[Dnsmasq-discuss] Bug forward upstream SERVFAIL

Dave Taht dave.taht at gmail.com
Mon Jan 23 03:31:35 GMT 2017


>From a brief conversation with the bind9 maintainer:

D: if bind gets a servfail, and has two forwarders, will it try the
other forwarder?
E: Yes.

D: Even in the case of a dnssec query?
E:

Bind9 retries an authoritative answer because it might have been
spoofed or one of the servers might be out of date or misconfigured.
It uses the function fctx_nextaddress() to get the next address to try
when a query fails. fctx_nextaddress() searches through both
forwarders and auth servers, depending on what kind of query it is.

D: So I believe it is correct for dnsmasq to try all upstreams on a
servfail response, which restores the prior dnsmasq behavior, and is
more robust.
E: Yes.

D: This seems to look like the right thing:

https://github.com/MartinWetterwald/dnsmasq/pull/1/files

-- 
Dave Täht
Let's go make home routers and wifi faster! With better software!
http://blog.cerowrt.org



More information about the Dnsmasq-discuss mailing list