[solved] Dnsmasq weird queries

sscheib · February 1, 2019, 6:03pm

Hello everybody,

my dnsmasq queries for some weird reason all the devices which have a DHCP address for the PTR record - this is done every few seconds.
See the following output:

Feb  1 17:57:10 dnsmasq[4519]: 30668 127.0.0.1/39068 query[PTR] 3.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30668 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.3 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30669 127.0.0.1/39068 query[PTR] 9.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30669 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.9 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30670 127.0.0.1/39068 query[PTR] 2.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30670 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.2 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30671 127.0.0.1/39068 query[PTR] 211.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30671 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.211 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30672 127.0.0.1/39068 query[PTR] 203.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30672 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.203 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30673 127.0.0.1/39068 query[PTR] 131.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30673 127.0.0.1/39068 config 10.10.20.131 is NXDOMAIN
Feb  1 17:57:10 dnsmasq[4519]: 30674 127.0.0.1/39068 query[PTR] 4.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30674 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.4 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30675 127.0.0.1/39068 query[PTR] 12.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30675 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.12 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30676 127.0.0.1/39068 query[PTR] 201.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30676 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.201 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30677 127.0.0.1/39068 query[PTR] 100.0.168.192.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30677 127.0.0.1/39068 config 192.168.0.100 is NXDOMAIN
Feb  1 17:57:10 dnsmasq[4519]: 30678 127.0.0.1/39068 query[PTR] 10.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30678 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.10 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30679 127.0.0.1/39068 query[PTR] 213.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30679 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.213 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30680 127.0.0.1/39068 query[PTR] 1.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30680 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.1 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30681 127.0.0.1/39068 query[PTR] 212.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30681 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.212 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30682 127.0.0.1/39068 query[PTR] 22.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30682 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.22 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30683 127.0.0.1/39068 query[PTR] 13.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30683 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.13 is xxx.lan
Feb  1 17:57:10 dnsmasq[4519]: 30684 127.0.0.1/39068 query[PTR] 220.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 17:57:10 dnsmasq[4519]: 30684 127.0.0.1/39068 /tmp/hosts/dhcp.cfg01411c 10.10.20.220 is xxx.lan

(I redacted the hostnames for privacy reasons)

Is this the usual behavior or how can I prevent this?

Thanks!

jeff · February 1, 2019, 6:12pm

The reverse queries for the 10.10.20.0 net may be the router trying to associate the IP addresses on your net (assuming that is your net) with host names.

sscheib · February 1, 2019, 6:59pm

Hello jeff,

thank you for you quick response.
Yes, indeed 10.10.20.0/24 is my private network. However, I don't have another resolver in my network besides dnsmasq on the OpenWRT router, so I would assume dnsmasq knows - or at least in my opinion should know - the PTR records from the assigned addresses.

Do you know, how I could tell dnsmasq to stop trying to resolve these addresses or how I could create/assign the PTR records, so dnsmasq stops spamming the log?

Thank you very much!

jeff · February 1, 2019, 7:04pm

Something is asking for those records other than dnsmasq. I would guess that it's LuCI to be able to render the connected-clients displays.

query[PTR] 220.20.10.10.in-addr.arpa from 127.0.0.1

suggests that it is a request coming from your OpenWrt instance.

sscheib · February 1, 2019, 7:37pm

Hello jeff,

you know what? You are a weekend saver!! Thank you sooo much.
When I closed my open tab from the LuCI web interface it immediately stopped spamming the log!

However, I learned how to create the PTR records for dnsmasq (/etc/dnsmasq.conf):
address=/hostname.lan/10.10.20.214
ptr-record=214.20.10.10.in-addr.arpa,hostname.lan

So the lookup from dnsmasq will look like:

Feb  1 19:33:19 dnsmasq[11306]: 122 127.0.0.1/47071 query[PTR] 4.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 19:33:19 dnsmasq[11306]: 122 127.0.0.1/47071 config 4.20.10.10.in-addr.arpa is <PTR>
Feb  1 19:33:19 dnsmasq[11306]: 123 127.0.0.1/47071 query[PTR] 12.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 19:33:19 dnsmasq[11306]: 123 127.0.0.1/47071 config 12.20.10.10.in-addr.arpa is <PTR>
Feb  1 19:33:19 dnsmasq[11306]: 124 127.0.0.1/47071 query[PTR] 201.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 19:33:19 dnsmasq[11306]: 124 127.0.0.1/47071 config 201.20.10.10.in-addr.arpa is <PTR>
Feb  1 19:33:19 dnsmasq[11306]: 125 127.0.0.1/47071 query[PTR] 100.0.168.192.in-addr.arpa from 127.0.0.1
Feb  1 19:33:19 dnsmasq[11306]: 125 127.0.0.1/47071 config 192.168.0.100 is NXDOMAIN
Feb  1 19:33:19 dnsmasq[11306]: 126 127.0.0.1/47071 query[PTR] 10.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 19:33:19 dnsmasq[11306]: 126 127.0.0.1/47071 config 10.20.10.10.in-addr.arpa is <PTR>
Feb  1 19:33:19 dnsmasq[11306]: 127 127.0.0.1/47071 query[PTR] 213.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 19:33:19 dnsmasq[11306]: 127 127.0.0.1/47071 config 213.20.10.10.in-addr.arpa is <PTR>
Feb  1 19:33:19 dnsmasq[11306]: 128 127.0.0.1/47071 query[PTR] 1.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 19:33:19 dnsmasq[11306]: 128 127.0.0.1/47071 config 1.20.10.10.in-addr.arpa is <PTR>
Feb  1 19:33:19 dnsmasq[11306]: 129 127.0.0.1/47071 query[PTR] 212.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 19:33:19 dnsmasq[11306]: 129 127.0.0.1/47071 config 212.20.10.10.in-addr.arpa is <PTR>
Feb  1 19:33:19 dnsmasq[11306]: 130 127.0.0.1/47071 query[PTR] 22.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 19:33:19 dnsmasq[11306]: 130 127.0.0.1/47071 config 22.20.10.10.in-addr.arpa is <PTR>
Feb  1 19:33:19 dnsmasq[11306]: 131 127.0.0.1/47071 query[PTR] 13.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 19:33:19 dnsmasq[11306]: 131 127.0.0.1/47071 config 13.20.10.10.in-addr.arpa is <PTR>
Feb  1 19:33:19 dnsmasq[11306]: 132 127.0.0.1/47071 query[PTR] 220.20.10.10.in-addr.arpa from 127.0.0.1
Feb  1 19:33:19 dnsmasq[11306]: 132 127.0.0.1/47071 config 220.20.10.10.in-addr.arpa is <PTR>

Thank you so much again jeff!

system · February 11, 2019, 7:37pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.