Jim Faulkner wrote:
Hello,
I think I may have found a problem with dnsmasq 2.22. I am using the
Gentoo ebuild.
I am always on the lookout for DNS servers that are a small number of hops
away from me. Currently I have this in my /etc/resolv.conf:
nameserver 204.60.0.2
nameserver 204.60.203.179
nameserver 204.60.0.3
nameserver 66.73.20.40
nameserver 204.60.203.190
Last weekend I found another, and added this to /etc/resolv.conf:
nameserver 66.10.48.206
After adding that nameserver, dnsmasq would stop resolving hostnames after
being up for a few hours. Restarting the daemon seemed to be the only way
to get dnsmasq to resolve hostnames again. This happened at least 4 or 5
times over the course of the weekend, so it was not a rarity.
The problem dissappeared after removing 66.10.48.206 from
/etc/resolv.conf.
The only error messages I saw from dnsmasq was this in my
/var/log/messages:
May 8 06:34:20 gateway dnsmasq[5202]: nameserver 66.10.48.206 refused to
do a recursive query
So it looks like dnsmasq will stop resolving hostnames when one of the DNS
servers is bad.
Did DNS queries time out, or just return empty answers?
I think what happened each time you saw a problem is that dnsmasq had
selected the new nameserver (which nameserver is currently in use
changes slowly over time). The new nameserver is not replying correctly
to arbitrary queries, since it's not configured to "recurse" (delegate
queries for which it doesn't know the answer to other servers). Instead
it returns empty answers for domains it doesn't directly know about.
Such answers are perfectly legitimate, so dnsmasq sends them back to the
original requestor, and the effect is that domains no longer resolve
correctly.
This is as designed, if you point dnsmasq at a dodgy nameserver, you'll
get dodgy results. Dnsmasq is kind enough to warn you that this might be
the case. The only possible change might be for dnsmasq to avoid using
servers which refuse to do recursion, but that breaks valid use cases
where you want dnsmasq to talk to non-recursive servers (think direcing
queries for a local private domain to a local private server).
HTH
Simon.
