Hi Apologies for not elaborating it further, so I wanted to know why we are seeing different behavior what is expected, I was wondering if there is some additional configuration which I am missing. Expected Behavior which I think is even though one of the upstream server is down, dnsmasq should get the results from other two upstream servers
On Sat, Mar 28, 2020 at 11:54 AM < dnsmasq-discuss-requ...@lists.thekelleys.org.uk> wrote: > Send Dnsmasq-discuss mailing list submissions to > dnsmasq-discuss@lists.thekelleys.org.uk > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > or, via email, send a message with subject or body 'help' to > dnsmasq-discuss-requ...@lists.thekelleys.org.uk > > You can reach the person managing the list at > dnsmasq-discuss-ow...@lists.thekelleys.org.uk > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Dnsmasq-discuss digest..." > > > Today's Topics: > > 1. Re: : Dns lookup failures if one of the upstream servers are > down (P Elaborate) > 2. Re: SOA serial increase (Simon Kelley) > 3. Re: Nameserver dot (Simon Kelley) > 4. Re: Fwd: dnsmasq localise-queries + addn-hosts (Simon Kelley) > 5. Re: NETLINK_NO_ENOBUFS not defined on old platforms (Simon Kelley) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 28 Mar 2020 12:54:11 +0100 > From: P Elaborate <stapp...@stappers.nl> > To: dnsmasq-discuss@lists.thekelleys.org.uk > Subject: Re: [Dnsmasq-discuss] : Dns lookup failures if one of the > upstream servers are down > Message-ID: <20200328115411.3sxomstt7iqmn...@gpm.stappers.nl> > Content-Type: text/plain; charset=us-ascii > > On Thu, Mar 26, 2020 at 07:39:21AM -0700, Abhishek Patti wrote: > > Hi Everyone > > > > We are using dnsmasq version 2.80 and have multiple upstream servers > > configured, with all-servers flag set. We noticed that if first upstream > > server fails then we get dns lookup failures even though other upstream > > servers are working fine. > > > Please elaborate > > > Long version: > The "it doesn't work as expected" has been seen. > What not yet has been seen in which way that report > can improve dnsmasq. > > Most likely is http://www.catb.org/~esr/faqs/smart-questions.html > the way to go. > > > > ------------------------------ > > Message: 2 > Date: Sat, 28 Mar 2020 17:01:25 +0000 > From: Simon Kelley <si...@thekelleys.org.uk> > To: dnsmasq-discuss@lists.thekelleys.org.uk > Subject: Re: [Dnsmasq-discuss] SOA serial increase > Message-ID: <e28912b8-5a4c-b54c-bce0-0150001b5...@thekelleys.org.uk> > Content-Type: text/plain; charset=utf-8 > > On 20/03/2020 11:15, William Edwards wrote: > > Hi Simon! > >> If you don't explicitly set the serial, then it should start at the > >> current epoch ?time (ie seconds since 1/1/1970) which avoids the problem > >> unless you average more than one new DHCP lease per second. > > After setting 'auth-server', this behaviour has been 'fixed'. > > Without 'auth-server': > > -- > > vlan5.hosts.cyberfusion.space. 600 IN ? ?SOA ? ?. . 1 1200 180 1209600 > 600 > > -- > > With 'auth-server': > > -- > > vlan5.hosts.cyberfusion.space. 600 IN ? ?SOA ? ? > vlan5.hosts.cyberfusion.space. hostmaster.vlan5.hosts.cyberfusion.space. > 1584702843 1200 180 1209600 600 > > -- > > So this seems like a combination of 1) possibly some room for > improvement in docs (there is little mention of serials there at all) and > 2) working too late at night. > > William > > > The forthcoming 2.81 release errors in startup is auth-server is not set > under these circumstances. > > > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=08933475abd0580cff747e3d1e0db3865207a200 > > > Cheers, > > Simon. > > > > > On 20/03/2020 08:18, William Edwards wrote: > >> > >> Op 20 mrt. 2020 om 00:39 heeft Simon Kelley <si...@thekelleys.org.uk > >> <mailto:si...@thekelleys.org.uk>> het volgende geschreven: > >> > >>> On 19/03/2020 17:28, William Edwards wrote: > >>>> Hello, > >>>> > >>>> Does dnsmasq increase SOA serial when adding a new DNS record after > DHCP > >>>> lease is requested? > >>> > >>> Yes. > >>> > >>>> > >>>> I am not sure because docs say '--auth-soa' allows for specifying > serial. > >>> > >>> It does, but it's optional: dnsmasq will generate one for you. If you > do > >>> specify a serial, it will still get incremented after a new DHCP lease > >>> is created. > >> > >> Thanks. > >> > >> I noticed that serial is reset back to 1 when dnsmasq is restarted. This > >> would cause the serial to be lower on dnsmasq than its slaves after a > >> restart, even when DHCP leases are handed out and DNS records are added. > >> > >> Is this intentional behaviour? > >> > >>> > >>> > >>> Cheers, > >>> > >>> Simon. > >>> > >>>> > >>>> Met vriendelijke groeten, > >>>> > >>>> William Edwards > >>>> T. 040 - 711 44 96 > >>>> E. wedwa...@cyberfusion.nl <mailto:wedwa...