Failure to start dnsmasq

chuacw · May 1, 2019, 6:05pm

Hi,

I'm getting these messages in the logs:

Thu May 2 01:46:32 2019 daemon.crit dnsmasq[25380]: illegal repeated keyword at line 7 of /var/etc/dnsmasq.conf.cfg01411c
Thu May 2 01:46:32 2019 daemon.crit dnsmasq[25380]: FAILED to start up

when I start dnsmasq with /etc/init.d/dnsmasq start

The /var/etc/dnsmasq.conf.cfg01411c file is below.
Where is the repeated keyword???

# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
localise-queries
read-ethers
enable-ubus
expand-hosts
port=5053 #Either this is line 7
dhcp-leasefile=/tmp/dhcp.leases # or this is line 7
resolv-file=/tmp/resolv.conf.auto
dhcp-broadcast=tag:needs-broadcast
addn-hosts=/tmp/hosts
conf-dir=/tmp/dnsmasq.d
user=dnsmasq
group=dnsmasq

But if I run the command manually,

dnsmasq -a 192.168.0.1 -C /etc/dnsmasq.conf -d -F 192.168.0.100,192.168.0.150

dnsmasq had no problems starting up.

The dnsmasq I have is:
dnsmasq: started, version 2.80 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC no-ID loop-detect inotify dumpfile

And no, this is not compiled by me, but downloaded using the standard way from the OpenWRT LuCI GUI.

lleachii · May 1, 2019, 6:12pm

If you started the paste at line 1, then that is line 7.

Can you explain why you want your DNS server to run at port 5053?
Did you knowingly make this config change?
Most importantly, where in the system did you make the config change?

chuacw · May 1, 2019, 6:19pm

@lleachii

That's because I replaced dnsmasq with dnscrypt-proxy more than a year ago.

You're missing the point, which is, if I run the dnsmasq command manually, it works, and dnsmasq is listening on port 5053 without issue.

The only change I'm aware of is that I upgraded dnsmasq.

The change is made in Network -> DHCP and DNS -> Advanced Settings -> DNS server port.

lleachii · May 1, 2019, 6:23pm

I haven't missed a point, that's exactly what I'm trying to help you with - it should work!

Oh, this is the first time you've mentioned that.

What version of OpenWrt are you using?
What previous version of OpenWrt were you using when it worked?
You still didn't say where you are making these config changes (it's still important to know, i.e. you may be entering them in the incorrect location).

chuacw · May 1, 2019, 6:26pm

I'm using LuCI openwrt-18.06 branch (git-19.079.57770-b99e77d) / OpenWrt 18.06.2 r7676-cddd7b4c77
Previous version of OpenWRT was the immediate release before that, so it should be 18.06.1

The change is made in Network -> DHCP and DNS -> Advanced Settings -> DNS server port.

and that change was over a year ago.

lleachii · May 1, 2019, 6:44pm

OK, I've attempted to replicate your issue on OpenWrt SNAPSHOT, r9893-8abb505. I'm able to change the port and dnsmasq restarts successfully.

Can you try a Snapshot version in order to determine if 18.06.2 is the problem?

If you need the web GUI on a Snapshot, remember to:

opkg update
opkg install luci

chuacw · May 1, 2019, 7:10pm

@lleachii

Thank you. I'll try that tomorrow. It's 3am for me now.

However, I've just discovered that even though dnsmasq listens on port 5053, it's not responding to DHCP requests on port 67 using dhcptest-0.7 that I got from https://github.com/CyberShadow/dhcptest strangely.

