Tue Jan 26 01:21:42 2021 daemon.warn dnsmasq[3837]: possible DNS-rebind attack detected: popup.carbonite.com
I do use Carbonite, and it hasn't backed up in 38 hours despite being scheduled to do it every 24. Hope it's just another Carbonite glitch - after all it's a pretty glitchy program.
I believe this is probably not related to the upgrade. This is an actual DNS rebind "attack" which means that dnsmasq is correctly preventing your device from resolving that FQDN to a local address.
For reference, I see popup.carbonite.com resolving to a local IP address (127.0.0.53) on public DNS records.
If it is what you expect (i.e. carbonite is a local service to your device - I'm not familiar with it), you may want to add that entry to your device hosts file. You could also add a rebind exception to your dnsmasq config for that particular IP (if you trust carbonite.com).
I just wanted to thank everyone involved in turning round the latest fix super quick. I've been running dnsmasq_2.80-16.3 since release and works perfectly for me.
2021-01-25T20:14:29-03:00 OpenWrt dnsmasq[2410]: failed to send packet: Operation not permitted
2021-01-26T16:53:56-03:00 OpenWrt dnsmasq[2410]: failed to send packet: Operation not permitted
(I upgraded the package at 16:00 yesterday)
Is this one normal?
I had upgraded dnsmasq last week, and was seeing 'failed to send packet' errors every couple of minutes. I then upgraded the dnsmasq package again this afternoon. Thus far the error seems to have gone away.
I wouldn't regard it as 'normal', I suspect it is benign and was occurring on earlier versions of the package. I've seen it occasionally when my ISP wan link drops. The message is in essence 'permission denied'. Once every 24 hours is not something I would worry about.
Investigating further would probably start with running 'strace' on dnsmasq to see how the 'sendmsg' syscall is failing. Then getting a bit more info on the offending socket file descriptor.
strace -Z --trace=sendmsg -p $(pidof dnsmasq)
lines beginning "sendmsg(11, {msg_name={sa_family=AF_INET, sin_port=htons(41774)," would be of interest, taking the file handle (11 in this case) into readlink to get an inode
'readlink /proc/$(pidof dnsmasq)/fd/11' - returns a socket number e.g. socket:[2081468]
Then get some socket details with "grep 2081468 /proc/$(pidof dnsmasq)/net/{tcp,tcp6,udp,udp6}"
But I very much doubt this effort is going to reveal anything particularly magical/dangerous.
So far it seems to be indeed. Haven't felt any network outage as I have before the package upgrade.
As of now, I only have this logged:
2021-01-25T20:14:29-03:00 OpenWrt dnsmasq[2410]: failed to send packet: Operation not permitted
2021-01-26T16:53:56-03:00 OpenWrt dnsmasq[2410]: failed to send packet: Operation not permitted
2021-01-26T20:05:30-03:00 OpenWrt dnsmasq[2410]: failed to send packet: Operation not permitted
Can i do this and let it there waiting for maybe more than 24 hours? Will this harm the router or, at least, its functionality? (I'm guessing that this may require extra resources from the router that may negatively impact its performance)
Thanks for your reply and for the quick answer fixing the bug!
On Ubuntu (strace version 5.5), the -Z option exists (print only syscalls that returned with an error code), but I'm not sure what would be the alternative in Openwrt's strace.
I can confirm the issue with dnsmasq 2.83 spamming syslog with "DNSMASQ failed to send packet: Address family not supported by protocol" or similar. The network both has IPv6 enabled and has Windows machines as clients... I was running a snapshot versions from last month. Upgrading dnsmasq with opkg fixed the issue for me.
I am having the 19.07.6 with the dnsmasq 2.80-16.2. I get a lot of syslog spamming with the "dnsmasq failed to send packet".
In the luci-interface I can see that the dnsmasq package is upgradeable to 2.80-16.3.
However, when I select to "upgrade" it fails with the following error:
OK I shot the question too quickly. I should have updated the package list before the upgrade.
Maybe someone else avoids same issue, and scratching his head, by reading my post
However, I discovered now also a message telling that that there is new config file (now saved on the name dhcp-opkg). I have edited by dhcp preferences + did change the dnsmasq cache to 0. I will study the differences in config files but it could be helpful if someone notified potential real changes in the config i.e. do I need to care about the dhcp-opkg at all.
Thanks for a quick help.
I did realize, indeed, that I should have updated the package list before the upgrade.
Now I did, and successfully upgraded the dnsmasq.
Hopefully my experience helps other people from doing the same trivial mistake.
Hi, just to verify, I ran the upgrade commands in the first post. I'm on david's build (pretty old but pretty darn good I must say).
Now it says 2.81-2, am I safe and upgraded? Thanks!
No, you are using some old OpenWrt version and have an old version of dnsmasq.
Based on 2,81, you likely have an old master build, which tries to upgrade from old mvebu packages. The mvebu package arch was changed a few months ago from arm_cortex-a9_vfpv3 to arm_cortex-a9_vfpv3-d16.
Thanks hnyman, appreciate it a lot.
My david build's quite old and I'm not looking into upgrading it at the moment (it just works so well).
Could I "use" a newer package to upgrade only dnsmasq and not do a full sysupgrade?
I'm looking into other builds but at the moment I'm not sure what to do..