[Dnsmasq-discuss] Bug forward upstream SERVFAIL

Dave Taht dave.taht at gmail.com
Mon Jan 23 03:31:35 GMT 2017

>From a brief conversation with the bind9 maintainer:

D: if bind gets a servfail, and has two forwarders, will it try the
other forwarder?
E: Yes.

D: Even in the case of a dnssec query?

Bind9 retries an authoritative answer because it might have been
spoofed or one of the servers might be out of date or misconfigured.
It uses the function fctx_nextaddress() to get the next address to try
when a query fails. fctx_nextaddress() searches through both
forwarders and auth servers, depending on what kind of query it is.

D: So I believe it is correct for dnsmasq to try all upstreams on a
servfail response, which restores the prior dnsmasq behavior, and is
more robust.
E: Yes.

D: This seems to look like the right thing:


Dave Täht
Let's go make home routers and wifi faster! With better software!

More information about the Dnsmasq-discuss mailing list