Anyone care to explain why itnever uses secondary dns.

[133794m3r]

As it says on the tin, what's the point of even having a second dns option when if the first fails to resolve a domain it _never_ once even tries the second dns server.

 

[L&LD]

What router? What firmware version? What DNS servers and where are they set at and how are you testing them?

 

[kevindb]

A couple of points here. First, every DNS server is supposed to have a whole view of the domain structure, therefore if an answer doesn't exist it shouldn't exist no matter to which server you send the query. In other words if one server knows about a certain domain and another doesn't then DNS isn't designed to ask another server just in case it knows a different answer....the answer 'This server/domain doesn't exist' *is* the answer.

Second, dnsmasq (asuswrt's default caching & forwarding DNS resolver) is responsible for forwarding DNS queries from your local clients to your ISP's server/s. As default it forwards queries to the fastest responding server only.

Look at dnsmasq man page for these options: http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
-o, --strict-order
By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf
--all-servers
By default, when dnsmasq has more than one upstream server available, it will send queries to just one server. Setting this flag forces dnsmasq to send all queries to all available servers. The reply from the server which answers first will be returned to the original requester.

There's also a way of telling dnsmasq to use a specific DNS server for specific domains which may be helpful if you've local domains (ie non internet facing) that you wish to service.

-S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]
Specify IP address of upstream servers directly. Setting this flag does not suppress reading of /etc/resolv.conf, use -R to do that. If one or more optional domains are given, that server is used only for those domains and they are queried only using the specified server.

e.g. : --server=/google.com/1.2.3.4 will send queries for *.google.com to 1.2.3.4, everything else will go to resolv.conf

 

[133794m3r]

Why wouldn't it at least try, I mean ffs, dns servers reply to pings but sometimes are unable to handle queries. For example, simple domains such as facebook.com, google.com etc. Just say "sorry server not found" even though they are used regularly and the router hasn't been rebooted so clearly the "caching" bit of it is a blatant lie.

And that won't help out much if a server says "sorry server does not exist."
Which I wish that the dns servers my isps would just not reply instead of sending a "server doesn't exist" message. But no, they reply to pings, and say it doesn't exist.

 

[RMerlin]

That's not the way DNS work. If a query for a hostname doesn't return any existing information, a normal DNS server will return an NXDOMAIN response saying that the requested hostname does not exist within the authoritative nameserver for the target domain. This isn't an error state, it's a valid reply (also called a negative reply). Negative replies have a different TTL from regular replies - they are actually accounted for in the nameserver definitions.

If you have two name servers that can return different responses (one with an IP and one with a NXDOMAIN), then something is broken with the DNS server that's being authoritative for the zone containing the requested hostname. This is just as bad as if they both returned different IPs - that's something that should be resolved at their end, this has nothing to do with the resolver not asking different servers for different opinion, because otherwise it would have no way of knowing which of the received response is the CORRECT answer. Coherency throughout the DNS system is critical to its correct functioning.

The goal of a secondary is only in case the primary is actually unreachable (and in the case of some resolver, they can be used as load balancers).