NMControl: Primary/Secondary DNS [closed]
NMControl: Primary/Secondary DNS [closed]
edit: it does not work properly because of how the OS handles DNS server errors
Most OSs allow for a primary and secondary DNS server. In case of error on the primary one the OS falls back to the secondary server.
In case of legacy domains NMControl could quickly deliver an error instead of fetching the data from a legacy DNS server (e.g. Google DNS).
This would allow the user to set NMControl as the primary DNS server and their regular DNS server as the secondary one.
Besides making the manual installation of NMControl a little easier (no need to change NMControl config files) this should also work in case NMControl is not running.
I think the switch should be fast enough so that it can not be noticed.
Thoughts?
Most OSs allow for a primary and secondary DNS server. In case of error on the primary one the OS falls back to the secondary server.
In case of legacy domains NMControl could quickly deliver an error instead of fetching the data from a legacy DNS server (e.g. Google DNS).
This would allow the user to set NMControl as the primary DNS server and their regular DNS server as the secondary one.
Besides making the manual installation of NMControl a little easier (no need to change NMControl config files) this should also work in case NMControl is not running.
I think the switch should be fast enough so that it can not be noticed.
Thoughts?
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: NMControl: Primary/Secondary DNS
I haven't played with those settings, but my impression is that if NMControl returns an error such as NXDOMAIN, the OS will consider that final and will not contact the secondary DNS server. I don't know if there's a good way for NMControl to return an error in a way that tells the OS to try the next DNS server. Ryan, Stuart, or Hugo would probably know more about this than I do.phelix wrote:Most OSs allow for a primary and secondary DNS server. In case of error on the primary one the OS falls back to the secondary server.
In case of legacy domains NMControl could quickly deliver an error instead of fetching the data from a legacy DNS server (e.g. Google DNS).
This would allow the user to set NMControl as the primary DNS server and their regular DNS server as the secondary one.
Besides making the manual installation of NMControl a little easier (no need to change NMControl config files) this should also work in case NMControl is not running.
I think the switch should be fast enough so that it can not be noticed.
Thoughts?
EDIT: Why not use the Windows registry hack that we're using now? I think you can do something similar on Linux with the dnsmasq that's installed by default.
Re: NMControl: Primary/Secondary DNS
This would be for Windows 7 and Windows Vista where the registry hack does not work.biolizard89 wrote:I haven't played with those settings, but my impression is that if NMControl returns an error such as NXDOMAIN, the OS will consider that final and will not contact the secondary DNS server. I don't know if there's a good way for NMControl to return an error in a way that tells the OS to try the next DNS server. Ryan, Stuart, or Hugo would probably know more about this than I do.phelix wrote:Most OSs allow for a primary and secondary DNS server. In case of error on the primary one the OS falls back to the secondary server.
In case of legacy domains NMControl could quickly deliver an error instead of fetching the data from a legacy DNS server (e.g. Google DNS).
This would allow the user to set NMControl as the primary DNS server and their regular DNS server as the secondary one.
Besides making the manual installation of NMControl a little easier (no need to change NMControl config files) this should also work in case NMControl is not running.
I think the switch should be fast enough so that it can not be noticed.
Thoughts?
EDIT: Why not use the Windows registry hack that we're using now? I think you can do something similar on Linux with the dnsmasq that's installed by default.
Re: NMControl: Primary/Secondary DNS
You could *try* returning SERVFAIL rather than NXDOMAIN, but I'm not sure what the resolver in Windows will do in reaction to that.
-
- Posts: 801
- Joined: Sun Aug 18, 2013 8:26 pm
- os: mac
Re: NMControl: Primary/Secondary DNS
Phelix, have you actually tested this? I assumed the same thing early on, but I think the fallback servers are only used if they cannot contact the primary server....
DNS is much more than a key->value datastore.
Re: NMControl: Primary/Secondary DNS
I tried it with SERVFAIL as Ryan suggested and it works. Thanks for the hint. I did not notice any lag. I have not yet managed to measure the delay, my guess still is that it is neglectable.
Re: NMControl: Primary/Secondary DNS
I am somewhat surprised that this works. Please test thoroughly to ensure it's behaving as expected. The correct solution should be to pass through queries to an upstream resolver.phelix wrote:I tried it with SERVFAIL as Ryan suggested and it works. Thanks for the hint. I did not notice any lag. I have not yet managed to measure the delay, my guess still is that it is neglectable.
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: NMControl: Primary/Secondary DNS
Hmm, interesting. I'll have to play around with that when I'm porting the Unbound rebase of NMControl to Windows.
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: NMControl: Primary/Secondary DNS
According to https://serverfault.com/questions/52923 ... rt-back-to , doing this will cause Very Bad Things (TM) to happen. Among other things, after you resolve a non-.bit domain, for 15 minutes your .bit domain lookups will be routed through your ISP.ryanc wrote:I am somewhat surprised that this works. Please test thoroughly to ensure it's behaving as expected. The correct solution should be to pass through queries to an upstream resolver.phelix wrote:I tried it with SERVFAIL as Ryan suggested and it works. Thanks for the hint. I did not notice any lag. I have not yet managed to measure the delay, my guess still is that it is neglectable.
However, it seems that you can do a registry hack to eliminate that behavior: https://support.microsoft.com/en-us/kb/320760/en-us
That article is about Windows XP; I can't find any info on whether Visa/7 behaves the same way.
Re: NMControl: Primary/Secondary DNS
I had read that, too, but it does not seem to be the case on my system / windows 8.1. I will give it a try on XP.biolizard89 wrote:According to https://serverfault.com/questions/52923 ... rt-back-to , doing this will cause Very Bad Things (TM) to happen. Among other things, after you resolve a non-.bit domain, for 15 minutes your .bit domain lookups will be routed through your ISP.ryanc wrote:I am somewhat surprised that this works. Please test thoroughly to ensure it's behaving as expected. The correct solution should be to pass through queries to an upstream resolver.phelix wrote:I tried it with SERVFAIL as Ryan suggested and it works. Thanks for the hint. I did not notice any lag. I have not yet managed to measure the delay, my guess still is that it is neglectable.
However, it seems that you can do a registry hack to eliminate that behavior: https://support.microsoft.com/en-us/kb/320760/en-us
That article is about Windows XP; I can't find any info on whether Visa/7 behaves the same way.