[GH-ISSUE #371] Timeout for a list of remote DNS servers #129

New issue

Closed

opened 2026-02-26 04:34:08 +03:00 by kerem · 26 comments

kerem commented 2026-02-26 04:34:08 +03:00

Owner

Copy link

Originally created by @dmekhov on GitHub (Mar 17, 2023).
Original GitHub issue: https://github.com/mageddo/dns-proxy-server/issues/371

I have thhe list of dns servers in a remoteDnsServers array. First of them is my internal corporate DNS.

Sometimes it fails to respond within the required time and other external dns (e.g., 1.1.1.1) answered, so I got unexpected results.

It would be better to be able to prioritize the list of remote DNS servers or/and set a timeout for each server to avoid such issues. Can you please suggest a solution or configuration that can help me achieve this?

Originally created by @dmekhov on GitHub (Mar 17, 2023). Original GitHub issue: https://github.com/mageddo/dns-proxy-server/issues/371 I have thhe list of dns servers in a remoteDnsServers array. First of them is my internal corporate DNS. Sometimes it fails to respond within the required time and other external dns (e.g., 1.1.1.1) answered, so I got unexpected results. It would be better to be able to prioritize the list of remote DNS servers or/and set a timeout for each server to avoid such issues. Can you please suggest a solution or configuration that can help me achieve this?

kerem 2026-02-26 04:34:08 +03:00

• closed this issue
• added the
  discussion
  triage
  labels

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Mar 18, 2023):

Hey @dmekhov ,

It would be better to be able to prioritize the list of remote DNS servers or/and set a timeout for each server to avoid such issues

That's the currently behavior, I think the issue here is that DPS remote solver timeout was set to 300 ms, as 3.13.x it's 10s respecting common timeout used by other DNS clients.

Can you give a try at 3.13.1 and check if your issue is fixed?

<!-- gh-comment-id:1474926169 --> @mageddo commented on GitHub (Mar 18, 2023): Hey @dmekhov , > It would be better to be able to prioritize the list of remote DNS servers or/and set a timeout for each server to avoid such issues That's the currently behavior, I think the issue here is that DPS remote solver timeout was set to `300 ms`, as 3.13.x it's `10s` respecting common timeout used by other DNS clients. Can you give a try at `3.13.1` and check if your issue is fixed?

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (Mar 19, 2023):

@mageddo thanks, I'll test it on weekdays.

<!-- gh-comment-id:1475263106 --> @dmekhov commented on GitHub (Mar 19, 2023): @mageddo thanks, I'll test it on weekdays.

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (Mar 21, 2023):

@mageddo
No, unfortunately I still have this problem (seems not so often).
Maybe I can enable some kind of debug mode for catch that (with targeting to some network or something else, to exclude extra logs)?

<!-- gh-comment-id:1477818024 --> @dmekhov commented on GitHub (Mar 21, 2023): @mageddo No, unfortunately I still have this problem (seems not so often). Maybe I can enable some kind of debug mode for catch that (with targeting to some network or something else, to exclude extra logs)?

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (Mar 21, 2023):

last logs (with grep rancher - example of errored page) on the issue moment

dps-1  | 13:31:32.222 [Thread-8       ] DEB c.m.d.server.dns.RequestHandlerDefault            l=76   m=solve0                          status=solved, currentSolverTime=0, totalTime=21, solver=SolverLocalDB, req=rancher.corp.intra.lan, res=rancher.corp.intra.lan.  60  IN  A  10.0.69.21
dps-1  | 13:31:32.222 [Thread-8       ] DEB c.m.dnsproxyserver.server.dns.solver.SolverCache  l=46   m=lambda$handleRes$0              status=hotload, k=A-rancher.corp.intra.lan, ttl=PT1M, simpleMsg=rancher.corp.intra.lan
dps-1  | 13:31:32.222 [Thread-8       ] DEB c.m.d.server.dns.RequestHandlerDefault            l=48   m=solve                           status=solved, kind=udp, time=21, res=rancher.corp.intra.lan.  60  IN  A  10.0.69.21
dps-1  | 13:31:32.223 [Thread-8       ] DEB com.mageddo.dnsproxyserver.server.dns.UDPServer   l=58   m=handle                          status=success, query=rancher.corp.intra.lan, res=rancher.corp.intra.lan.  60  IN  A  10.0.69.21, serverAddr=/0.0.0.0, clientAddr=/10.5.0.1:1409, dataLength=512, datagramLength=36
dps-1  | 13:31:32.246 [Thread-24      ] DEB c.m.d.server.dns.solver.SolverCachedRemote        l=31   m=lambda$handle$0                 status=remoteHotLoading, query=rancher.corp.intra.lan
dps-1  | 13:31:32.250 [Thread-24      ] DEB c.m.dnsproxyserver.server.dns.solver.SolverCache  l=46   m=lambda$handleRes$0              status=hotload, k=9819a672-0fc4-4917-be17-77eb3ea19a5a-rancher.corp.intra.lan, ttl=PT5M, simpleMsg=rancher.corp.intra.lan
dps-1  | 13:31:32.250 [Thread-24      ] DEB c.m.d.server.dns.RequestHandlerDefault            l=76   m=solve0                          status=solved, currentSolverTime=3, totalTime=27, solver=SolverCachedRemote, req=rancher.corp.intra.lan, res=rancher.corp.intra.lan
dps-1  | 13:31:32.250 [Thread-24      ] DEB c.m.dnsproxyserver.server.dns.solver.SolverCache  l=46   m=lambda$handleRes$0              status=hotload, k=6887361b-0873-409f-9859-370eacfa5af9-rancher.corp.intra.lan, ttl=PT20S, simpleMsg=rancher.corp.intra.lan
dps-1  | 13:31:32.250 [Thread-24      ] DEB c.m.d.server.dns.RequestHandlerDefault            l=48   m=solve                           status=solved, kind=udp, time=49, res=rancher.corp.intra.lan
dps-1  | 13:31:32.250 [Thread-24      ] DEB com.mageddo.dnsproxyserver.server.dns.UDPServer   l=58   m=handle                          status=success, query=rancher.corp.intra.lan, res=rancher.corp.intra.lan, serverAddr=/0.0.0.0, clientAddr=/10.5.0.1:46542, dataLength=512, datagramLength=36

