[Dnsmasq-discuss] With --all-servers option enabled, query failed due to first answer with no answer section

毕勤 leavic at gmail.com
Thu Jul 24 08:20:33 BST 2014 

Well,I just figured out that it might due to the DNS Hijack of China's
Great Firewall.

The GFW hijack the DNS process and return a fake response pacakge,with the
response code=0(means no error) but no Answer RRs(Answer RRs=0).It's
obviously unlogical but legalized for resolver.

So,may be I should not require this problem to be solved by dnsmasq,I can
use iptables to drop that kind of fake response.

I'm sorry if any bother.

Bi Qin


On Thu, Jul 24, 2014 at 10:01 AM, 毕勤 <leavic at gmail.com> wrote:

> Hi List,
>
>          I have config multiple dns servers in the config file with
> "-all-servers" option enabled.The reason why I did this is to get correct
> answer from foreign DNS(due to the dns poison of China's Great Firewall)
> without losing the fast query speed from local(China) DNS.
>
>         The problem is, when I queried some certain domain(
> scontent-a.cdninstagram.com .eg),the first answer from local DNS has no
> answer section(still a dns poison issue) then Dnsmasq accept and take this
> as the final answer, as it's the first answer.This make the queries for
> that domain from desktop failed.
>
>         In the meantime,force to dig that domain with google DNS will give
> me the correct answer with answer section. I understand that's a correct
> behavior as described in the Dnsmasq's Manpage for "--all-servers"
> option.And I can deal with it with  the "server=/domain/DNS" option to use
> certain DNS for certain domain as a temporary solution.
>
>        But could it be more intelligent?When "--all-server" option
> enabled,force to Dnsmasq to query from other servers configed if the first
> answer has no answer section.
>        Which means,Dnsmasq will take the first answer with answer section
> as result ,rather than the first answer just returned.
>
> Thank you!
>
> Bi Qin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140724/4328ec5d/attachment.html>

More information about the Dnsmasq-discuss mailing list