search

derekperrin / rt-n56u

Automatically exported from code.google.com/p/rt-n56u
0 stars 0 forks source link

Strict DNS order is not working #1472

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
Our provider blocks some sites due to government issues. Therefore, I would 
like to use google DNS for external addresses, but keep provider DNS for 
resolving local addresses

I've configured router to use the following DNS servers in WAN DNS Setting:

8.8.4.4
192.168.248.21
192.168.251.21

(last 2 are provider-specific).

I also configured Custom Configuration File "dnsmasq.conf" and added 
strict-order option there. According to 
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html, it should work as 
expected (Setting this flag forces dnsmasq to try each query with each server 
strictly in the order they appear in /etc/resolv.conf)

However, it seems that router uses only first configured server.
Output from client machine:

D:\>ping lurkmore.to

Pinging lurkmore.to [85.17.124.152] with 32 bytes of data

D:\>ping phone.zet
Ping request could not find host phone.zet. Please check the name and try again.

If I go inside the router console, it seems that DNS server setting is working 
if I specify the correct value explicitly:

/opt/home/admin # nslookup phone.zet 192.168.251.21
Server:    192.168.251.21
Address 1: 192.168.251.21

Name:      phone.zet
Address 1: 192.168.103.218

But not working without it

/opt/home/admin # nslookup phone.zet
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

nslookup: can't resolve 'phone.zet': Name or service not known

Is it possible to configure it to use a several DNS server is strict order? 
Maybe i'm doing something wrong?

Firmware version 3.4.3.9-091, Windows XP x64 as as client.

Output from syslog:

Apr 17 18:59:00 dnsmasq[412]: started, version 2.72 cachesize 1024
Apr 17 18:59:00 dnsmasq[412]: compile time options: IPv6 GNU-getopt no-RTC 
no-DBus no-i18n no-IDN DHCP DHCPv6 no-scripts TFTP no-conntrack no-ipset 
no-auth no-DNSSEC no-loop-detect
Apr 17 18:59:00 dnsmasq-dhcp[412]: DHCP, IP range 192.168.1.2 -- 192.168.1.244, 
lease time 1d
Apr 17 18:59:00 dnsmasq-dhcp[412]: DHCP, sockets bound exclusively to interface 
br0
Apr 17 18:59:00 dnsmasq[412]: read /etc/hosts - 4 addresses
Apr 17 18:59:00 dnsmasq[412]: read /etc/storage/dnsmasq/hosts - 0 addresses
Apr 17 18:59:00 dnsmasq-dhcp[412]: read /etc/ethers - 1 addresses
Apr 17 18:59:01 dnsmasq[412]: read /etc/hosts - 4 addresses
Apr 17 18:59:01 dnsmasq[412]: read /etc/storage/dnsmasq/hosts - 0 addresses
Apr 17 18:59:01 dnsmasq-dhcp[412]: read /etc/ethers - 1 addresses
Apr 17 18:59:01 dnsmasq[412]: using nameserver 8.8.4.4#53
Apr 17 18:59:01 dnsmasq[412]: using nameserver 192.168.248.21#53
Apr 17 18:59:01 dnsmasq[412]: using nameserver 192.168.251.21#53

Original issue reported on code.google.com by DanilaGa...@gmail.com on 17 Apr 2015 at 4:17

GoogleCodeExporter commented 8 years ago 
I might be wrong, but it seems "all-servers" is the dnsmasq option you are 
looking for.

Original comment by johnny.s...@gmail.com on 17 Apr 2015 at 9:06

GoogleCodeExporter commented 8 years ago 
I will try it, however, as I understand the man page, "all-servers" does the 
following in pseudo-code:

function resolve(address) {
  res1 = dns1(address);
  res2 = dns2(address);
  res3 = dns3(address);

  return earliest_reply_of(res1, res2, res3);
}

But I need to have the following behavior:

function resolve(address) {
  res = dns1(address);
  if ( res == 'server not found') {
     res = dns2(address);
     if (res == 'server not found') {
        res = dns3(address);
     }
  }

  return res;
}

I need this because providers' dns servers are "full" dns servers, so they are 
returning both provider-specific addresses and all other addresses as well. 
Therefore, If i use "all-servers", the system will mostly use the providers' 
dns servers, since they are faster than google dns server, but they are hiding 
some resources, so i won't solve my problem.

Original comment by DanilaGa...@gmail.com on 18 Apr 2015 at 10:27

GoogleCodeExporter commented 8 years ago 
If you knew all the provider-specific domains, you could remove provider dns 
servers from resolv.conf and then add:

server=/domain1/domain2/domain3/provider_dns

which instructs dnsmasq to resolve domain1, domain2 and domain3 using 
provider_dns

Or perhaps you should ask this directly on the official mailing list:
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Original comment by johnny.s...@gmail.com on 19 Apr 2015 at 5:11

GoogleCodeExporter commented 8 years ago 
Unfortunately, I do not know all of the of the provider-specific domains, but 
will try this as workaround. Thank you!

Original comment by DanilaGa...@gmail.com on 19 Apr 2015 at 8:02