[Dnsmasq-discuss] Bug forward upstream SERVFAIL
ericluehrsen at hotmail.com
Mon Jan 23 05:17:49 GMT 2017
If you a customer of some "we build or host your website" companies, then you may also suffer then other end of this. That is your registrar does a horrible job of pushing your DNSKEY to the correct next-level server and getting a valid DSKEY ... and doing that for all redundant server chains. So one chain of trust may pass, and another chain of trust may fail. Then you lose customer contacts because of single-fail implementations like this.
From: Dnsmasq-discuss <dnsmasq-discuss-bounces at lists.thekelleys.org.uk> on behalf of Dave Taht <dave.taht at gmail.com>
Sent: Sunday, January 22, 2017 22:31
Subject: Re: [Dnsmasq-discuss] Bug forward upstream SERVFAIL
>From a brief conversation with the bind9 maintainer:
D: if bind gets a servfail, and has two forwarders, will it try the
D: Even in the case of a dnssec query?
Bind9 retries an authoritative answer because it might have been
spoofed or one of the servers might be out of date or misconfigured.
It uses the function fctx_nextaddress() to get the next address to try
when a query fails. fctx_nextaddress() searches through both
forwarders and auth servers, depending on what kind of query it is.
D: So I believe it is correct for dnsmasq to try all upstreams on a
servfail response, which restores the prior dnsmasq behavior, and is
D: This seems to look like the right thing:
Consider SERVFAIL as a non-successful response by MartinWetterwald · Pull Request #1 · MartinWetterwald/dnsmasq
Mirror of git://thekelleys.org.uk/dnsmasq.git
Let's go make home routers and wifi faster! With better software!
http://blog.cerowrt.org/ - CeroWrt notebook: On fixing the ...
When experiments go awry - sometimes you learn something. Doing the same thing over and over again expecting a different result is a definition of insanity - doing a ...
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
Dnsmasq-discuss Info Page
A list for discussion about the dnsmasq DNS and DHCP server. Configuration, bugs and development. To control spam, only subscribers are allowed to post to the list.
More information about the Dnsmasq-discuss