[Dnsmasq-discuss] functional difference between SERVFAIL and NXDOMAIN replies

Brandon Boles bb at zbeba.com
Mon Oct 10 18:19:16 BST 2005


Hi folks,

I have my local DNS (running dnsmasq) that is used for as a DNS cache as
well as serving up names for my local, internal network.  I also connect
with a vpn client to another network, which gives me another DNS server
for internal names on the vpn network.  So here is what my resolv.conf
ends up looking like once I connect via vpn:

nameserver   localdns
nameserver   vpndns

What I want to happen is, all DNS queries to go through 'localdns' first
(the machine running dnsmasq), and if the query fails for whatever reason,
try 'vpndns'.  What is really happening is that if I query for a machine
on my vpn ('nslookup vpnmachine'), I get a 'NXDOMAIN' response from
dnsmasq and my query stops, not even trying the 'vpndns' nameserver.  Just
for kicks, I reversed the order of the nameservers in resolv.conf.  This
seems to work properly.  I'll query for 'localmachine' ('nslookup
localmachine'), and I get a 'SERVFAIL' response from the 'vpndns' server,
but then I get a correct response from 'localdns'.

Is the proper response to 'NXDOMAIN' to stop any further queries?  If so,
is there a way I can change this with dnsmasq so that I can get a
'SERVFAIL' response instead (without breaking everything)?  Or, should I
be troubleshooting something else entirely?  Any help would be greatly
appreciated!  Thanks!

Brandon
bb at zbeba.com



More information about the Dnsmasq-discuss mailing list