!tCyGickeVqkHsYjWnh:nixos.org

NixOS Networking

897 Members
Declaratively manage your switching, routing, wireless, tunneling and more.262 Servers

Load older messages

SenderMessageTime
25 May 2021
@andi:kack.itandi- alexey96: Can you post some configuration snippets? What is dnsmasq using as upstream resolver once it is through your filter lists? 17:36:03
@alexey96:matrix.orgalexey96 andi-: 8.8.8.8 (google), 208.67.220.220 (opendns) 17:38:01
@andi:kack.itandi-Might be worth checking if your lookups are indeed looping between your devices. Look into the logging output (turn it to debug/verbose) and/or use tcpdump to see what is happening there.17:39:05
@alexey96:matrix.orgalexey96Redacted or Malformed Event17:39:25
@andi:kack.itandi-Maybe dnsmasq is just overloaded by the amount of filters you have? How many are there? Have you tried removing the fiters to see if that improves anything?17:39:30
@alexey96:matrix.orgalexey96I am using configuration suggested here: https://github.com/NixOS/nixpkgs/issues/61617#issuecomment-62393419317:41:01
@alexey96:matrix.orgalexey96Same block-lists from pi-hole repository17:41:19
@alexey96:matrix.orgalexey96except for listen address, i have added machine's static address to resolve inbound requests17:42:39
@alexey96:matrix.orgalexey96and have opened TCP and UDP ports 5317:43:08
@alexey96:matrix.orgalexey96It is in loop indeed. Have just checked log file: May 25 20:44:22 dnsmasq[27139]: forwarded router.asus.com.home to 192.168.1.1 May 25 20:44:22 dnsmasq[27139]: query[A] router.asus.com.home from 192.168.1.1 May 25 20:44:22 dnsmasq[27139]: forwarded router.asus.com.home to 192.168.1.1 May 25 20:44:22 dnsmasq[27139]: query[A] router.asus.com.home from 192.168.1.1 May 25 20:44:22 dnsmasq[27139]: forwarded router.asus.com.home to 192.168.1.1 May 25 20:44:22 dnsmasq[27139]: query[A] router.asus.com.home from 192.168.1.1 May 25 20:44:22 dnsmasq[27139]: forwarded router.asus.com.home to 192.168.1.1 May 25 20:44:22 dnsmasq[27139]: query[A] router.asus.com.home from 192.168.1.1 May 25 20:44:22 dnsmasq[27139]: forwarded router.asus.com.home to 192.168.1.1 May 25 20:44:22 dnsmasq[27139]: query[A] router.asus.com.home from 192.168.1.1 May 25 20:44:22 dnsmasq[27139]: forwarded router.asus.com.home to 192.168.1.1 May 25 20:44:22 dnsmasq[27139]: query[A] router.asus.com.home from 192.168.1.1 May 25 20:44:22 dnsmasq[27139]: forwarded router.asus.com.home to 192.168.1.1 17:45:22
@alexey96:matrix.orgalexey96I have a stock AsusWRT on my router and i have no way of disabling it broadcasting itself as secondary DNS for local domain17:47:34
@alexey96:matrix.orgalexey96So the only option to prevent this looping is removing it from resolv.conf on the NixOS machine and i have trouble with this17:48:29
@alexey96:matrix.orgalexey96 * So the only option to prevent this looping is removing ip 192.168.1.1 from resolv.conf on the NixOS machine and i have trouble with this17:49:03
@alexey96:matrix.orgalexey96

Network and dnsmasq configs: # DNS server
services.dnsmasq.enable = true;
services.dnsmasq.extraConfig = ''

domain-needed
bogus-priv
no-resolv

server=208.67.220.220
server=8.8.8.8

listen-address=::1,127.0.0.1,192.168.1.100
bind-interfaces

cache-size=10000
log-queries
log-facility=/tmp/ad-block.log
local-ttl=300

conf-file=/etc/nixos/assets/hosts-blocklists/domains.txt
addn-hosts=/etc/nixos/assets/hosts-blocklists/hostnames.txt
# address=/nixos.home/192.168.1.100

'';

17:51:21
@alexey96:matrix.orgalexey96 networking.useDHCP = false; networking.interfaces.eno0.useDHCP = true; networking.interfaces.wlp2s0.useDHCP = true; networking.nameservers = [ "127.0.0.1" "::1" ]; 17:52:55
@andi:kack.itandi- That log is interesting. As you've set no-resolv it should only use the server statements to do the resolving. What arguments is dnsmasq launched with? 17:53:04
@alexey96:matrix.orgalexey96How can i get that information?17:54:46
@andi:kack.itandi- systemctl cat dnsmasq should show you the cmdline that process was launched with 17:55:03
@andi:kack.itandi- or rather systemctl status dnsmasq 17:55:12
@alexey96:matrix.orgalexey96/nix/store/zsdx9lmnjma8xdv2acz4ha0hi45wkxvh-dnsmasq-2.85/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C /nix/store/x4nvgi8mz9vj1myfb6hbsd8vh7zxlm57-dnsmasq.conf17:56:10
@alexey96:matrix.orgalexey96 * So the only option I see to prevent this looping is removing ip 192.168.1.1 from resolv.conf on the NixOS machine and i have trouble with this18:04:06
@andi:kack.itandi-alexey96: try passing a dummy resolv.conf to dnsmasq via the resolv-file=... argument.. I somehow suspec that server=.. isn't doing exactly the right thing. Dnsmasq might fall back to libc based DNS and then end up on your router again?18:04:14
@andi:kack.itandi-

In the config block above you could write

resolv-file=${pkgs.writeText "dnsmasq-resolv.conf" "nameserver 8.8.8.8"}
18:05:21
@andi:kack.itandi-(Obviously add the v6 address as well I was just lazy)18:05:53
@alexey96:matrix.orgalexey96
In reply to @andi:kack.it

In the config block above you could write

resolv-file=${pkgs.writeText "dnsmasq-resolv.conf" "nameserver 8.8.8.8"}
Had no effect. dsnmasq-resolve.conf didnt change, still 100% cpu usage 		18:13:24
@alexey96:matrix.orgalexey96

cat /etc/dnsmasq-resolv.conf

Generated by resolvconf

nameserver 192.168.1.100
nameserver 192.168.1.1

18:13:39
@andi:kack.itandi-what is that file relevant? I don't see it in the earlier pastes. Did you declare that?18:18:28
@alexey96:matrix.orgalexey96I didnt declare it anyway before. Shouldn't the resolv-file=... change it?18:26:50
@alexey96:matrix.orgalexey96 * I didnt declare it in anyway before. Shouldn't the resolv-file=... change it?18:27:05
@andi:kack.itandi-no, that only tells it which file to read. It shouldn't read that file on disk18:27:46

Show newer messages

Back to Room ListRoom Version: 6