then if I push f5 button on page with error, no new logs (because of wrong browser cache)

logs after reset browser cache:

dps-1  | 13:39:06.310 [Thread-22      ] DEB c.m.d.server.dns.RequestHandlerDefault            l=76   m=solve0                          status=solved, currentSolverTime=0, totalTime=22, solver=SolverLocalDB, req=rancher.corp.intra.lan, res=rancher.corp.intra.lan.  60  IN  A  10.0.69.21
dps-1  | 13:39:06.310 [Thread-22      ] DEB c.m.dnsproxyserver.server.dns.solver.SolverCache  l=46   m=lambda$handleRes$0              status=hotload, k=A-rancher.corp.intra.lan, ttl=PT1M, simpleMsg=rancher.corp.intra.lan
dps-1  | 13:39:06.310 [Thread-22      ] DEB c.m.d.server.dns.RequestHandlerDefault            l=48   m=solve                           status=solved, kind=udp, time=23, res=rancher.corp.intra.lan.  60  IN  A  10.0.69.21
dps-1  | 13:39:06.310 [Thread-22      ] DEB com.mageddo.dnsproxyserver.server.dns.UDPServer   l=58   m=handle                          status=success, query=rancher.corp.intra.lan, res=rancher.corp.intra.lan.  60  IN  A  10.0.69.21, serverAddr=/0.0.0.0, clientAddr=/10.5.0.1:18391, dataLength=512, datagramLength=36
dps-1  | 13:39:06.337 [Thread-15      ] DEB c.m.d.server.dns.solver.SolverCachedRemote        l=31   m=lambda$handle$0                 status=remoteHotLoading, query=rancher.corp.intra.lan
dps-1  | 13:39:06.340 [Thread-15      ] DEB c.m.dnsproxyserver.server.dns.solver.SolverCache  l=46   m=lambda$handleRes$0              status=hotload, k=97fb6655-34da-45e3-aad5-3db3cdd38fef-rancher.corp.intra.lan, ttl=PT5M, simpleMsg=rancher.corp.intra.lan
dps-1  | 13:39:06.340 [Thread-15      ] DEB c.m.d.server.dns.RequestHandlerDefault            l=76   m=solve0                          status=solved, currentSolverTime=4, totalTime=30, solver=SolverCachedRemote, req=rancher.corp.intra.lan, res=rancher.corp.intra.lan
dps-1  | 13:39:06.340 [Thread-15      ] DEB c.m.dnsproxyserver.server.dns.solver.SolverCache  l=46   m=lambda$handleRes$0              status=hotload, k=7f064daf-6aa4-4e29-b053-04643ffd5480-rancher.corp.intra.lan, ttl=PT20S, simpleMsg=rancher.corp.intra.lan
dps-1  | 13:39:06.340 [Thread-15      ] DEB c.m.d.server.dns.RequestHandlerDefault            l=48   m=solve                           status=solved, kind=udp, time=53, res=rancher.corp.intra.lan
dps-1  | 13:39:06.340 [Thread-15      ] DEB com.mageddo.dnsproxyserver.server.dns.UDPServer   l=58   m=handle                          status=success, query=rancher.corp.intra.lan, res=rancher.corp.intra.lan, serverAddr=/0.0.0.0, clientAddr=/10.5.0.1:7005, dataLength=512, datagramLength=36

<!-- gh-comment-id:1477858734 --> @dmekhov commented on GitHub (Mar 21, 2023): last logs (with grep `rancher` - example of errored page) on the issue moment ``` dps-1 | 13:31:32.222 [Thread-8 ] DEB c.m.d.server.dns.RequestHandlerDefault l=76 m=solve0 status=solved, currentSolverTime=0, totalTime=21, solver=SolverLocalDB, req=rancher.corp.intra.lan, res=rancher.corp.intra.lan. 60 IN A 10.0.69.21 dps-1 | 13:31:32.222 [Thread-8 ] DEB c.m.dnsproxyserver.server.dns.solver.SolverCache l=46 m=lambda$handleRes$0 status=hotload, k=A-rancher.corp.intra.lan, ttl=PT1M, simpleMsg=rancher.corp.intra.lan dps-1 | 13:31:32.222 [Thread-8 ] DEB c.m.d.server.dns.RequestHandlerDefault l=48 m=solve status=solved, kind=udp, time=21, res=rancher.corp.intra.lan. 60 IN A 10.0.69.21 dps-1 | 13:31:32.223 [Thread-8 ] DEB com.mageddo.dnsproxyserver.server.dns.UDPServer l=58 m=handle status=success, query=rancher.corp.intra.lan, res=rancher.corp.intra.lan. 60 IN A 10.0.69.21, serverAddr=/0.0.0.0, clientAddr=/10.5.0.1:1409, dataLength=512, datagramLength=36 dps-1 | 13:31:32.246 [Thread-24 ] DEB c.m.d.server.dns.solver.SolverCachedRemote l=31 m=lambda$handle$0 status=remoteHotLoading, query=rancher.corp.intra.lan dps-1 | 13:31:32.250 [Thread-24 ] DEB c.m.dnsproxyserver.server.dns.solver.SolverCache l=46 m=lambda$handleRes$0 status=hotload, k=9819a672-0fc4-4917-be17-77eb3ea19a5a-rancher.corp.intra.lan, ttl=PT5M, simpleMsg=rancher.corp.intra.lan dps-1 | 13:31:32.250 [Thread-24 ] DEB c.m.d.server.dns.RequestHandlerDefault l=76 m=solve0 status=solved, currentSolverTime=3, totalTime=27, solver=SolverCachedRemote, req=rancher.corp.intra.lan, res=rancher.corp.intra.lan dps-1 | 13:31:32.250 [Thread-24 ] DEB c.m.dnsproxyserver.server.dns.solver.SolverCache l=46 m=lambda$handleRes$0 status=hotload, k=6887361b-0873-409f-9859-370eacfa5af9-rancher.corp.intra.lan, ttl=PT20S, simpleMsg=rancher.corp.intra.lan dps-1 | 13:31:32.250 [Thread-24 ] DEB c.m.d.server.dns.RequestHandlerDefault l=48 m=solve status=solved, kind=udp, time=49, res=rancher.corp.intra.lan dps-1 | 13:31:32.250 [Thread-24 ] DEB com.mageddo.dnsproxyserver.server.dns.UDPServer l=58 m=handle status=success, query=rancher.corp.intra.lan, res=rancher.corp.intra.lan, serverAddr=/0.0.0.0, clientAddr=/10.5.0.1:46542, dataLength=512, datagramLength=36 ``` then if I push f5 button on page with error, no new logs (because of wrong browser cache) logs after reset browser cache: ``` dps-1 | 13:39:06.310 [Thread-22 ] DEB c.m.d.server.dns.RequestHandlerDefault l=76 m=solve0 status=solved, currentSolverTime=0, totalTime=22, solver=SolverLocalDB, req=rancher.corp.intra.lan, res=rancher.corp.intra.lan. 60 IN A 10.0.69.21 dps-1 | 13:39:06.310 [Thread-22 ] DEB c.m.dnsproxyserver.server.dns.solver.SolverCache l=46 m=lambda$handleRes$0 status=hotload, k=A-rancher.corp.intra.lan, ttl=PT1M, simpleMsg=rancher.corp.intra.lan dps-1 | 13:39:06.310 [Thread-22 ] DEB c.m.d.server.dns.RequestHandlerDefault l=48 m=solve status=solved, kind=udp, time=23, res=rancher.corp.intra.lan. 60 IN A 10.0.69.21 dps-1 | 13:39:06.310 [Thread-22 ] DEB com.mageddo.dnsproxyserver.server.dns.UDPServer l=58 m=handle status=success, query=rancher.corp.intra.lan, res=rancher.corp.intra.lan. 60 IN A 10.0.69.21, serverAddr=/0.0.0.0, clientAddr=/10.5.0.1:18391, dataLength=512, datagramLength=36 dps-1 | 13:39:06.337 [Thread-15 ] DEB c.m.d.server.dns.solver.SolverCachedRemote l=31 m=lambda$handle$0 status=remoteHotLoading, query=rancher.corp.intra.lan dps-1 | 13:39:06.340 [Thread-15 ] DEB c.m.dnsproxyserver.server.dns.solver.SolverCache l=46 m=lambda$handleRes$0 status=hotload, k=97fb6655-34da-45e3-aad5-3db3cdd38fef-rancher.corp.intra.lan, ttl=PT5M, simpleMsg=rancher.corp.intra.lan dps-1 | 13:39:06.340 [Thread-15 ] DEB c.m.d.server.dns.RequestHandlerDefault l=76 m=solve0 status=solved, currentSolverTime=4, totalTime=30, solver=SolverCachedRemote, req=rancher.corp.intra.lan, res=rancher.corp.intra.lan dps-1 | 13:39:06.340 [Thread-15 ] DEB c.m.dnsproxyserver.server.dns.solver.SolverCache l=46 m=lambda$handleRes$0 status=hotload, k=7f064daf-6aa4-4e29-b053-04643ffd5480-rancher.corp.intra.lan, ttl=PT20S, simpleMsg=rancher.corp.intra.lan dps-1 | 13:39:06.340 [Thread-15 ] DEB c.m.d.server.dns.RequestHandlerDefault l=48 m=solve status=solved, kind=udp, time=53, res=rancher.corp.intra.lan dps-1 | 13:39:06.340 [Thread-15 ] DEB com.mageddo.dnsproxyserver.server.dns.UDPServer l=58 m=handle status=success, query=rancher.corp.intra.lan, res=rancher.corp.intra.lan, serverAddr=/0.0.0.0, clientAddr=/10.5.0.1:7005, dataLength=512, datagramLength=36 ```

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Mar 21, 2023):

because of wrong browser cache ... res=rancher.corp.intra.lan. 60 IN A 10.0.69.21

isn't the right address for rancher? Looking at these logs everything seems to be working great. Do you know what address it's supposed to be? Maybe you can do some tests with the problematic hostname trying to solving it using DPS then testing it directly on your local DNS.

$ nslookup rancher.corp.intra.lan 1.1.1.1

$ nslookup rancher.corp.intra.lan <dps-address>

<!-- gh-comment-id:1477880623 --> @mageddo commented on GitHub (Mar 21, 2023): > because of wrong browser cache ... `res=rancher.corp.intra.lan. 60 IN A 10.0.69.21` isn't the right address for rancher? Looking at these logs everything seems to be working great. Do you know what address it's supposed to be? Maybe you can do some tests with the problematic hostname trying to solving it using DPS then testing it directly on your local DNS. ```bash $ nslookup rancher.corp.intra.lan 1.1.1.1 ``` ```bash $ nslookup rancher.corp.intra.lan <dps-address> ```

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (Mar 21, 2023):

isn't the right address for rancher?

Yes, it is correct address.
10.0.69.21 - is stored in DPS config for this domain.
However, sometimes the browser starts use another "external" address and caches it. (maybe dps doesn't respond at the requested moment 0_o). I use DPS docker host IP (172.17.0.1) as my main dns server in the network manager (I use ubuntu as the host system).

I tried to dig some domains in loop script with 5 sec delay, but couldn't catch the error.

<!-- gh-comment-id:1477902239 --> @dmekhov commented on GitHub (Mar 21, 2023): > isn't the right address for rancher? Yes, it is correct address. 10.0.69.21 - is stored in DPS config for this domain. However, sometimes the browser starts use another "external" address and caches it. (maybe dps doesn't respond at the requested moment 0_o). I use DPS docker host IP (172.17.0.1) as my main dns server in the network manager (I use ubuntu as the host system). I tried to dig some domains in loop script with 5 sec delay, but couldn't catch the error.

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (Mar 21, 2023):

hm, I'm just tried nslookup in the moment of broewser errorr and got this:

nslookup rancher.corp.intra.lan
;; Got recursion not available from 172.17.0.1, trying next server
Server:		9.9.9.9
Address:	9.9.9.9#53

Non-authoritative answer:
Name:	rancher.corp.intra.lan
Address: x.x.x.x (some external IP)
;; Got recursion not available from 172.17.0.1, trying next server

<!-- gh-comment-id:1477907322 --> @dmekhov commented on GitHub (Mar 21, 2023): hm, I'm just tried nslookup in the moment of broewser errorr and got this: ``` nslookup rancher.corp.intra.lan ;; Got recursion not available from 172.17.0.1, trying next server Server: 9.9.9.9 Address: 9.9.9.9#53 Non-authoritative answer: Name: rancher.corp.intra.lan Address: x.x.x.x (some external IP) ;; Got recursion not available from 172.17.0.1, trying next server ```

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (Mar 21, 2023):

But if I use nslookup directly to 172.17.0.1 - all is ok

<!-- gh-comment-id:1477909894 --> @dmekhov commented on GitHub (Mar 21, 2023): But if I use nslookup directly to 172.17.0.1 - all is ok

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Mar 21, 2023):

Thanks this clue can help to find out the problem... So you are setting DPS as your default DNS in the NetworkManager, not in the /etc/resolv.conf directly.

However, sometimes the browser starts use another "external" address and caches it.

Depending on the program your Linux is using to control the dns servers, systemd-resolved for example, the results can be very random because it will decide which DNS server to use based on its own decision.

Can you show the following files content so I can understand the resolution order?

/etc/resolv.conf
/var/run/systemd/resolve/resolv.conf

What error you see at the browser?

I use ubuntu as the host system).

Are you using which version?

<!-- gh-comment-id:1478254289 --> @mageddo commented on GitHub (Mar 21, 2023): Thanks this clue can help to find out the problem... So you are setting DPS as your default DNS in the NetworkManager, not in the /etc/resolv.conf directly. > However, sometimes the browser starts use another "external" address and caches it. Depending on the program your Linux is using to control the dns servers, systemd-resolved for example, the results can be very random because it will decide which DNS server to use based on its own decision. Can you show the following files content so I can understand the resolution order? ``` /etc/resolv.conf /var/run/systemd/resolve/resolv.conf ``` What error you see at the browser? > I use ubuntu as the host system). Are you using which version?

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Mar 21, 2023):

Address: x.x.x.x (some external IP)

That was the right or wrong ip? nslookup didn't used DPS dns in this case...

<!-- gh-comment-id:1478257793 --> @mageddo commented on GitHub (Mar 21, 2023): > Address: x.x.x.x (some external IP) That was the right or wrong ip? nslookup didn't used DPS dns in this case...

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Mar 21, 2023):

Can you provide the command you are using to start DPS?

<!-- gh-comment-id:1478258800 --> @mageddo commented on GitHub (Mar 21, 2023): Can you provide the command you are using to start DPS?

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (Mar 21, 2023):

@mageddo, thanks for being with me! ;)

Can you show the following files content so I can understand the resolution order?

cat /etc/resolv.conf

nameserver 172.17.0.1
nameserver 9.9.9.9
nameserver 192.168.1.1
nameserver 127.0.1.1

cat /var/run/systemd/resolve/resolv.conf

nameserver 172.17.0.1
nameserver 172.17.0.1
nameserver 8.8.8.8

What error you see at the browser?

ERR_CONNECTION_CLOSED - when my browser tried to send request to wrong (public) ip adress (whitch drops by firewall)

so nslookup without specific dns - returns external (not expected, wrong) ip

I use Ubuntu 22.04.1 (5.19 kernel)

Can you provide the command you are using to start DPS?

I use docker-compose without specific cmd attribute

  dns:
    restart: always
    image: defreitas/dns-proxy-server:3.14.5
    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - ./dns/config.json:/app/conf/config.json
        - /etc/:/host/etc
    labels:
        traefik.frontend.rule: "Host:dns.${LOCAL_DOMAIN_ZONE}"
        traefik.port: "5380"
    ports:
        - ${DOCKER_IP}:53:53/udp
    networks:
        dns:
          ipv4_address: 10.5.0.5

<!-- gh-comment-id:1478371215 --> @dmekhov commented on GitHub (Mar 21, 2023): @mageddo, thanks for being with me! ;) > Can you show the following files content so I can understand the resolution order? ``` cat /etc/resolv.conf nameserver 172.17.0.1 nameserver 9.9.9.9 nameserver 192.168.1.1 nameserver 127.0.1.1 ``` ``` cat /var/run/systemd/resolve/resolv.conf nameserver 172.17.0.1 nameserver 172.17.0.1 nameserver 8.8.8.8 ``` > What error you see at the browser? ERR_CONNECTION_CLOSED - when my browser tried to send request to wrong (public) ip adress (whitch drops by firewall) so nslookup without specific dns - returns external (not expected, wrong) ip I use Ubuntu 22.04.1 (5.19 kernel) > Can you provide the command you are using to start DPS? I use docker-compose without specific cmd attribute ``` dns: restart: always image: defreitas/dns-proxy-server:3.14.5 volumes: - /var/run/docker.sock:/var/run/docker.sock - ./dns/config.json:/app/conf/config.json - /etc/:/host/etc labels: traefik.frontend.rule: "Host:dns.${LOCAL_DOMAIN_ZONE}" traefik.port: "5380" ports: - ${DOCKER_IP}:53:53/udp networks: dns: ipv4_address: 10.5.0.5 ```

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Mar 21, 2023):

But if I use nslookup directly to 172.17.0.1 - all is ok
...
so nslookup without specific dns - returns external (not expected, wrong) ip

Okay... So if you do specify 9.9.9.9 or 172.17.0.1 (DPS) at nslookup then rancher.corp.intra.lan will solve to the correct IP, right? The DNS server capable to solve rancher.corp.intra.lan is 9.9.9.9 ?

My best bet is that the root cause is that DPS doesn't support recursion yet then resolvconf program is giving up and trying the next dns server, it isn't working well though.

I'm looking at recursion feature to understand how difficult it's to implement.

<!-- gh-comment-id:1478736031 --> @mageddo commented on GitHub (Mar 21, 2023): > But if I use nslookup directly to 172.17.0.1 - all is ok > ... > so nslookup without specific dns - returns external (not expected, wrong) ip Okay... So if you do specify 9.9.9.9 or 172.17.0.1 (DPS) at nslookup then `rancher.corp.intra.lan` will solve to the correct IP, right? The DNS server capable to solve `rancher.corp.intra.lan` is `9.9.9.9` ? My best bet is that the root cause is that DPS doesn't support recursion yet then resolvconf program is giving up and trying the next dns server, it isn't working well though. I'm looking at recursion feature to understand how difficult it's to implement.

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Mar 22, 2023):

I did some reads and tests, #392 is really supposed to fix your issue, please read the issue , I've added some examples there, anyway 3.15.1-snapshot is out, can you give it a try and bring a feedback?