Running netstat -tulnp gets me

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1892/uhttpd
tcp        0      0 192.168.0.1:22          0.0.0.0:*               LISTEN      2311/dropbear
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1892/uhttpd
tcp        0      0 0.0.0.0:5053            0.0.0.0:*               LISTEN      9309/dnsmasq
tcp        0      0 :::80                   :::*                    LISTEN      1892/uhttpd
tcp        0      0 :::53                   :::*                    LISTEN      1399/dnscrypt-proxy
tcp        0      0 :::443                  :::*                    LISTEN      1892/uhttpd
tcp        0      0 :::5053                 :::*                    LISTEN      9309/dnsmasq
udp        0      0 0.0.0.0:67              0.0.0.0:*                           9309/dnsmasq
udp        0      0 0.0.0.0:5053            0.0.0.0:*                           9309/dnsmasq
udp        0      0 :::546                  :::*                                2021/odhcp6c
udp        0      0 :::547                  :::*                                16017/odhcpd
udp        0      0 :::53                   :::*                                1399/dnscrypt-proxy
udp        0      0 :::5053                 :::*                                9309/dnsmasq

Running the command: nslookup www.google.com 127.0.0.1#5053
it is resolving.

So now, there's a DHCP issue. How do I figure out why the DHCP is not responding?

trendy · May 1, 2019, 7:36pm

Your DHCP server is running.
Verify with tcpdump the exchange of packets on UDP/67.

chuacw · May 1, 2019, 7:49pm

Further investigations, changing the port again from the GUI interface somehow causes the (DNS) port entry to appear in both /etc/dnsmasq.conf and /var/etc/dnsmasq.conf.cfg01411c.

Where can I fix this? If I edit /etc/dnsmasq.conf manually to remove the port, /var/etc/dnsmasq.conf... gets updated too.

lleachii · May 1, 2019, 7:56pm

You haven't described anyhting that's broken - there's nothing to fix. You shouldn't edit that file, the port parameter is available in the UCI. This is why I asked twice where you are making the changes.

The proper file to edit is /etc/config/dhcp

Hope this helps.

chuacw · May 1, 2019, 7:58pm

Ok, it looks like there's really some bug in dnsmasq.

For some reason, even though there's no port in /etc/dnsmasq.conf and /var/etc/dnsmasq.conf... gets updated with a port=5053 value (which I set from the GUI), dnsmasq is complaining that the port setting is repeated, and hence refuses to start.

chuacw · May 1, 2019, 8:01pm

@lleachii

How have I not described anything that's not broken?
Editing from the GUI causes the port (to sometimes) appear in both /etc/dnsmasq.conf and /var/etc/dnsmasq.conf... which then causes dnsmasq to fail to start.

Actually, if both the port numbers are equal, there's no reason not to start. Only if the port numbers (which for some unthinkable reason) is appearing in both places, and have DIFFERENT values, then it should not start.

chuacw · May 1, 2019, 8:03pm

Blockquote
You haven't described anyhting that's broken - there's nothing to fix. You shouldn't edit that file, the port parameter is available in the UCI.

The thing is when I'm editing the file, it is to remove the port, to see if that can start up dnsmasq.
I don't know why adding the port from the GUI causes the port setting to show up in 2 places and cause dnsmasq to think it's illegal.

Can you describe the logic so that I can determine how best to proceed?

lleachii · May 1, 2019, 8:06pm

You noted you edited other files
Please see: https://openwrt.org/docs/guide-user/base-system/dhcp
Only edit /etc/config/dhcp
After saving, use /etc/init.d/dnsmasq reload
If this fails, let us know if it works in Snapshot

jeff · May 1, 2019, 8:22pm

/etc/init.d/dnsmasq is the start-up script

chuacw · May 2, 2019, 7:12am

@lleachii

dnsmasq starts, but doesn't respond to DHCP queries.
Using tcpdump

tcpdump -vv -i br-lan port 67 or port 68 -e -n

I can see that DHCP queries are coming in, but dnsmasq is not responding.

