The only way so far to stop the howitts.lan queries going out into the wild are to have the line "local=/howitts.lan/"; in dnsmasq.conf and 127.0.0.1 in resolv.conf. Also without 127.0.0.1 in resolv.conf a ClearOS terminal cannot resolve black.howitts.lan but it can resolve black. Putting "domain howitts.lan" does not appear to have achieved anything obvious.

I still cannot understand why there is even a request for pop3.ntlworld.com.howitts.lan. It just defies logic.

In all my /etc/resolv.conf configs I also have a domain parameter defined.

From what I've seen, this value (i.e. mydomain.com) gets appended to any DNS request that is not a FQDN, such as "system", which would be resolved by dnsmasq as "system.mydomain.com".

You might have a look at the writeup I did in this thread on what I have observed with my DNS configurations.

I believe it's a Window$ thing - by default it will append the default domain to the DNS lookup...which is then being passed by dnsmasq to OpenDNS as it doesn't know what pop3.ntlworld.com.howitts.lan is. You can see by editing the IPV4 properties of your adapter, and reviewing the DNS settings.

http://groups.google.com/group/microsoft.public.win2000.dns/browse_thread/thread/4ff638faff07960/e85bcfb18b295e8f?lnk=st&pli=1

A FQDN is one that ends in a '.' (oddly) such that provision of the trailing ',' can result in different lookups. The dnsmasq FAQ has a bit on this
http://www.thekelleys.org.uk/dnsmasq/docs/FAQ

Saying all that, i'm sure my config is no different from yours but I don't see the same requests leaving the LAN. I have however added 'domain=mydomain.com' to the top of /etc/resolv.conf as noted in my bug report above.

Hope you feel better soon

EDIT: Scratch that monitoring the DNS requests a bit closer...some DNS queries do make it out for local hostnames (hostname.domain.com.). It looks like if you ping a hostname from Windows 7, it will try DNS first before going to WINS for resolution

Bob,

Here it is:

; generated by /sbin/dhclient-script

nameserver 127.0.0.1

nameserver 208.67.222.222

nameserver 208.67.220.220

nameserver 194.168.4.100

nameserver 194.168.8.100

DNS servers 2 and 3 are OpenDNS, 4 and 5 are Virginmedia/NTL. I have tried reducing it to OpenDNS but it was no better.

Also this is my /etc/dnsmasq.conf:

# The "interface" parameter is set by the network policy (LAN/DMZ interfaces)

bogus-priv

conf-file=/etc/dnsmasq/dhcp.conf

dhcp-authoritative

dhcp-lease-max=1000

domain-needed

domain=howitts.lan

expand-hosts

no-negcache

strict-order

user=nobody

I have a feeling I added "strict-order" so I tried removing it but no change (after restarting dnsmasq).

[edit]
After doing some more research I have tried setting the following in dnsmasq.conf:

bogus-priv

localise-queries

local=/howitts.lan/

The first three lines (or possibly just the third) have stopped anything with howitts.lan in it from going to the internet.

The questions still remain - if you Bob and Tim have s similar set up to mine, why are your queries not escaping like mine. Also why am I getting funny requests like pop3.ntlworld.com.howitts.lan?

Nick,

Can you post the contents of your /etc/resolv.conf file for us?

I am totally confused here. I've set up tcpdump and pinging between black.howitts.lan and blue.howitts.lan work fine, as does pinging between black and blue. Neither exist in the Local DNS Server but I don't think they need toas DHCP should pick up their machine names. If I ping something like printer.howitts.lan that goes on to the internet, but then there is no such device so I am not too surprises.

The major one which gets me is pop3.ntlworld.com.howitts.lan. I only use pop for fetchmail which is working. It seem that fetchmail is sending DNS lookup requests for both pop3.ntlworld.com.howitts.lan and pop3.ntlworld.com - but it does not do it for my googlemail account.

Attention - boring dump from tcpdump:

11:28:33.715419 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.9585 > resolver1.opendns.com.domain:  14611+ A? fxfeeds.mozillazine.org. (41)

11:28:33.735690 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.9585:  14611 4/0/0 CNAME[|domain]

11:28:44.158149 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.24096 > resolver1.opendns.com.domain:  33983+ AAAA? pop3.ntlworld.com. (35)

11:28:44.178664 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.24096:  33983 0/0/0 (35)

11:28:44.178927 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.56724 > resolver1.opendns.com.domain:  43175+ AAAA? pop3.ntlworld.com.howitts.lan. (47)

11:28:44.200736 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.56724:  43175 NXDomain 0/0/0 (47)

11:28:44.844660 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.60634 > resolver1.opendns.com.domain:  18596+ AAAA? pop3.ntlworld.com. (35)

11:28:44.881281 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.60634:  18596 0/0/0 (35)

11:28:44.881558 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.22761 > resolver1.opendns.com.domain:  4103+ AAAA? pop3.ntlworld.com.howitts.lan. (47)

11:28:44.900466 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.22761:  4103 NXDomain 0/0/0 (47)

11:28:46.131232 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.server-find > resolver1.opendns.com.domain:  47109+ AAAA? pop3.ntlworld.com. (35)

11:28:46.150292 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.server-find:  47109 0/0/0 (35)

11:28:46.150565 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.phrelaydbg > resolver1.opendns.com.domain:  13566+ AAAA? pop3.ntlworld.com.howitts.lan. (47)

11:28:46.168691 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.phrelaydbg:  13566 NXDomain 0/0/0 (47)

11:28:47.388441 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.40924 > resolver1.opendns.com.domain:  30033+ AAAA? pop.googlemail.com. (36)

11:28:47.440983 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.40924:  30033 1/0/0 CNAME[|domain]

11:28:47.441262 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.50709 > resolver1.opendns.com.domain:  55009+ A? pop.googlemail.com. (36)

11:28:47.466919 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.50709:  55009 2/0/0 CNAME[|domain]

11:29:18.189435 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.39737 > resolver1.opendns.com.domain:  42557+ A? canon.howitts.lan. (35)

11:29:18.357700 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.39737:  42557 NXDomain 0/0/0 (35)

11:29:18.662475 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.57052 > resolver1.opendns.com.domain:  28092+ AAAA? CANON.howitts.lan. (35)

11:29:18.704423 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.57052:  28092 NXDomain 0/0/0 (35)

11:29:18.704741 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.23382 > resolver1.opendns.com.domain:  23155+ A? CANON.howitts.lan. (35)

11:29:18.724508 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.23382:  23155 NXDomain 0/0/0 (35)

11:29:38.020304 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.38788 > resolver1.opendns.com.domain:  37941+ A? printer.howitts.lan. (37)

11:29:38.710156 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.38788:  37941 NXDomain 0/0/0 (37)

11:29:39.021191 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.31792 > resolver1.opendns.com.domain:  45680+ AAAA? PRINTER.howitts.lan. (37)

11:29:39.040234 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.31792:  45680 NXDomain 0/0/0 (37)

11:29:39.040495 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.31723 > resolver1.opendns.com.domain:  49866+ A? PRINTER.howitts.lan. (37)

11:29:39.058153 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.31723:  49866 NXDomain 0/0/0 (37)

11:29:48.759304 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.18739 > resolver1.opendns.com.domain:  7104+ AAAA? pop3.ntlworld.com. (35)

11:29:48.798426 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.18739:  7104 0/0/0 (35)

11:29:48.798722 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.12912 > resolver1.opendns.com.domain:  11847+ AAAA? pop3.ntlworld.com.howitts.lan. (47)

11:29:48.816318 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.12912:  11847 NXDomain 0/0/0 (47)

11:29:49.455493 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.37767 > resolver1.opendns.com.domain:  17975+ AAAA? pop3.ntlworld.com. (35)

11:29:49.475565 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.37767:  17975 0/0/0 (35)

11:29:49.475847 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.15716 > resolver1.opendns.com.domain:  57266+ AAAA? pop3.ntlworld.com.howitts.lan. (47)

11:29:49.506664 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.15716:  57266 NXDomain 0/0/0 (47)

11:29:50.684811 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.23618 > resolver1.opendns.com.domain:  57372+ AAAA? pop3.ntlworld.com. (35)

11:29:50.704560 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.23618:  57372 0/0/0 (35)

11:29:50.704828 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.62780 > resolver1.opendns.com.domain:  29469+ AAAA? pop3.ntlworld.com.howitts.lan. (47)

11:29:50.722550 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.62780:  29469 NXDomain 0/0/0 (47)

11:29:51.886546 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.63645 > resolver1.opendns.com.domain:  31360+ AAAA? pop.googlemail.com. (36)

11:29:51.904685 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.63645:  31360 1/0/0 CNAME[|domain]

11:29:51.905055 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.38862 > resolver1.opendns.com.domain:  596+ A? pop.googlemail.com. (36)

