[Dnsmasq-discuss] server priority clarification after e86d53c
dave14305
dave14305 at proton.me
Tue Apr 21 17:34:42 UTC 2026
Since v2.92test5, commit e86d53c ("Fix some edge cases wth domains and --address and --server.") clarifies the priority order of competing address and server options for the same domain:
--address with a IPv4 or IPv6 address (as long as the query matches the type)
--address with # for all-zeros, as long as the query is A or AAAA)
--address with no address, which returns NXDOMAIN or NOERROR for all types.
--server with address set to # to use the unqualified servers.
--server with matching domain.
--server without domain or from /etc/resolv.conf.
In light of this priority, I am seeing unexpected behavior when using server and local for adblocking with whitelisting. The local entry would be part of a downloaded adblocking list and the server entry would be a local whitelisting attempt.
Example:
server=/googleads.g.doubleclick.com/#
local=/googleads.g.doubleclick.com/
With this config, I would expect a query for googleads.g.doubleclick.com to be allowed since --server with # should take priority, but instead it is blocked. Example is from April 9 while I waited to be approved for the mailing list.
# dig googleads.g.doubleclick.com. @127.0.0.1
; <<>> DiG 9.20.18 <<>> googleads.g.doubleclick.com. @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19013
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;googleads.g.doubleclick.com. IN A
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Apr 09 14:48:52 EDT 2026
;; MSG SIZE rcvd: 56
Apr 9 14:41:38 dnsmasq[7442]: started, version 2.93-test2 cachesize 1500
Apr 9 14:41:38 dnsmasq[7442]: asynchronous logging enabled, queue
limit is 5 messages
Apr 9 14:41:38 dnsmasq-dhcp[7442]: DHCP, IP range 192.168.50.2 --
192.168.50.254, lease time 1d
Apr 9 14:41:38 dnsmasq[7442]: using only locally-known addresses for
googleads.g.doubleclick.com
Apr 9 14:41:38 dnsmasq[7442]: using standard nameservers for
googleads.g.doubleclick.com
Apr 9 14:41:38 dnsmasq[7442]: read /etc/hosts - 22 names
Apr 9 14:41:38 dnsmasq[7442]: read /etc/hosts - 22 names
Apr 9 14:41:38 dnsmasq[7442]: using nameserver 192.168.1.1#53
Apr 9 14:41:38 dnsmasq[7442]: using nameserver 192.168.1.1#53 for
domain home.arpa
Apr 9 14:41:38 dnsmasq[7442]: using only locally-known addresses for
googleads.g.doubleclick.com
Apr 9 14:41:38 dnsmasq[7442]: using standard nameservers for
googleads.g.doubleclick.com
Apr 9 14:41:38 dnsmasq[7442]: using nameserver 192.168.1.1#53
Apr 9 14:41:38 dnsmasq[7442]: using nameserver 192.168.1.1#53 for
domain home.arpa
Apr 9 14:41:38 dnsmasq[7442]: using only locally-known addresses for
googleads.g.doubleclick.com
Apr 9 14:41:38 dnsmasq[7442]: using standard nameservers for
googleads.g.doubleclick.com
...
Apr 9 14:48:52 dnsmasq[7442]: 63 127.0.0.1/59177 query[A]
googleads.g.doubleclick.com from 127.0.0.1
Apr 9 14:48:52 dnsmasq[7442]: 63 127.0.0.1/59177 config
googleads.g.doubleclick.com is NXDOMAIN
More information about the Dnsmasq-discuss
mailing list