How is DNS server chosen?

gritty

New Around Here
Among the two configured DNS servers, which one is chosen to answer a DNS query? The first one is always chosen first and the second one only if there's no answer after n seconds? Or is there load balancing happening? Thanks.
 

ColinTaylor

Part of the Furniture
Are you talking about the router's WAN DNS servers or the clients' DHCP DNS servers? If it's the latter then the behaviour is down to the client not the router.
 

ColinTaylor

Part of the Furniture
The WAN DNS servers of a router running Merlin
Ignoring any other factors like DoT or DNSFilter the default behaviour is that of dnsmasq.


We see that:
By default, when dnsmasq has more than one upstream server available, it will send queries to just one server.
and
By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up.

So this means that the router uses one server at a time and that server is usually the one which is most reliable. There are various calculations that it makes to determine how long it will wait for a reply from one server before switching to another.
 

gritty

New Around Here
Thanks! The dnsmasq man page is scary...

Your second quote is part of the description of the strict-order flag: "By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf"

Do you happen to know whether this flag will also work if /etc/resolv.conf is not used, as in the case of Merlin? On my router, /tmp/resolv.dnsmasq is used instead.
 

ColinTaylor

Part of the Furniture
Merlin's firmware uses the default settings I stated above.

If you SSH into the router and issue the following command you should be able to see the dnsmasq server statistics in the router's System Log.
Code:
killall -s USR1 dnsmasq
 

gritty

New Around Here
My Pi-hole broke, resulting in a DNS outage since it was the only configured DNS server. I want to add a second DNS server. If the number of queries sent to the second DNS server is small, it doesn't necessarily have to be a Pi-hole.

I can't use DNSFilter since my router is no longer supported.
 

eibgrad

Part of the Furniture
The other factor in dnsmasq server selection is that it will send to all configured servers (to test which is available or fastest) every 50 queries or every 20 seconds.


This has always been my understanding as well. And if you prefer, you can add the all-servers directive to DNSMasq if you want it to try them all w/ each query. It will then return the results from the first server to respond.

P.S. Just as an aside, querying all servers every 50 queries or 20 secs doesn't seem all that efficient, esp. considering how many queries are generated on even a modest home network. You'd think this would be more like every 500 queries and 5 mins. Doesn't appear to be adjustable either based on the available DNSMasq directives. Makes you wonder if specifying multiple DNS servers is a good idea, or keeping it to two servers at most.
 
Last edited:

cptnoblivious

Senior Member
My Pi-hole broke, resulting in a DNS outage since it was the only configured DNS server. I want to add a second DNS server. If the number of queries sent to the second DNS server is small, it doesn't necessarily have to be a Pi-hole.

I can't use DNSFilter since my router is no longer supported.

So, 2 things:
1. It's cleaner to specify Pihole in the LAN | DHCP settings vs at the WAN level.
2. This often comes up on the pihole reddit, the answer is always the same: If you want to ensure you are always 'up' from a DNS perspective, run 2. I run a 4+ and also a VM with ubuntu server running pihole.


Trying to do this with "primary" and "secondary" DNS entries won't work consistently.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top