Why dnsmasq fails when internet is down?

[ColinTaylor]

What upstream DNS server is your adguard home using?

You should change the router's WAN DNS server 1 to be a public server (e.g. 1.1.1.1) because you are using DoT.

 

[Laxarus]

tls://1.1.1.1
[/local.org/168.192.in-addr.arpa/]192.168.1.1
tls://dns.google
[/local.org/168.192.in-addr.arpa/]192.168.1.1

This is the DNS setting of the adguard.
There are also a couple of rewrites for local hosts but it I don't see the relation.

 

[dave14305]

Since the modem is a DSL-AC68U, please be very explicit what screenshot is from the DSL-AC68U and which is from the RT-AC5300. Your DNS setup is so complicated to follow that it's not surprising that there are problems sometimes. I'm going to re-read from the beginning again.

 

[ColinTaylor]

tls://1.1.1.1
[/local.org/168.192.in-addr.arpa/]192.168.1.1
tls://dns.google
[/local.org/168.192.in-addr.arpa/]192.168.1.1

This is the DNS setting of the adguard.
There are also a couple of rewrites for local hosts but it I don't see the relation.

I've not looked at AdGuard before so I'm reading about it now.

Is "local.org" the LAN domain name you are using on the ac5300? If not it's no surprise local name resolution doesn't work properly. Also, I don't understand why you have two entries for it.

I see that AdGuard can also be configured as a DHCP server so I'd check that is not the case.

 

[Laxarus]

Since the modem is a DSL-AC68U, please be very explicit what screenshot is from the DSL-AC68U and which is from the RT-AC5300. Your DNS setup is so complicated to follow that it's not surprising that there are problems sometimes. I'm going to re-read from the beginning again.

Ahahah,

Modem refers to AC68U
as for the DNS setup, it is not exactly complicated but I will simplify it.

There is a dedicated DNS server set up which is adguard home (192.168.1.45)
Router advertises this DNS server.
local.org is a set domain in the router.
Router(AC-5300) handles the dhcp operation.

The only thing different from a normal setup is the dedicated dns server which is the adguard home.

I did mention this before but this setup was working as expected before I switched to DSL-AC68U. However, when I switched the bridged modem with ac68u, I happen to get this problem.
There are one major difference now,

• DSL-AC68U uses DMZ instead of being bridged.

So, for some inexplicable reason, the local clients lose their ip settings and get ips like 169.223.22.12 when the modem reboots. They do not recover until a router(ac-5300) reboot.

There is also nginx set up for local domains but it is hardly relevant because I do not have any problem with the local dns if I do not reboot the modem. Logically, this should not affect anything other than the internet connection. However, in this case, it affects dhcp, dns, local domains, etc which is weird.

 

[ColinTaylor]

So, for some inexplicable reason, the local clients lose their ip settings and get ips like 169.223.22.12 when the modem reboots. They do not recover until a router(ac-5300) reboot.

Are the effected clients only WiFi or does it effect clients directly attached by Ethernet?

I suggest you change the logging as I mentioned earlier so that we can try and see the missing messages. Then reboot the router, wait 5 minutes, reboot the modem to invoke the problem, wait 5 minutes and then upload the entire log for us to look at.

 

[Laxarus]

Okay let me clarify a few things. I use Ethernet for connection no Wi-Fi.
When I reboot the modem, all local communication goes down at least for ethernet. I noticed that I cannot ping any machine with their ip address or domain name. Local DNS resolution also does not work.
The only way to recover from this is to reboot the router. But I cannot access to rotuer webui. So, I disable the ethernet adaptor on the pc and connect to wifi of the router. For some reason, wifi of the router works when I connect to it.

Here the log settings:

Logs are also attached as you suggested.

Apr 12 15:22:43 syslogd exiting ===> rebooting the router

Apr 12 15:26:41 watchdog: New firmware version 386.2_0 is available. ===> start rebooting the modem

 

[ColinTaylor]

OK that's completely different to what I thought was happening, especially the part about it only effecting wired connections.

