[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Using dnsmasq systemd-resolved resolvconf

Hi,

On a fresh install of Debian 9 I was seeing the folowing in my logs:
Dec 06 01:55:18 dnsmasq[952]: Maximum number of concurrent DNS queries reached (max: 150) Dec 06 01:58:12 dnsmasq[952]: Maximum number of concurrent DNS queries reached (max: 150)
Dec 06 04:42:17 kernel: nf_conntrack: nf_conntrack: table full, dropping packet Dec 06 05:16:30 kernel: nf_conntrack: nf_conntrack: table full, dropping packet 

Those only appeard when I use the 'resolvconf' package.
I'm using 'dnsmasq', 'resolvconf' and 'systemd-resolved' for my upstream dns. Setting 'Cache=no' in '/etc/systemd/resolved.conf' eliminates those "errors". 


According to:

https://github.com/systemd/systemd/issues/5352
the following messages are related to DNSSEC ( if I'm understanding correctly) :
Dec 10 15:45:41 systemd-resolved[893]: Using degraded feature set (UDP) for DNS server 127.0.0.1. Dec 10 15:45:57 systemd-resolved[893]: Using degraded feature set (TCP) for DNS server 127.0.0.1. Dec 10 23:28:04 systemd-resolved[2610]: Grace period over, resuming full feature set (UDP+EDNS0+DO+LARGE) for DNS server 127.0.0.1. 

Those messages are apparently armeless?
If I don't use the resolvconf package I don't get those messages at all though.
As recommended by systemd-resolved.service(8) resolv.conf(5) is to be a symbolic link to '/run/systemd/resolve/resolv.conf'. 


$ ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
$ rm -rf /run/systemd/resolve
$ systemctl restart dnsmasq
"Job for dnsmasq.service failed because the control process exited with error code. 
See "systemctl status dnsmasq.service" and "journalctl -xe" for details."

$ journalctl -x -t dnsmasq -n 4 --no-hostname

Dec 07 08:44:13 dnsmasq[904]: dnsmasq: syntax check OK.
Dec 07 08:44:13 dnsmasq[914]: directory /etc/resolv.conf for resolv-file is missing, cannot poll Dec 07 08:44:13 dnsmasq[914]: dnsmasq: directory /etc/resolv.conf for resolv-file is missing, cannot poll 
Dec 07 08:44:13 dnsmasq[914]: FAILED to start up
Given that dnsmasq is started before systemd-resolved dnsmasq should not fail if '/run/systemd/resolve' does not exist. I didn't report it as a bug because I'm not sure if it's already fixed in a later release of dnsmasq. 


--
John Doe
Reply to: