On Thu, 2014-03-13 at 20:38 +0000, Simon Kelley wrote: > On 13/03/14 01:01, Franco Broi wrote: > > On Wed, 2014-03-12 at 17:29 +0000, Simon Kelley wrote: > >> On 12/03/14 11:09, Franco Broi wrote: > >>> > >>> Sorry about the top posting, useless MS webmail. > >>> > >>> The reason I need the authoritative dns is because I'm in a regional > >>> office of a big company. It's a requirement that we provide an > >>> authoritative server for our local machines so they can be accessed > >>> from anywhere within the company WAN. > >>> > >>> When I run the host and dig commands I'm specifying a dns to use, so > >>> there's no other dns involved, plus I've disabled resolve.conf and > >>> there are no other dns's defined. > >>> > >>> Dig seems to work but host doesn't. When I strace the dnsmasq server > >>> I can see it sending the hostname but it just doesn't register with > >>> host as a successful lookup. host works fine in non-authoritative > >>> mode and from my other dnsmasq servers - non authoritative. > >>> > >>> Does the format of the return message from dnsmasq change with the > >>> different modes? > >> > >> It can differ, for instance a hostname can appear at different > >> full-qualified domain names deoending on "inside" or "outside" queries, > >> but that's not relevant here. > >> > >> What does > >> > >> dig NS perth1.aus.abc.com > >> > >> return. 1) When sent to the dnsmasq server, > > > > ;; AUTHORITY SECTION: > > aus.abc.com. 600 IN SOA perth1.aus.abc.com. > > hostmaster.perth1.abc.gxt.com. 1394671494 1200 180 1209600 600 > > > > > >> and 2) When sent to your > >> main company DNS server. > > > > Can't do this yet, setting the dnsmasq to authoritative was a > > prerequisite to having our zone included in the global dns. I also had > > to enable zone transfers which I did by setting a fictional secondary > http://dnsreactions.tumblr.com/post/53919990746/debugging-with-nslookup-or-host
Funny! > > server, without this zone transfer were not allowed. > > You shouldn't need to use fictional servers, just give the domain names > of your companies horitative nameserver(s) which will be doing the > zone transfers. I'm confused, I thought the auth-sec-servers option specified backup servers for the local zone for which we are authoritative? Are you saying I should put the global server names here instead? You might be able to tell by now that I know nothing about DNS, that's why I want to use dnsmasq... > > I'm not clear there's actually a problem here: I think that when queried > via the external interface specified by --auth-server, you'll get the > correct answer to the in-addr.arpa queries. You are right, it does work from perth1 but not from other machines. I will take this to mean it's ok. > > Note that "host" is a really bad debugging tool for this. "dig" is much > better since you get to control exactly what query is sent and you get > to see the exact answer received. > I think corporate IT are now happy that it works although they did make a fuss about dnsmasq not supporting reverse zone transfers - why do they need those? Can't they be deduced from the forward zone? BTW I'm also using dnsmasq for dhcp and tftp to boot diskless cluster nodes, works a treat although I do miss the dhcp stanzas which are a bit more intuitive than tags. Cheers and thanks for the help. > > Cheers, > > Simon > > _______________________________________________ Dnsmasq-discuss mailing list [email protected] http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