How many wired connections do you have and do they all have this problem? Do you have any intermediate switches? How many WiFi devices do you have and are any of them having this problem?

I suggest you turn off link aggregation and see if the problems persist, and whether the vlan1 messages disappear.

EDIT: I'm still perplexed about why I'm not seeing dnsmasq starting up. I can see lots of messages for it failing to start. There appears to be some custom scripting effecting dnsmasq which just adds even more to the confusion. I guess dnsmasq must eventually start at some point otherwise none of your DHCP clients would be able to get an IP address.

 

[dave14305]

May  5 08:05:19 dnsmasq[514]: cannot open log /opt/var/log/dnsmasq.log: No such file or directory
May  5 08:05:19 dnsmasq[514]: FAILED to start up

You must have a log directive in dnsmasq.conf.add that isn’t ready when dnsmasq tries to startup. Such a dnsmasq mod should be applied in post-mount after Entware is loaded.

 

[Laxarus]

May  5 08:05:19 dnsmasq[514]: cannot open log /opt/var/log/dnsmasq.log: No such file or directory
May  5 08:05:19 dnsmasq[514]: FAILED to start up

You must have a log directive in dnsmasq.conf.add that isn’t ready when dnsmasq tries to startup. Such a dnsmasq mod should be applied in post-mount after Entware is loaded.

I use x3mrouting custom script and you are right there is a log directive in the dnsmasq.conf.add

log-async
log-queries
log-facility=/opt/var/log/dnsmasq.log

I think @Xentrk will be interested to know regarding dnsmasq.conf.add

Looking into that folder there is 1gb dnsmasq log file. I will test again and post this log too.

OK that's completely different to what I thought was happening, especially the part about it only effecting wired connections.

How many wired connections do you have and do they all have this problem? Do you have any intermediate switches? How many WiFi devices do you have and are any of them having this problem?

I suggest you turn off link aggregation and see if the problems persist, and whether the vlan1 messages disappear.

EDIT: I'm still perplexed about why I'm not seeing dnsmasq starting up. I can see lots of messages for it failing to start. There appears to be some custom scripting effecting dnsmasq which just adds even more to the confusion. I guess dnsmasq must eventually start at some point otherwise none of your DHCP clients would be able to get an IP address.

It is also affecting wireless clients. But wireless clients recover by themselves for some reason On the other hand, to recover wired clients a router reboot is necessary. There are about 40-45 devices (PC, printer, NAS, IOT, etc, switches, aps) connected to the network.

Attached is the dnsmasq log file
Apr 12 17:56:32 dnsmasq[2755]: config 192.168.1.129 is NXDOMAIN >> modem reboot after this.

I will try turning off the link aggregation.
Do you guys think DMZ might be the culprit here? Though, I do not have any reasonable justification for this. It is not logical but I mentioned before that I did not have such issue with my previous bridged dsl modem.

I cannot attach the file for some reason.
Here is the pastebin link.

https://pastebin.com/s29VW65u

 

[dave14305]

I’m wondering if you just put a

service restart_dnsmasq

at the end of /jffs/scripts/post-mount would do the trick. The bad thing about the current setup is that dnsmasq will never run after reboot if you remove the USB drive since the log file is unconditionally expected to be under /opt/var/log.

 

[Laxarus]

I’m wondering if you just put a

service restart_dnsmasq

at the end of /jffs/scripts/post-mount would do the trick. The bad thing about the current setup is that dnsmasq will never run after reboot if you remove the USB drive since the log file is unconditionally expected to be under /opt/var/log.

It is not exactly a problem for me because I never touch the USB drive.

 

[dave14305]

It seems that stubby keeps returning BOGUS replies to dnsmasq.

Does either device have the “Enable WAN down browser redirect notice” option enabled? Not directly related to my comment above, but I’m still curious.

 

[Laxarus]

It seems that stubby keeps returning BOGUS re"plies to dnsmasq.

Does either device have the “Enable WAN down browser redirect notice” option enabled? Not directly related to my comment above, but I’m still curious.