<!-- gh-comment-id:1478803107 --> @mageddo commented on GitHub (Mar 22, 2023): I did some reads and tests, #392 is really supposed to fix your issue, please read the issue , I've added some examples there, anyway `3.15.1-snapshot` is out, can you give it a try and bring a feedback?

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (Mar 22, 2023):

@mageddo thanks!

I've updated the app and will test it. At least the error message ("recursion not available") is gone for default requests.

<!-- gh-comment-id:1478958598 --> @dmekhov commented on GitHub (Mar 22, 2023): @mageddo thanks! I've updated the app and will test it. At least the error message ("recursion not available") is gone for default requests.

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Mar 23, 2023):

Seems like it worked?

<!-- gh-comment-id:1482001373 --> @mageddo commented on GitHub (Mar 23, 2023): Seems like it worked?

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (Mar 24, 2023):

@mageddo

Hmm, that's hard to say. (but yes, msg "recursion not available" is gone)
It looks like the reason is not only dps, but in combination with some other problem.
Perhaps something has changed in the chrome browser, or in my system, I'll try to test it on FF next week.
Anyway, with your latest fixes, it's a lot better, and I'm get this problem 1-2 times a day. (On the first dps v3 builds it was very often)
Yesterday I tried to roll back to v2, and got the same problem a couple of times.
And the fact that the dns record for the domain rancher.corp.intra.lan I have directly in the dps config (i.e. this is not a long response from an remote dns, but for some other reason chrome requested another dns, not dps).

I think you can close this issue, at least the result is not worse than in the v2 builds. Thanks ;)
If I have some new information I will post here or in new issue. ;)

<!-- gh-comment-id:1482413962 --> @dmekhov commented on GitHub (Mar 24, 2023): @mageddo Hmm, that's hard to say. (but yes, msg "recursion not available" is gone) It looks like the reason is not only dps, but in combination with some other problem. Perhaps something has changed in the chrome browser, or in my system, I'll try to test it on FF next week. Anyway, with your latest fixes, it's a lot better, and I'm get this problem 1-2 times a day. (On the first dps v3 builds it was very often) Yesterday I tried to roll back to v2, and got the same problem a couple of times. And the fact that the dns record for the domain rancher.corp.intra.lan I have directly in the dps config (i.e. this is not a long response from an remote dns, but for some other reason chrome requested another dns, not dps). I think you can close this issue, at least the result is not worse than in the v2 builds. Thanks ;) If I have some new information I will post here or in new issue. ;)

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (Mar 28, 2023):

So it seems that everything is ok with ff.
Even if ff also have some short issues with resolving it doesn't cache wrong dns.

It's not very convenient for me to change main browser to ff, but for now I have to (at least for internal services).

<!-- gh-comment-id:1486554298 --> @dmekhov commented on GitHub (Mar 28, 2023): So it seems that everything is ok with ff. Even if ff also have some short issues with resolving it doesn't cache wrong dns. It's not very convenient for me to change main browser to ff, but for now I have to (at least for internal services).

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Mar 29, 2023):

Okay, maybe #386 might help you. I expect it to be released in the next weeks.

<!-- gh-comment-id:1487882850 --> @mageddo commented on GitHub (Mar 29, 2023): Okay, maybe #386 might help you. I expect it to be released in the next weeks.

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (Mar 31, 2023):

@mageddo

I found that crome dns client now works in asynchronous mode, and it's configurable with a flag chrome://flags/#enable-async-dns (default: true in current versions).

So when I disable it - everything became fine.

Now I finaly resolved my problem
but still (about reason of this issue) it's can be for some performance issue - in async mode (when it is enabled) somehow external dns like 1.1.1.1/9.9.9.9/etc answered faster than dps and chrome use that answer

<!-- gh-comment-id:1491462906 --> @dmekhov commented on GitHub (Mar 31, 2023): @mageddo I found that crome dns client now works in asynchronous mode, and it's configurable with a flag chrome://flags/#enable-async-dns (default: true in current versions). So when I disable it - everything became fine. Now I finaly resolved my problem but still (about reason of this issue) it's can be for some performance issue - in async mode (when it is enabled) somehow external dns like 1.1.1.1/9.9.9.9/etc answered faster than dps and chrome use that answer

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Mar 31, 2023):

Thanks @dmekhov , I'll take a look

<!-- gh-comment-id:1491817544 --> @mageddo commented on GitHub (Mar 31, 2023): Thanks @dmekhov , I'll take a look

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Mar 31, 2023):

@dmekhov what chrome version are you using? I'm using 111.0.5563.146 and can't see this option on Mac, I'll take a look at Linux.

<!-- gh-comment-id:1491836177 --> @mageddo commented on GitHub (Mar 31, 2023): @dmekhov what chrome version are you using? I'm using ` 111.0.5563.146 ` and can't see this option on Mac, I'll take a look at Linux.

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (Mar 31, 2023):

My chrome version is 111.0.5563.146
Try to search dns on chrome://flags page? Maybe it have otther name on Mac?

