[Dnsmasq-discuss] Questions about strict-order

[Ercolino De Spiacico]

About strict-order

As I'm reading online this prefers one server over the others and skips to the second in order of preference only if the first is to fail. From my online reading it appears like the highest priority is the latest defined resolver in the config. Unless this was recently modified either at code or documentation level I would suggest to capture this important point in the MAN page.


The second part of this message is a list of questions, all related to strict-order. I'm experiencing some DNS leakage and I need to better understand this option:

A- if server=1.1.1.1 is defined as the very last server in the dnsmasq.conf and I have a custom resolver defines for a single domain say:
server=/mydomain.com/1.2.3.4
Am I safe assuming mydomain.com will always be resolved by 1.2.3.4 so have precedence over 1.1.1.1 because more descriptive despite the strict-order and it being technically not the first of the priorities?
Asked otherwise is the server=/domain/DNS syntax affected by strict-order at all?

B- If my dnsamsq.conf contain a list of
server=X.X.X.X
server=Y.Y.Y.Y
... etc, and a single
resolv-file=/etc/dnsmasq.resolv
whose content is a list of resolvers e.g.:
nameserver 8.8.8.8
nameserver 8.8.4.4
am I safe assuming the latest defined between "server=" and "resolv-file=" would also in this case be the highest priority?

C- On the above example still with strict-order, is the latest nameserver defined within resolv-file the first to be used if ever consulted?

D- Does dnsmasq's strict-order consider
dnssec
as a normal resolver defined via server or nameserver? I mean if "dnssec" is defined as the latest will this always be preferred (when reachable)?


Thanks for taking the time!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230919/2d887a48/attachment.htm>