scMerlin Does tailtaintdns have a log file?

[Ripshod]

Whilst troubleshooting a wif issue for another member I started having problems accessing the gui (huge lag/pageloads). htop showed tailtaintdns running rampant. Disabling the watchdog restored normal behaviour (of course), but does tailtaintdns have a log file I can download over SFTP to peruse and possibly fix an issue?
For those interested I was investigating various wifi settings. If I re-enable the watchdog things run fine.......... until I reboot.
If I kill the watchdog it will restart with the same problem.

 

[Viktor Jaep]

Whilst troubleshooting a wif issue for another member I started having problems accessing the gui (huge lag/pageloads). htop showed tailtaintdns running rampant. Disabling the watchdog restored normal behaviour (of course), but does tailtaintdns have a log file I can download over SFTP to peruse and possibly fix an issue?
For those interested I was investigating various wifi settings. If I re-enable the watchdog things run fine.......... until I reboot.
If I kill the watchdog it will restart with the same problem.

The word "tailtaintdns" literally comes up with zero results on google. That's the first I'd heard of this as well. Hum...

 

[Ripshod]

I have a hunch, but it means i'll be afk for a while working this out.
I'll post back when I have an answer.

 

[JGrana]

This was a JackYAZ function that watched syslog, looking for the kernel message that dnsmasq caught a fatal signal (usually 11). The function then restarts dnsmasq (service_restartdnsmasq).
One possibility - there is some kind of configuration problem with your DNS settings. If dnsmasq does restart (as the script will do) and dnsmasq catches another fatal signal then again, tailtaintdns will restart it.
On and on…
Look at /tmp/syslog.log for “Tainted” messages. If there are tons related to dnsmasq, check all your dns settings/hostnames,etc.

 

[Ripshod]

Something went daft on my network. dnsmasq was reporting it had run out of IPv6's so DHCPOFFER was stuck. in turn this caused a loop in the tailtaintdns watchdog.
I don't know why it happened as I reloaded a backup from 2 days ago (had to, only way to recover). If it happens again in 2 days then I know I have a problem. In the meantime lets hear some ideas.
I'll catch some logs next time if this happens again.

 

[Viktor Jaep]

This was a JackYAZ function that watched syslog, looking for the kernel message that dnsmasq caught a fatal signal (usually 11).

Was this included in one of his scripts or more of a standalone tool?

 

[Ripshod]

Was this included in one of his scripts or more of a standalone tool?

It's part of scMerlin.
I'm currently watching dnsmasq advertising IPv6 on my guest network. I think this is the cause.

 

[dave14305]

It’s a relatively simple script. The only thing suspicious is that it reads /tmp/syslog.log and Scribe users may have to see how that file looks (symlink) when it freaks out.

scMerlin/tailtaintdns at master · AMTM-OSR/scMerlin

scMerlin allows you to easily control the most common services/scripts on your router. scMerlin also augments your router's WebUI with a Sitemap and dynamic submenus for the main left menu of A...

github.com

#!/bin/sh
# shellcheck disable=SC2039
# shellcheck disable=SC3048
trap '' SIGHUP

tailfile="/tmp/syslog.log"

renice 15 $$
tail -F "$tailfile" | while read -r line; do
if echo "$line" | grep -q "Comm: dnsmasq Tainted:"; then logger "dnsmasq tainted detected, restarting dnsmasq"; service restart_dnsmasq; fi
done

renice 0 $$

 

[JGrana]

It’s a relatively simple script. The only thing suspicious is that it reads /tmp/syslog.log and Scribe users may have to see how that file looks (symlink) when it freaks out.

scMerlin/tailtaintdns at master · AMTM-OSR/scMerlin

scMerlin allows you to easily control the most common services/scripts on your router. scMerlin also augments your router's WebUI with a Sitemap and dynamic submenus for the main left menu of A...

github.com

#!/bin/sh
# shellcheck disable=SC2039
# shellcheck disable=SC3048
trap '' SIGHUP

tailfile="/tmp/syslog.log"

renice 15 $$
tail -F "$tailfile" | while read -r line; do
if echo "$line" | grep -q "Comm: dnsmasq Tainted:"; then logger "dnsmasq tainted detected, restarting dnsmasq"; service restart_dnsmasq; fi
done

renice 0 $$

Yes, I was thinking the same thing. Dnsmasq is so widely used but as a result (IMHO) a little “fragile”. I have had numerous dnsmasq fatal 11 over the years. Nothing new there ;-) dnsmasq v 2.86 had lots of issues (traps) with YazDHCP for some reason.
v2.91 seems fairly stable.

 

[Ripshod]

a little “fragile”

You're not kidding. I've made a filter for dhcp/dns log messages, and it's being flooded

Dec 31 17:11:57 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:11:57 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:11:58 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:11:58 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:11:59 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:11:59 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:12:00 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:12:00 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:12:01 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:12:01 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied

How the heck can dnsmasq not have permission.
This got me paranoid so I checked my ssd - everything fine there.

*edit* disabled it now. IPv6 is now officially unsupported on my guest network.

 

[Ripshod]

@Martinski a question re scribe, if you'll indulge me. Does syslog-ng filter and create logfiles constantly in the background, or are the files created when accessing the GUI (uiScribe)?
When doing the dnsmasq/tailtaintdns investigations, I had a filter for dns messages and after a relatively short time that logfile grew quite large, and seriously slowed the system log pageload. I've also seen messages for the dns in the main messages while the page loads, then they move to the dns logfile once the page eventually loads.
I may have answered my own question there.