[Dnsmasq-discuss] !strict-order and SERVFAIL

Alexander Clouter alex at digriz.org.uk
Wed Jan 5 21:33:55 GMT 2011


Hi,

* Simon Kelley <simon at thekelleys.org.uk> [2011-01-05 21:11:49+0000]:
>
> What is supposed to happen in response to a SERVFAIL is that the query
> gets sent, again, to all available servers. If all those servers in turn
> return SERVFAIL then the error gets propagated back to the original
> querier.
> 
> I'm not quite sure what's going on in your packet capture: there seems
> to be four possible upstream servers, so the query gets sent to all four
> after the first one returns SERVFAIL. Not all the servers are replying,
> which explains why nothing goes back to the original requestor.
> 
> I have a suspicion that there may be a problem with the second round of
> requests generating a third round, and so on, but I can't work out
> exactly which server is which. Could you provide a list of IP addresses
> for the various actors and some idea which upstream servers are configured?
> 
The capure is probably looking complicated as I captured 'any' so it's 
*all* there, sorry :-/

---- resolv.conf ----
nameserver 2a01:348:0:1::e:1
nameserver 2a01:348:0:1::f:1
nameserver 77.75.104.58
nameserver 77.75.104.59
----

[LAN] <- eth0 - [router] - ppp0 -> [intertubes]

The router's interfaces look like so:
 * lo: 2a01:348:45:0:311e:7a15:88ab:1f59/128
 * ppp0: 77.75.106.34 and fe80::61c5:6995:3e02:cf0a/10
 * eth0: 192.168.1.1 and 2a01:348:45:1000::/64 (uses ::0)

dnsmasq receives queries on eth0.

When the router speaks to the DNS servers, things look like:
----
$ ip route get 2a01:348:0:1::e:1
2a01:348:0:1::e:1 via fe80::205:ff:fe60:2c1b dev ppp0  src 2a01:348:45:0:311e:7a15:88ab:1f59  metric 1024  mtu 1492 advmss 1432 hoplimit 4294967295

$ ip route get 77.75.104.58
77.75.104.58 dev ppp0  src 77.75.106.34
    cache  mtu 1492 advmss 1452 hoplimit 64
----

The LAN uses 2a01:348:45:1000::/64 and 192.168.1.0/24.

If you want fresh seperated 'internal' and 'external' pcap's, then do 
ask.

Cheers

-- 
Alexander Clouter
.sigmonster says: BOFH excuse #30:
                  positron router malfunction



More information about the Dnsmasq-discuss mailing list