[Dnsmasq-discuss] [PATCH] fix dns failover when dns server returns REFUSED
Simon Kelley
simon at thekelleys.org.uk
Sat Jun 24 23:15:14 BST 2017
On 14/06/17 14:46, Hans Dedecker wrote:
> If a DNS server replies REFUSED for a given DNS query in strict order mode
> no failover to the next DNS server is triggered as the logic in reply_query
> excluded strict order mode by mistake.
The above may well be true.
>
> Also checking for not strict order mode makes the failover logic related
> to REFUSED death code as it also checks for forwardall being 0 which can
> only be the case for strict order mode.
but this is not true. In non-strict-order mode, the query gets forwarded
to a single server (forwardall == 0) and is the query gets resent from
the client after timeout, then it gets sent to all servers, and
forwardall != 0
>
> Fix this by checking for strict order mode now so the failover logic in
> case REFUSED is replied is triggered in case forwardall is 0 for a given
> forward record. In case all servers mode is configured the fail over logic
> won't be triggered just as before.
>
The patch now inhibits sending the query to all other servers when
strict-order is NOT set. I think it makes more sense to just delete the
option_bool(OPT_ORDER) condition completely.
Cheers,
Simon.
> Signed-off-by: Hans Dedecker <dedeckeh at gmail.com>
> Signed-off-by: Mi Feng <bear.mif at gmail.com>
> ---
>
> Fixes dns failover issue reported in LEDE (https://bugs.lede-project.org/index.php?do=details&task_id=841)
>
> src/forward.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/forward.c b/src/forward.c
> index 83f392d..0ce3612 100644
> --- a/src/forward.c
> +++ b/src/forward.c
> @@ -790,7 +790,7 @@ void reply_query(int fd, int family, time_t now)
> /* Note: if we send extra options in the EDNS0 header, we can't recreate
> the query from the reply. */
> if (RCODE(header) == REFUSED &&
> - !option_bool(OPT_ORDER) &&
> + option_bool(OPT_ORDER) &&
> forward->forwardall == 0 &&
> !(forward->flags & FREC_HAS_EXTRADATA))
> /* for broken servers, attempt to send to another one. */
>
More information about the Dnsmasq-discuss
mailing list