Re: [Dnsmasq-discuss] using dnsmasq with 4 upstream servers

2016-09-02 Thread /dev/rob0 
On Fri, Sep 02, 2016 at 01:23:44PM +0200, Daniel Steglich wrote:
> I've got 4 upstream DNS Servers from my ISP (2 IPv4, 2 IPv6) and 
> use all of them in /etc/resolv.conf.

I think you'd be better off to simplify this.  Furthermore I am 
always leery of trusting ISP nameservers.  Sooner or later the ISP 
bosses get the idea to increase revenue with NXDOMAIN redirection.
Really, I'd trust Google before an ISP (but my own solution is to 
point dnsmasq at my own local caching resolver.)

> I start sending DNS SRV querys from a client to dnsmasq DNS relay 
> every 5 seconds.
> 
> Each request is sent to four DNS upstream servers (primary DNS v4, 
> secondary DNS v4, primary DNS v6, secondary DNS v6). The answer 
> from the fastest server is used.
> As the requests are DNS SRV records, the reply is not cached by 
> dnsmasq.

What?  Why not?  Caching is done based on TTL, not based on the 
RRtype.  If the upstream server gives you a zero TTL, then that 
record is not cached ... regardless of RRtype.

> During my tests the first IPv6 DNS server was always the fastest 
> replying server and for this reason the answer from this server
> is passed to the client always,

Do the answers from other upstream servers differ?

> After some time the dnsmasq relay is not forwarding the requests to 
> the four known DNS servers any more but only sends out the requests 
> to either the first IPv4 DNS server or the first IPv6 DNS server. 
> So only one server is used. After about 20 seconds (4 requests 
> later) the dnsmasq process falls back to the expected behaviour of 
> sending the request to all known DNS Servers.

I guess there is an implied "but the server fails to answer" in this, 
and it presents yet another reason why you might want to consider 
these ISP nameservers unreliable.

> does anybody knows the reason for this?

See --all-servers and --server in the manual.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq does crash

2016-09-02 Thread e9hack 
Am 31.08.2016 um 11:51 schrieb Kevin Darbyshire-Bryant:
> 
> On 30/08/16 23:08, Simon Kelley wrote:
>> Sorry about this. Putative fix pushed to git.
> 
> Looks good.  It doesn't go bang anymore on my system :-)

The same for me.

Regards,
Hartmut


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] using dnsmasq with 4 upstream servers

2016-09-02 Thread Daniel Steglich 


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I've got 4 upstream DNS Servers from my ISP (2 IPv4, 2 IPv6) and use 
all of them in /etc/resolv.conf.
I start sending DNS SRV querys from a client to dnsmasq DNS relay every 
5 seconds.


Each request is sent to four DNS upstream servers (primary DNS v4, 
secondary DNS v4, primary DNS v6, secondary DNS v6). The answer from the 
fastest server is used.
As the requests are DNS SRV records, the reply is not cached by 
dnsmasq.


During my tests the first IPv6 DNS server was always the fastest 
replying server and for this reason the answer from this server is 
passed to the client always,
After some time the dnsmasq relay is not forwarding the requests to the 
four known DNS servers any more but only sends out the requests to 
either the first IPv4 DNS server or the first IPv6 DNS server. So only 
one server is used. After about 20 seconds (4 requests later) the 
dnsmasq process falls back to the expected behaviour of sending the 
request to all known DNS Servers.


does anybody knows the reason for this?

- ---
Mit freundlichen Grüßen

Daniel Steglich
-BEGIN PGP SIGNATURE-
Version: Mailvelope v1.5.1
Comment: https://www.mailvelope.com

