dnsmasq[978]: nameserver 10.200.0.1 refused to do a recursiv

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
burgess85
DD-WRT User


Joined: 22 Sep 2012
Posts: 55

PostPosted: Sun May 31, 2020 15:24    Post subject: dnsmasq[978]: nameserver 10.200.0.1 refused to do a recursiv Reply with quote
I have a vpn connected and am getting the following error in my logs

dnsmasq[978]: nameserver 10.200.0.1 refused to do a recursive query

Was using 40559 and didnt get the message but now using 43306

How can I resolve this?
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6410
Location: Netherlands

PostPosted: Sun May 31, 2020 16:04    Post subject: Reply with quote
40599 was a particular bad build which nobody should use. Smile

What router are you using?

To what VPN provider?

Are you using Policy Based Routing?

Do you have any DNS problems?

What are your DNSMasq settings?

I have to check my notes when the use of pushed VPN servers was incorporated for BS builds

Forum guidelines see: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
burgess85
DD-WRT User


Joined: 22 Sep 2012
Posts: 55

PostPosted: Sun May 31, 2020 16:11    Post subject: Reply with quote
egc wrote:
40599 was a particular bad build which nobody should use. Smile

What router are you using?

To what VPN provider?

Are you using Policy Based Routing?

Do you have any DNS problems?

What are your DNSMasq settings?

I have to check my notes when the use of pushed VPN servers was incorporated for BS builds

Forum guidelines see: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

Thank you for your reply Smile

R7000 I am using. ***** is the vpn setup using their online guide.

Basic setup I have set 8.8.8.8 as DNS 1 and 8.8.4.4 as DNS 2.

May 31 16:49:52 daemon.info dnsmasq[971]: using nameserver 10.200.0.1#53
May 31 16:49:52 daemon.info dnsmasq[971]: using nameserver 8.8.8.8#53
May 31 16:49:52 daemon.info dnsmasq[971]: using nameserver 8.8.4.4#53
May 31 16:49:52 daemon.info dnsmasq[971]: using nameserver 192.168.1.254#53


Last edited by burgess85 on Sun May 31, 2020 17:18; edited 1 time in total
burgess85
DD-WRT User


Joined: 22 Sep 2012
Posts: 55

PostPosted: Sun May 31, 2020 16:14    Post subject: Reply with quote
Have not touched the dnsmasq settings

Last edited by burgess85 on Sun May 31, 2020 16:47; edited 1 time in total
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6410
Location: Netherlands

PostPosted: Sun May 31, 2020 16:42    Post subject: Reply with quote
Please resize your picture to not more than 760 pixels (it really is in the forum guide lines, together with a lot of other useful information).

I can tell you why you do not have this in 40599, because that build was not using DNS server pushed by your VPN provider (10.200.0.1)

I am not the local DNS expert so I could be wrong about this:
Recursive DNS is a safety concern so if you have a DNS server which is not doing that it is actually a good thing, but the DNS server should have all DNS addresses in its cache otherwise it returns not found, you will then be using the next DNS servers from your list so it should be no problem

Just a small remark off topic, this seems your secondary downstream router and if you have not done so, just give it a static WAN or better a static lease from your primary router (of course outside the DHCP scope if your primary router is a DDWRT router) Smile

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
burgess85
DD-WRT User


Joined: 22 Sep 2012
Posts: 55

PostPosted: Sun May 31, 2020 16:50    Post subject: Reply with quote
egc wrote:
Please resize your picture to not more than 760 pixels (it really is in the forum guide lines, together with a lot of other useful information).

I can tell you why you do not have this in 40599, because that build was not using DNS server pushed by your VPN provider (10.200.0.1)

I am not the local DNS expert so I could be wrong about this:
Recursive DNS is a safety concern so if you have a DNS server which is not doing that it is actually a good thing, but the DNS server should have all DNS addresses in its cache otherwise it returns not found, you will then be using the next DNS servers from your list so it should be no problem

Just a small remark off topic, this seems your secondary downstream router and if you have not done so, just give it a static WAN or better a static lease from your primary router (of course outside the DHCP scope if your primary router is a DDWRT router) Smile


I have this ddwrt plugged into my ISP router and only use it for VPN. Is there any other way I should he doing it? On the logs I have noticed my ISP router 192.168.1.254 is being used as a DNS server. Guessing this shouldn't be there?
burgess85
DD-WRT User


Joined: 22 Sep 2012
Posts: 55

PostPosted: Mon Jun 01, 2020 11:36    Post subject: Reply with quote
Does anyone know how to remove my ISP router from dnsmasq?
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7274
Location: Texas, USA

PostPosted: Mon Jun 01, 2020 12:36    Post subject: Reply with quote
There is at least one thread discussing dns leaks and dnsmasq configuration in this forum. I don't have it bookmarked and I no longer carry spoons.
_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
burgess85
DD-WRT User


Joined: 22 Sep 2012
Posts: 55

PostPosted: Mon Jun 01, 2020 16:39    Post subject: Reply with quote
kernel-panic69 wrote:
There is at least one thread discussing dns leaks and dnsmasq configuration in this forum. I don't have it bookmarked and I no longer carry spoons.


I did search but couldn't find the answer
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7274
Location: Texas, USA

PostPosted: Mon Jun 01, 2020 19:44    Post subject: Reply with quote
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318767

https://www.google.com/search?q=dns+leak+dnsmasq+forum.dd-wrt.com

You should also look into how to configure unbound, if that is what you are also using with dnsmasq.

_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
burgess85
DD-WRT User


Joined: 22 Sep 2012
Posts: 55

PostPosted: Mon Jun 01, 2020 19:53    Post subject: Reply with quote
kernel-panic69 wrote:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318767

https://www.google.com/search?q=dns+leak+dnsmasq+forum.dd-wrt.com

You should also look into how to configure unbound, if that is what you are also using with dnsmasq.


Thank you for your help. I have Query DNS in Strict order enabled anyway so guessing that should be ok as long as the first two DNS servers cloudflare and Google DNS don't go down?
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum