You are not logged in.

#1 2019-11-09 01:38:02

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 16,812

dnsmasq is spamming my journal

ewaller@odin/home/ewaller % journalctl -b | grep  'reading /etc/resolv.conf' | wc
   1937   13559  120094
ewaller@odin/home/ewaller % uptime
 17:31:51 up  3:05,  1 user,  load average: 1.22, 1.00, 0.95
ewaller@odin/home/ewaller % 

The messages are:

Nov 08 17:35:59 odin dnsmasq[20426]: reading /etc/resolv.conf
Nov 08 17:35:59 odin dnsmasq[20426]: using nameserver 127.0.0.53#53

A mean of 23 reports per minute seems a bit excessive.  Any suggestions?


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#2 2019-11-09 04:51:30

ugjka
Member
From: Latvia
Registered: 2014-04-01
Posts: 1,362

Re: dnsmasq is spamming my journal

Rough  workaround is to forward all logs to /dev/null in the service unit file


StandardOutput=null
StandardError=null


ENTER

~ Arch is not Arch unless it is Arch ~

Offline

#3 2019-11-09 05:03:54

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 16,812

Re: dnsmasq is spamming my journal

ugjka wrote:

Rough  workaround is to forward all logs to /dev/null in the service unit file


StandardOutput=null
StandardError=null

Yeah.   I'll keep that in my vest pocket in case I cannot find a proper solution.
But thanks, I had not looked into redirecting service output like that.  Seems like a nice tool to but into the war chest.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#4 2019-11-09 05:14:18

ugjka
Member
From: Latvia
Registered: 2014-04-01
Posts: 1,362

Re: dnsmasq is spamming my journal

apparently you can do this too StandardOutput=file:YOUR_ABSPATH_FILENAME.log


ENTER

~ Arch is not Arch unless it is Arch ~

Offline

#5 2019-11-09 12:34:04

koffeinfriedhof
Member
Registered: 2017-11-30
Posts: 22

Re: dnsmasq is spamming my journal

Hi!

Do you have log-queries=extra in use? I do not have these massive requests from dnsmasq. Perhaps something is spamming the resolv.conf-file without changing content. Do you use the resolvconf oder systemd-resolved package?

Offline

#6 2019-11-09 16:17:27

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 16,812

Re: dnsmasq is spamming my journal

koffeinfriedhof wrote:

Do you use the resolvconf oder systemd-resolved package?

Yes.

ewaller@odin/home/ewaller[130] % systemctl list-unit-files --state=enabled
UNIT FILE                              STATE
org.cups.cupsd.path                    enabled
acpid.service                          enabled
autovt@.service                        enabled
blueman-mechanism.service              enabled
bluetooth.service                      enabled
cups-browsed.service                   enabled
dbus-org.bluez.service                 enabled
dbus-org.freedesktop.network1.service  enabled
dbus-org.freedesktop.resolve1.service  enabled
dbus-org.freedesktop.timesync1.service enabled
dhcpcd.service                         enabled
getty@.service                         enabled
hddtemp.service                        enabled
hpfall.service                         enabled
org.cups.cupsd.service                 enabled
sshd.service                           enabled
systemd-networkd-wait-online.service   enabled
systemd-networkd.service               enabled
systemd-resolved.service               enabled
systemd-timesyncd.service              enabled
org.cups.cupsd.socket                  enabled
systemd-networkd.socket                enabled
remote-fs.target                       enabled

23 unit files listed.
ewaller@odin/home/ewaller %

Interesting.  That led me to this....

ewaller@odin/home/ewaller % ll /etc/resolv.conf
lrwxrwxrwx 1 root root 37 Sep 27 08:09 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
ewaller@odin/home/ewaller % ll /run/systemd/resolve/stub-resolv.conf
-rw-r--r-- 1 systemd-resolve systemd-resolve 719 Nov  9 08:12 /run/systemd/resolve/stub-resolv.conf
ewaller@odin/home/ewaller % ll /run/systemd/resolve/stub-resolv.conf
-rw-r--r-- 1 systemd-resolve systemd-resolve 719 Nov  9 08:13 /run/systemd/resolve/stub-resolv.conf
ewaller@odin/home/ewaller %

As can be seen, /etc/resolv.conf is a link.  And, behold, the destination file seems to be being constantly updated.

