[Dnsmasq-discuss] !strict-order and SERVFAIL

Alexander Clouter alex at digriz.org.uk
Sun Jan 2 16:49:02 GMT 2011


Hi,

Being the holiday season and all, I got around to finding out why 
ssh'ing into hosts on my LAN is slow.  Stepped through everything that 
could be at fault and tracked it down to dnsmasq[1].

All the hosts in my LAN are v6 enabled and it is all linked to that I 
have not done anything to provide valid PTR records for my entire 
allocation 2a01:348:45::/48; SERVFAIL is returned to all queries.

Turns out when strict-order is set, there are no problems, but if you 
have more than one upstream resolver and strict-order is off, then when 
SERVFAIL is returned from the upstream resolvers then querier (the host 
I am trying to SSH into) never gets a reply.

I am guessing the same applies in the v4 case (does not seem to be 
anything special treatment given for v6 lookups and SERVFAILing), I just 
I cannot find an IP that returns SERVFAIL to test the hypothesis with.

If this is expected behaviour, any chance that a note be added to 
'strict-order' to refer to this?

Cheers

[1] at a glance it looks like the logic in src/forward.c:reply_query() 
	that works around broken servers does not recover properly.  A 
	packet capture shows[2] repeated queries and the same SERVFAIL 
	response
[2] http://stuff.digriz.org.uk/dnsmasq.pcap

-- 
Alexander Clouter
.sigmonster says: If you fail to plan, plan to fail.




More information about the Dnsmasq-discuss mailing list