[Dnsmasq-discuss] --server=/example/8.8.8.8 --server=/example/9.9.9.9 behaviour

Petr Menšík pemensik at redhat.com
Mon Apr 19 09:13:24 UTC 2021


Sure, it works this way, but only if no domain is given. Try adding a
domain specific forward with multiple entries:

server=10.0.8.1
server=10.0.11.1
server=/test/10.0.8.1
server=/test/10.0.11.1

Now query some hosts under test domain:
for H in host{1..4}.test; do dig @localhost $H; done

You should see multiple queries forwarded for every hostX.test in tcpdump.

I would like the same behaviour for --server=/somedomain/<IP> as
--server=<IP>. It is not possible noow, it always forwards all queries
to all servers a domain set. Which is not necessary.

The first query should go to both servers, but following queries should
go only to the fastest server for given domain, not always to all of
them. I would like the logic similar in any case, whether the domain is
used. Also in cases multiple server=//10.0.8.1, sending just unqualified
domains, may use fail-over scenario.

Cases affected:
--server=/example/a.b.c.d --server=/example/e.f.g.h
--server=//a.b.c.d --server=//e.f.g.h
--server=/#/a.b.c.d --server=/#/e.f.g.h

all behaves the same. Only some cases are unaffected:
--server=a.b.c.d --server=e.f.g.h # fail-over works here
--server=/example/ # nothing is forwarded in this case -> NXDOMAIN

Cheers,
Petr

On 4/17/21 8:49 PM, Matthias May via Dnsmasq-discuss wrote:
> On 16/04/2021 18:26, Petr Menšík wrote:
> 
> Hi Petr
> The behaviour you describe is not how i experience it.
> When i set multiple servers via server= entries
> (e.g
> server=10.0.8.1
> server=10.0.11.1
> )
> Then the order/number of queries is according to usage of --strict-order and --all-servers.
> The default behaviour is to query "any" server that is thought to be up.
> 
> Test-setup:
> * My PC: 10.0.11.178
> * Test-server: 10.0.11.8
> * Actual server 1: 10.0.11.1
> * Actual server 2: 10.0.8.1
> 
> tcpdumps of the behaviour:
> 
> * any (default):
> 20:36:07.156749 IP 10.0.11.179.58175 > 10.0.11.8.53: 41165+ A? may.nu. (24)
> 20:36:07.157293 IP 10.0.11.8.62864 > 10.0.11.1.53: 41689+ A? may.nu. (24)
> 20:36:07.157374 IP 10.0.11.8.62864 > 10.0.8.1.53: 41689+ A? may.nu. (24)
> 20:36:07.160694 IP 10.0.11.1.53 > 10.0.11.8.62864: 41689 1/0/0 A 82.220.39.200 (40)
> 20:36:07.160982 IP 10.0.11.8.53 > 10.0.11.179.58175: 41165 1/0/0 A 82.220.39.200 (40)
> 20:36:07.183031 IP 10.0.8.1.53 > 10.0.11.8.62864: 41689 1/0/0 A 82.220.39.200 (40)
> 
> 20:36:21.821553 IP 10.0.11.179.38054 > 10.0.11.8.53: 32025+ A? google.ch. 
> (27)
> 20:36:21.821959 IP 10.0.11.8.54983 > 10.0.11.1.53: 34734+ A? google.ch. (27)
> 20:36:21.925977 IP 10.0.11.1.53 > 10.0.11.8.54983: 34734 1/0/0 A 74.125.193.94 (43)
> 20:36:21.926285 IP 10.0.11.8.53 > 10.0.11.179.38054: 32025 1/0/0 A 74.125.193.94 (43)
> 
> The very first request is sent to all available server (.11.1 and .8.1) because dnsmasq doesn't know which one is up.
> The subsequent request is only sent to 11.1
> 
> * --strict-order:
> 20:39:54.063637 IP 10.0.11.179.48636 > 10.0.11.8.53: 16176+ A? may.nu. (24)
> 20:39:54.064043 IP 10.0.11.8.14339 > 10.0.11.1.53: 59406+ A? may.nu. (24)
> 20:39:54.066800 IP 10.0.11.1.53 > 10.0.11.8.14339: 59406 1/0/0 A 82.220.39.200 (40)
> 20:39:54.067087 IP 10.0.11.8.53 > 10.0.11.179.48636: 16176 1/0/0 A 82.220.39.200 (40)
> 
> 20:39:59.179804 IP 10.0.11.179.52047 > 10.0.11.8.53: 56006+ A? google.ch. 
> (27)
> 20:39:59.180223 IP 10.0.11.8.1813 > 10.0.11.1.53: 59741+ A? google.ch. (27)
> 20:39:59.182909 IP 10.0.11.1.53 > 10.0.11.8.1813: 59741 1/0/0 A 74.125.193.94 (43)
> 20:39:59.183192 IP 10.0.11.8.53 > 10.0.11.179.52047: 56006 1/0/0 A 74.125.193.94 (43)
> 
> The first as well as subsequent requests are only sent to the first entry.
> The second entry is only tried if the first one fails.
> This happens when the requesting client retries because of timeout (usually 5s).
> 
> * --all-servers:
> 20:41:21.072906 IP 10.0.11.179.55776 > 10.0.11.8.53: 5980+ A? may.nu. (24)
> 20:41:21.073328 IP 10.0.11.8.23993 > 10.0.11.1.53: 32664+ A? may.nu. (24)
> 20:41:21.073407 IP 10.0.11.8.23993 > 10.0.8.1.53: 32664+ A? may.nu. (24)
> 20:41:21.076703 IP 10.0.11.1.53 > 10.0.11.8.23993: 32664 1/0/0 A 82.220.39.200 (40)
> 20:41:21.077016 IP 10.0.11.8.53 > 10.0.11.179.55776: 5980 1/0/0 A 82.220.39.200 (40)
> 20:41:21.077594 IP 10.0.8.1.53 > 10.0.11.8.23993: 32664 1/0/0 A 82.220.39.200 (40)
> 
> 20:41:25.416899 IP 10.0.11.179.33855 > 10.0.11.8.53: 22982+ A? google.ch. 
> (27)
> 20:41:25.417295 IP 10.0.11.8.63863 > 10.0.11.1.53: 5183+ A? google.ch. (27)
> 20:41:25.417375 IP 10.0.11.8.63863 > 10.0.8.1.53: 5183+ A? google.ch. (27)
> 20:41:25.440520 IP 10.0.8.1.53 > 10.0.11.8.63863: 5183 1/0/0 A 172.217.168.3 (43)
> 20:41:25.440800 IP 10.0.11.8.53 > 10.0.11.179.33855: 22982 1/0/0 A 172.217.168.3 (43)
> 
> The first as well as subsequent requests are sent to both entries.
> First response wins.
> 
> BR
> Matthias
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> 

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210419/d56d0ad0/attachment.sig>


More information about the Dnsmasq-discuss mailing list