一、前情提要

24.10.6版本的istoreos,这一个月一直作为旁路由使用中,突然服务中断了。

二、排障思路

1、查看路由表是否正常

ip route
root@iStoreOS:
default via 192.168.2.1 dev 
br-lan proto static 172.17.0.0/16 dev 
docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.2.0/123 dev 
br-lan proto kernel scope link src 192.168.2.2

2、目前路由正常,看看ping dns和ping百度的域名

ping -c 3 8.8.8.8
ping -c 3 baidu.com
root@iStoreOS:~# ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=107 time=282.920 ms
64 bytes from 8.8.8.8: seq=2 ttl=107 time=282.458 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 2 packets received, 33% packet loss
round-trip min/avg/max = 282.458/282.689/282.920 ms

root@iStoreOS:~# ping -c 3 baidu.com
ping: bad address 'baidu.com'

3、本地dns和外部dns解析

看起来是dns挂了。得看本地dns和外部dns解析,看看是否外部dns问题。

cat /etc/resolv.conf
nslookup baidu.com 223.5.5.5
nslookup baidu.com 8.8.8.8

root@iStoreOS:~# cat /etc/resolv.conf
search lan
nameserver 127.0.0.1
nameserver ::1

root@iStoreOS:~# nslookup baidu.com 223.5.5.5
Server: 223.5.5.5
Address: 223.5.5.5:53

Non-authoritative answer:
Name: baidu.com
Address: 110.242.74.102
Name: baidu.com
Address: 124.237.177.164
Name: baidu.com
Address: 111.63.65.247
Name: baidu.com
Address: 111.63.65.103

Non-authoritative answer:

root@iStoreOS:~# nslookup baidu.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8:53

Non-authoritative answer:
Name: baidu.com
Address: 111.63.65.247
Name: baidu.com
Address: 111.63.65.103
Name: baidu.com
Address: 124.237.177.164
Name: baidu.com
Address: 110.242.74.102

3、确认内建dnsmasq的问题

确认了外部dns没问题,那一定是dnsmasq有问题了。

看看是否running,dnsmasq 的上游 DNS 是什么和最近20条日志。

ps | grep dnsmasq
cat /tmp/resolv.conf.d/resolv.conf.auto
logread | grep dnsmasq | tail -20


root@iStoreOS:~# ps |grep dnsmasq
8654 root 2236 S {dnsmasq} /sbin/ujail -t 5 -n dnsmasq -u -l -r /bin/ubus -r /etc/TZ -r /etc/dnsmasq.conf -r /etc/ethers -r /etc/group -r /etc/hosts -r /etc/passwd -w /tmp/dhcp.leases -r /tmp/dnsmasq.cfg01411c.d -r /tmp/hosts -r /usr/bin/jshn -r /usr/lib/dnsmasq/dhcp-script.
8766 dnsmasq 3580 S /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
20901 root 1184 S grep dnsmasq

root@iStoreOS:~# cat /tmp/resolv.conf.d/resolv.conf.auto
# Interface lan

nameserver 223.5.5.5
nameserver 8.8.8.8
root@iStoreOS:~# logread |grep dnsmasq | tail -20
Thu May 14 04:55:45 2026 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Thu May 14 04:55:45 2026 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Thu May 14 04:55:45 2026 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Thu May 14 04:55:45 2026 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Thu May 14 04:55:45 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 0 names
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: started, version 2.90 cache disabled
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: DNS service limited to local subnets
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Thu May 14 04:55:47 2026 daemon.warn dnsmasq[1]: warning: no upstream servers configured
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: using only locally-known addresses for test
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: using only locally-known addresses for local
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Thu May 14 04:55:47 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 0 names
root@iStoreOS:~#

从log上面发现问题了……

Thu May 14 04:55:47 2026 daemon.warn dnsmasq[1]: warning: no upstream servers configured

dnsmasq 是running状态,但没有配置上游 DNS 服务器。虽然 /tmp/resolv.conf.d/resolv.conf.auto 里有 223.5.5.5 和 8.8.8.8,但 dnsmasq 没去读它,需要查看目前的dnsmasq配置。

4、查看dnsmasq配置

grep -E "resolv|server" /var/etc/dnsmasq.conf.cfg01411c
uci show dhcp | grep -E "noresolv|server|resolvfile"


root@iStoreOS:~# grep -E "resolv|server" /var/etc/dnsmasq.conf.cfg01411c
no-resolv
root@iStoreOS:~#
root@iStoreOS:~# uci show dhcp | grep -E "noresolv|server|resolvfile"
dhcp.@dnsmasq[0].noresolv='1'
dhcp.lan.dhcpv4='server'

5、确认故障并修复

从上述dnsmasq的配置可以读出noresolv=1, dnsmasq 不会读任何 resolv 文件,同时又没有配置 server 条目,所以它完全没有上游 DNS。

修复只要去掉 noresolv,让 dnsmasq 读取已经正确的 /tmp/resolv.conf.d/resolv.conf.auto就行

具体配置如下:

uci delete dhcp.@dnsmasq[0].noresolv
uci commit dhcp
/etc/init.d/dnsmasq restart

6、修复后检查

ping -c 3 baidu.com

人贵有自知之明。