[Dnsmasq-discuss] !strict-order and SERVFAIL
Alexander Clouter
alex at digriz.org.uk
Sun Jan 2 16:49:02 GMT 2011
Hi,
Being the holiday season and all, I got around to finding out why
ssh'ing into hosts on my LAN is slow. Stepped through everything that
could be at fault and tracked it down to dnsmasq[1].
All the hosts in my LAN are v6 enabled and it is all linked to that I
have not done anything to provide valid PTR records for my entire
allocation 2a01:348:45::/48; SERVFAIL is returned to all queries.
Turns out when strict-order is set, there are no problems, but if you
have more than one upstream resolver and strict-order is off, then when
SERVFAIL is returned from the upstream resolvers then querier (the host
I am trying to SSH into) never gets a reply.
I am guessing the same applies in the v4 case (does not seem to be
anything special treatment given for v6 lookups and SERVFAILing), I just
I cannot find an IP that returns SERVFAIL to test the hypothesis with.
If this is expected behaviour, any chance that a note be added to
'strict-order' to refer to this?
Cheers
[1] at a glance it looks like the logic in src/forward.c:reply_query()
that works around broken servers does not recover properly. A
packet capture shows[2] repeated queries and the same SERVFAIL
response
[2] http://stuff.digriz.org.uk/dnsmasq.pcap
--
Alexander Clouter
.sigmonster says: If you fail to plan, plan to fail.
More information about the Dnsmasq-discuss
mailing list