What's new

WAN DNS Setting DNS order Server1 / Server2

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

aris

Occasional Visitor
Can anyone tell me what the usage logic is between Server1 and Server2 in the WAN DNS Setting menu? Are they used round-robin, or is Server1 used unless not contactable then Server2 used - or something else?

Thanks.
 
Round Robin only applies to DoT use.
 
By default, dnsmasq will use the fastest available server. To determine that server, it will send queries to all configured servers every 50 queries or every 20 seconds to see how they respond. You can see the pattern below when all 4 Quad9 servers are queried.
Code:
# grep forwarded dnsmasq.log | awk ' { print $1, $2, $3, $NF } '
Feb 26 08:33:55 9.9.9.11
Feb 26 08:33:55 149.112.112.11
Feb 26 08:33:55 2620:fe::11
Feb 26 08:33:55 2620:fe::fe:11
Feb 26 08:33:55 149.112.112.11
Feb 26 08:33:55 149.112.112.11
Feb 26 08:33:55 149.112.112.11
Feb 26 08:33:56 149.112.112.11
Feb 26 08:33:56 149.112.112.11
Feb 26 08:33:56 149.112.112.11
Feb 26 08:33:56 149.112.112.11
Feb 26 08:33:56 149.112.112.11
Feb 26 08:33:56 149.112.112.11
Feb 26 08:34:35 9.9.9.11
Feb 26 08:34:35 149.112.112.11
Feb 26 08:34:35 2620:fe::11
Feb 26 08:34:35 2620:fe::fe:11
Feb 26 08:34:35 9.9.9.11
Feb 26 08:34:51 9.9.9.11
Feb 26 08:34:51 9.9.9.11
Feb 26 08:34:51 9.9.9.11
Feb 26 08:34:52 9.9.9.11
Feb 26 08:34:52 9.9.9.11
Feb 26 08:34:52 9.9.9.11
Feb 26 08:34:52 9.9.9.11
Feb 26 08:34:52 9.9.9.11
Feb 26 08:34:52 9.9.9.11
Feb 26 08:34:52 9.9.9.11
Feb 26 08:34:52 9.9.9.11
Feb 26 08:34:57 9.9.9.11
Feb 26 08:34:57 149.112.112.11
Feb 26 08:34:57 2620:fe::11
Feb 26 08:34:57 2620:fe::fe:11
Feb 26 08:34:57 2620:fe::fe:11
Feb 26 08:34:57 2620:fe::fe:11
Feb 26 08:34:57 2620:fe::fe:11
Feb 26 08:34:57 2620:fe::fe:11
Feb 26 08:34:57 2620:fe::fe:11
Feb 26 08:34:57 2620:fe::fe:11
Feb 26 08:34:57 2620:fe::fe:11
Feb 26 08:34:57 2620:fe::fe:11
Feb 26 08:34:57 2620:fe::fe:11
Feb 26 08:34:57 2620:fe::fe:11
Feb 26 08:35:01 2620:fe::fe:11
Feb 26 08:35:01 2620:fe::fe:11
Feb 26 08:35:01 2620:fe::fe:11
Feb 26 08:35:01 2620:fe::fe:11
Feb 26 08:35:29 9.9.9.11
Feb 26 08:35:29 149.112.112.11
Feb 26 08:35:29 2620:fe::11
Feb 26 08:35:29 2620:fe::fe:11
Feb 26 08:35:29 2620:fe::fe:11
Feb 26 08:35:29 2620:fe::fe:11
Feb 26 08:35:29 2620:fe::fe:11
Feb 26 08:35:29 2620:fe::fe:11
Feb 26 08:35:30 2620:fe::fe:11
Feb 26 08:35:30 2620:fe::fe:11
Feb 26 08:35:30 2620:fe::fe:11
Feb 26 08:35:30 2620:fe::fe:11
Feb 26 08:35:30 2620:fe::fe:11
Feb 26 08:35:30 2620:fe::fe:11
Feb 26 08:35:30 2620:fe::fe:11
Feb 26 08:35:30 2620:fe::fe:11
Feb 26 08:35:30 2620:fe::fe:11
Feb 26 08:35:30 2620:fe::fe:11
Feb 26 08:35:30 2620:fe::fe:11
Feb 26 08:35:30 2620:fe::fe:11
Feb 26 08:35:31 2620:fe::fe:11
Feb 26 08:35:31 2620:fe::fe:11
Feb 26 08:35:31 2620:fe::fe:11
Feb 26 08:35:31 2620:fe::fe:11
Feb 26 08:35:31 2620:fe::fe:11
Feb 26 08:35:32 2620:fe::fe:11
Feb 26 08:37:31 9.9.9.11
Feb 26 08:37:31 149.112.112.11
Feb 26 08:37:31 2620:fe::11
Feb 26 08:37:31 2620:fe::fe:11
Feb 26 08:37:31 2620:fe::fe:11
Feb 26 08:37:31 2620:fe::fe:11
Feb 26 08:37:31 2620:fe::fe:11
Feb 26 08:37:31 2620:fe::fe:11
Feb 26 08:37:31 2620:fe::fe:11
Feb 26 08:37:31 2620:fe::fe:11
Feb 26 08:37:31 2620:fe::fe:11
Feb 26 08:37:31 2620:fe::fe:11
Feb 26 08:37:31 2620:fe::fe:11
Feb 26 08:37:31 2620:fe::fe:11
Feb 26 08:37:31 2620:fe::fe:11
 