wsFcBAEBCAAQBQJXyWDvCRCe/ByBcnU4rwAABSoP/2EaTSwE2ZMc5uUUbmxJ
qv7cGtTEaPfddGmA0ua0/kUJRw47w3VHzChxIjWF9L9DmQf5q3rXzD8i5Cfu
E+1UURKAJ1YLgztzz2GBAclZ0lUA+HNIk8VgIxicbyeS+9HP35dwFFfm90D9
j/DBfIiRq9/VI+EdWwHEnZ3KLpvyS3Wqd7z039VB/GoPo7J6lDJmD7vCJmQU
tAxfVB/XTfxaskiMBd/Eeg//Tdesofnwcp5YEbHsl/aR6NHH/73I5f8VlTP0
gEzQ/kd8+2qCBFzi/C4VhTmm4hxdY7RlSsmefqK3YOMeSs+l8zNL5p+igry5
wPjRN03Hnfqcpyy7MpKPiX8faP5xRCrXQgW+DDt+koDdAKauDiAryemM0Rxu
pzQ7QVpZAF0O76QJrW5XofuP+53JktAY61IV7W2/J5EAbouZfmUJ27N4mBH5
gLUWrEARpDDcYtYNrU4GP4u6hPEjx6AMnrMc0TqCmukkPKCigZulAkL9lXHw
DsdeznI/l/i7SyVikVMny6G2PBGi/5OX9KFUaWvszMEKqOiyaOI7CyEjLaiA
02ShtvIDamArhZOjKljEr+2ws0JA7WZ6w81ItqyTQvoXJQ5xxRXHxzLlM8v6
R6Gex8Wtz+uqbMmR3/VAZXcxF5QgloaOLUfejVKo9R6lAbxJYiIVwKVLjTMt
2hHi
=mpBi
-END PGP SIGNATURE-


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmasq doesn't reply to queries made over (link-local) IPv6

2016-09-02 Thread Toke Høiland-Jørgensen 
Simon Kelley  writes:

> My first thought is that it's probably replying to the wrong
> interface: link local addresses can't be routed: you have to specify
> the interface they're connected to. This insight came late to me, and
> there's a chance that the dnsmasq code is still messing it up. I'll
> take a closer look in the next day or two.

Awesome, thanks! :)

-Toke

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmasq doesn't reply to queries made over (link-local) IPv6

2016-09-02 Thread Simon Kelley 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

My first thought is that it's probably replying to the wrong
interface: link local addresses can't be routed: you have to specify
the interface they're connected to. This insight came late to me, and
there's a chance that the dnsmasq code is still messing it up. I'll
take a closer look in the next day or two.

Cheers,

Simon.


On 01/09/16 22:29, Toke Høiland-Jørgensen wrote:
> Hi
> 
> I have this weird problem where my dnsmasq instance won't reply to 
> queries made over (link-local) IPv6. I can see the query coming in,
> it shows up in the logs (with log-queries) enabled and gets
> resolved, but no reply ever goes back out. Don't see any IPv6 DNS
> packets going out at all on that interface. Queries made over IPv4
> work fine.
> 
> I am stumped as to how to debug this. This is dnsmasq 2.76 running
> on LEDE nightlies.
> 
> -Toke
> 
> ___ Dnsmasq-discuss
> mailing list Dnsmasq-discuss@lists.thekelleys.org.uk 
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJXyTBZAAoJEBXN2mrhkTWigbUQAJNYoOShV4H012uKi6Q8GEJZ
9HLSs8h9P83qxSJJ8etGmkLfksNdLJxDUHQXQPrVOApRfDphWuQztt+osi+oip9h
qfZPEeR5t3fAE+nZ2jfIVpVsabZGdAJSQC3bnW8/fi2SgzqmWJSAoDjqtAcK21cQ
gxnNI8/7yF9j8CIfSacyAH/zfSJBtLQUGaXRz0/oRHuby2aFF4QOCE/oul9ZAzpq
QOGm9LgZGTlY3LtmpzYgdC96YtE9YaW8jVFZUmBFb45v0MFhYvrKi3Gw+Tl3K9oA
SJiQVas+lTRC1GOf8evpjuWyWV/MtrvAdcCL4qKGdt+jqyqnIo8udQ+iK8pszkkj
lWOmnsPQjNdjQpOTidawwQ6lHSyGNy8+2IK4WDMvxB+ZRJoPmeJncgiT8xtS18x7
zx9LzXavavf8X2fenc4iETuF88/2i5+Mk4jYfuQlFMGohieRUtrjdzjcNlXs4HVV
YnPNbmrHxykCeUjE2bJvmBfvFhgOSlKdIrQ3nctAI9ej5gr2koYS7xmr2nGdZXYW
YkzcjFLF6BDri/AQOiyCGOW4WBZIYf/hy5sGPu/Cp2b0u94J4r40D9Db9O03NNmS
ra9Yh9wguM4xt8OnMemMhSYahv2EFK2zrA6zJqWlzjKY+by70LUOuxnXJW8RcTfI
5X3szV/8d/JE1CAwMTn4
=4je7
-END PGP SIGNATURE-

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss