[Dnsmasq-discuss] Dnsmasq switching to using secondary DNS exclusively

Simon Kelley simon at thekelleys.org.uk
Mon Aug 17 17:06:49 BST 2009

JD wrote:
> On 08/17/2009 08:47 AM, Simon Kelley wrote:
>> Michael Kraft wrote:
>>> I have a WRT54GLv1 with Tomato 1.25 on it.  Tomato uses Dnsmasq 2.47 for
>>> DNS.  I realize the latest Dnsmasq is 2.49, but I don't see anything in
>>> the change log related to what I'm seeing.   I have tomato set up to
>>> cache DNS (150 entries) and handle the DNS queries itself.  This results
>>> in a dnsmasq.conf of:
>>> pid-file=/var/run/dnsmasq.pid
>>> interface=br0
>>> resolv-file=/etc/resolv.dnsmasq
>>> addn-hosts=/etc/hosts.dnsmasq
>>> expand-hosts
>>> min-port=4096
>>> dhcp-range=,,,10080m
>>> dhcp-option=3,
>>> dhcp-lease-max=255
>>> dhcp-authoritative
>>> dhcp-host=00:13:CE:2A:1E:82,,10080m
>>> The resolv.dnsmasq is:
>>> nameserver
>>> nameserver
>>> resolv.conf is:
>>> nameserver
>>> So my primary DNS is and my secondary DNS is
>>> Every now and then the router starts using the secondary DNS
>>> exclusively.  During this time the dnsmasq.conf and resolv.dnsmasq don't
>>> change.  I can get the router to start using the primary DNS again by
>>> killing and restarting Dnsmasq (or refreshing the DHCP release from my
>>> ISP).
>>> It's my understanding that the secondary DNS should only be used if the
>>> primary DNS doesn't answer the DNS query, but at the times I'm
>>> experiencing the problem the primary DNS is responding to queries so
>>> Dnsmasq should be using that.  There is nothing in the logs that seem to
>>> indicate any kind of problem as far as I can tell.  The only log entries
>>> I ever see relating to nameservers look like the following with the
>>> secondary listed first and the primary listed second:
>>> Aug 11 23:55:55 ? daemon.info dnsmasq[23367]: using nameserver
>>> Aug 11 23:55:55 ? daemon.info dnsmasq[23367]: using nameserver
>>> Since my ISP's secondary DNS is a lot farther away geographically from
>>> me than the primary, this not only slows down DNS queries, but causes
>>> performance issues with Limelight, Akamai and any other server that
>>> determines the server farm, by the DNS location.
>>> My question is why would Dnsmasq be switching to using the secondary DNS
>>> exclusively and how (short of removing the secondary DNS server
>>> manually) can I stop it from doing this?
>> Dnsmasq doesn't treat these servers as primary and secondary - it
>> considers them equal. The reason that the server in use changes is that
>> dnsmasq sometimes sends a query to both servers, to see which one is
>> fastest. Whichever replies first gets used until the next time the
>> "race" gets run.
>> You can change this behaviour with "strict-order", but be aware that
>> will make performance much worse if the first server ever does fail.
>> Cheers,
>> Simon.
> That still does not explain why dnsmasq sticks with a nameserver that is 
> slow???
> Is it possible to have a config option that will force dnsmasq to switch 
> server if no
> response comes within a user-settable timeout?
> JD

It does that test once, and uses which ever server is faster
_for_that_query_. That could be affected by cache effects in the
upstream server. The test is not run again until a query times-out then
the retry is sent to both servers to see which one will reply first.

Are you sure that your "secondary" is in fact slower?



