On Thu, Mar 01, 2018 at 02:04:40AM +0100, RODARY Jacques wrote: > I learnt about dnsmasq when I used Tor to see wiki, thanks for this > hint. For now it works but I am not sure your help about auth-soa is all I > need to get > notifying to the other name server.
Ok. > I just added this line: > > "auth-soa=2018022800,root.ns.rodary.net,10800,3600,10800" > in /etc/dnsmasq.conf, and after restarting dnsmasq (systemctl restart > dnsmaq.service) I get this result with "systemctl status dnsmaq.service: " > dnsmasq.service - dnsmasq > - A lightweight DHCP and caching DNS server > ................................ > > févr. 28 23:52:33 ns dnsmasq[24452]: ignore le serveur de nom 88.170.1.143 - > interface locale > févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom > 217.70.177.40#53 > févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom > 212.27.40.240#53 > févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom > 212.27.40.241#53 > févr. 28 23:52:33 ns dnsmasq[24452]: aucun serveur trouvé dans > /run/dnsmasq/resolv.conf, va réessayer > févr. 28 23:52:33 ns dnsmasq[24452]: Lecture de /run/dnsmasq/resolv.conf > févr. 28 23:52:33 ns dnsmasq[24452]: ignore le serveur de nom 88.170.1.143 - > interface locale > févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom > 217.70.177.40#53 > févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom > 212.27.40.240#53 > févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom > 212.27.40.241#53" > > First 88.170.1.14 is my main IP to the outside, is it local? My French is *very* rusty (tried to learn the language back in high school, and that was some time ago). I remember some expletives vaguely, but that's it. Can you please provide your dnsmasq.conf? A simple grep -v '^#' /etc/dnsmasq.conf | uniq would suffice. > Second, before I added the refresh,retry, expire fields, supposed to have > defaults values (said man 8 > dnsmasq), I had another line in the output: > "févr. 28 23:20:17 ns dnsmasq[24453]: Too few arguments." Dnsmasq can be stubborn sometimes. While manpage says that everything except serial is optional, it may not be the truth. The idea is that you define "auth-zone" for your domain first, and create a SOA record for it with "auth-soa" secord. > Does this mean dnsmasq will notify the other name server (ns6.gandi.net, > 217.70.177.40#53) when needed? Your registered domain is "rodary.net", so that means that your registrar nameserver should see appropriate SOA record. The question is - does it see it now? What does show (your DNS): dig in soa rodary.net @127.0.0.1 Because dig shows old SOA record for me: dig in soa rodary.net rodary.net. 3599 IN SOA ns.rodary.net. root.ns.rodary.net. 2018022101 10800 3600 604800 3600 > For now this server answers query about hosts I didn't put in > /etc/hosts? Unless you put some domains into "local" stanza, queries for such domain should be resolved via nameservers put in /etc/resolv.conf or "server" stanza. In your case it's resolv.conf. The exception to the rule is auto-registered DHCP leases. As long as DHCP client provides "client-id" identifier, dnsmasq should create temporary A and PTR records for such client. Reco
