[Dnsmasq-discuss] [PATCH] fix dns failover when dns server returns REFUSED

Hans Dedecker dedeckeh at gmail.com
Mon Jun 26 14:17:15 BST 2017

On Sun, Jun 25, 2017 at 12:15 AM, Simon Kelley <simon at thekelleys.org.uk> wrote:
> On 14/06/17 14:46, Hans Dedecker wrote:
>> If a DNS server replies REFUSED for a given DNS query in strict order mode
>> no failover to the next DNS server is triggered as the logic in reply_query
>> excluded strict order mode by mistake.
> The above may well be true.
>> Also checking for not strict order mode makes the failover logic related
>> to REFUSED death code as it also checks for forwardall being 0 which can
>> only be the case for strict order mode.
> but this is not true. In non-strict-order mode, the query gets forwarded
> to a single server (forwardall == 0) and is the query gets resent from
> the client after timeout, then it gets sent to all servers, and
> forwardall != 0
Thanks for the explanation regarding the non strict order mode logic;
it was not completely clear to me when I made the patch how non strict
order mode behaved precisely. I will respin the patch based on this.
>> Fix this by checking for strict order mode now so the failover logic in
>> case REFUSED is replied is triggered in case forwardall is 0 for a given
>> forward record. In case all servers mode is configured the fail over logic
>> won't be triggered just as before.
> The patch now inhibits sending the query to all other servers when
> strict-order is NOT set. I think it makes more sense to just delete the
> option_bool(OPT_ORDER) condition completely.
The strict order mode for dnsmasq on routers is used quite a lot as
ISPs have often configured primary and secondary DNS servers in their
network. They want the primary DNS server to be contacted first; only
in case of timeout or other error condition like refused fallback to
the secondary DNS server(s) is requested.
Most ISPs don't like all DNS servers being contacted for a given
client query as they perceive it as dns traffic duplication; in the
world of routers strict order mode has still its use.

> Cheers,
> Simon.
>> Signed-off-by: Hans Dedecker <dedeckeh at gmail.com>
>> Signed-off-by: Mi Feng <bear.mif at gmail.com>
>> ---
>> Fixes dns failover issue reported in LEDE (https://bugs.lede-project.org/index.php?do=details&task_id=841)
>>  src/forward.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>> diff --git a/src/forward.c b/src/forward.c
>> index 83f392d..0ce3612 100644
>> --- a/src/forward.c
>> +++ b/src/forward.c
>> @@ -790,7 +790,7 @@ void reply_query(int fd, int family, time_t now)
>>    /* Note: if we send extra options in the EDNS0 header, we can't recreate
>>       the query from the reply. */
>>    if (RCODE(header) == REFUSED &&
>> -      !option_bool(OPT_ORDER) &&
>> +      option_bool(OPT_ORDER) &&
>>        forward->forwardall == 0 &&
>>        !(forward->flags & FREC_HAS_EXTRADATA))
>>      /* for broken servers, attempt to send to another one. */

More information about the Dnsmasq-discuss mailing list