Sadly, I am at work on this beautiful autumn Saturday morning -- I'll look into this when I get home this afternoon.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#7 2019-11-10 12:55:39

koffeinfriedhof
Member
Registered: 2017-11-30
Posts: 22

Re: dnsmasq is spamming my journal

Try to stop it and use a static resolv.conf-file as dnsmasq should resolve dns requests.
systemctl stop systemd-resolved

and nameserver 127.0.0.1 as content in /etc/resolv.conf. If you want other systems in your local network to use dnsmasq the resolv.conf-file must contain the (static) ip of your server too, e.g. nameserver 192.168.1.50.

Watch the logs and if spamming stopped, you may disable the service. If you need either systemd-resolved and dnsmasq, search for configuration examples how to do this.

Another (simpler) way is to prevent dnsmasq to read the file. Just put no-resolve in the /etc/dnsmasq.conf file.

Offline

#8 2019-11-10 17:17:05

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 16,812

Re: dnsmasq is spamming my journal

Good points.  Thanks.
For now, I have changed to one of the other four modes of operation by changing the link for /etc/resolv.conf

ewaller@odin/home/ewaller % ll /etc/resolv.conf
lrwxrwxrwx 1 root root 28 Nov  9 13:06 /etc/resolv.conf -> /usr/lib/systemd/resolv.conf
ewaller@odin/home/ewaller % 

The spam is gone.  At least the dnsmasq spam, that is.  I still have spam from the endless attacks on ssh from China, Iran, India, and Virginia big_smile

Not marking this as solved as I would like to revert to the recommended mode of operation.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#9 2019-11-10 17:19:31

progandy
Member
Registered: 2012-05-17
Posts: 3,580

Re: dnsmasq is spamming my journal

For what reason do you wish to use dnsmasq?

You could also look if systemd-resolved is sending dbus notifications about changed DNS settings in the same interval.
https://www.freedesktop.org/wiki/Softwa … /resolved/

sudo busctl monitor org.freedesktop.resolve1

Last edited by progandy (2019-11-10 17:36:58)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#10 2019-11-10 19:04:46

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 16,812

Re: dnsmasq is spamming my journal

progandy wrote:

For what reason do you wish to use dnsmasq?

Don't really know that I want to.  What I do want is systemd-resolved as described here https://wiki.archlinux.org/index.php/Sy … solved#DNS

I see that dnsmasq is an optional for Networkmanger, libvert, and blueman.  I might have installed it for libvirt.  Let me try removing dnsmasq and see if I break anything.


As to busctl, yeah, it is posting messages at about the rate I would expect for the spam.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#11 2019-11-10 19:18:54

progandy
Member
Registered: 2012-05-17
Posts: 3,580

Re: dnsmasq is spamming my journal

ewaller wrote:

I see that dnsmasq is an optional for Networkmanger, libvert, and blueman.  I might have installed it for libvirt.  Let me try removing dnsmasq and see if I break anything.

I guess it is used as a combined DNS/DHCP server for those networks where your arch linux becomes the gateway.

As to busctl, yeah, it is posting messages at about the rate I would expect for the spam.

So for some reason systemd-resolved is spamming DNS updates. That should probably be fixed, but I have no idea if that is a bug in resolved or if it recieves bogus signals from something else.


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#12 2019-11-11 09:12:16

koffeinfriedhof
Member
Registered: 2017-11-30
Posts: 22

Re: dnsmasq is spamming my journal

ewaller wrote:

… I might have installed it for libvirt…

Yes, libvirt uses dnsmasq for networking on clients (every client gets an own dnsmasq-instance running, see Libvirtd_and_dnsmasq). Removing the package could break networking of clients.

Offline

Board footer

Powered by FluxBB