Forwarding problem (DNS)

Oliver Hinckel info at ollisnet.de
Thu Nov 6 21:54:26 UTC 2008 

Hello,

we have setup multiple accesspoints using Chilli. Our clients gets a 
nameserver somewhere in the network, everything works fine.

Now we thought about to use dnsmasq on the access points directly to 
save some network traffic. We changed the chilli.conf dns1 & dns2 
setting to use the IP address of the access point running chilli itself.

In case a client authenticates successfully, it'll get an IP address 
assigned from chilli and will also get the IP address for the DNS server 
which is the access point's IP. When the client now tries to resolve a 
domain name, then DNS request will never be answered and resolving 
domain names will fail (no response).

First of all, we thought about a firewall problem, but the firewall 
doesn't list some packets which are dropped. After this we started 
chilli in debug mode to see what's going on on the network.

In an older version we saw the following when doing a sime ping to an 
outside IP address:

chilli.c: 2530: 0 (Success) cb_dhcp_data_ind. Packet received. DHCP 
authstate: 2
chilli.c: 1120: 0 (Success) cb_tun_ind. Packet received: Forwarding to 
link layer
chilli.c: 2530: 0 (Success) cb_dhcp_data_ind. Packet received. DHCP 
authstate: 2
chilli.c: 1120: 0 (Success) cb_tun_ind. Packet received: Forwarding to 
link layer

As you can see, chilli reports that the packed was forwared to the link 
layer. When doing a "nslookup somedomain.com" on the client the output 
was this:

chilli.c: 2530: 0 (Success) cb_dhcp_data_ind. Packet received. DHCP 
authstate: 2
chilli.c: 2530: 0 (Success) cb_dhcp_data_ind. Packet received. DHCP 
authstate: 2

No message "Forwarding to link layer" is logged. So I assumed that 
chilli get the DNS packet and drops it.

After that we tried to use a newer chilli version. I downloaded coova 
chilli 1.0.12, compiled it and installed it on the access point. Same 
scenario as described about and we'll get the following messages when 
doing a "nslookup somedomain.com" on the client:

dhcp.c: 1835: 0 (Debug) DHCP packet received
dhcp.c: 1865: 0 (Debug) Address found
chilli.c: 117: 0 (Debug) Leaky bucket timediff: 420, bucketup: 0, 
bucketdown: 100, up: 69, down: 0

After a short period, this messages repeats again. No more messages. 
When doing a simple ping to an outside IP address chilli logs the following:

dhcp.c: 1835: 0 (Debug) DHCP packet received
dhcp.c: 1865: 0 (Debug) Address found
chilli.c: 117: 0 (Debug) Leaky bucket timediff: 5, bucketup: 98, 
bucketdown: 84, up: 98, down: 0
chilli.c: 117: 0 (Debug) Leaky bucket timediff: 1, bucketup: 98, 
bucketdown: 0, up: 0, down: 84

So the problem is, that when using the access points IP (we tried the 
tun0 IP address and we tried the LAN IP address, both with same result), 
the DNS lookup will fail. When using an other DNS server (e.g. some 
public one) DNS lookup works fine.

Can anybody shed some light on it, why DNS lookup will fail when using 
the access point's IP address as DNS server?

Thanks for your help!

Kind regards
Oliver Hinckel

More information about the Chilli mailing list