Last edited:
DNSMASQ has the option to let you send the query to all the DNS servers you configed and it would choose the fastest response one. On Asuswrt, seems this option is not enabled by default, I have to add this in the user.conf and let it pickup when it starts or reloads.

/etc/dnsmasq.user/user.conf
all-servers

here is my log output:
grep forwarded dnsmasq.log | awk ' { print $1, $2, $3, $NF } '
Mar 9 23:09:31 1.1.1.1
Mar 9 23:09:31 8.8.8.8
Mar 9 23:09:31 9.9.9.9
Mar 9 23:09:31 208.67.222.222
Mar 9 23:09:31 45.11.45.11
Mar 9 23:09:31 84.200.70.40
Mar 9 23:09:31 1.1.1.1
Mar 9 23:09:31 8.8.8.8
Mar 9 23:09:31 9.9.9.9
Mar 9 23:09:31 208.67.222.222
Mar 9 23:09:31 45.11.45.11
Mar 9 23:09:31 84.200.70.40
Mar 9 23:09:34 1.1.1.1
Mar 9 23:09:34 8.8.8.8
Mar 9 23:09:34 9.9.9.9
Mar 9 23:09:34 208.67.222.222
Mar 9 23:09:34 45.11.45.11
Mar 9 23:09:34 84.200.70.40
Mar 9 23:09:34 1.1.1.1
Mar 9 23:09:34 8.8.8.8
Mar 9 23:09:34 9.9.9.9
Mar 9 23:09:34 208.67.222.222
Mar 9 23:09:34 45.11.45.11
Mar 9 23:09:34 84.200.70.40
Here is the DNSMASQ official man page for your reference: https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
 
@pseu_asus /etc/dnsmasq.user/user.conf is not normally a valid directory or filename for dnsmasq (see the man page). Maybe the version of Asuswrt that you're using is different than Merlin's? Or maybe you're using an addon script that has it's own implementation of dnsmasq?

In the "normal" Merlin firmware you would add the all-servers line to /jffs/configs/dnsmasq.conf.add.
 
DNSMASQ has the option to let you send the query to all the DNS servers you configed and it would choose the fastest response one. On Asuswrt, seems this option is not enabled by default, I have to add this in the user.conf and let it pickup when it starts or reloads.

Mine does it by default, nothing custom needed. Running 386 code base.
 
I don't see either of these parameters (from the Linux man page https://linux.die.net/man/8/dnsmasq ) in my /tmp/etc/dnsmasq.conf, so I assume it is using the defaults described in each which seem to contradict each other... (?):

--strict-order By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf
--all-servers By default, when dnsmasq has more than one upstream server available, it will send queries to just one server. Setting this flag forces dnsmasq to send all queries to all available servers. The reply from the server which answers first will be returned to the original requestor.
 
I don't see either of these parameters (from the Linux man page https://linux.die.net/man/8/dnsmasq ) in my /tmp/etc/dnsmasq.conf, so I assume it is using the defaults described in each which seem to contradict each other... (?):

--strict-order By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf
--all-servers By default, when dnsmasq has more than one upstream server available, it will send queries to just one server. Setting this flag forces dnsmasq to send all queries to all available servers. The reply from the server which answers first will be returned to the original requestor.

