Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Tue Nov 21, 2023 17:47 Post subject:
clearly as KP-69 and i said it too..crashing of DNSmasq could be due to a bad client that causes DNS flood or malicious activity...so, yes audit your network, isolate this client and happy days...
no idea mwchang what is his post all about, especially that bit.. "If you enable "Use DNSmasq as DNS", then you need to disable "Ignore WAN DNS"." -- nope there is no such a dependency..
Ignore WAN DNS aperes if you dont use a static IP and its very useful...and works..same as adding
no-resolv and server=9.9.9.9 to advanced DNSmasq box... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
I don't think this is an IoT device.
I checked - I have the same warning, it is called by the program - Binance Desktop (this warning appears on the router every time I start it).
You can simply enter http://u.yingwangtech.net/ in the browser and the router will show an error - daemon.warn dnsmasq: possible DNS-rebind attack on IPv4 detected: u.yingwangtech.net
This warning is not related to the problem - "[dnsmasq]: may have died, we need to restart it."
Tried it many times - the problem did not recur.
Alozaros wrote:
clearly as KP-69 and i said it too..crashing of DNSmasq could be due to a bad client that causes DNS flood or malicious activity...so, yes audit your network, isolate this client and happy days...
Unfortunately, I am not as professional as you, but here is my short story.
I have only 4-6 devices on my network, 2-3 of which are PCs and the rest are mobile phones. But this is not so important, because the devices with the network have NOT changed.
I have had an Asus RT-AC68U router with DD-WRT firmware for about 3-4 years; I had r48810 firmware for a long time (there were no problems, the devices on the network are the same). In the summer of 2023, I changed the firmware to the new r53633 (the devices on the network did not change, there were no problems). Somewhere in September, I changed the router to RT-AC66U B1 (the same in fact RT-AC68U) and installed the same firmware r53633 on it (and again the same devices are on the network) and the problems described above arose. That is, ONLY the router on the network has changed.
So it seems to me that perhaps the problem is not in the network devices?
I'll try as mwchang wrote:
Quote:
I am using Unbound ("Recursive DNS Resolving"), and I turn off "Use DNSmasq as DNS" and turn on "Ignore WAN DNS"
I don't think this is an IoT device.
I checked - I have the same warning, it is called by the program - Binance Desktop (this warning appears on the router every time I start it).
You can simply enter http://u.yingwangtech.net/ in the browser and the router will show an error - daemon.warn dnsmasq: possible DNS-rebind attack on IPv4 detected: u.yingwangtech.net
This warning is not related to the problem - "[dnsmasq]: may have died, we need to restart it."
Tried it many times - the problem did not recur.
That answers my question, which was NOT related to the problem, whatsoever (that we know of) . So, it's a mock domain name related to a Cryptocurrency trading application, I presume. Whether it's safe to set a rebind-localhost-ok or rebind-domain-ok= in your dnsmasq additional configs is up to you. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
I have managed to get all the log files and to capture single issue occurrence at Nov 23 13:26:00
Configuration:
Netgear R6400v2 (otp)
Currently on DD-WRT v3.0-r54095 std (11/22/23).
Basic WAN configuration with DHCP to external provider
DHCP (with few IP reservations), DNSMASQ with local domain
WireGuard server config as per instruction
4 FireWall commands to block WireGuard clients access to some local parts of network
2.4 WiFi + 2.4 guest WiFi
Time updated as per default settings
All other default settings
I am regularly updating firmware to almost each version.
Problem started somewhere in September. I don't know the build number as I have not realised at that moment that issue is connected to DNS, as I thought this could be provider issue. Later started investigating and found out it is clearly DNS problem, as IP ping worked fine during these short windows with problems.
Attached as requested:
cat /tmp/dnsmasq.log (truncated for brevity)
cat /tmp/dnsmasq.conf
cat /tmp/resolv.dnsmasq
cat /tmp/resolv.conf
cat /var/log/messages
Thanks for comments.
I have set it up using a guidelines from the forum, however it could be based on the version from 2020/2021.
Anyway I reset the router to defaults and start new config from the scratch at least twice a year. However using the same guidelines as you noticed in services.
The reason for Guest WiFi DHCP being configured by script is that there is no place for it in the GUI. Well there is an option for Multiple DHCP Servers on Setup/Networking tab, but it is DHCPD not DNSMASQ, so sounds obsolete.
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Thu Nov 23, 2023 18:00 Post subject:
Check on cat /tmp/dnsmasq.conf and remove any duplicate commands from your dnsmasq additional commands box...some are added by default and no need to add them any more like bogus-priv and ect.
Also, not that it matters a lot but...on services page DHCP server set up, should be set to LAN & WLAN so, change it as your is set to WAN...as well on the same page, if you dont use it, i would've disable WAN traffic counter (traff daemon)..same for SFE (basic setup page)..
As egc noted, not bad idea to reset and add settings manually...and try to not have a bogus/overlapping commands, like ignore WAN DNS and no-resolv...either use GUI to set DNS or DNSmasq additional commands... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Enabled CTF instead of SFE and DNS works now with DNS server in Static DNS instead of additional config. No clue why it was set as it is clearly said in Help section that it is specific for Qualcomm.
I shall remove all, but what about:
domain-needed
expand-hosts
domain=k15
local=/k15/
I would like to use domain inside LAN rather then IPs.
Anyway, will look for any other DNSMASQ restarts now.
Joined: 18 Mar 2014 Posts: 12922 Location: Netherlands
Posted: Fri Nov 24, 2023 7:14 Post subject:
Megrez7 wrote:
Clear, thank you.
Enabled CTF instead of SFE and DNS works now with DNS server in Static DNS instead of additional config. No clue why it was set as it is clearly said in Help section that it is specific for Qualcomm.
I shall remove all, but what about:
domain-needed
expand-hosts
domain=k15
local=/k15/
I would like to use domain inside LAN rather then IPs.
Anyway, will look for any other DNSMASQ restarts now.
For adding a LAN domain use the GUI under Services tab:
Used Domain : LAN & WLAN
Lan Domain: k15
That is basically everything you should do/need in this stage
DNSMasq should normally cope with redundant and conflicting settings so not sure if any of this helps.
I would advise you to make screenshots (print to PDF) and start fresh there might be gremlins in your setup and the only way to get rid off is to start fresh and put settings in manually _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
I have put all settings into GUI. All works fine. Feels like better performance of WiFi and WireGuard, might be due to correct setting of Shortcut Forwarding to CTF.
However "maybe died, we need to re-exec it" issue still exists.
Then I have reset the router and set it from the scratch.
Unfortunately DNSMASQ maybe died issue still is shown in the syslog.
What next can we do? Seems like I am not the only one facing this problem.
btw, is there a way to set up WireGuard tunnel with previous crypto keys for tunnel itself and all peers? For future, I would like to avoid the need to update all remote peers with new config.
. So, it's a mock domain name related to a Cryptocurrency trading application, I presume. Whether it's safe to set a rebind-localhost-ok or rebind-domain-ok= in your dnsmasq additional configs is up to you. 
