[Dnsmasq-discuss] !strict-order and SERVFAIL
alex at digriz.org.uk
Sun Jan 2 16:49:02 GMT 2011
Being the holiday season and all, I got around to finding out why
ssh'ing into hosts on my LAN is slow. Stepped through everything that
could be at fault and tracked it down to dnsmasq.
All the hosts in my LAN are v6 enabled and it is all linked to that I
have not done anything to provide valid PTR records for my entire
allocation 2a01:348:45::/48; SERVFAIL is returned to all queries.
Turns out when strict-order is set, there are no problems, but if you
have more than one upstream resolver and strict-order is off, then when
SERVFAIL is returned from the upstream resolvers then querier (the host
I am trying to SSH into) never gets a reply.
I am guessing the same applies in the v4 case (does not seem to be
anything special treatment given for v6 lookups and SERVFAILing), I just
I cannot find an IP that returns SERVFAIL to test the hypothesis with.
If this is expected behaviour, any chance that a note be added to
'strict-order' to refer to this?
 at a glance it looks like the logic in src/forward.c:reply_query()
that works around broken servers does not recover properly. A
packet capture shows repeated queries and the same SERVFAIL
.sigmonster says: If you fail to plan, plan to fail.
More information about the Dnsmasq-discuss