Dnsmasq deliver inconsistent results for the hosts created local

PauloCorreia · January 4, 2024, 9:55pm

installed dnsmasq to provide local IP address to the devices in the local network to reach home Assistant.
use the follow configuration:

defaults:
  - 208.67.222.222
  - 208.67.220.220
forwards: [ ]
hosts:
  - host: XXXXX.duckdns.org.
    ip: 172.29.32.10
services: [ ]
cnames: [ ]
log_queries: true

All the device in my home network use my home assiant as the dns service pointing to 172.29.32.10, but have inconsistent replyes from dnsmask in Home Assiantant
Sometimes get from my Windows machine using nslookup the external address, sometimes get the internal address.

Server: UnKnown
Address: 172.29.32.10

Non-authoritative answer:
Name: XXXXX.duckdns.org
Address: 95.1.1.1

> XXXXX.duckdns.org
Server: UnKnown
Address: 172.29.32.10

Name: XXXXX.duckdns.org
Address: 172.29.32.10

> XXXXX.duckdns.org
Server: UnKnown
Address: 172.29.32.10

Name: XXXXX.duckdns.org
Address: 95.1.1.1

> XXXXX.duckdns.org
Server: UnKnown
Address: 172.29.32.10

Non-authoritative answer:
Name: XXXXX.duckdns.org
Address: 95.1.1.1

makes no sense …
I have the latest version of Linux core-ssh 6.1.63-haos #1 SMP PREEMPT_DYNAMIC

WallyR · January 5, 2024, 4:04pm

Run ipconfig /flushdns in a windows command prompt and see if it helps.

If not, then run ipconfig /all and post the output here.

PauloCorreia · January 5, 2024, 6:15pm

yes always do the clear of DNS cache … and here it goes the configuration of the wireless net

Wireless LAN adapter WiFi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Wi-Fi 6E AX210 160MHz
   Physical Address. . . . . . . . . : F0-B6-1E-56-95-AF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b632:4b9a:2c6e:9454%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.29.32.85(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 04 January 2024 21:31:57
   Lease Expires . . . . . . . . . . : 06 January 2024 15:14:45
   Default Gateway . . . . . . . . . : 172.29.32.254
   DHCP Server . . . . . . . . . . . : 172.29.34.1
   DHCPv6 IAID . . . . . . . . . . . : 82884126
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-F5-38-55-64-4B-F0-37-10-4E
   DNS Servers . . . . . . . . . . . : 172.29.32.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

PauloCorreia · January 5, 2024, 6:23pm

something is strange becuase if I replace the c:\windows\system32\drivers\etc\hosts and add the XXXXX.duckdns.org there … then it works …
But that can’t be a solution sinc emost of the IOT devices that need to run run the webhook in home assiant can’t add hosts file …

PauloCorreia · January 5, 2024, 6:25pm

it is really bad that when we enable HTTPS, we can’t have an webhook authenticate interface or having a local non HTTPS webhook …
This is really a show stopper for comunite between diferent vendor with home assistant

WallyR · January 5, 2024, 6:32pm

When working with DNS entries they will have TTL value (Time To Live).
TTL values state how long an entry is valid.
The authoritive server will not count this down, so they are always valid.
Any slave server or DNS cache might make a copy of the entry an then set a count down from the TTL value.
The big issue here is that a slave servers and DNS caches can copy from each other, so you can have copies of copies of copies of copies and so on.
If you are unlucky then you can make a change to your DNS, but before save it a copy is made to a slave and just before that slave’s copy time outs a DNS cache makes a copy.
In general it is said that DNS changes require at least 3 times the TTL to propregate fully.

PauloCorreia · January 5, 2024, 6:57pm

how would that apply to dnsmasq, since it should always be authoritive for the host record taht you create … and again dnsmasq is just an interceptiong for port 53 where it redirect the request based on basic configuration … thta is why the local host should always be the answer

WallyR · January 5, 2024, 8:15pm

True, but come to think of why do you trybto overload the duckdns entry?
You could just make your own domain.

WallyR · January 5, 2024, 8:17pm

And come to think of something more, then I think HA is actually also running a DNS service for the add-ons. Maybe that is influencing somehow.

PauloCorreia · January 5, 2024, 9:54pm

I need duckdns to give me DDNS and at the same time connect to letsencrypt and allow me remote access to my homeassistant, the problem now is that I need to use webhooks and with HTTPS I need local DNS resolution, to implement split Horizon DNS

WallyR · January 6, 2024, 10:09am

Ok, I see.
Maybe try a real DNS service and overload the entire duckdns.org domain.
This will of course prevent lookups of other duckdns.orh entries, but my guess is that you are probably not needing them anyway. Duckdns.org is not used much by anyone with a real need hosting stuff with public access needed.
Alternatively you might be able to find a cheap domain instead and then just host it on a service like Cloudflare, which will make Let’s Encrypt’s DNS challenge possible.
I do not know where in the world you are, but here a local domain cost around $8 a year and my country is often considered extremely expensive to live in.