My RT-AC1900 (AC68U variant) by default does the --all-servers without any changes. In fact it seems to do query all servers every time though I may not have been watching close enough to notice that it was every x seconds or x queries. But I definitely saw it hitting both servers on both single requests and on namebench tests, and in doing a few different tests, always using the fastest server (intentionally putting a much slower server first and faster second resulted in similar namebench results as the other way around, along with a few other tests confirming the same).
 
Mine does it by default, nothing custom needed. Running 386 code base.
Strange. My RT-AX86U is still on the 386 code base and using namebench I can see that the default behaviour is exactly as Dave (and the source code) says.

Here is a run of 400 uncached queries using one fast (my ISP) and one slow (adguard) server.
Code:
Mar 10 02:19:37 dnsmasq[27387]: server 176.103.130.132#53: queries sent 9, retried or failed 0
Mar 10 02:19:37 dnsmasq[27387]: server 194.168.4.100#53: queries sent 414, retried or failed 1
Here is the same test with the order of the servers reversed. Notice how it's still using the faster server.
Code:
Mar 10 02:22:36 dnsmasq[28084]: server 194.168.4.100#53: queries sent 414, retried or failed 0
Mar 10 02:22:36 dnsmasq[28084]: server 176.103.130.132#53: queries sent 8, retried or failed 0
And here is the same test using the all-servers option.
Code:
Mar 10 02:33:54 dnsmasq[30382]: server 194.168.4.100#53: queries sent 409, retried or failed 0
Mar 10 02:33:54 dnsmasq[30382]: server 176.103.130.132#53: queries sent 409, retried or failed 0
 
Strange. My RT-AX86U is still on the 386 code base and using namebench I can see that the default behaviour is exactly as Dave (and the source code) says.

Here is a run of 400 uncached queries using one fast (my ISP) and one slow (adguard) server.
Code:
Mar 10 02:19:37 dnsmasq[27387]: server 176.103.130.132#53: queries sent 9, retried or failed 0
Mar 10 02:19:37 dnsmasq[27387]: server 194.168.4.100#53: queries sent 414, retried or failed 1
Here is the same test with the order of the servers reversed. Notice how it's still using the faster server.
Code:
Mar 10 02:22:36 dnsmasq[28084]: server 194.168.4.100#53: queries sent 414, retried or failed 0
Mar 10 02:22:36 dnsmasq[28084]: server 176.103.130.132#53: queries sent 8, retried or failed 0
And here is the same test using the all-servers option.
Code:
Mar 10 02:33:54 dnsmasq[30382]: server 194.168.4.100#53: queries sent 409, retried or failed 0
Mar 10 02:33:54 dnsmasq[30382]: server 176.103.130.132#53: queries sent 409, retried or failed 0

Sorry I meant mine does the "query both and use fastest" by default, not the strict order, I guess I misunderstood the reply I was quoting. I guess there are two variants of using the "fastest" - testing it every so often or just doing it every time.

The behavior was actually pretty confusing to watch but I realized what was going on:
First gets sent to both, subsequent get sent to just the faster one.
Through the test occasional ones get sent to both again as is expected behavior.
Any that are only sent to one and time out or fail get sent to the second one after. Apparently the random list chosen by namebench when I was testing got a lot of timeouts and were sent to secondary (or possibly nxdomain also causes it to try secondary, not sure, in reality that should be considered a success so don't think it would, who knows).
 
@pseu_asus /etc/dnsmasq.user/user.conf is not normally a valid directory or filename for dnsmasq (see the man page). Maybe the version of Asuswrt that you're using is different than Merlin's? Or maybe you're using an addon script that has it's own implementation of dnsmasq?

In the "normal" Merlin firmware you would add the all-servers line to /jffs/configs/dnsmasq.conf.add.
Thanks, Colin. You are right, mine is not Merlin. It is a modified stuff. I will see whether it will work if I put them at /jffs/configs/dnsmasq.conf.add.
 
Thanks, Colin. You are right, mine is not Merlin. It is a modified stuff. I will see whether it will work if I put them at /jffs/configs/dnsmasq.conf.add.

Is the default behavior not sufficient? It tests periodically and uses the fastest of the two servers, failing to the other if the first doesn't respond.
 
Nowadays, the public DNS usually uses BGP anycast, the service is not always stable some times and could vary about additional 100~150ms latency, which is a significent amount for DNS resolvement. For me I configured 6 public DNS servers in resolv.dnsmasq file: 1.1.1.1, 8.8.8.8,9.9.9.9,208.67.222.222,45.11.45.11,84.200.70.40.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top