-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I guess the logic is that dnsmasq is the authoritative source for > that data, so it doesn't need to validate it to know that it's > real.
Right, but obviously the solution is not as simple as setting AD. As for the background (sorry, since English is not my native tongue I'm having trouble being verbose): A lot people around here (me included) use a well-known router brand (Fritz!Boxen) which employs dnsmasq. The manufacturer (AVM) offers a free dyndns service (myfritz.net). It not only answers for both address types but for IPv6 also allows subdomains for hosts within your dyndns domain. This is practical for accessing services like IMAP or Webdav(s) from anywhere via the same domain name. Now asking the router for a host from the local network will return the *external* IPv4 address and the global IPv6 address. With IPv4 connections from the local network this obviously incurs a performance penalty since the packets will have to traverse the router's NAT. This might not be an issue with IMAP but definitely with NAS access via Webdav(s) or SFTP. I submitted the idea of returning local IPv4 addresses for internal queries to AVM. Their reply was that this will fail if they'd enable DNSSEC for their dyndns service in the future. My knee-jerk reply was to let dnsmasq set the AD flag for this kind of query. But as per your explanations this is only half a solution. Do you think there's any chance to solve this correctly without switching from dnsmasq to Unbound or the like? Best regards Ernst - -- Ernst Ahlers, Redakteur/Editor PGP-Key-ID: 0x265E 3662, plain text preferred c't - Magazin für Computertechnik www.ct.de Karl-Wiechert-Allee 10 D-30625 Hannover, Germany Phone +49 (0)511 5352 300 Fax +49 (0)511 5352 417 Heise Medien GmbH & Co. KG Registergericht: Amtsgericht Hannover HRA 26709 Persönlich haftende Gesellschafterin: Heise Medien Geschäftsführung GmbH Registergericht: Amtsgericht Hannover, HRB 60405 Geschäftsführer: Ansgar Heise, Dr. Alfons Schräder Katze 5e -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlYM2UoACgkQLOdj1iZeNmKxKwCgqYPPAXRRoCHHrx3O16YolNVH 33MAnRqdkPGuYij29NG5eaAP+oQZvGCh =L7j4 -----END PGP SIGNATURE----- _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss