[Freedombox-discuss] UPDATE: After latest reboot dnsmasq no longer starts on any interface.

A. F. Cano afc54 at comcast.net
Sat Oct 16 18:25:48 BST 2021 

On Fri, Oct 15, 2021 at 03:54:53PM -0700, Sunil Mohan Adapa wrote:
> On 10/15/21 11:57 AM, A. F. Cano wrote:
> ...
> > The unpredictable behavior continues.  After the latest update to 21.11,
> > without a reboot, dnsmasq was running on the 2 internal interfaces, but
> > the "nothing goes through the firewall" issue is still not resolved.  To
> > see if this could possibly need a reboot, I did so.  It didn't fix it,
> > and furthermore, after the reboot dnsmasq doesn't start on either
> > internal interface.
> 
> A recent bug report was filed because backup action starts bind9 daemon even
> when it is not explicitly enabled[1]. Could you please check if bind is
> running on your machine. Competing for the 53 port would explain some of

$ ps aux | grep named
bind        8880  0.1  1.6 395340 64664 ?        Ssl  14:53   0:43 /usr/sbin/named -f -u bind


> your symptoms. You can ensure that bind9 daemon does not start by running:
> 
> systemctl mask named.service

$ sudo systemctl mask named.service
pam-abl: BDB1546 unable to join the environment
pam-abl: BDB1546 unable to join the environment
[sudo] password for <local login>: 
Created symlink /etc/systemd/system/named.service → /dev/null.

$ sudo kill 8880
$ sudo /etc/init.d/networking restart
Restarting networking (via systemctl): networking.service.
$ ps aux | grep dns
<local login>    106969  0.0  0.0   6260  2312 pts/0    R+   12:27   0:00 grep dns
$

So, restarting networking, after killing named, still doesn't start
dnsmasq.

Time for a reboot:

$ sudo shutdown -r now

$ ps aux | grep dns
nobody       666  0.0  0.1  14020  4188 ?        S    12:33   0:00 /usr/sbin/dnsmasq --conf-file=/dev/null --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=192.168.224.27 --dhcp-range=192.168.224.36,192.168.224.254,60m --dhcp-lease-max=50 --dhcp-leasefile=/var/lib/NetworkManager/dnsmasq-enp2s0.leases --pid-file=/run/nm-dnsmasq-enp2s0.pid --conf-dir=/etc/NetworkManager/dnsmasq-shared.d
nobody       676  0.0  0.1  14020  4052 ?        S    12:33   0:00 /usr/sbin/dnsmasq --conf-file=/dev/null --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=192.168.200.27 --dhcp-range=192.168.200.36,192.168.200.254,60m --dhcp-lease-max=50 --dhcp-leasefile=/var/lib/NetworkManager/dnsmasq-enp3s0.leases --pid-file=/run/nm-dnsmasq-enp3s0.pid --conf-dir=/etc/NetworkManager/dnsmasq-shared.d

Ok, so this seems to have worked.

Here's how I got to this situation:  Way back then, I had the cable
modem configured as a router.  Internal dns/dhcp requests were being
forwarded to and answered by the cable modem.  This was puzzling since I
was running a totally static network based on /etc/hosts files.

Then I enabled the bind option in FreedomBox.  Now the dns requests were
no longer being answered by the cable modem.  But dnsmasq wasn't
starting.

Much later something seems to bave been fixed and I started seeing the
erratic behavior I described earlier.

I've just checked the BIND option of FreedomBox and now the option is
not enabled (the button is grey).  I have not explicitly disabled it,
has this been done automatically by the 

$ sudo systemctl mask named.service

command? My reasoning for enabling the BIND option was that I wanted to
handle the internal dns and dhcp requests locally on the FreedomBox, but
it appears that dnsmasq and named are incompatible.

For quite a while now I've had the cable modem configured as a bridge.

I'm still not sure what additional configuration I need to do to have
the FreedomBox handle dns requests from the internal machines.  Now that
thd BIND option is disabled, are all dns requests, including the local
ones, leaking out to the internet?

After the mask command above, the BIND option cannot be enabled.

Like I've said before, it would be nice to have a centralized /etc/hosts
on the FreedomBox that would direct FreedomBox DNS to resolve all
internal queries, but this seems to be incompatible with running
dnsmasq, or could dnsmasq handle this with some additional
configuration? If so, what configuration?

> Please confirm a fix with a few reboots (to ensure that dnsmasq is running
> as expected). Thanks for the detailed reporting and your patience with the
> issue.

And thank you for your work on FreedomBox.  It has become indespensable
to me.

Augustine

More information about the Freedombox-discuss mailing list