David Woodfall
2018-09-30 02:36:49 UTC
Hi
I have set up dnsmasq as a DNS forwarding server only, and to use 3
servers for resolution: 2 opendns servers and 1 other DNS, which is
my preferred.
The problem is that my preferred one sometimes gives back NXDOMAIN
for AAAA lookups, even though they may resolve fine in the other DNS
servers.
At that point nothing will try the ipv4 lookup and just give up.
Is there a way to have dnsmasq ignore NX for AAAA lookups from the
first server and pass back an empty reply or something to tell the
application to try ipv4? Or something else?
This is my config:
port=53
log-facility=/var/log/dnsmasq.log
log-queries
cache-size=1000
domain-needed
strict-order
no-resolv
no-poll
no-dhcp-interface=eth1
listen-address=192.168.1.2
listen-address=127.0.0.1
bind-interfaces
server=208.67.222.222#443
server=208.67.220.220#443
server=1.2.3.4
(Why does dnsmasq try the servers in reverse order to the way they
are listed?)
I'm a newcomer at using dnsmasq so I'd be glad of any pointers about
my config in general.
Things I've tried that haven't worked so far:
1) Editing /etc/gai.conf to prefer ipv4 over ipv6. I still see some
AAAA in the dnsmasq log. I'm guessing some applications use
gethostbyname() rather than getaddressinfo(), or maybe something
entirely different.
2) Using sysctl to disable all ipv6. (I didn't reboot or restart any
services though.)
I haven't yet tried blacklisting the ipv6 kernel module, though that
may be a solution. I'd prefer to do this in dnsmasq rather than the
system if possible.
Thanks for any tips.
--
Dave
The easiest way to figure the cost of living is to take your income and
add ten percent.
.--. oo
(____)//
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
I have set up dnsmasq as a DNS forwarding server only, and to use 3
servers for resolution: 2 opendns servers and 1 other DNS, which is
my preferred.
The problem is that my preferred one sometimes gives back NXDOMAIN
for AAAA lookups, even though they may resolve fine in the other DNS
servers.
At that point nothing will try the ipv4 lookup and just give up.
Is there a way to have dnsmasq ignore NX for AAAA lookups from the
first server and pass back an empty reply or something to tell the
application to try ipv4? Or something else?
This is my config:
port=53
log-facility=/var/log/dnsmasq.log
log-queries
cache-size=1000
domain-needed
strict-order
no-resolv
no-poll
no-dhcp-interface=eth1
listen-address=192.168.1.2
listen-address=127.0.0.1
bind-interfaces
server=208.67.222.222#443
server=208.67.220.220#443
server=1.2.3.4
(Why does dnsmasq try the servers in reverse order to the way they
are listed?)
I'm a newcomer at using dnsmasq so I'd be glad of any pointers about
my config in general.
Things I've tried that haven't worked so far:
1) Editing /etc/gai.conf to prefer ipv4 over ipv6. I still see some
AAAA in the dnsmasq log. I'm guessing some applications use
gethostbyname() rather than getaddressinfo(), or maybe something
entirely different.
2) Using sysctl to disable all ipv6. (I didn't reboot or restart any
services though.)
I haven't yet tried blacklisting the ipv6 kernel module, though that
may be a solution. I'd prefer to do this in dnsmasq rather than the
system if possible.
Thanks for any tips.
--
Dave
The easiest way to figure the cost of living is to take your income and
add ten percent.
.--. oo
(____)//
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'