On Wed, 2014-03-12 at 17:29 +0000, Simon Kelley wrote: > On 12/03/14 11:09, Franco Broi wrote: > > > > Sorry about the top posting, useless MS webmail. > > > > The reason I need the authoritative dns is because I'm in a regional > > office of a big company. It's a requirement that we provide an > > authoritative server for our local machines so they can be accessed > > from anywhere within the company WAN. > > > > When I run the host and dig commands I'm specifying a dns to use, so > > there's no other dns involved, plus I've disabled resolve.conf and > > there are no other dns's defined. > > > > Dig seems to work but host doesn't. When I strace the dnsmasq server > > I can see it sending the hostname but it just doesn't register with > > host as a successful lookup. host works fine in non-authoritative > > mode and from my other dnsmasq servers - non authoritative. > > > > Does the format of the return message from dnsmasq change with the > > different modes? > > It can differ, for instance a hostname can appear at different > full-qualified domain names deoending on "inside" or "outside" queries, > but that's not relevant here. > > What does > > dig NS perth1.aus.abc.com > > return. 1) When sent to the dnsmasq server,
;; AUTHORITY SECTION: aus.abc.com. 600 IN SOA perth1.aus.abc.com. hostmaster.perth1.abc.gxt.com. 1394671494 1200 180 1209600 600 > and 2) When sent to your > main company DNS server. Can't do this yet, setting the dnsmasq to authoritative was a prerequisite to having our zone included in the global dns. I also had to enable zone transfers which I did by setting a fictional secondary server, without this zone transfer were not allowed. > > Cheers, > > > Simon. > > _______________________________________ From: Simon > > Kelley [[email protected]] Sent: Wednesday, March 12, 2014 5:45 > > AM To: Franco Broi; [email protected] Subject: > > Re: [Dnsmasq-discuss] Reverse lookups not working in authoritative > > mode > > > > On 12/03/14 10:27, Franco Broi wrote: > >> Not sure what you mean but dig -x works so maybe host doesn't > >> understand the output of dnsmaq? > >> > > > > It's quite possible that dig is sending the query to dnsmasq > > directly, whilst dig is sending it to the recursive servers at your > > ISP, which are seeing the "global" view of the DNS, and not the local > > records. Since you're using authoritative mode, I assume you want > > these records to appear for everyone, everywhere. > > > > To do that for the reverse lookups, you need to have whoever owns the > > IP space you're using install a record > > > > 35.150.10.in-addr.arpa. NS perth1.aus.abc.com > > > > so that resolvers out on the internet know where to send the query. > > > > > > BUT 10.150.32.0 is an RFC1918 reserved address, so there's no point > > in putting records containing that address in the global internet. > > Why are you using authoritative mode at all? > > > > Cheers, > > > > Simon. > > > > > >> On 12 Mar 2014 18:11, Simon Kelley <[email protected]> > >> wrote: Have you delegated 35.150.10.in-addr.arpa. to the machine > >> running dnsmasq? > >> > >> Simon. > >> > >> > >> > >> On 12/03/14 03:39, Franco Broi wrote: > >>> Hi > >>> > >>> I just configured my dnsmasq server to be authoritative but now > >>> reverse lookups don't work. With debug turned on I can see that > >>> the address is resolved and with strace I can even see the > >>> resolved hostname being sent in sendmsg but the machine doing the > >>> query says not found: 3(NXDOMAIN). If I remove the auth-server > >>> option it works as expected. > >>> > >>> My configuration is minimal: > >>> > >>> domain=aus.abc.com auth-server=perth1.aus.abc.com,eth0 > >>> auth-zone=aus.abc.com,10.150.32.0/20 > >>> > >>> [franco@tc1 ~]$ host 10.150.35.105 perth1 Using domain server: > >>> Name: perth1 Address: 10.150.35.111#53 Aliases: > >>> > >>> Host 105.35.150.10.in-addr.arpa. not found: 3(NXDOMAIN) > >>> > >>> > >>> [root@perth1 src]# dnsmasq -d -q dnsmasq: started, version 2.68 > >>> cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt > >>> no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset > >>> auth dnsmasq: warning: no upstream servers configured dnsmasq: > >>> read /share/system/etc/hosts - 282 addresses dnsmasq: auth[PTR] > >>> 105.35.150.10.in-addr.arpa from 10.150.35.201 dnsmasq: > >>> /share/system/etc/hosts 10.150.35.105 is mds1.aus.abc.com > >>> > >>> Cheers,35.150.10.in-addr.arpa. > >>> > >>> > >>> > >>> _______________________________________________ Dnsmasq-discuss > >>> mailing list [email protected] > >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > >>> > >> > >> > >> _______________________________________________ Dnsmasq-discuss > >> mailing list [email protected] > >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > >> > >> ________________________________ > >> > >> > >> This email and any files transmitted with it are confidential and > >> are intended solely for the use of the individual or entity to whom > >> they are addressed. If you are not the original recipient or the > >> person responsible for delivering the email to the intended > >> recipient, be advised that you have received this email in error, > >> and that any use, dissemination, forwarding, printing, or copying > >> of this email is strictly prohibited. If you received this email in > >> error, please immediately notify the sender and delete the > >> original. > >> > >> > > > > ________________________________ > > > > > > This email and any files transmitted with it are confidential and are > > intended solely for the use of the individual or entity to whom they > > are addressed. If you are not the original recipient or the person > > responsible for delivering the email to the intended recipient, be > > advised that you have received this email in error, and that any use, > > dissemination, forwarding, printing, or copying of this email is > > strictly prohibited. If you received this email in error, please > > immediately notify the sender and delete the original. > > > > > _______________________________________________ Dnsmasq-discuss mailing list [email protected] http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
