
dhcp-option=option:ntp-server,192.168.0.2
expand-hosts
domain=wilson.lan
dhcp-range=192.168.0.100,192.168.0.150,12h
dhcp-range=192.168.2.100,192.168.2.150,255.255.255.0,12h


# DO NOT Set The route to that network Done on Gateway
#dhcp-option=121,192.168.2.0/24,192.168.0.5
#Send microsoft-specific option to tell windows to release the DHCP lease when it shuts down. Note the "i" flag,
# to tell dnsmasq to send the value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i
# Set the DHCP server to authoritative mode. In this mode it will barge in and take over the lease for any client
# which broadcasts on the network, whether it has a record
# of the lease or not. This avoids long timeouts when a machine wakes up on a new network.
# DO NOT enable this if there's the slightest chance that you might end up
# accidentally configuring a DHCP server for your campus/company accidentally.
# The ISC server uses the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
dhcp-authoritative
# Log lots of extra information about DHCP transactions.
log-dhcp






networking dnsmasq






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Oct 1 '17 at 4:17









Ross

940718




940718












  • I also tried on the second subnet a nslookup from 8.8.8.8 and that works -
    – Ross
    Oct 1 '17 at 4:35


















  • I also tried on the second subnet a nslookup from 8.8.8.8 and that works -
    – Ross
    Oct 1 '17 at 4:35
















I also tried on the second subnet a nslookup from 8.8.8.8 and that works -
– Ross
Oct 1 '17 at 4:35




I also tried on the second subnet a nslookup from 8.8.8.8 and that works -
– Ross
Oct 1 '17 at 4:35










1 Answer
1






active

oldest

votes

















up vote
4
down vote



accepted










Ok so after reading the manual better I need to add in something to override the default of only answer local sub-nets (--local-service) a default option which has no negation so for example I tried



listen-address=192.168.0.2


However as resolve.conf has the line



nameserver 127.0.0.1


my change stopped DNSMASQ answering queries from itself - so strangely enough the DNS server no longer could resolve any dns name whilst all other machines were successfully using it as a dns server. I fixed this by adding the following line instead



listen-address=192.168.0.2,127.0.0.1


as I could not work out a simple way to fix what resolveconf was doing






share|improve this answer





















  • The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
    – Jonathan Komar
    Nov 15 '17 at 12:27












  • Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
    – Ross
    Nov 15 '17 at 19:56











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1255211%2fdnsmasq-not-answering-dns-queries-from-routed-subnet%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
4
down vote



accepted










Ok so after reading the manual better I need to add in something to override the default of only answer local sub-nets (--local-service) a default option which has no negation so for example I tried



listen-address=192.168.0.2


However as resolve.conf has the line



nameserver 127.0.0.1


my change stopped DNSMASQ answering queries from itself - so strangely enough the DNS server no longer could resolve any dns name whilst all other machines were successfully using it as a dns server. I fixed this by adding the following line instead



listen-address=192.168.0.2,127.0.0.1


as I could not work out a simple way to fix what resolveconf was doing






share|improve this answer





















  • The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
    – Jonathan Komar
    Nov 15 '17 at 12:27












  • Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
    – Ross
    Nov 15 '17 at 19:56















up vote
4
down vote



accepted










Ok so after reading the manual better I need to add in something to override the default of only answer local sub-nets (--local-service) a default option which has no negation so for example I tried



listen-address=192.168.0.2


However as resolve.conf has the line



nameserver 127.0.0.1


my change stopped DNSMASQ answering queries from itself - so strangely enough the DNS server no longer could resolve any dns name whilst all other machines were successfully using it as a dns server. I fixed this by adding the following line instead



listen-address=192.168.0.2,127.0.0.1


as I could not work out a simple way to fix what resolveconf was doing






share|improve this answer





















  • The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
    – Jonathan Komar
    Nov 15 '17 at 12:27












  • Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
    – Ross
    Nov 15 '17 at 19:56













up vote
4
down vote



accepted







up vote
4
down vote



accepted






Ok so after reading the manual better I need to add in something to override the default of only answer local sub-nets (--local-service) a default option which has no negation so for example I tried



listen-address=192.168.0.2


However as resolve.conf has the line



nameserver 127.0.0.1


my change stopped DNSMASQ answering queries from itself - so strangely enough the DNS server no longer could resolve any dns name whilst all other machines were successfully using it as a dns server. I fixed this by adding the following line instead



listen-address=192.168.0.2,127.0.0.1


as I could not work out a simple way to fix what resolveconf was doing






share|improve this answer












Ok so after reading the manual better I need to add in something to override the default of only answer local sub-nets (--local-service) a default option which has no negation so for example I tried



listen-address=192.168.0.2


However as resolve.conf has the line



nameserver 127.0.0.1


my change stopped DNSMASQ answering queries from itself - so strangely enough the DNS server no longer could resolve any dns name whilst all other machines were successfully using it as a dns server. I fixed this by adding the following line instead



listen-address=192.168.0.2,127.0.0.1


as I could not work out a simple way to fix what resolveconf was doing







share|improve this answer












share|improve this answer



share|improve this answer










answered Oct 13 '17 at 8:01









Ross

940718




940718












  • The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
    – Jonathan Komar
    Nov 15 '17 at 12:27












  • Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
    – Ross
    Nov 15 '17 at 19:56


















  • The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
    – Jonathan Komar
    Nov 15 '17 at 12:27












  • Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
    – Ross
    Nov 15 '17 at 19:56
















The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
– Jonathan Komar
Nov 15 '17 at 12:27






The Arch Wiki mentions it, albeit somewhat vague on the details, here: wiki.archlinux.org/index.php/dnsmasq
– Jonathan Komar
Nov 15 '17 at 12:27














Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
– Ross
Nov 15 '17 at 19:56




Thanks , I didn't think of looking for articles in different flavours of Linux that does appear to tell me how to fix this original problem, also seems to say it's dhcpd is a possible culprit, although I'm not using that
– Ross
Nov 15 '17 at 19:56


















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1255211%2fdnsmasq-not-answering-dns-queries-from-routed-subnet%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Сан-Квентин

Алькесар

Josef Freinademetz