11:29:51.922646 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.38862:  596 2/0/0 CNAME[|domain]

11:30:25.406355 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.5750 > resolver1.opendns.com.domain:  24629+ A? um18.eset.com. (31)

11:30:25.425446 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.5750:  24629 1/0/0 A um18.eset.com (47)

11:30:25.425871 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.44474 > resolver1.opendns.com.domain:  40551+ PTR? 34.149.202.89.in-addr.arpa. (44)

11:30:25.544584 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.44474:  40551 2/0/0[|domain]

11:30:38.283831 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.50860 > resolver1.opendns.com.domain:  52959+ A? wpad.howitts.lan. (34)

11:30:38.302238 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.50860:  52959 NXDomain 0/0/0 (34)

11:30:38.303822 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.40606 > resolver1.opendns.com.domain:  60499+ A? download.windowsupdate.com. (44)

11:30:38.323159 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.40606:  60499 7/0/0[|domain]

11:30:49.617346 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.49003 > resolver1.opendns.com.domain:  55160+ A? www.update.microsoft.com. (42)

11:30:49.636527 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.49003:  55160 2/0/0 CNAME[|domain]

11:30:53.147366 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.orbiter > resolver1.opendns.com.domain:  24978+ AAAA? pop3.ntlworld.com. (35)

11:30:53.183504 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.orbiter:  24978 0/0/0 (35)

11:30:53.183779 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.27194 > resolver1.opendns.com.domain:  3512+ AAAA? pop3.ntlworld.com.howitts.lan. (47)

11:30:53.200902 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.27194:  3512 NXDomain 0/0/0 (47)

11:30:53.201146 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.29899 > resolver1.opendns.com.domain:  14615+ A? pop3.ntlworld.com. (35)

11:30:53.235803 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.29899:  14615 1/0/0 A host-62.254.26.206.not-set-yet.virginmedia.com (51)

11:30:53.980452 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.38089 > resolver1.opendns.com.domain:  64461+ AAAA? pop3.ntlworld.com. (35)

11:30:53.999652 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.38089:  64461 0/0/0 (35)

11:30:53.999929 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.57534 > resolver1.opendns.com.domain:  6724+ AAAA? pop3.ntlworld.com.howitts.lan. (47)

11:30:54.036593 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.57534:  6724 NXDomain 0/0/0 (47)

11:30:55.320667 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.34372 > resolver1.opendns.com.domain:  64128+ AAAA? pop3.ntlworld.com. (35)

11:30:55.338766 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.34372:  64128 0/0/0 (35)

11:30:55.339042 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.42550 > resolver1.opendns.com.domain:  38842+ AAAA? pop3.ntlworld.com.howitts.lan. (47)

11:30:55.356770 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.42550:  38842 NXDomain 0/0/0 (47)

11:30:56.557111 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.51865 > resolver1.opendns.com.domain:  32850+ AAAA? pop.googlemail.com. (36)

11:30:56.576637 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.51865:  32850 1/0/0 CNAME[|domain]

11:30:56.576917 IP cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.19519 > resolver1.opendns.com.domain:  6971+ A? pop.googlemail.com. (36)

11:30:56.610630 IP resolver1.opendns.com.domain > cpc1-horn2-0-0-cust899.6-1.cable.virginmedia.com.19519:  6971 2/0/0 CNAME[|domain]

Like the fetchmail issue I also do not understand why all the following requests have gone out with howitts.lan appended:

Rank Domain                                  Requests

2    pop3.ntlworld.com.howitts.lan             55,585

220  download.clearfoundation.com.howitts.lan      34

223  sdn1.clearsdn.com.howitts.lan                 33

552  sdn2.clearsdn.com.howitts.lan                 11

608  vmserver100zve0hzz.pointclark.net.howitts.lan 10 (my VM play set up)

P.s responses from me may be v. slow today as I've got the lurgi.

Hi Nick, hmm a little odd...

Can you try and monitor DNS traffic live by running 'tcpdump -i ethX port 53' (where ethX is your WAN). Then try pinging a few hosts from a client PC?

A quick test here suggests that local DNS queries are not leaving my LAN, for entries that already exist in the local ClearOS DNS server.

Do black.howitts.lan and blue.howitts.lan exist in your local DNS? do your clients have their DNS configured to use only ClearOS?

I've also filed this bug previously to do with default domain names for DNS lookups...maybe related?
http://tracker.clearfoundation.com/view.php?id=319