[Dnsmasq-discuss] --server=/example/8.8.8.8 --server=/example/9.9.9.9 behaviour

Matthias May matthias.may at westermo.com
Mon Apr 19 15:06:23 UTC 2021


On 19/04/2021 11:13, Petr Menšík wrote:
> Sure, it works this way, but only if no domain is given. Try adding a
> domain specific forward with multiple entries:
> 
> server=10.0.8.1
> server=10.0.11.1
> server=/test/10.0.8.1
> server=/test/10.0.11.1
> 
> Now query some hosts under test domain:
> for H in host{1..4}.test; do dig @localhost $H; done
> 
> You should see multiple queries forwarded for every hostX.test in tcpdump.
> 
> I would like the same behaviour for --server=/somedomain/<IP> as
> --server=<IP>. It is not possible noow, it always forwards all queries
> to all servers a domain set. Which is not necessary.
> 
> The first query should go to both servers, but following queries should
> go only to the fastest server for given domain, not always to all of
> them. I would like the logic similar in any case, whether the domain is
> used. Also in cases multiple server=//10.0.8.1, sending just unqualified
> domains, may use fail-over scenario.
> 
> Cases affected:
> --server=/example/a.b.c.d --server=/example/e.f.g.h
> --server=//a.b.c.d --server=//e.f.g.h
> --server=/#/a.b.c.d --server=/#/e.f.g.h
> 
> all behaves the same. Only some cases are unaffected:
> --server=a.b.c.d --server=e.f.g.h # fail-over works here
> --server=/example/ # nothing is forwarded in this case -> NXDOMAIN
> 
> Cheers,
> Petr
> 
> On 4/17/21 8:49 PM, Matthias May via Dnsmasq-discuss wrote:
>> On 16/04/2021 18:26, Petr Menšík wrote:
>>
>> Hi Petr
>> The behaviour you describe is not how i experience it.
>> When i set multiple servers via server= entries
>> (e.g
>> server=10.0.8.1
>> server=10.0.11.1
>> )
>> Then the order/number of queries is according to usage of --strict-order and --all-servers.
>> The default behaviour is to query "any" server that is thought to be up.
>>
>> Test-setup:
>> * My PC: 10.0.11.178
>> * Test-server: 10.0.11.8
>> * Actual server 1: 10.0.11.1
>> * Actual server 2: 10.0.8.1
>>
>> tcpdumps of the behaviour:
>>
>> * any (default):
>> 20:36:07.156749 IP 10.0.11.179.58175 > 10.0.11.8.53: 41165+ A? may.nu. 
(24)
>> 20:36:07.157293 IP 10.0.11.8.62864 > 10.0.11.1.53: 41689+ A? may.nu. (24)
>> 20:36:07.157374 IP 10.0.11.8.62864 > 10.0.8.1.53: 41689+ A? may.nu. (24)
>> 20:36:07.160694 IP 10.0.11.1.53 > 10.0.11.8.62864: 41689 1/0/0 A 82.220.39.200 (40)
>> 20:36:07.160982 IP 10.0.11.8.53 > 10.0.11.179.58175: 41165 1/0/0 A 82.220.39.200 (40)
>> 20:36:07.183031 IP 10.0.8.1.53 > 10.0.11.8.62864: 41689 1/0/0 A 82.220.39.200 (40)
>>
>> 20:36:21.821553 IP 10.0.11.179.38054 > 10.0.11.8.53: 32025+ A? google.ch. 
