[Dnsmasq-discuss] strict-order backwards in Debian 7 dnsmasq 2.72-3 (vs dnsmasq 2.59)?

Tim Wright tenortim at gmail.com
Wed Sep 2 19:45:17 BST 2015


On Tue, Sep 1, 2015 at 11:13 AM, Albert ARIBAUD <albert.aribaud at free.fr>
wrote:

> Hi Tim,
>
> Le Tue, 1 Sep 2015 10:00:36 -0700, Tim Wright <tenortim at gmail.com> a
> écrit :
>
> > Hello,
> > I apologize if this is something known, or if I'm doing something silly,
> > but I switched over from Ubuntu 12.04LTS (dnsmasq 2.59) to Debian 7
> stable
> > (dnsmasq 2.72-3) and I'm seeing something odd. I have "strict order"
> > enabled, and many lines in /etc/dnsmasq.conf of the form:
> >
> > server=/example.domain.com/<corp DNS server 1>
> > server=/example.domain.com/<corp DNS server 2>
> > server=/example.domain.com/<corp DNS server 3>
> > server=/example.domain.com/<local DNS server>
> > server=/example.domain.com/8.8.8.8
> >
> > The reason for this is that there are a number of names where "
> > example.domain.com" returns a different, internal IP address when
> connected
> > to the corporate network (vpn), but I want to fail back to the external
> if
> > the vpn is down etc.
> >
> > In version 2.59, this worked perfectly. In the newer version, it appears
> to
> > be completely backwards. I reversed the entire config file so that
> entries
> > are now of the form:
> >
> > server=/example.domain.com/8.8.8.8
> > server=/example.domain.com/<local DNS server>
> > server=/example.domain.com/<corp DNS server 3>
> > server=/example.domain.com/<corp DNS server 2>
> > server=/example.domain.com/<corp DNS server 1>
> >
> > but I was curious if this is expected behaviour or whether it would be
> > considered a bug.
>
> Hmm... From the dnsmasq man page, --strict-order is about following the
> order in which upstream DNS servers appear in /etc/resolv.conf, not in
> /etc/dnsmasq.conf.
>

Hi Albert,
I'm not sure that it's that clear. At least for 2.73, the man page is
conflicted:

       -o, --strict-order
              By default, dnsmasq will send queries to  any  of  the
 upstream
              servers  it  knows  about  and  tries to favour servers that
are
              known to be up. Setting this flag forces  dnsmasq  to  try
 each
              query  with  each  server  strictly  in the order they appear
in
              /etc/resolv.conf

The first part clearly states that by default it will query "any of the
upstream servers it knows about". If you use lines of the form "server=" in
the config file, that's a lot more than what you might find in
/etc/resolv.conf. Furthermore, that certainly isn't how it works. With
"strict-order" enabled, it certainly applies to servers defined in the
config file. The issue is that at some point, it applied in forward order,
and now, it appears to apply in reverse order.

Looking at the code, servers from /etc/resolv.conf are not treated
especially compared to those from the config file - they all end up in the
daemon->servers list.

Regards,

Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20150902/07c95e7e/attachment.html>


More information about the Dnsmasq-discuss mailing list