[Dnsmasq-discuss] dnsmasq does not seem to randomize resolvers

[Ed W]

Dnsmasq by default queries all dnsservers simultaneously and locks onto 
the one which gives the fastest response (rechecking every few queries 
or every 60 seconds - or some numbers like that)

So I guess it's just bad luck that the fastest resolver has a bad record?

Using strictorder should prove that this is the case?

Ed W


On 03/03/2013 04:31, Sjors Gielen wrote:
> Hi all,
>
> I've either got a case of some very very bad luck from my RNG, or a bug on my hands. (Or I'm just being an idiot.)
>
> I noticed that one of my upstream DNS servers has an old entry in its cache:
>
> 131.174.78.16:        asterix 83904 [...] 2001:610:6d0:75:6c21:5fff:fea1:be1
> 131.174.78.17:        asterix 47314 [...] 2001:610:6d0::6c21:5fff:fea1:be1
> 2001:4860:4860::8888: asterix 19742 [...] 2001:610:6d0:75:6c21:5fff:fea1:be1
> 2001:4860:4860::8888: asterix 19687 [...] 2001:610:6d0:75:6c21:5fff:fea1:be1
>
> The second one from 131.174.78.17 is wrong, and was cached by my local dnsmasq. So I decided to re-start dnsmasq a few times until it had cached the correct response from one of the right nameservers, so I didn't need to hack things together to connect to this server.
>
> However, I restarted dnsmasq a few times, and it kept returning the wrong address. I got interested, and commented out that resolver. This made it return the right address immediately on every try. I started to re-order the four addresses in the dnsmasq configuration file. (The relevant parts are copy-pasted below, but most important is that these four servers are my resolvers, resolv.conf is not read, and strict-ordering is not enabled.) I tried moving .17 to the first, keeping it on the second, moving it to the third and moving it to the fourth position, and did five restarts for each try and two queries per restart. As expected, every second query gave the same results as the first. Only when server .17 was in the third position did dnsmasq provide the IPv6 address with :75: one out of five times.
>
> If I'm correct, the chances of giving the answer without :75: should be 1/4th over a restart. However, it was only 1/20th. When removing the server with the old answer, the chances correctly increased to 1/1 as expected. Is this behaviour extremely bad luck, expected, or a bug? I can reliably reproduce as long as .17 provides the wrong answer; I can probably fabricate the same situation again by exposing some timing skills.
>
> Some other information: servers 131.174.78.1{6,7} both do not respond to ping, but both provide an answer to AAAA asterix.sjorsgielen.nl in 1 msec according to `dig`. The two v6 servers are Google, they respond to ping in about 8 ms, and also respond to the DNS query in about 8 ms.
>
> Thanks,
> Sjors
>
> $ cat /etc/dnsmasq.conf
> conf-dir=/etc/dnsmasq.d
> $ ls /etc/dnsmasq.d
> 01-basic.conf  02-resolvers.conf  03-dhcp.conf  04-dhcp-devices.conf  README
> $ cat /etc/dnsmasq.d/02-resolvers.conf | grep -v '^#' | grep -v '^$'
> no-resolv
> server=131.174.78.16
> server=131.174.78.17
> server=2001:4860:4860::8888
> server=2001:4860:4860::8844
> $ grep strict-order /etc/dnsmasq.d/*
> (no output)
> $ ps ax | grep dnsmasq
>   7700 ?        S      0:00 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
> $ dnsmasq -v
> Dnsmasq version 2.62  Copyright (c) 2000-2012 Simon Kelley
> Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack
>
> This software comes with ABSOLUTELY NO WARRANTY.
> Dnsmasq is free software, and you are welcome to redistribute it
> under the terms of the GNU General Public License, version 2 or 3.
>
>
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20130303/de49f856/attachment.html>