<div dir="ltr"><div>Well,I just figured out that it might due to the DNS Hijack of China's Great Firewall.<br><br></div>The GFW hijack the DNS process and return a fake response pacakge,with the response code=0(means no error) but no Answer RRs(Answer RRs=0).It's obviously unlogical but legalized for resolver.<br>
<br>So,may be I should not require this problem to be solved by dnsmasq,I can use iptables to drop that kind of fake response.<br><br>I'm sorry if any bother.<br><br>Bi Qin<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Thu, Jul 24, 2014 at 10:01 AM, 毕勤 <span dir="ltr"><<a href="mailto:leavic@gmail.com" target="_blank">leavic@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div><div><div>Hi List,<br><br></div> I have config multiple dns servers in the config file with "-all-servers" option enabled.The reason why I did this is to get correct answer from foreign DNS(due to the dns poison of China's Great Firewall) without losing the fast query speed from local(China) DNS.<br>
<br></div> The problem is, when I queried some certain domain(<a href="http://scontent-a.cdninstagram.com" target="_blank">scontent-a.cdninstagram.com</a> .eg),the first answer from local DNS has no answer section(still a dns poison issue) then Dnsmasq accept and take this as the final answer, as it's the first answer.This make the queries for that domain from desktop failed.<br>
<br> In the meantime,force to dig that domain with google DNS will give me the correct answer with answer section. I understand that's a correct behavior as described in the Dnsmasq's Manpage for "--all-servers" option.And I can deal with it with the "server=/domain/DNS" option to use certain DNS for certain domain as a temporary solution.<br>
<br></div><div> But could it be more intelligent?When "--all-server" option enabled,force to Dnsmasq to query from other servers configed if the first answer has no answer section.<br></div><div> Which means,Dnsmasq will take the first answer with answer section as result ,rather than the first answer just returned.<br>
<br></div><div>Thank you!<br><br></div><div>Bi Qin<br></div></div>
</blockquote></div><br></div>