[Dnsmasq-discuss] !strict-order and SERVFAIL

Alexander Clouter alex at digriz.org.uk
Thu Jan 6 22:18:49 GMT 2011


Hi,

* Simon Kelley <simon at thekelleys.org.uk> [2011-01-06 21:52:48+0000]:
>
> All is behaving as designed. After the first SERVFAIL response, retries
> of the query are being exploded to all four upstream servers. For any
> given query, only two are responding, so dnsmasq is not returning those
> failures, in the hope that is might get a good answer from another
> server. I'm happy that's OK.
>
When initially debugging the problem I only had the IPv4 nameserver 
entries in there (as those are the only ones returned through pppd).  
When I reported the problem I had added the IPv6 ones.

So even with two DNS servers I see this problem.
 
> To make this work better, you could ensure that all four upstream 
> servers return SERVFAIL, or make them return NXDOMAIN instead.
>
Well, in my original report, I did say the problem fundementally is that 
the authoritative servers under my administration for my /48 are not 
correctly set up and that is why I am getting SERVFAIL.  The upstream 
resolvers are my ISP's so I do not get much say in how those behave :)

I understand why dnsmasq is trying all the upstream resolvers (in case 
one of them is borkened), but I would have expected that if they all 
come back with SERVFAIL that dnsmasq would finally return SERVFAIL as a 
response to the client?



More information about the Dnsmasq-discuss mailing list