Primary vs. Secondary DNS

jpgpi250 · January 31, 2017, 11:46am

I found this very interesting, as i was also under the assumption the primary DNS server would always be used, unless unavailable. I stand corrected. Given this new knowledge, I updated my DNScrypt setup (no longer using dns-crypt-loader) to use four resolvers. When I check te pi-hole log, dnsmasq seems to forward every request to all of the resolvers:

Jan 31 12:33:42 dnsmasq[619]: query[A] www.vroom.be from 192.168.2.125
Jan 31 12:33:42 dnsmasq[619]: forwarded www.vroom.be to 127.10.10.1
Jan 31 12:33:42 dnsmasq[619]: query[A] www.vroom.be from 192.168.2.125
Jan 31 12:33:42 dnsmasq[619]: forwarded www.vroom.be to 127.10.10.4
Jan 31 12:33:42 dnsmasq[619]: forwarded www.vroom.be to 127.10.10.3
Jan 31 12:33:42 dnsmasq[619]: forwarded www.vroom.be to 127.10.10.2
Jan 31 12:33:42 dnsmasq[619]: forwarded www.vroom.be to 127.10.10.1
Jan 31 12:33:42 dnsmasq[619]: validation result is INSECURE
Jan 31 12:33:42 dnsmasq[619]: reply www.vroom.bE is 185.43.124.160
Jan 31 12:33:45 dnsmasq[619]: query[A] files.vroom.be from 192.168.2.125
Jan 31 12:33:45 dnsmasq[619]: forwarded files.vroom.be to 127.10.10.1
Jan 31 12:33:45 dnsmasq[619]: query[A] staticv6.vroom.be from 192.168.2.125
Jan 31 12:33:45 dnsmasq[619]: forwarded staticv6.vroom.be to 127.10.10.1
Jan 31 12:33:45 dnsmasq[619]: query[A] files.vroom.be from 192.168.2.125
Jan 31 12:33:45 dnsmasq[619]: forwarded files.vroom.be to 127.10.10.4
Jan 31 12:33:45 dnsmasq[619]: forwarded files.vroom.be to 127.10.10.3
Jan 31 12:33:45 dnsmasq[619]: forwarded files.vroom.be to 127.10.10.2
Jan 31 12:33:45 dnsmasq[619]: forwarded files.vroom.be to 127.10.10.1
Jan 31 12:33:45 dnsmasq[619]: query[A] staticv6.vroom.be from 192.168.2.125
Jan 31 12:33:45 dnsmasq[619]: forwarded staticv6.vroom.be to 127.10.10.4
Jan 31 12:33:45 dnsmasq[619]: forwarded staticv6.vroom.be to 127.10.10.3
Jan 31 12:33:45 dnsmasq[619]: forwarded staticv6.vroom.be to 127.10.10.2
Jan 31 12:33:45 dnsmasq[619]: forwarded staticv6.vroom.be to 127.10.10.1
Jan 31 12:33:45 dnsmasq[619]: validation result is INSECURE
Jan 31 12:33:45 dnsmasq[619]: reply staticv6.vroom.bE is
Jan 31 12:33:45 dnsmasq[619]: reply vroom.bE is 185.43.124.160
Jan 31 12:33:46 dnsmasq[619]: validation result is INSECURE
Jan 31 12:33:46 dnsmasq[619]: reply files.vroom.bE is
Jan 31 12:33:46 dnsmasq[619]: reply vroom.bE is 185.43.124.160

As you can see, I'm also using DNSSEC, all resolvers are DNSSEC enabled and aren't logging.
Why (and what) is this happening here?