(Now it calls Async DNS resolver, previously it was Built-in Asynchronous DNS according to google)

<!-- gh-comment-id:1491865832 --> @dmekhov commented on GitHub (Mar 31, 2023): My chrome version is `111.0.5563.146` Try to search `dns` on chrome://flags page? Maybe it have otther name on Mac? (Now it calls `Async DNS resolver`, previously it was `Built-in Asynchronous DNS` according to google)

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Mar 31, 2023):

As Chrome feature makes DNS queries in parallel, if one of the available servers answer a NONERROR response then chrome will abort other queries and go on, DPS can't do much here as the issue is on the another Server , what you can do as workaround is:

1. To keep only DPS in /etc/resolv.conf and configure the others servers in DPS
2. Use systemd-resolved (it will be the only nameserver at /etc/resolv.conf) and configure additional dns servers (including DPS) on /etc/systemd/resolved.conf ref1

<!-- gh-comment-id:1491905369 --> @mageddo commented on GitHub (Mar 31, 2023): As Chrome feature makes DNS queries in parallel, if one of the available servers answer a NONERROR response then chrome will abort other queries and go on, DPS can't do much here as the issue is on the another Server , what you can do as workaround is: 1. To keep only DPS in /etc/resolv.conf and configure the others servers in DPS 2. Use systemd-resolved (it will be the only nameserver at /etc/resolv.conf) and configure additional dns servers (including DPS) on `/etc/systemd/resolved.conf` [ref1][1] [1]: http://mageddo.github.io/dns-proxy-server/latest/en/1-getting-started/running-it/linux/#in-case-you-do-have-systemd-resolved-installed

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@dmekhov commented on GitHub (May 24, 2023):

• To keep only DPS in /etc/resolv.conf and configure the others servers in DPS
• Use systemd-resolved (it will be the only nameserver at /etc/resolv.conf) and configure additional dns servers (including DPS) on /etc/systemd/resolved.conf ref1

Hi, I tried to use this way on new ubuntu instalation (23.04), and have some issues now

I set my DPS IP (172.17.0.1) in network manager and in /etc/systemd/resolved.conf
In DPS config my first DNS is DNS in VPN network, the second one is 1.1.1.1
So if I try to call any resource (ping google.com for example) but my VPN connection isn't active - DPS is waiting it and retturn timeout

Am I configured something wrong? (should I open new issue for that?)

<!-- gh-comment-id:1560604997 --> @dmekhov commented on GitHub (May 24, 2023): > * To keep only DPS in /etc/resolv.conf and configure the others servers in DPS > * Use systemd-resolved (it will be the only nameserver at /etc/resolv.conf) and configure additional dns servers (including DPS) on `/etc/systemd/resolved.conf` [ref1](http://mageddo.github.io/dns-proxy-server/latest/en/1-getting-started/running-it/linux/#in-case-you-do-have-systemd-resolved-installed) Hi, I tried to use this way on new ubuntu instalation (23.04), and have some issues now I set my DPS IP (172.17.0.1) in network manager and in /etc/systemd/resolved.conf In DPS config my first DNS is DNS in VPN network, the second one is 1.1.1.1 So if I try to call any resource (ping google.com for example) but my VPN connection isn't active - DPS is waiting it and retturn timeout Am I configured something wrong? (should I open new issue for that?)

kerem commented 2026-02-26 04:34:08 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Jun 1, 2023):

@dmekhov I see, DPS doesn't have a remote DNS circuit breaker feature to automatically disable/re-enable remote servers when the come offline or online again.

I've opened https://github.com/mageddo/dns-proxy-server/issues/415 for that feature, for now you will have to manually disable the VPN remote server. I consider it's not too complex to implement.

<!-- gh-comment-id:1571130807 --> @mageddo commented on GitHub (Jun 1, 2023): @dmekhov I see, DPS doesn't have a remote DNS circuit breaker feature to automatically disable/re-enable remote servers when the come offline or online again. I've opened https://github.com/mageddo/dns-proxy-server/issues/415 for that feature, for now you will have to manually disable the VPN remote server. I consider it's not too complex to implement.

