Hello, At OVH, we use dnsmasq in our product OverTheBox, an OpenWRT based router.
We found what we think is a bug (at least a not wanted behaviour), but it seems it's actually a feature, when looking at commits 4ace25c5 and 51967f980 (pasted at the end of this email). If you have say 4 upstreams, and one of them has a problem: it will always give SERVFAIL responses back to dnsmasq. The problem is that dnsmasq will immediately forward the SERVFAIL response back to the client, even if other upstreams are working (providing the SERVFAIL answer is the first to arrive). If dnsmasq has several upstreams, isn't it to make it more robust? Shouldn't dnsmasq try as much as possible to be independent of upstream errors? You will find by Pull Request here: https://github.com/MartinWetterwald/dnsmasq/pull/1/files You could cherry-pick my commit if you agree with this behaviour. Best Regards, Martin Wetterwald commit 51967f9807665dae403f1497b827165c5fa1084b Author: Simon Kelley <[email protected]> Date: Tue Mar 25 21:07:00 2014 +0000 SERVFAIL is an expected error return, don't try all servers. commit 4ace25c5d6c30949be9171ff1c524b2139b989d3 Author: Chris Novakovic <[email protected]> Date: Mon Jan 25 21:54:35 2016 +0000 Treat REFUSED (not SERVFAIL) as an unsuccessful upstream response Commit 51967f9807665dae403f1497b827165c5fa1084b began treating SERVFAIL as a successful response from an upstream server (thus ignoring future responses to the query from other upstream servers), but a typo in that commit means that REFUSED responses are accidentally being treated as successful instead of SERVFAIL responses. This commit corrects this typo and provides the behaviour intended by commit 51967f9: SERVFAIL responses are considered successful (and will be sent back to the requester), while REFUSED responses are considered unsuccessful (and dnsmasq will wait for responses from other upstream servers that haven't responded yet). _______________________________________________ Dnsmasq-discuss mailing list [email protected] http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
