[Dnsmasq-discuss] returns REFUSED when first response comes from non-recursive server
Daniel Pocock
daniel at pocock.pro
Mon Feb 27 15:40:14 GMT 2017
On 27/02/17 13:31, Chris Novakovic wrote:
> On 27/02/17 10:04, Daniel Pocock wrote:
>>
>> I've observed the following problem:
>>
>> - dnsmasq is sending queries to 5 servers, one of them is not recursive
>> and only answers for a private domain
>>
>> - if the first response dnsmasq receives comes from the non-recursive
>> server (REFUSED), then dnsmasq is sending a REFUSED response to the client
>>
>> - dnsmasq subsequently receives a response from one of the recursive servers
>
> This is expected behaviour. One possibility is to configure dnsmasq to
> forward requests to the non-recursive server only for the private
> domain, e.g.:
>
> --server=/private.domain/non.recursive.server.ip
>
> and a matching --rev-server directive if appropriate.
>
The router is running OpenWRT, I could make that change manually but
then I wouldn't be able to fully manage it with the GUI any more.
Can you confirm if this is the only way it can work according to the DNS
spec, or is it a dnsmasq design decision?
Could a software approach be taken by default, waiting to see if any
resolver provides a positive response before sending back REFUSED to the
client?
Regards,
Daniel
More information about the Dnsmasq-discuss
mailing list