[Dnsmasq-discuss] Disabling "Recursive Query Refusal Detection" and a comment on MX caching.
richardvoigt at gmail.com
richardvoigt at gmail.com
Wed Sep 16 14:53:45 BST 2009
On Wed, Sep 16, 2009 at 4:59 AM, David Howes <david at howes.net.nz> wrote:
> Hi!
> Thanks for a great utility!
>
Simon has done a marvelous job, truly.
> We're using DNSMasq as a caching server in front of four DNS servers.
> These DNS servers process a very large number of queries.
That may be your problem, if I'm understanding your setup correctly.
dnsmasq is really intended as a client-side cache, not server-side.
>
> 1) I can see from the list that you've previously answered the issue that
> DNSMasq doesn't cache MX records, is this on the schedule at all, or is this
> unlikely to ever become a feature? I ask as MX records are one of the main
> reocrd types we see, the lack of this caching hurts.
Only Simon can answer that, but doesn't your SMTP agent have caching
settings? Most e-mail servers store far more than just the DNS data
in their cache anyway, things like rate of receipt are frequently used
to detect spam attacks.
>
> 2) More critically, when DNSMasq decides a nameserver is not allowing
> recursive queries it puts "refused to do a recursive query" and seems to
> stop using that DNS server? This breaks *everything*. :)
> Is there a switch or option to turn this off as DNSMasq seems to do this
> when a server doesn't respond correctly (or at all) for a period of time...
You've misconfigured dnsmasq. This is a really common question
recently, did you search the mailing list archives at all?
The set of servers in resolv-file (e.g. /etc/resolv.conf) are NOT a
list to be tried in order until one succeeds. They are a connection
to a public recursive DNS server, with any number of backups to use in
case the first fails (actually dnsmasq initially picks the active one
based on response time, not the first in the list).
If you have some servers with unique information (private DNS entries
for your domain) then you need to use
"server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]"
configuration lines in dnsmasq.conf according to the man page, so that
these addresses are always queried on that server.
Hope this helps.
>
> - David Howes.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
More information about the Dnsmasq-discuss
mailing list