@cyberfusion.nl> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> _______________________________________________ > >>>> Dnsmasq-discuss mailing list > >>>> Dnsmasq-discuss@lists.thekelleys.org.uk > >>>> <mailto:Dnsmasq-discuss@lists.thekelleys.org.uk> > >>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > >>>> > >>> > >>> > >>> _______________________________________________ > >>> Dnsmasq-discuss mailing list > >>> Dnsmasq-discuss@lists.thekelleys.org.uk > >>> <mailto:Dnsmasq-discuss@lists.thekelleys.org.uk> > >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > >> > >> _______________________________________________ > >> Dnsmasq-discuss mailing list > >> Dnsmasq-discuss@lists.thekelleys.org.uk > >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > >> > > > > _______________________________________________ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss@lists.thekelleys.org.uk > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > > > > > > _______________________________________________ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss@lists.thekelleys.org.uk > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > > > > > ------------------------------ > > Message: 3 > Date: Sat, 28 Mar 2020 17:55:55 +0000 > From: Simon Kelley <si...@thekelleys.org.uk> > To: dnsmasq-discuss@lists.thekelleys.org.uk > Subject: Re: [Dnsmasq-discuss] Nameserver dot > Message-ID: <b55f2c65-66d5-94ef-40a2-6c323a9d6...@thekelleys.org.uk> > Content-Type: text/plain; charset=utf-8 > > On 20/03/2020 14:29, William Edwards wrote: > >> This sounds like a bug, doing auth DNS without an auth-server statement > >> is a recent addition, and I probably forgot this effect on secondary > >> servers. Will take a look in the next day or two. > > > > No worries. What's important to me is that only entries in > 'auth-sec-servers' are returned as NS records, being my public DNS servers. > > Thanks, > > William > > I just pushed > > > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=b43585c34baf0c5eb478aa07423da534b2118536 > > which addresses this. > > If --auth-server is a complete configuration > > auth-server=dnsmasq.example.com,eth0 > > then dnsmasq.example.com will appear in the NS RRset and dnsmasq will > act as a nameserver for the domain on queries via eth0 > > IF instead, there's no interface or address specification, then the > domain will NO LONGER appear in the NS RRset, only the entries in > auth-sec-servers will. Under these circumstances, the only use made of > the domain in auth-server is to fill in the MNAME field in the SOA RR, > so it makes most sense for it to be the name of whichever of the > auth-sec-servers is acting as "primary". > > That seems to make sense. > > As a workaround, with 2.80, just pick which of your servers is primary > and remove it from the --auth-sec-servers list and add it as > --auth-server. Remember to undo that when you upgrade to 2.81 > > > Cheers, > > Simon. > > > > > > > > > > > On 20/03/2020 08:25, William Edwards wrote: > >> > >>> Op 20 mrt. 2020 om 00:23 heeft Simon Kelley <si...@thekelleys.org.uk> > het volgende geschreven: > >>> > >>>> On 19/03/2020 17:23, William Edwards wrote: > >>>> Hi, > >>>> > >>>> I have auth-sec-servers set to: > >>>> 'auth-sec-servers=nsauth0.cyberfusion.nl,nsauth1.cyberfusion.be, > nsauth2.cyberfusion.nu,nsauth3.cyberfusion.nl' > >>>> > >>>> These nameservers are shown, but I am also getting back an NS record > >>>> consisting of '.': > >>>> > >>>> --- > >>>> ;; ANSWER SECTION: > >>>> vlan5.hosts.cyberfusion.space. 600 IN NS nsauth1.cyberfusion.be. > >>>> vlan5.hosts.cyberfusion.space. 600 IN NS . > >>>> vlan5.hosts.cyberfusion.space. 600 IN NS nsauth0.cyberfusion.nl. > >>>> vlan5.hosts.cyberfusion.space. 600 IN NS nsauth2.cyberfusion.nu. > >>>> vlan5.hosts.cyberfusion.space. 600 IN NS nsauth3.cyberfusion.nl > . > >>>> -- > >>>> > >>>> Where does 'NS .' come from? > >>> > >>> The --auth-server configuration, probably. What does that look like? > >> > >> I did not specify an ?auth-server? directive. I did so, and now, the > first NS record indeed is no longer a dot. > >> > >> This brings me to the next question: how do I prevent dnsmasq from even > showing itself in NS records? dnsmasq will not answer queries to the > internet. > >> > >>> > >>> > >>> Simon. > >>> > >>> > >>>> > >>>> Met vriendelijke groeten, > >>>> > >>>> William Edwards > >>>> T. 040 - 711 44 96 > >>>> E. wedwa...@cyberfusion.nl > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> _______________________________________________ > >>>> Dnsmasq-discuss mailing list > >>>> Dnsmasq-discuss@lists.thekelleys.org.uk > >>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > >>>> > >>> > >>> > >>> _______________________________________________ > >>> Dnsmasq-discuss mailing list > >>> Dnsmasq-discuss@lists.thekelleys.org.uk > >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > >> _______________________________________________ > >> Dnsmasq-discuss mailing list > >> Dnsmasq-discuss@lists.thekelleys.org.uk > >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > >> > > > > _______________________________________________ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss@lists.thekelleys.org.uk > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > > > > > > _______________________________________________ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss@lists.thekelleys.org.uk > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > > > > > ------------------------------ > > Message: 4 > Date: Sat, 28 Mar 2020 17:59:21 +0000 > From: Simon Kelley <si...@thekelleys.org.uk> > To: dnsmasq-discuss@lists.thekelleys.org.uk > Subject: Re: [Dnsmasq-discuss] Fwd: dnsmasq localise-queries + > addn-hosts > Message-ID: <9bc61a6f-fce2-f97a-c6d5-6d711208c...@thekelleys.org.uk> > Content-Type: text/plain; charset=utf-8 > > On 19/03/2020 21:47, Jake Howard wrote: > > Hello! > > > > Is `localise-queries` meant to work against entries added via? > > `addn-hosts`? Querying a record returns both IPs, but always in the same? > > order. The order is correctly fixed when the records are put in? > > `/etc/hosts` directly. > > > Yes, localise-queries works with entries added via addn-hosts, but it > doesn't have anything to do with the order that records appear, so that > doesn't address your problem. What are you trying to achieve? > > > Simon. > > > > > > Config: > > > > ``` > > localise-queries > > no-resolv > > cache-size=10000 > > log-queries > > log-facility=/var/log/pihole.log > > local-ttl=2 > > log-async > > server=8.8.8.8 > > server=8.8.4.4 > > server=1.1.1.1 > > server=1.0.0.1 > > interface=eth0 > > server=/use-application-dns.net/ > > > > addn-hosts=/etc/vpn-hosts.conf > > localise-queries > > > > ``` > > > > This is from pihole, but AFAIK that shouldn't make a difference if I'm? > > modifying the config directly. > > > > Would appreciate some input, or being told i'm wrong! > > > > Thanks, > > > > - Jake Howard > > > > > > > > > > _______________________________________________ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss@lists.thekelleys.org.uk > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > > > > > ------------------------------ > > Message: 5 > Date: Sat, 28 Mar 2020 18:13:15 +0000 > From: Simon Kelley <si...@thekelleys.org.uk> > To: Roy Marples <r...@marples.name>, > dnsmasq-discuss@lists.thekelleys.org.uk > Subject: Re: [Dnsmasq-discuss] NETLINK_NO_ENOBUFS not defined on old > platforms > Message-ID: <69804be5-cd9e-9d62-3baf-6f2482eba...@thekelleys.org.uk> > Content-Type: text/plain; charset=utf-8 > > On 20/03/2020 02:18, Roy Marples wrote: > > On 19/03/2020 22:01, Simon Kelley wrote: > >> > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0506a5ed4e56863627c54aedad30ad61221292ef > >> > >> > >> > >> should handle both old kernel header files and old kernels, in any > >> combination. > > > > I really dislike this approach because it makes the assumption that no > > other symbol will take No 5. > > Linux is pretty hot on ABI backwards compatibilty, so I doubt that there > has been any other netlink sockopt with number 5 in the past, or if that > sockopt disappears in the future any other opt would re-use it. Anyone > adding sockopts to a private kernel and picks the next free number, > rather than one at the end of the range or a defined private space needs > their bumps felt: it's obvious that it's going to clash with the > mainline kernel. I could #ifdef all the code if NETLINK_NO_ENOBUFS isn't > defined, and that would only lose us the ability to build against old > headers and still get the fix on a new enough kernel. It's probably not > a big loss, but it addresses a problem that seems unlikely. > > Note that the code checks the kernel version, so if you build on old > headers and run on an old kernel, then despite the code assuming sockopt > 5, it won't call setsockopt(5) when running on the old kernel. > > > This code is Linux-only, so what BSD does doesn't count. > > Simon. > > > > > > Whilst this might be true for generic linux, is it true for customised > > linux? > > Or to put it another way I can point to many examples cross BSD where > > the ioctls differ in number but not name. > > > > You might take the view "So what? We just support generic linux.". > > > > I have started to take the hard stance with Arch Linux which shipped > > latest kernel headers and support that on an old LTS kernel. It's not > > maintainable because I've had 3 instances where dhcpcd used to do this > > and then promptly crashed on newer kernels because they had customised > > headers. > > > > Modern software should not need this hack. Either #ifdef around it or > > require userland headers to define it. Don't hardcode it as it's not > > userlands responsibility to do it. > > > > See the similar case where OpenBSD removed a ioctl but let it in the > > header - even worse!! > > > > Roy > > > > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > ------------------------------ > > End of Dnsmasq-discuss Digest, Vol 178, Issue 32 > ************************************************ > -- abhishek
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