    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from xx:xx:98:3c:c3, length 300, xid 0xb76b20e0, secs 37464, Flags [none] (0x0000)
          Client-Ethernet-Address b0:4e:26:98:3c:c3
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            MSZ Option 57, length 2: 1500
            Parameter-Request Option 55, length 5:
              Subnet-Mask, Time-Zone, Default-Gateway, Domain-Name-Server
              SMTP
            Vendor-Class Option 60, length 5: "EMLAB"
            Client-ID Option 61, length 7: ether b0:4e:26:98:3c:c3
15:04:47.627671 40:61:86:01:75:c7 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 286: (tos 0x0, ttl 128, id 4772, offset 0, flags [none], proto UDP (17), length 272)
    192.168.0.2.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 00:11:22:33:0c:f3, length 244, xid 0xfa14a875, Flags [Broadcast] (0x8000)
          Client-Ethernet-Address 00:11:22:33:0c:f3
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
15:04:48.310782 b0:4e:26:98:3b:e2 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 31799, offset 0, flags [none], proto UDP (17), length 328)

When you're able to start up dnsmasq on port 5053, was it responding to dhcp queries?
For me, dnsmasq is not responding to queries.

trendy · May 2, 2019, 8:22am

Take a backup of the configuration, reset to defaults and start configuring from scratch.
After each step of the configuration verify that everything is working as it should.

chuacw · May 2, 2019, 9:32am

Is there a way to troubleshoot dnsmasq and see why it's not responding to DHCP discover requests?

Would you want to provide me a configuration file I can use for dnsmasq that I can modify and see that it can respond to DHCP requests?

Resetting and reconfiguring the entire router is more trouble than it's worth, and there's no guaranteee it'll certainly work.

chuacw · May 2, 2019, 10:06am

Ok, got it to work.

The working /etc/dnsmasq.conf and /var/etc/dnsmasq.conf... is:

# /etc/dnsmasq.conf
dhcp-authoritative
dhcp-option=252,"\n"
dhcp-option=3,192.168.0.1
dhcp-option=6,192.168.0.1,1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4
dhcp-option=vendor:MSFT,2,1i
dhcp-range=192.168.0.50,192.168.0.100,12h
expand-hosts
read-ethers
server=1.1.1.1

# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
enable-ubus
log-dhcp
log-facility=/tmp/dnsmasq-dhcp.log
port=5053
dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.auto
dhcp-broadcast=tag:needs-broadcast
addn-hosts=/tmp/hosts
conf-dir=/tmp/dnsmasq.d
user=dnsmasq
group=dnsmasq
dhcp-ignore-names=tag:dhcp_bogus_hostname
conf-file=/usr/share/dnsmasq/dhcpbogushostname.conf
bogus-priv
conf-file=/usr/share/dnsmasq/rfc6761.conf

The uci show dhcp output is:

dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].logdhcp='1'
dhcp.@dnsmasq[0].rebind_protection='0'
dhcp.@dnsmasq[0].localservice='0'
dhcp.@dnsmasq[0].nonwildcard='0'
dhcp.@dnsmasq[0].logfacility='/tmp/dnsmasq-dhcp.log'
dhcp.@dnsmasq[0].port='5053'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.lan.dhcpv4='server'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.@host[0]=host
dhcp.@host[0].name='SOMENAME'
dhcp.@host[0].dns='1'
dhcp.@host[0].mac='XX:XX:XX:01:75:C7'
dhcp.@host[0].ip='192.168.0.2'
dhcp.@host[0].leasetime='30d'

For those troubleshooting in the future, the command
/etc/init.d/dnsmasq start

runs the following command (the conf files are generated):
/usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid

I've analyzed the previous configuration, vs the current working configuration.

The two lines below were in /etc/dnsmasq.conf

log-dhcp
log-facility=/tmp/dnsmasq.log

which was preventing dnsmasq(or the DHCP server function in dnsmasq) from starting up, because it is also in the /var/etc/dnsmasq.conf... file.

Thanks to everyone who helped.

trendy · May 2, 2019, 12:55pm

FYI /var/etc/dnsmasq.conf is auto-generated as mentioned in the first line, so you shouldn't be editing it manually. Furthermore /var is symbolic link to /tmp so nothing will survive a reboot.