[FS#391] dnsmasq stops working properly if the fastest upstream DNS server returns a server failure
LEDE Bugs
lede-bugs at lists.infradead.org
Tue Jan 17 11:53:23 PST 2017
The following task has a new comment added:
FS#391 - dnsmasq stops working properly if the fastest upstream DNS server returns a server failure
User who did this - IronicSven (IronicSven)
----------
@Baptiste: I can't reproduce the issue with OpenWrt Chaos Calmer 15.05.1 r49389 and Dnsmasq version 2.73. My internet outages started with Lede and Dnsmasq 2.76.
@Eric: I don't use DNSSEC and thus treating SERVFAIL as a valid response sounds strange to me.
I've spend some time with the attempt to add some logging messages and revert the changes mentioned above. I created a patchfile in package/network/services/dnsmasq/patches:
--- a/src/forward.c
+++ b/src/forward.c
@@ -821,9 +821,15 @@ void reply_query(int fd, int family, tim
}
server = forward->sentto;
+
+ if (option_bool(OPT_LOG) && RCODE(header) == SERVFAIL)
+ my_syslog(LOG_INFO, _("received SERVFAIL"));
+ if (option_bool(OPT_LOG) && RCODE(header) == REFUSED)
+ my_syslog(LOG_INFO, _("received REFUSED"));
+
if ((forward->sentto->flags & SERV_TYPE) == 0)
{
- if (RCODE(header) == REFUSED)
+ if (RCODE(header) == REFUSED || RCODE(header) == SERVFAIL)
server = NULL;
else
{
@@ -853,7 +857,7 @@ void reply_query(int fd, int family, tim
we get a good reply from another server. Kill it when we've
had replies from all to avoid filling the forwarding table when
everything is broken */
- if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED)
+ if (forward->forwardall == 0 || --forward->forwardall == 1 || (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL))
{
int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
Now it is working as I would expect it. If the fastest DNS server returns SERVFAIL the next DNS server that returns NOERROR will be used for a valid response.
Tue Jan 17 19:25:09 2017 daemon.info dnsmasq[1593]: 25 127.0.0.1/54663 query[AAAA] bugs.lede-project.org from 127.0.0.1
Tue Jan 17 19:25:09 2017 daemon.info dnsmasq[1593]: 25 127.0.0.1/54663 forwarded bugs.lede-project.org to 83.169.185.161
Tue Jan 17 19:25:09 2017 daemon.info dnsmasq[1593]: 25 127.0.0.1/54663 forwarded bugs.lede-project.org to 83.169.185.225
Tue Jan 17 19:25:09 2017 daemon.info dnsmasq[1593]: 25 127.0.0.1/54663 forwarded bugs.lede-project.org to 8.8.8.8
Tue Jan 17 19:25:09 2017 daemon.info dnsmasq[1593]: 25 127.0.0.1/54663 forwarded bugs.lede-project.org to 8.8.4.4
Tue Jan 17 19:25:09 2017 daemon.info dnsmasq[1593]: 25 127.0.0.1/54663 forwarded bugs.lede-project.org to 192.168.3.2
Tue Jan 17 19:25:09 2017 daemon.info dnsmasq[1593]: received SERVFAIL
Tue Jan 17 19:25:09 2017 daemon.info dnsmasq[1593]: 24 127.0.0.1/54663 reply bugs.lede-project.org is 148.251.78.235
Tue Jan 17 19:25:09 2017 daemon.info dnsmasq[1593]: 25 127.0.0.1/54663 reply bugs.lede-project.org is 2a01:4f8:202:43ea::3
@DEVs: Please feel free to use the patch.
----------
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=391#comment1293
More information about the lede-bugs
mailing list