Simon in #18: > Once we see different data from different nameservers, > we can go to --strict-order mode, but the opposite is not > true: the same answer for a particular query doesn't > guarantee that the answers to future queries will always agree. > There's no way to be sure that the nameservers are equivalent > based on the history of returned queries. Unless we can assume > that, we always need to wait for the first nameserver to reply > (or a timeout) and have to stay in --strict-order mode forever.
Yes, but it's not so bad to stay in strict-order mode forever^Wuntil the list of nameserver addresses changes. The admin can take action to prevent dnsmasq from entering that mode, e.g., by configuring dnsmasq to direct certain lookups (e.g., of *.internal) to the appropriate nameservers. > There is one possibility, which is to assume that nameservers > are equivalent, but switch to --strict-order mode if conflicting > replies are seen. When a query is forwarded to all available > servers, and the first reply sent back to the original requestor, > keep the record of the reply (at least, a bit indicating > NODATA/NXDOMAIN or a valid reply. If another reply comes > in later from another nameserver which conflicts, then switch > to --strict-order mode. Simon, your suggestion (call it "#18") differs from the suggestion in #17 in two ways. First, #18 sends the first-received reply back to the client without waiting for the results of comparison with other results whereas #17 does wait. Second, #18 switches to strict-order mode when *any* difference is found, whereas #17 proposed only looking for a particular pattern, that being: a NODATA/NXDOMAIN is received from a nameserver that is not listed first and an earlier-listed nameserver does return an address within the standard libc timeout period. In #17's defence... in #17 the client only has to wait for a reply in the case of a NODATA/NXDOMAIN from a non-first nameserver; the client does get the desired address from the earlier-listed nameserver if there is one --- even the first time; and dnsmasq only drops into strict-order mode under the circumstances when it is necessary for it to do so such that clients get needed addresses. There is no point, for example, in dropping into strict-order mode if it's the first nameserver returning NXDOMAIN and a later-listed nameserver returning an address! What do you think about the possibility of implementing such ideas? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1003842 Title: Precise NM with "dns=dnsmasq" breaks systems with non-equivalent upstream nameservers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1003842/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
