[Dnsmasq-discuss] Try next forward servers after NXDOMAIN

Petteri Heinonen petteri.j.heinonen at kolumbus.fi
Sun Apr 19 08:29:07 BST 2009 

Hello list users. I have currently experiencing a seemingly simple DNS 
related problem, but I haven't been able to find a decent solution for 
it. Here is the setup:

- Our organization has the primary master DNS, which does not serve 
dynamic DNS updates however. Only static entries there.
- In one of our departments (the one I happen to be administrator of) 
hosts would need to use dynamic DNS updates however.
- The domain (lets call that ourdomain.com) would need to be same 
everywhere, so I cannot use for example subdomain.ourdomain.com.

Now I haven't found a way to create a zone in Bind9 which would first 
try to resolve names locally, and if not found locally, would then 
forward the query to primary master DNS server. If that would be 
possible, I could configure that local Bind server to catch the DNS 
update requests, and keep local repository of those. Then, when a query 
for such a dynamically updated hostname arrives, Bind could find that 
locally and give a proper response. And, still forward queries for which 
the local entry is not found, to the primary server. But, that kind of 
"hybrid" master+forward zone type does not exist in Bind.

When I found dnsmasq, I thought that it could be a help: I can define 
several forwarding servers for a single domain there. But, it seems that 
upon receiving a first NXDOMAIN from any of the forward servers, this 
NXDOMAIN is immediately replied to the client. What I would need, is 
that upon receiving a NXDOMAIN from a server, the next server in the 
list would be tried. And if the last server in the list would also give 
NXDOMAIN, only after that NXDOMAIN would be returned to client also.

For me it seems that there is no such functionality in dnsmasq 
currently. I took a look at the source code, and it doesn't look overly 
complex. However, my C skills are not that good, so I probably cannot 
make this kind of change all by myself. That's where I'm asking help; is 
there anyone on the list who would have examined the dnsmasq source and 
could possibly give some advice what would need to be changed in order 
to achieve the functionality described above? Any help would be greatly 
appreciated.

Regards, Petteri Heinonen

More information about the Dnsmasq-discuss mailing list