Tacking this onto the end of the thread, rather than replying specifically to the last post.
Apologies, I've not been reading this: If I keep up with my email, I have too little time to program, so every so often I do programming and ignore email. This coding ended up taking a long time, and resulted in a substantial commit - it would have been nice to do it in stages, but the struct server datastructure is old, and there's code everywhere that touches it and makes undocumented assumptions about how it behaves. In the end I had to rip it all out and write something new and then spend weeks reconnecting all the loose wires and testing all the half-forgotten options. I've ended up with a lot of the code in src/forward.c in a much better state, a load of bugs fixed, and much better performance with lots of local=/adserver.com/ and local=/adserver.com/# lines, along with significantly better memory use in that case. Petr's original request is done, server=/example/8.8.8.8 server=/example/9.9.9.9 works in the same way as two or more servers for the default. The priority of the various options is now defined, it is cache and local config, --host-record, --cname etc etc address=/example/<IPv4>|IPv6> server=/example/# local=/example/ server=/example/<server-addr> With extra information that the first line is type-specific, so if you just have address=/example/1.1.1.1 then an AAAA query will fall through to something later. similarly server=/example/# will catch A and AAAA but nothing else local=/example/ catches all types. I'm pretty sure that this is the same behaviour as before, and to the extent that it wasn't defined before, if it's changed, at least it's defined now. One thing that hasn't changed, but doesn't seem to be well known, is the behaviour of a leading period. The matching of a domain is more-or-less pure trailing substring, so server=/example.com/... will match example.com www.example.com AND badexample.com which is not necessarily sensible, but it's what we're stuck with for backwards compatibility. Long ago, the extra rule was added that an implied leading period would be added to the query, so that server=/.example.com/ will match www.example.com and won't match badexample.com, but it WILL match example.com I see lots of lists of ad servers formatted as dnsmasq configuration that don't have that leading period, and should. This behaviour is carried through to the new code. There's also a new commit which does resource management per server "group", so if you have a server or servers for a particular domain which are not responding, the backlog of unanswered queries will only affect those queries and queries answered by other servers will still be server. Finally, there's a big commit to the DNSSEC code, which combines queries for DNSKEY and DS records which are generated independently. The chief advantage of this is with dual-stack clients that ask for A and AAAA records of the same domain at the same time since it avoids duplicated sets of queries for all the keys in the chain-of-trust. Everything described here is in git now, and I've tagged 2.86test2 of you want a downloadable tarball instead. Please test! Cheers, Simon. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss