Re: [Dnsmasq-discuss] Query on "strict-order"

Fri, 24 Feb 2023 04:31:10 -0800 



On 23/02/2023 13:58, Gomathi Shankar P S wrote:

Hi Simon,
Thanks for the response.


We have updated resolv.dnsmasq file with couple of false nameservers 
(just to experiment) at the top. With pinging /google.com 
<http://google.com>/, we could observe that the dnsmasq (with 
*strict-order*) is reaching out to first nameserver and then to next 
nameserver and it gives up as both nameservers failed to respond.
With the immediate ping again, dnsmasq reached to third nameserver this 
time which resolved /google.com <http://google.com>/.
We have tested the same with *dnsmasq* *v2.86* and we could see the same 
behavior.



Could you please confirm that dnsmasq (with *strict-order*) reaches out 
only to the top two nameservers one by one and gives up if both fail to 
respond? We are expecting dnsmasq to reach all the nameservers one by 
one until it gets the response.



Unfortunately, exactly what happens depends on how the client behaves. 
The first attempt at the query by the client gets sent to the first 
server, the second attempt goes to the second server, and so on. Most 
clients give up after one retry, so only the first two servers get 
queries. If you configure your clients to make more retries you'll see 
more upstream servers get hit.



There's a fundamental limitation of the DNS UDP protocol: there's 
nothing that dnsmasq can send to the client which means "I'm still 
working, please wait". If the client doesn't see an answer during its 
timeout period, it will give up and it makes no difference if dnsmasq is 
still working down a long list of servers.



This is why strict-order is generally a bad idea: without strict order 
dnsmasq can send the query to all available servers in parallel, and it 
does much better at finding one which works.


Cheers,

Simon.




I agree that having unreliable upstream servers are not recommended but 
sometimes our nameservers fail to respond due to other issues.


Thanks
Gomathi Shankar P S


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss






















					Reply via email to