kerem referenced this issue 2026-02-26 04:34:45 +03:00

[PR #129] [MERGED] Docs refactoring #290

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

gh-pages

develop

feat/138_2

feat/629

feat/594

5.9.0

5.9.0-snapshot

5.8.4

5.8.4-snapshot

5.8.3-snapshot

5.8.2-snapshot

5.8.1-snapshot

5.8.0-snapshot

5.7.0-snapshot

5.6.2-snapshot

5.6.1-snapshot

5.6.0-snapshot

5.5.1-snapshot

5.5.0-snapshot

5.4.0-snapshot

5.3.0-snapshot

5.2.0-snapshot

5.1.3-snapshot

5.1.2-snapshot

5.1.0-snapshot

5.0.5-snapshot

5.0.3-snapshot

5.0.2-snapshot

5.0.1-snapshot

5.0.0-snapshot

4.3.0-snapshot

4.2.0-snapshot

4.0.0

4.0.0-snapshot

3.32.7

3.32.7-snapshot

3.32.6

3.32.6-snapshot

3.32.5-snapshot

3.32.4

3.32.4-snapshot

3.32.3

3.32.3-snapshot

3.32.2-snapshot

3.32.1-snapshot

3.32.0-snapshot

3.31.1-snapshot

3.31.0-snapshot

3.30.5-snapshot

3.30.4

3.30.4-snapshot

3.30.3-snapshot

3.30.2-snapshot

3.30.1

3.30.1-snapshot

3.30.0-snapshot

3.29.0-snapshot

3.27.0

3.27.0-snapshot

3.26.0-snapshot

3.25.14

3.25.14-snapshot

3.25.13-snapshot

3.25.12-snapshot

3.25.11

3.25.11-snapshot

3.25.10

3.25.10-snapshot

3.25.9-snapshot

3.25.8-snapshot

3.25.7-snapshot

3.25.6-snapshot

3.25.4-snapshot

3.25.3-snapshot

3.25.2-snapshot

3.25.1-snapshot

3.25.0-snapshot

3.24.2

3.24.2-snapshot

3.24.1

3.24.1-snapshot

3.24.0-snapshot

3.23.0-snapshot

3.22.2-snapshot

3.22.3-snapshot

3.22.1-snapshot

3.21.3-snapshot

3.22.0-snapshot

3.21.2-snapshot

3.21.1-snapshot

3.20.0-snapshot

3.21.0-snapshot

3.19.7-snapshot

3.19.6-snapshot

3.19.5-snapshot

3.19.4-snapshot

3.19.3-snapshot

3.19.2-snapshot

3.19.1

3.19.1-snapshot

3.19.0

3.18.5-snapshot

3.18.4-snapshot

3.18.3-snapshot

3.18.2

3.18.2-snapshot

3.18.1-snapshot

3.18.0-snapshot

3.17.3-snapshot

3.17.2-snapshot

3.17.1-snapshot

3.17.0-snapshot

3.16.3-snapshot

3.16.2-snapshot

3.16.1-snapshot

3.16.0-snapshot

3.15.13-snapshot

3.15.12-snapshot

3.15.11-snapshot

3.15.10-snapshot

3.15.9-snapshot

3.15.8-snapshot

3.15.7-snapshot

3.15.6-snapshot

3.15.5-snapshot

3.15.4-snapshot

3.15.3-snapshot

3.15.2-snapshot

3.15.1-snapshot

3.15.0-snapshot

3.14.5

3.14.4

3.14.3

3.14.3-snapshot

3.14.2-snapshot

3.14.1-snapshot

3.14.0-snapshot

3.13.1

3.13.1-snapshot

3.13.0-snapshot

3.12.1

3.12.0

3.11.0

3.10.2-snapshot

3.10.3-snapshot

3.10.4-snapshot

3.10.5-snapshot

3.10.1-snapshot

3.9.2

3.9.1

3.9.0

3.8.1-last-version-with-quarkus

3.8.1

3.8.0

3.7.0

3.6.0

3.5.3

3.5.2

3.5.0

3.4.0-beta

3.3.0-beta

3.2.5-beta

3.2.4-beta

3.2.3-beta

3.2.2-beta

3.2.1-beta

3.2.0-beta

3.1.7-beta

3.1.6-beta

3.1.5-beta

3.1.4-beta

3.1.3-beta

3.1.2-beta

b-jre-8

3.1.1-beta

3.1.0-beta

3.0.4-beta

3.0.3-beta

3.0.2-beta

3.0.1-beta

v2-golang

2.19.5

2.19.4

2.19.3

2.19.2

2.19.1

2.19.0

2.18.7

2.18.6

2.18.5

2.18.4

2.18.3

2.18.2

2.18.1

2.18.0

2.17.4

2.17.3

2.17.2

2.17.1

2.17.0

2.16.0

2.15.0

2.14.6

2.14.5

2.14.4

2.14.2

2.14.1

2.14.0

2.13.2

2.13.1

2.13.0

2.12.0

2.11.0

2.10.4

2.10.3

2.10.2

2.10.1

2.10.0

2.9.1

2.9.0

2.8.0

2.7.0

2.6.1

2.6.0

2.5.4

2.5.3

2.5.2

2.5.1

2.5.0

2.4.1

2.4.0

2.3.3

2.2.3

2.2.2

2.2.1

2.2.0

2.1.8

2.1.7

2.1.6

2.1.5

2.1.2

2.1.1

2.1.0

2.0.21

2.0.20

2.0.19

2.0.18

2.0.17

2.0.16

2.0.9

2.0.5

2.0.4

v1-nodejs

1.8.1

1.8.0

1.7.7

1.7.6

1.7.5

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.9

1.6.8

1.6.7

1.6.6

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6.0

1.5.0

1.4.0

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

peteris-version

1.1.4-peteris-version

1.2.0

1.1.3

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

Labels

Clear labels   

bug

  

confirmed

  

discussion

  

duplicate

  

enhancement

  

feature

  

feature-request

  

not-planned

  

pull-request

Mirrored from GitHub Pull Request

  

secondary-feature

  

stale

  

triage

  

waiting-feedback

No labels

bug

confirmed

discussion

duplicate

enhancement

feature

feature-request

not-planned

pull-request

secondary-feature

stale

triage

waiting-feedback

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/dns-proxy-server-mageddo#129

No description provided.