"Enable WAN down browser redirect notice" are disabled for both of them.

 

[Xentrk]

I use x3mrouting custom script and you are right there is a log directive in the dnsmasq.conf.add

log-async
log-queries
log-facility=/opt/var/log/dnsmasq.log

I think @Xentrk will be interested to know regarding dnsmasq.conf.add

@dave14305 is right. The USB is probably not mounted yet so the log-facility fails.

Another approach is needed similar to what Diversion handles dnsmasq logging configuration. It requires additional coding. For now, you can manually restart dnsmasq after USB mounts as a temporary workaround until I can code the solution.

 

[Xentrk]

I use x3mrouting custom script and you are right there is a log directive in the dnsmasq.conf.add

log-async
log-queries
log-facility=/opt/var/log/dnsmasq.log

I think @Xentrk will be interested to know regarding dnsmasq.conf.add

Looking into that folder there is 1gb dnsmasq log file. I will test again and post this log too.


It is also affecting wireless clients. But wireless clients recover by themselves for some reason On the other hand, to recover wired clients a router reboot is necessary. There are about 40-45 devices (PC, printer, NAS, IOT, etc, switches, aps) connected to the network.

Attached is the dnsmasq log file
Apr 12 17:56:32 dnsmasq[2755]: config 192.168.1.129 is NXDOMAIN >> modem reboot after this.

I will try turning off the link aggregation.
Do you guys think DMZ might be the culprit here? Though, I do not have any reasonable justification for this. It is not logical but I mentioned before that I did not have such issue with my previous bridged dsl modem.

I cannot attach the file for some reason.
Here is the pastebin link.

https://pastebin.com/s29VW65u

Please test this approach before I integrate with x3mRouting as an option to enable dnsmasq logging. It uses dnsmasq.postconf to add the required entries to /tmp/etc/dnsmasq.conf.

copy/paste the following code snips on ssh session

echo ". /jffs/addons/x3mRouting/dnsmasq_logging.sh $1 # Added by x3mRouting" >> /jffs/scripts/dnsmasq.postconf && chmod 755 /jffs/scripts/dnsmasq.postconf

cat <<EOF >/jffs/addons/x3mRouting/dnsmasq_logging.sh
#!/bin/sh
#Location: /jffs/addons/x3mRouting/dnsmasq_logging.sh
logger -st "($(basename "$0"))" $$ "Started x3mRouting dnsmasq logging configuration"

CONFIG=$1
source /usr/sbin/helper.sh

pc_append "# start of x3mRouting dnsmasq log parameters"  "$CONFIG"
pc_append "log-async" "$CONFIG"
pc_append "log-queries" "$CONFIG"
pc_append "log-facility=/opt/var/log/dnsmasq.log" "$CONFIG"
pc_append "# end of x3mRouting dnsmasq log parameters" "$CONFIG"
chown nobody /opt/var/log/dnsmasq.log*
chmod 0640 /opt/var/log/dnsmasq.log*
service restart_dnsmasq
logger -st "($(basename "$0"))" $$ "Completed 3mRouting dnsmasq logging configuration"
EOF

chmod 755 /jffs/addons/x3mRouting/dnsmasq_logging.sh

# remove dnsmasq.conf.add entries
sed -i "\~\blog-async\b~d" "/jffs/configs/dnsmasq.conf.add"
sed -i "\~\blog-queries\b~d" "/jffs/configs/dnsmasq.conf.add"
sed -i "\~\blog-facility\b~d" "/jffs/configs/dnsmasq.conf.add"

. /jffs/addons/x3mRouting/dnsmasq_logging.sh /etc/dnsmasq.conf

 

[dave14305]

cat <<EOF >/jffs/addons/x3mRouting/dnsmansq_logging.sh

You have some typos in the spelling of dnsmasq in a few places.

 

[Xentrk]

You have some typos in the spelling of dnsmasq in a few places.

Thanks. Should be fixed now.

 

[dave14305]

Thanks. Should be fixed now.

Also necessary to remove the same options from dnsmasq.conf.add when testing the new code above.