Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Query DNS servers sequentially

    Scheduled Pinned Locked Moved
    DHCP and DNS
    2
    3
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      groverby
      last edited by

      The 'Query DNS servers sequentially' confuses me; it doesn't behave how I'd expect.

      I have this feature enabled.

      Under System > General Setup > DNS Servers, I have:
      10.1.1.6
      10.1.1.7
      8.8.8.8
      8.8.4.4

      DNS requests to the DNS Forwarder seems to be getting responses from 8.8.8.8 (or possibly 8.8.4.4) even though 10.1.1.6 and 10.1.1.7 can handle the request.

      The DNS Forwarder supplies the correct responses when Domain Overrides are provided and point to the 10.1.1.6 DNS server.

      Given the above settings, I'd expect the DNS Forwarder to get responses from 10.1.1.6 regardless of the Domain Overrides, but that doesn't seem to be the case.

      pfSense version is 2.1.3-RELEASE (amd64)

      What am I misunderstanding?

      1 Reply Last reply Reply Quote 0
      • G
        groverby
        last edited by

        Anyone? I'll take shot in the dark guesses.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          The checkbox to use sequentially enables dnsmasq's –strict-order. Their man page describes that as:

          By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf

          http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

          The order in resolv.conf should match what you have configured under System>General Setup, at least assuming you also have no dynamic WANs or have disabled DNS server updates from DHCP/PPP.

          If resolv.conf has the order as desired, then I suspect either your internal DNS servers aren't responding for some things, or maybe dnsmasq's –strict-order doesn't do what you're expecting and stopping at the first server that replies (I would think it does, but not entirely sure off the top of my head).

          Getting a packet capture of all UDP 53 traffic on LAN and seeing what that looks like might be telling. Maybe your internal servers are failing to respond at times.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.