After installing Dnsmasq, the domain name is not pinged

Jason.nix · 04-13-2024, 08:06 AM

Hello,
I used the article https://www.howtoforge.com/how-to-se...-on-debian-12/ to configure an internal DNS server. My server has two network cards as follows:

Code:

# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        inet6 fe80::a00:27ff:fe7b:8f51  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:7b:8f:51  txqueuelen 1000  (Ethernet)
        RX packets 39840  bytes 44840112 (42.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 23678  bytes 2087208 (1.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.20  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::a00:27ff:febe:5df0  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:be:5d:f0  txqueuelen 1000  (Ethernet)
        RX packets 495  bytes 42060 (41.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 250  bytes 18000 (17.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 91  bytes 6693 (6.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 91  bytes 6693 (6.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

After installing Dnsmasq, I can only ping the IP address:

Code:

# ping google.com
^C
# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=63 time=36.9 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=63 time=36.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=63 time=29.4 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 29.374/34.311/36.857/3.491 ms

In my Dnsmasq configuration I used the enp0s8 network card. The IP forwarding is also active:

Code:

# sysctl -p
net.ipv4.ip_forward = 1

I also used the following iptables rule:

Code:

# iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
# iptables-save

What is wrong?

Thank you.

smallpond · 04-13-2024, 10:56 AM

Please post the output of iptables-save and the contents of /etc/resolve.conf

michaelk · 04-13-2024, 11:31 AM

Quote:

I can only ping the IP address

Are you asking about internal or external IP addresses?

As you asking about this PC or other clients?

Not enough information and without seeing the dnsmasq.conf file impossible to say what is wrong.

Ladowny · 04-15-2024, 08:37 PM

If you can ping google DNS cache server then IP forwarding is working. Are you allowing outgoing traffic to port 53?
Try this command to send DNS query to google DNS server directly bypassing whatever resolvers you have configured

Code:

dig @8.8.8.8 google.com

or you you have 'host' utility installed

Code:

host google.com 8.8.8.8

If you are not getting response you are probably blocking outgoing traffic to port 53 on your machine. What is your policy for the chain OUTPUT ?

Code:

iptables -L OUTPUT

If it's not ACCEPT, try running this command to allow all outgoing traffic

Code:

iptables -P OUTPUT ACCEPT

Is this machine your internet gateway? Does not look like it as both IP addresses are private. What's the output of this command?

Code:

route -n

If you specified these options as per the howto you mention

Code:

no-resolv
lare and google public DNS
server=1.1.1.1
server=8.8.8.8

You've told DNSMasq not to use servers defined in your /etc/resolv.conf but specific DNS servers above. What servers have you got in resolv.conf file, your machine is still using these. What is in there?