Why does pfsense call its implementation of dnsmasq a DNS Forwarder, not DNS server?
-
Yet all other implementations for routers (DD-WRT, OpenWRT, etc) or Pi-Hole deem their implementations of dnsmasq a local DNS server? And the documentation for dnsmasq also calls itself a DNS server. http://www.thekelleys.org.uk/dnsmasq/doc.html
And what is the difference between DNS resolver and DNS server?r
-
@maya95 said in Why does pfsense call its implementation of dnsmasq a DNS Forwarder, not DNS server?:
dnsmasq also calls itself a DNS server.
Well, yeah, it is, because https://en.wikipedia.org/wiki/Server_(computing)
DNSMasq is not a resolver because it gets it's info from upstream DNS servers, which might be DNS resolvers, or yet another another forwarder. At the end of this chain there will a resolver.
Resolvers will question from top to bottom, that is : TLD first, then the zone or domain name, and then the domain domain servers to get the actual zone information like an A record, that points to an IPv4.
A DNS server can also be a domain name server.
And all these can also cache their information, so other down stream will get faster answers.
-
@Gertjan So dnsmasq doesn't do the following actions even you can add host entries to it? It only forwards queries to other DNS server/resolver upstreams to get an answer from them if it can't find answer in it's host entries/database/cache?
-
Local 'static' host entries are entered in the local look up or list or cache.
These entries never time out (infinite TTL) so if a host/domain exists, it gets used right away without any upstream look up.The same goes for the resolver type of DNS server.
-
The meanings are kind of muddied by loose usage but typically they should be:
- DNS Server - An authoritative DNS server which answers queries about domains for which it holds authoritative records. This is the kind of DNS server you'd find at a hosting facility, for example, with DNS records for a site like, say, example.com.
- DNS Resolver - Takes queries from clients and uses the root servers and other authoritative servers to find the answers directly. This is (sort of) the kind of thing you see at ISPs or places like Quad9/Google/CF which answer public client queries. (Though the ones clients hit may actually be forwarders, not resolvers)
- DNS Forwarder - Takes queries from clients and forwards them on to another forwarder or a resolver.
dnsmasq
is only capable of acting as a forwarder, so pfSense calls it a forwarder.unbound
is capable of acting as a resolver or a forwarder, depending on the configuration, but its default role is a resolver, so that's what it's called in pfSense.bind
can be any of the above depending on the configuration. Though it's typically considered "too heavy" to be used for forwarding and resolving roles, it does provide some features which can be useful in more complex scenarios.