<div dir="ltr">Hi, Baptiste and all,<div><br></div><div>Thank you for your reply, and sorry for my late reply. :b</div><div><br></div><div>I made a test build based on 2.76, with this diff in the link in your mail, but it did not fixed my issue.</div><div><br></div><div>Let me give more detail information of my case:</div><div>1. option strictorder (OPT_ORDER in source code) is on, that dnsmasq should send query to upstream DNS servers one by one.</div><div><br></div><div>2. there are two upstream DNS servers, and the first one would always return REFUSED, and the second one can work well</div><div><br></div><div><br></div><div>-----------------------------</div><div>But with following diff, it can work well, and got domain name resolved correctly.</div><div><br></div><div><br></div><div><div>diff --git a/forward.c b/forward.c </div><div>index 726b5df..7fcf960 100644</div><div>--- a/forward.c</div><div>+++ b/forward.c</div><div>@@ -788,7 +788,7 @@ void reply_query(int fd, int family, time_t now)</div><div> /* Note: if we send extra options in the EDNS0 header, we can't recreate</div><div> the query from the reply. */</div><div> if (RCODE(header) == REFUSED &&</div><div>- !option_bool(OPT_ORDER) &&</div><div>+ option_bool(OPT_ORDER) &&</div><div> forward->forwardall == 0 &&</div><div> !(forward->flags & FREC_HAS_EXTRADATA))</div><div> /* for broken servers, attempt to send to another one. */</div></div><div><br></div><div><br></div><div>I think it's a logical error, that from this in-line comment "<i>/* for broken servers, attempt to send to another one. */</i>", it's obviously a strict order scenario (to send to upstream server one by one).</div><div><br></div><div>But the condition selector is the strict order option (OPT_ORDER) should NOT be set.</div><div><br></div><div>So I think it's a logical error. For more source code analyzing, please see my previous mail.</div><div><br></div><div><br></div><div>Please help me to check this issue.</div><div><br></div><div><br></div><div>Thanks a lot</div><div>Mi Feng</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-05-08 1:23 GMT+08:00 Baptiste Jonglez <span dir="ltr"><<a href="mailto:baptiste@bitsofnetworks.org" target="_blank">baptiste@bitsofnetworks.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<span class=""><br>
On Tue, Apr 25, 2017 at 12:13:40PM +0800, Mi Bear wrote:<br>
> Hello Everyone,<br>
><br>
> I found an issue about DNS query. In my test scenario, there are two DNS<br>
> servers, and the first one will always return REFUSE, and the second one<br>
> can work properly. And the strict order option is on.<br>
><br>
> In this case, I expect the a domain name can be resolved correctly by the<br>
> second DNS server.<br>
><br>
> But I saw a DNS query packet was sent to the first server, and received a<br>
> REFUSE from it, and I got REFUSED as the the final result at the LAN side<br>
> PC. I did not see the DNS query packet sent to the second DNS server.<br>
<br>
</span>You're right, it's a bug, introduced in 2.76. It has been fixed in<br>
v2.77test2, but unfortunately the final version of 2.77 has apparently not<br>
been released yet.<br>
<br>
More details here: <a href="http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=68f6312d4bae30b78daafcd6f51dc441b8685b1e" rel="noreferrer" target="_blank">http://thekelleys.org.uk/<wbr>gitweb/?p=dnsmasq.git;a=<wbr>commit;h=<wbr>68f6312d4bae30b78daafcd6f51dc4<wbr>41b8685b1e</a><br>
<span class=""><br>
><br>
> I checked the source code, I think the following part of code is hard to be<br>
> understood.<br>
><br>
> ---------------------<br>
> I copied it here from dnsmasq-2.76<br>
><br>
> Line 788,function reply_query, in forward.c:<br>
><br>
> /* Note: if we send extra options in the EDNS0 header, we can't recreate<br>
> the query from the reply. */<br>
> if (RCODE(header) == REFUSED &&<br>
</span>> *!*option_bool(OPT_ORDER) &&<br>
<span class="">> forward->forwardall == 0 &&<br>
> !(forward->flags & FREC_HAS_EXTRADATA))<br>
> /* for broken servers, attempt to send to another one. */<br>
> {<br>
><br>
> The meaning of this part code is, for broken servers, attempt to send to<br>
> another one, if:<br>
</span>> 1. strict order is *NOT* set<br>
<span class="">> 2. REFUSED got from a server<br>
> 3. forwardall is 0<br>
> 4. some conditions else<br>
><br>
</span>> according to my understanding, if the option strict order is *set*, I think<br>
<span class="">> dnsmasq will forward the DNS query packet to DNS servers one by one in the<br>
> list. If the first refused the query, dnsmasq should forward the query to<br>
> the second one.<br>
><br>
</span>> But in this part of code, if the option strict order is *NOT* set and got<br>
<span class="">> refused, (also with some other conditions), dnsmasq would try to send to<br>
> another one. It's different from my understanding.<br>
><br>
> --------------------<br>
> Also in the source code of function forward_query, I can see, if option<br>
</span>> strict order is *NOT *set, forwardall would be set as* 1*.<br>
><br>
> So the condition 1(strict order is* not *set) and 3(forwardall is* 0*) in<br>
<span class="">> function reply_query would never be matched together, and no dns query<br>
> would be sent to the second DNS server in my test case, just as what I saw.<br>
><br>
><br>
> I think the "!" in the condition 1 in function reply_query should be<br>
> removed as below. It's more reasonable. I tested the modified source code,<br>
> and it worked fine in my test case.<br>
><br>
><br>
> /* Note: if we send extra options in the EDNS0 header, we can't recreate<br>
> the query from the reply. */<br>
> if (RCODE(header) == REFUSED &&<br>
> option_bool(OPT_ORDER) &&<br>
> forward->forwardall == 0 &&<br>
> !(forward->flags & FREC_HAS_EXTRADATA))<br>
> /* for broken servers, attempt to send to another one. */<br>
> {<br>
><br>
><br>
> I beg your help or comments on this issue.<br>
<br>
</span>> ______________________________<wbr>_________________<br>
> Dnsmasq-discuss mailing list<br>
> <a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.<wbr>thekelleys.org.uk</a><br>
> <a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">http://lists.thekelleys.org.<wbr>uk/mailman/listinfo/dnsmasq-<wbr>discuss</a><br>
<br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div>Best Regards</div>
<div>Bear</div></div>
</div>