>> (27)
>> 20:36:21.821959 IP 10.0.11.8.54983 > 10.0.11.1.53: 34734+ A? google.ch. (27)
>> 20:36:21.925977 IP 10.0.11.1.53 > 10.0.11.8.54983: 34734 1/0/0 A 74.125.193.94 (43)
>> 20:36:21.926285 IP 10.0.11.8.53 > 10.0.11.179.38054: 32025 1/0/0 A 74.125.193.94 (43)
>>
>> The very first request is sent to all available server (.11.1 and .8.1) because dnsmasq doesn't know which one is up.
>> The subsequent request is only sent to 11.1
>>
>> * --strict-order:
>> 20:39:54.063637 IP 10.0.11.179.48636 > 10.0.11.8.53: 16176+ A? may.nu. 
(24)
>> 20:39:54.064043 IP 10.0.11.8.14339 > 10.0.11.1.53: 59406+ A? may.nu. (24)
>> 20:39:54.066800 IP 10.0.11.1.53 > 10.0.11.8.14339: 59406 1/0/0 A 82.220.39.200 (40)
>> 20:39:54.067087 IP 10.0.11.8.53 > 10.0.11.179.48636: 16176 1/0/0 A 82.220.39.200 (40)
>>
>> 20:39:59.179804 IP 10.0.11.179.52047 > 10.0.11.8.53: 56006+ A? google.ch. 
>> (27)
>> 20:39:59.180223 IP 10.0.11.8.1813 > 10.0.11.1.53: 59741+ A? google.ch. 
(27)
>> 20:39:59.182909 IP 10.0.11.1.53 > 10.0.11.8.1813: 59741 1/0/0 A 74.125.193.94 (43)
>> 20:39:59.183192 IP 10.0.11.8.53 > 10.0.11.179.52047: 56006 1/0/0 A 74.125.193.94 (43)
>>
>> The first as well as subsequent requests are only sent to the first entry.
>> The second entry is only tried if the first one fails.
>> This happens when the requesting client retries because of timeout (usually 5s).
>>
>> * --all-servers:
>> 20:41:21.072906 IP 10.0.11.179.55776 > 10.0.11.8.53: 5980+ A? may.nu. (24)
>> 20:41:21.073328 IP 10.0.11.8.23993 > 10.0.11.1.53: 32664+ A? may.nu. (24)
>> 20:41:21.073407 IP 10.0.11.8.23993 > 10.0.8.1.53: 32664+ A? may.nu. (24)
>> 20:41:21.076703 IP 10.0.11.1.53 > 10.0.11.8.23993: 32664 1/0/0 A 82.220.39.200 (40)
>> 20:41:21.077016 IP 10.0.11.8.53 > 10.0.11.179.55776: 5980 1/0/0 A 82.220.39.200 (40)
>> 20:41:21.077594 IP 10.0.8.1.53 > 10.0.11.8.23993: 32664 1/0/0 A 82.220.39.200 (40)
>>
>> 20:41:25.416899 IP 10.0.11.179.33855 > 10.0.11.8.53: 22982+ A? google.ch. 
>> (27)
>> 20:41:25.417295 IP 10.0.11.8.63863 > 10.0.11.1.53: 5183+ A? google.ch. 
(27)
>> 20:41:25.417375 IP 10.0.11.8.63863 > 10.0.8.1.53: 5183+ A? google.ch. (27)
>> 20:41:25.440520 IP 10.0.8.1.53 > 10.0.11.8.63863: 5183 1/0/0 A 172.217.168.3 (43)
>> 20:41:25.440800 IP 10.0.11.8.53 > 10.0.11.179.33855: 22982 1/0/0 A 172.217.168.3 (43)
>>
>> The first as well as subsequent requests are sent to both entries.
>> First response wins.
>>
>> BR
>> Matthias
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> https://urldefense.com/v3/__https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss__;!!I9LPvj3b!QFVX9IuRc4GL9MBi_f8x9OGR31kZ13F1iUYtR-zunM1rZRkRtdodJQQco0C-u-WUlio$ 
>>
> 

