Simon Kelley wrote:
Chris Purves wrote:
Yes, this appeared to be the problem. When dnsmasq wasn't working I
would
get the following in syslog:
Dec 22 20:00:11 aurora dnsmasq[1839]: nameserver 211.167.97.68 refused to
do a recursive query
<snip FAQ>
By removing the server that does not allow recursive queries from
/var/run/dnsmasq/resolv.conf, the problem is fixed. So, I guess I will
have to manage the nameservers myself. What I don't understand is why
dnsmasq doesn't try the next nameserver instead of stopping.
The "recursive query" message is just a warning, because there are
situations when it's legitimate to forward to a non-recursive
nameserver. (for instance, forwarding all queries for a domain directly
to the authoritative nameserver for that domain). If dnsmasq threw away
such results then that would break valid configurations.
I didn't like the idea of handling the resolv.conf file manually, and as
you said, it is legitimate to have a non-recursive nameserver. I was
able to get everything to work in the end by setting:
strict-order
in /etc/dnsmasq.conf. Since the problem server was the last in the
list, it would only be queried if the first two failed. I guess my ISP
and the dnsmasq authors are smarter than I thought. :-)
So everything works as it should now, and if my ISP changes nameservers
I won't have to change my setup.
--
Good day, eh.
Chris
