Discussion:
[Dnsmasq-discuss] using dnsmasq with 4 upstream servers
Daniel Steglich
2016-09-02 11:23:44 UTC
Permalink
Hi,

I've got 4 upstream DNS Servers from my ISP (2 IPv4, 2 IPv6) and use
all of them in /etc/resolv.conf.
I start sending DNS SRV querys from a client to dnsmasq DNS relay every
5 seconds.

Each request is sent to four DNS upstream servers (primary DNS v4,
secondary DNS v4, primary DNS v6, secondary DNS v6). The answer from the
fastest server is used.
As the requests are DNS SRV records, the reply is not cached by
dnsmasq.

During my tests the first IPv6 DNS server was always the fastest
replying server and for this reason the answer from this server is
passed to the client always,
After some time the dnsmasq relay is not forwarding the requests to the
four known DNS servers any more but only sends out the requests to
either the first IPv4 DNS server or the first IPv6 DNS server. So only
one server is used. After about 20 seconds (4 requests later) the
dnsmasq process falls back to the expected behaviour of sending the
request to all known DNS Servers.

does anybody knows the reason for this?

- ---
Mit freundlichen Grüßen

Daniel Steglich
/dev/rob0
2016-09-02 16:39:12 UTC
Permalink
Post by Daniel Steglich
I've got 4 upstream DNS Servers from my ISP (2 IPv4, 2 IPv6) and
use all of them in /etc/resolv.conf.
I think you'd be better off to simplify this. Furthermore I am
always leery of trusting ISP nameservers. Sooner or later the ISP
bosses get the idea to increase revenue with NXDOMAIN redirection.
Really, I'd trust Google before an ISP (but my own solution is to
point dnsmasq at my own local caching resolver.)
Post by Daniel Steglich
I start sending DNS SRV querys from a client to dnsmasq DNS relay
every 5 seconds.
Each request is sent to four DNS upstream servers (primary DNS v4,
secondary DNS v4, primary DNS v6, secondary DNS v6). The answer
from the fastest server is used.
As the requests are DNS SRV records, the reply is not cached by
dnsmasq.
What? Why not? Caching is done based on TTL, not based on the
RRtype. If the upstream server gives you a zero TTL, then that
record is not cached ... regardless of RRtype.
Post by Daniel Steglich
During my tests the first IPv6 DNS server was always the fastest
replying server and for this reason the answer from this server
is passed to the client always,
Do the answers from other upstream servers differ?
Post by Daniel Steglich
After some time the dnsmasq relay is not forwarding the requests to
the four known DNS servers any more but only sends out the requests
to either the first IPv4 DNS server or the first IPv6 DNS server.
So only one server is used. After about 20 seconds (4 requests
later) the dnsmasq process falls back to the expected behaviour of
sending the request to all known DNS Servers.
I guess there is an implied "but the server fails to answer" in this,
and it presents yet another reason why you might want to consider
these ISP nameservers unreliable.
Post by Daniel Steglich
does anybody knows the reason for this?
See --all-servers and --server in the manual.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Daniel Steglich
2016-09-05 14:13:15 UTC
Permalink
Post by /dev/rob0
Post by Daniel Steglich
I've got 4 upstream DNS Servers from my ISP (2 IPv4, 2 IPv6) and
use all of them in /etc/resolv.conf.
I think you'd be better off to simplify this. Furthermore I am
always leery of trusting ISP nameservers. Sooner or later the ISP
bosses get the idea to increase revenue with NXDOMAIN redirection.
Really, I'd trust Google before an ISP (but my own solution is to
point dnsmasq at my own local caching resolver.)
Post by Daniel Steglich
I start sending DNS SRV querys from a client to dnsmasq DNS relay
every 5 seconds.
Each request is sent to four DNS upstream servers (primary DNS v4,
secondary DNS v4, primary DNS v6, secondary DNS v6). The answer
from the fastest server is used.
As the requests are DNS SRV records, the reply is not cached by
dnsmasq.
What? Why not? Caching is done based on TTL, not based on the
RRtype. If the upstream server gives you a zero TTL, then that
record is not cached ... regardless of RRtype.
Post by Daniel Steglich
During my tests the first IPv6 DNS server was always the fastest
replying server and for this reason the answer from this server
is passed to the client always,
Do the answers from other upstream servers differ?
Yes they do. I know, they shouldn't, but it's not under my control.
Post by /dev/rob0
Post by Daniel Steglich
After some time the dnsmasq relay is not forwarding the requests to
the four known DNS servers any more but only sends out the requests
to either the first IPv4 DNS server or the first IPv6 DNS server.
So only one server is used. After about 20 seconds (4 requests
later) the dnsmasq process falls back to the expected behaviour of
sending the request to all known DNS Servers.
I guess there is an implied "but the server fails to answer" in this,
and it presents yet another reason why you might want to consider
these ISP nameservers unreliable.
No, there is no implied "but the server fails to answer". All servers
are answering all the time.
Post by /dev/rob0
Post by Daniel Steglich
does anybody knows the reason for this?
See --all-servers and --server in the manual.
I know the "--all-servers" option and I tried with this option. But the
described behaviour keeps the same.

One more thing:
* the described behaviour is gone if I add "-q" for debugging reasons
* also the described behaviour is gone if I attach a strace to dnsmasq
process

- --
Mit freundlichen Grüßen

Daniel Steglich

Continue reading on narkive:
Search results for '[Dnsmasq-discuss] using dnsmasq with 4 upstream servers' (Questions and Answers)
3
replies
In Linux how to configure DNS server?
started 2006-03-06 01:27:32 UTC
computer networking
Loading...