[Dnsmasq-discuss] Strange behavior when making the nameserver
machine use dnsmasq
Zack Little
zacklitt at hotmail.com
Fri Mar 27 18:01:12 GMT 2009
No worries about the shouting. I appreciate you answering so quickly.
I don't think the scenario you described is going to work for me. Let me explain. In the test I just ran I had three nameservers: 165.87.13.129, 165.87.194.244, 135.54.66.254.
The 165's are Internet servers and 135 is only accessible via a tunnel from the device dnsmasq is running on.
I removed the strict order arg and sent a ping to Google from behind the device. As you described dnsmasq "ran the race" and sent the request immediately to all three nameservers. A response was received from 165.87.13.129 just barely before one from 135.54.66.254 was received.
The next time I pinged Google (caching is off) the request was only sent to 165.87.13.129 (as expected).
The problem is when I try to resolve names that only 135.54.66.254 can resolve. When I ping one of those names again only 165.87.13.129 is used. 165.87.13.129 doesn't know about the name so the lookup fails. dnsmasq won't "run the race" again because 165.87.13.129 is responding and therefore the query isn't timing out. 135.54.66.254 is never used and therefore I can no longer resolve names only 135.54.66.254 knows about.
> No, but it provides me with a perfect opportunity for a public service
> announcement, since this information needs to go to a wider audience.
>
> Sorry about the shouting;
>
> DON'T USE --STRICT-ORDER
>
> Strict-order almost never does what people expect/want it to do, which
> is to put a priority order on the list of servers in /etc/resolv.conf.
> It mainly just disrupts dnsmasq's mechanism for dealing with broken or
> down servers. If I could, I'd remove it. If there is ever dnsmasq-3, it
> will go.
>
>
> If you remove --strict order, then dnsmasq will send the first query, in
> parallel, top all the name servers. It will note that first one which
> provides a good answer, and use just that until a query times-out, when
> it will "run the race" over all the servers again.
>
> BTW My guess is that the behaviour difference you are seeing in how the
> queries are handled is because the repeated query from 127.0.0.1 doesn't
> have the same transaction-id as teh first query, so dnsmasq doesn't
> recognise it as a retry.
>
>
> Cheers,
>
> Simon.
>
>
_________________________________________________________________
Windows Live™ SkyDrive: Get 25 GB of free online storage.
http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_032009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20090327/8e22b9ec/attachment.htm
More information about the Dnsmasq-discuss
mailing list