[Dnsmasq-discuss] DNS search Order

Simon Kelley simon at thekelleys.org.uk
Wed Sep 23 20:17:45 BST 2009

Philippe Faure wrote:
> Hello,
> I was wondering how does DNSMASQ use the DNS servers that it knows about.
> If "strict-order" is enabled, it uses them in the order found in the  
> dnsmasq.conf file. If the first server doesn't reply, or can't answer,  
> then it goes and tries the next one and so on.
> But if "strict-order" isn't enabled. How does DNSMASQ know which  
> server(s) to contact? Does it use them all all the time? If not how  
> does it determine which server to contact?
> How long does an entry in the cache remain valid before it checks again?
> thank you
> Philippe

This is probably a FAQ, so I'll write this in a way which can go into
the FAQ later.

The algorithm for determining which server to use goes like this.

In the start state, dnsmasq sends the query to all the servers. When the
first server replies, it becomes the preferred server and dnsmasq moves
into a state where only the preferred server is used. It remains in that
state until one of three conditions occur, when dnsmasq moves back to
the initial state and a query is again sent to all the servers. The
conditions are.

1) A SERVFAIL or REFUSED return code is received.
2) More than 50 queries or 10 seconds have elapsed (version 2.51 only)
3) No reply is received and a client times-out and retries a query.

You will see that the actual server used for any query is quite random.
There's a strong assumption in the design that all the available servers
are equivalent and will give the same answers, but that some may be slow
or unavailable. If different servers know different answers, it's
necessary to direct queries to the correct server with the
server=/domain/<ip> syntax.

It is also worth pointing out that your first statement about
"strict-order" is not quite true. Dnsmasq can't keep trying servers in
order, since, after it has sent the query to the first server, it throws
it away. (Dnsmasq doesn't keep copies of queries for all in-progress
queries, that's one reason it has a low memory footprint). It will move
onto the next server when the client times-out and retries the query,
but typically a client will only time-out and retry once, so it only
makes sense to have two servers with "strict-order" unless the clients
are reconfigured for more retries. That's one reason why "strict-order"
is broken and not recommended. The other is that the DNS protocol has no
way of distinguishing a reply which says "this domain does not exist"
from one which says "I know nothing about this domain". If dnsmasq gets
"no such domain" from the first server it tries, that's a valid answer
which will be passed back to the client, the query will not be tried on
the second server. There do exist patches which change this behaviour,
but they make strict-order even more broken, and have never been added
to the official code-base.



More information about the Dnsmasq-discuss mailing list