[Dnsmasq-discuss] trying the next DNS server if answer is "refused"?

Richard Hansen rhansen at bbn.com
Wed Dec 2 05:44:40 GMT 2015


Hi all,

Is it possible to configure dnsmasq to try the next server in
/etc/resolv.conf if it gets a "refused" answer?

I have an unusual setup where some of the servers in /etc/resolv.conf
are non-recursive servers that only answer queries for a particular
subdomain (for which they are authoritative).  If dnsmasq forwards a
query to one of these servers, and the query is for a name outside the
subdomain, the server will reply with "refused" (with the "recursion
available" flag cleared).  dnsmasq forwards this reply to the original
client without trying any of the other servers in /etc/resolv.conf.

The system's resolver's behavior is to try the next server in
/etc/resolv.conf if it gets a "refused" answer.  I would like dnsmasq to
do the same.

I would use the --server option to avoid this problem by filtering the
queries sent to the non-recursive servers, except:

  * I can't figure out how to tell dnsmasq to use DNS server
    203.0.113.52 for queries to *.foo.example.com and 198.51.100.22 for
    everything else.  The man page says an empty domain ("//") means
    unqualified queries, not the root domain.

  * dnsmasq is started by libvirt, and as far as I can tell libvirt
    doesn't provide a way to override dnsmasq's command-line arguments
    and/or config file.  :(

Thanks,
Richard



More information about the Dnsmasq-discuss mailing list