[Dnsmasq-discuss] strict-order still considered broken?

Thomas Eliasson lajson at outlook.com
Wed Sep 23 08:08:30 BST 2015


In the posts from 2009 I got the impression the strict-order 
functionality was generally broken.

What I did:
I tried querying the dnsmasq configured with two name-servers and 
strict-order using python-dns's resolver.
When pulling the cable to the first name-server in the list, the query 
times out.

After some investigation I found that dnsmasq identifies a query by 
using the triple (source address, source port, CRC of the query-section).

The Python implementation resends the query with different source ports. 
If I force the same source port, it works fine.

I'm worrying about how many clients will retry queries using different 
source ports and thus not get serviced by my dnsmasq.

Is the identification of a retry standardized?
I could not find any information on this.
Otherwise I should probably not use strict-order if I'm not in control 
of the clients.

/Thomas


On 2015-09-22 16:24, Simon Kelley wrote:
> The strict-order option does what it's documented to do, as far as I know.
>
> If what you're actually asking is "does the strict-order option still
> not allow me to give priority to a nameserver which has a different idea
> of the DNS to the secondary nameserver(s)" then the answer to that is
> that it still doesn't, and really can't.
>
> The reason for this is that the transport for DNS is unreliable UDP, so
> if queries for your "special" names go to the first nameserver and get a
> special answer then sometimes, either the query or the reply will be
> lost, and time-out, and then get sent to the secondary nameserver, which
> will reply with a different answer to the one you wanted.
>
> Cheers,
>
> Simon.
>
>
>
> On 22/09/15 13:55, Thomas Eliasson wrote:
>> Hi!
>>
>> Just want to verify that there is no change regarding the 'strict-order'
>> option.
>>
>> It's still considered broken, and not recommended for use?
>>
>> Last note on this I found on the list was in 2009.
>>
>> BR
>> /Thomas
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>



More information about the Dnsmasq-discuss mailing list