NMControl: Primary/Secondary DNS [closed]

Namecoin, NMControl
phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

NMControl: Primary/Secondary DNS [closed]

Post by phelix »

edit: it does not work properly because of how the OS handles DNS server errors


Most OSs allow for a primary and secondary DNS server. In case of error on the primary one the OS falls back to the secondary server.

In case of legacy domains NMControl could quickly deliver an error instead of fetching the data from a legacy DNS server (e.g. Google DNS).

This would allow the user to set NMControl as the primary DNS server and their regular DNS server as the secondary one.

Besides making the manual installation of NMControl a little easier (no need to change NMControl config files) this should also work in case NMControl is not running.

I think the switch should be fast enough so that it can not be noticed.

Thoughts?
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: NMControl: Primary/Secondary DNS

Post by biolizard89 »

phelix wrote:Most OSs allow for a primary and secondary DNS server. In case of error on the primary one the OS falls back to the secondary server.

In case of legacy domains NMControl could quickly deliver an error instead of fetching the data from a legacy DNS server (e.g. Google DNS).

This would allow the user to set NMControl as the primary DNS server and their regular DNS server as the secondary one.

Besides making the manual installation of NMControl a little easier (no need to change NMControl config files) this should also work in case NMControl is not running.

I think the switch should be fast enough so that it can not be noticed.

Thoughts?
I haven't played with those settings, but my impression is that if NMControl returns an error such as NXDOMAIN, the OS will consider that final and will not contact the secondary DNS server. I don't know if there's a good way for NMControl to return an error in a way that tells the OS to try the next DNS server. Ryan, Stuart, or Hugo would probably know more about this than I do.

EDIT: Why not use the Windows registry hack that we're using now? I think you can do something similar on Linux with the dnsmasq that's installed by default.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: NMControl: Primary/Secondary DNS

Post by phelix »

biolizard89 wrote:
phelix wrote:Most OSs allow for a primary and secondary DNS server. In case of error on the primary one the OS falls back to the secondary server.

In case of legacy domains NMControl could quickly deliver an error instead of fetching the data from a legacy DNS server (e.g. Google DNS).

This would allow the user to set NMControl as the primary DNS server and their regular DNS server as the secondary one.

Besides making the manual installation of NMControl a little easier (no need to change NMControl config files) this should also work in case NMControl is not running.

I think the switch should be fast enough so that it can not be noticed.

Thoughts?
I haven't played with those settings, but my impression is that if NMControl returns an error such as NXDOMAIN, the OS will consider that final and will not contact the secondary DNS server. I don't know if there's a good way for NMControl to return an error in a way that tells the OS to try the next DNS server. Ryan, Stuart, or Hugo would probably know more about this than I do.

EDIT: Why not use the Windows registry hack that we're using now? I think you can do something similar on Linux with the dnsmasq that's installed by default.
This would be for Windows 7 and Windows Vista where the registry hack does not work.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

ryanc
Posts: 147
Joined: Wed Dec 18, 2013 8:10 pm
os: linux

Re: NMControl: Primary/Secondary DNS

Post by ryanc »

You could *try* returning SERVFAIL rather than NXDOMAIN, but I'm not sure what the resolver in Windows will do in reaction to that.

indolering
Posts: 801
Joined: Sun Aug 18, 2013 8:26 pm
os: mac

Re: NMControl: Primary/Secondary DNS

Post by indolering »

Phelix, have you actually tested this? I assumed the same thing early on, but I think the fallback servers are only used if they cannot contact the primary server....
DNS is much more than a key->value datastore.

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: NMControl: Primary/Secondary DNS

Post by phelix »

I tried it with SERVFAIL as Ryan suggested and it works. Thanks for the hint. :mrgreen: I did not notice any lag. I have not yet managed to measure the delay, my guess still is that it is neglectable.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

ryanc
Posts: 147
Joined: Wed Dec 18, 2013 8:10 pm
os: linux

Re: NMControl: Primary/Secondary DNS

Post by ryanc »

phelix wrote:I tried it with SERVFAIL as Ryan suggested and it works. Thanks for the hint. :mrgreen: I did not notice any lag. I have not yet managed to measure the delay, my guess still is that it is neglectable.
I am somewhat surprised that this works. Please test thoroughly to ensure it's behaving as expected. The correct solution should be to pass through queries to an upstream resolver.

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: NMControl: Primary/Secondary DNS

Post by biolizard89 »

Hmm, interesting. I'll have to play around with that when I'm porting the Unbound rebase of NMControl to Windows.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: NMControl: Primary/Secondary DNS

Post by biolizard89 »

ryanc wrote:
phelix wrote:I tried it with SERVFAIL as Ryan suggested and it works. Thanks for the hint. :mrgreen: I did not notice any lag. I have not yet managed to measure the delay, my guess still is that it is neglectable.
I am somewhat surprised that this works. Please test thoroughly to ensure it's behaving as expected. The correct solution should be to pass through queries to an upstream resolver.
According to https://serverfault.com/questions/52923 ... rt-back-to , doing this will cause Very Bad Things (TM) to happen. Among other things, after you resolve a non-.bit domain, for 15 minutes your .bit domain lookups will be routed through your ISP.

However, it seems that you can do a registry hack to eliminate that behavior: https://support.microsoft.com/en-us/kb/320760/en-us

That article is about Windows XP; I can't find any info on whether Visa/7 behaves the same way.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: NMControl: Primary/Secondary DNS

Post by phelix »

biolizard89 wrote:
ryanc wrote:
phelix wrote:I tried it with SERVFAIL as Ryan suggested and it works. Thanks for the hint. :mrgreen: I did not notice any lag. I have not yet managed to measure the delay, my guess still is that it is neglectable.
I am somewhat surprised that this works. Please test thoroughly to ensure it's behaving as expected. The correct solution should be to pass through queries to an upstream resolver.
According to https://serverfault.com/questions/52923 ... rt-back-to , doing this will cause Very Bad Things (TM) to happen. Among other things, after you resolve a non-.bit domain, for 15 minutes your .bit domain lookups will be routed through your ISP.

However, it seems that you can do a registry hack to eliminate that behavior: https://support.microsoft.com/en-us/kb/320760/en-us

That article is about Windows XP; I can't find any info on whether Visa/7 behaves the same way.
I had read that, too, but it does not seem to be the case on my system / windows 8.1. I will give it a try on XP.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

Post Reply