[Dnsmasq-discuss] No caching unless recursion enabled?

Simon Kelley simon at thekelleys.org.uk
Sat Jan 23 09:24:08 GMT 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 21/01/16 23:16, bob tatus wrote:
> 
> Hi there,
> 
> I've been using Dnsmasq for a few days now with no problems, it
> was caching well and helping a lot.
> 
> Yesterday I disabled recursive DNS queries on my DNS server (Bind
> 9) as this is not required within the environment, since doing this
> it appears that the caching is no longer working correctly.
> 
> To test I enabled recursion once more and the cache hit rate
> started climbing again and I saw significantly less queries being
> logged on the bind server, confirming that this was the issue.
> 
> I've checked the man page but have not found anything about this?
> I need to have recursive DNS queries disabled on the DNS server
> and still have the clients that use this DNS server cache the
> queries received with Dnsmasq.
> 
> The DNS server in question is authoritative for the queries that I 
> want to cache so there should not be any need for recursive DNS.
> 
> Thanks, Robert.

I just looked in the current code, and there's nothing obvious that
would account for this effect.

I would note that not having recursion available on _any_ server used
by dnsmasq as an upstream is unwise. It may work but it will be
fragile. The most obvious case is if you add a CNAME to the
authoritative zone which points outside it. Dnsmasq will not look up
the target of the CNAME, it relies on the upstream server to do that,
and if the upstream server doesn't (because recursion is disabled)
then you'll get a valid but wrong answer.

Cheers,

Simon.

> 
> 
> 
> _______________________________________________ Dnsmasq-discuss 
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJWo0a4AAoJEBXN2mrhkTWifXUP/i11BrFvf/XSj3oPYfsrbEES
ZQ4TgyaZN0SWOZjUkFNkXMIMvcBBJsnEpKI2num2wb7ZDSnUAvBAVRpiLmqFwNWz
HhEEIKE1PGfIO8BJXgbt8kHlRW4dfHJybGoUAI8xiJxmrv607OU/6LdD9kpW+FGN
npgvH8RCCJDmr0KkjnCqoIWaB22mMUYlwX5QGktUZsxrvhA1KZ1lmA34/JSTH8Ey
+93fKjIN7vzOXJzr52YBoprQLNK1ngRf7uABF1DSaxpxMWdS4oPjGiW6AXRDy9Gg
IHae1hxH6rAbQ2J9dGYz2zPLY9An/+4VClki3YFUB/waAMPU6njFFpVR6ExRo04s
vu79zn6/SvQlP32Xg1LYT94JFpk+xNkycr4ETP3VNrl6Os36rj6Yw8QbILcm4EzX
OCb28tOD6lRBKvXaM8Qrs8xF++Jlea7e39AueMUORX7OCC27L5VLn5B83noMWJBb
b1c8NxCy0BfB2d1DE6LH+JAx7XjRKiWiQpxGTonYDIyZeIvvQhZyDatq3fsSOgct
t1tWL7NT/rhWL/5G2mDM1WofhSkH/XTb1FUlanyJf3p1qiiFcvMxlqpiT4WYLy5P
p5lhbnIxLF6w6zL9o0PfeXmt4Lm/RWbQMnyPm00e577bzTbWpPg9qgTdH92iRnMR
obOjWAwKOKVRNnApyGHo
=viMc
-----END PGP SIGNATURE-----

More information about the Dnsmasq-discuss mailing list