Ah i see
Most of the time I'm using --strict-order.
--strict-order behaves as expected.

config:
server=/may.nu/10.0.8.1
server=/may.nu/10.0.11.1
server=208.67.220.220
server=208.67.222.222
server=/comtrya.ch/10.0.8.1
server=/comtrya.ch/10.0.11.1

strict-order:
16:52:44.279494 IP 10.0.11.179.49168 > 10.0.11.8.53: 64201+ A? may.nu. (24)
16:52:44.288219 IP 10.0.11.8.53352 > 10.0.11.1.53: 56979+ A? may.nu. (24)
16:52:44.289377 IP 10.0.11.1.53 > 10.0.11.8.53352: 56979 1/0/0 A 82.220.39.200 (40)
16:52:44.292269 IP 10.0.11.8.53 > 10.0.11.179.49168: 64201 1/0/0 A 82.220.39.200 (40)

16:52:55.111366 IP 10.0.11.179.46818 > 10.0.11.8.53: 55855+ A? comtrya.ch. (28)
16:52:55.113005 IP 10.0.11.8.53726 > 10.0.11.1.53: 48290+ A? comtrya.ch. (28)
16:52:55.114100 IP 10.0.11.1.53 > 10.0.11.8.53726: 48290 1/0/0 A 82.220.91.20 (44)
16:52:55.114977 IP 10.0.11.8.53 > 10.0.11.179.46818: 55855 1/0/0 A 82.220.91.20 (44)

any - for override:
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
16:55:43.599629 IP 10.0.11.179.50222 > 10.0.11.8.53: 46994+ A? may.nu. (24)
16:55:43.601953 IP 10.0.11.8.18846 > 10.0.11.1.53: 55481+ A? may.nu. (24)
16:55:43.602016 IP 10.0.11.8.18846 > 10.0.8.1.53: 55481+ A? may.nu. (24)
16:55:43.603363 IP 10.0.11.1.53 > 10.0.11.8.18846: 55481 1/0/0 A 82.220.39.200 (40)
16:55:43.603698 IP 10.0.8.1.53 > 10.0.11.8.18846: 55481 1/0/0 A 82.220.39.200 (40)
16:55:43.604798 IP 10.0.11.8.53 > 10.0.11.179.50222: 46994 1/0/0 A 82.220.39.200 (40)

16:55:53.532170 IP 10.0.11.179.58143 > 10.0.11.8.53: 39900+ A? comtrya.ch. (28)
16:55:53.534217 IP 10.0.11.8.35150 > 10.0.11.1.53: 52404+ A? comtrya.ch. (28)
16:55:53.534283 IP 10.0.11.8.35150 > 10.0.8.1.53: 52404+ A? comtrya.ch. (28)
16:55:53.535857 IP 10.0.11.1.53 > 10.0.11.8.35150: 52404 1/0/0 A 82.220.91.20 (44)
16:55:53.536782 IP 10.0.11.8.53 > 10.0.11.179.58143: 39900 1/0/0 A 82.220.91.20 (44)
16:55:53.537111 IP 10.0.8.1.53 > 10.0.11.8.35150: 52404 1/0/0 A 82.220.91.20 (44)

any - no override:
16:56:30.874416 IP 10.0.11.179.40049 > 10.0.11.8.53: 60071+ A? google.ch. 
(27)
16:56:30.876248 IP 10.0.11.8.6104 > 208.67.222.222.53: 24601+ A? google.ch. (27)
16:56:30.876311 IP 10.0.11.8.6104 > 208.67.220.220.53: 24601+ A? google.ch. (27)
16:56:30.905292 IP 208.67.220.220.53 > 10.0.11.8.6104: 24601 1/0/0 A 216.58.215.227 (43)
16:56:30.905331 IP 208.67.222.222.53 > 10.0.11.8.6104: 24601 1/0/0 A 216.58.215.227 (43)
16:56:30.906480 IP 10.0.11.8.53 > 10.0.11.179.40049: 60071 1/0/0 A 216.58.215.227 (43)

16:56:45.391491 IP 10.0.11.179.51625 > 10.0.11.8.53: 45800+ A? google.de. 
(27)
16:56:45.393180 IP 10.0.11.8.24130 > 208.67.220.220.53: 15609+ A? google.de. (27)
16:56:45.421063 IP 208.67.220.220.53 > 10.0.11.8.24130: 15609 1/0/0 A 172.217.168.67 (43)
16:56:45.421787 IP 10.0.11.8.53 > 10.0.11.179.51625: 45800 1/0/0 A 172.217.168.67 (43)


+1 from me if you cook up a patch that improves this :)

BR
Matthias

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210419/bfcf0540/attachment.sig>


More information about the Dnsmasq-discuss mailing list