[Dnsmasq-discuss] Try next forward servers after NXDOMAIN

Petteri Heinonen petteri.j.heinonen at kolumbus.fi
Tue Apr 21 08:06:19 BST 2009


"richardvoigt at gmail.com" [richardvoigt at gmail.com] wrote: 
> On Sun, Apr 19, 2009 at 2:29 AM, Petteri Heinonen <
> petteri.j.heinonen at kolumbus.fi> wrote:
> 
> > Hello list users. I have currently experiencing a seemingly simple DNS
> > related problem, but I haven't been able to find a decent solution for it.
> > Here is the setup:
> >
> > - Our organization has the primary master DNS, which does not serve dynamic
> > DNS updates however. Only static entries there.
> > - In one of our departments (the one I happen to be administrator of) hosts
> > would need to use dynamic DNS updates however.
> > - The domain (lets call that ourdomain.com) would need to be same
> > everywhere, so I cannot use for example subdomain.ourdomain.com.
> >
> > Now I haven't found a way to create a zone in Bind9 which would first try
> > to resolve names locally, and if not found locally, would then forward the
> > query to primary master DNS server. If that would be possible, I could
> > configure that local Bind server to catch the DNS update requests, and keep
> > local repository of those. Then, when a query for such a dynamically updated
> > hostname arrives, Bind could find that locally and give a proper response.
> > And, still forward queries for which the local entry is not found, to the
> > primary server. But, that kind of "hybrid" master+forward zone type does not
> > exist in Bind.
> >
> > When I found dnsmasq, I thought that it could be a help: I can define
> > several forwarding servers for a single domain there. But, it seems that
> > upon receiving a first NXDOMAIN from any of the forward servers, this
> > NXDOMAIN is immediately replied to the client. What I would need, is that
> > upon receiving a NXDOMAIN from a server, the next server in the list would
> > be tried. And if the last server in the list would also give NXDOMAIN, only
> > after that NXDOMAIN would be returned to client also.
> 
> 
> This behavior should never be default, and probably should not even be
> available on the default upstream server list (it would totally break any
> sort of redundancy, to wait for the slowest server).  But for individual
> domains maybe it isn't so bad.
> 
> Simon, would you consider an overlay-server configuration option that treats
> NXDOMAIN replies in this way, for explicitly listed domains only?
> 
> 
> >
> >
> > For me it seems that there is no such functionality in dnsmasq currently. I
> > took a look at the source code, and it doesn't look overly complex. However,
> > my C skills are not that good, so I probably cannot make this kind of change
> > all by myself. That's where I'm asking help; is there anyone on the list who
> > would have examined the dnsmasq source and could possibly give some advice
> > what would need to be changed in order to achieve the functionality
> > described above? Any help would be greatly appreciated.
> >
> > Regards, Petteri Heinonen
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> 

Hello again, I looked at this little bit more, and is seems that there is something in the man pages vs. actual functionality that I don't exactly understand. These are on current man page:

       -o, --strict-order
              By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known  to  be  up.
              Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf

       --all-servers
              By  default,  when  dnsmasq  has more than one upstream server available, it will send queries to just one server. Setting this flag forces
              dnsmasq to send all queries to all available servers. The reply from the server which answers  first  will  be  returned  to  the  original
              requestor.

And let's assume I have the following config:

all-servers
strict-order
no-resolv
no-hosts
no-poll
log-queries
log-facility=/tmp/dnsmasq.log
server=/domain.com/10.0.80.200
server=/domain.com/10.41.0.200

Now I would understand this so, that if a query comes for some host at domain.com, and first server answers with for example REFUSED, then next server would be tried. This seems not to be true however. If first server responds with REFUSED, then that REFUSED will be forwarded to the client also. Same is probably true for SERVFAIL also, although I cannot verify that. Saying that "Setting this flag forces dnsmasq to try *each query with each server* strictly in the order they appear in /etc/resolv.conf" would somehow lead me to believe that other servers should be tried after REFUSED or SERVFAIL. Not sure if this is a bug or just me misunderstanding the documentation?

Regards, Petteri Heinonen

-- 





More information about the Dnsmasq-discuss mailing list