Hi Dimitry, On Fri, 2024-06-28 at 15:38 +0200, Dimitry Andric wrote: > On 28 Jun 2024, at 00:02, Buck Horn via Dnsmasq-discuss > <dnsmasq-discuss@lists.thekelleys.org.uk> wrote: > > > > On 27.06.24 22:13, Dimitry Andric wrote: > > > In particular, this happens when dnsmasq serves a --local domain, > > > and > > > 'fixed' hosts are defined with --address entries having _only_ an > > > IPv4 > > > address. > > > > > > For example, if dnsmasq.conf contains: > > > > > > no-daemon > > > log-queries > > > > > > domain=example.com > > > interface=eth0 > > > server=1.1.1.1 > > > local=/example.com/ > > > > > > address=/foo.example.com/10.1.2.3 > > > address=/bar.example.com/10.1.2.3 > > > > > > Your address literals are more specific than your 'local=' > > declarations. > > > > Did you try to actually '...match the specified address literal...' > > yet? > > > > local=/foo.example.com/ > > local=/bar.example.com/ > > > > address=/foo.example.com/10.1.2.3 > > address=/bar.example.com/10.1.2.3 > > Sure, that also appears to work. I just don't know what the preferred > syntax is for declaring hosts that have fixed IP addresses, as > opposed > to hosts that get addresses dynamically via DHCP. > > I.e. the original dnsmasq config file was written by someone who was > convinced that the way to serve up an internal company domain (which > uses DHCP for most hosts, fixed addresses for some other hosts) was > something like: > > dhcp-host=foo,10.1.2.3 > dhcp-host=bar,10.1.2.4 > dhcp-host=baz,10.1.2.5 > dhcp-option=eth0,3,10.1.2.1 > dhcp-range=eth0,10.1.2.50,10.1.2.254,255.255.255.0 > domain=internal.example.com > interface=eth0 > local=/internal.example.com/ > server=1.1.1.1 > address=/foo.internal.example.com/10.1.2.3 > address=/bar.internal.example.com/10.1.2.4 > address=/baz.internal.example.com/10.1.2.5 > > That used to work fine with dnsmasq 2.80, but with 2.90 it started > returning NXDOMAINs. > > -Dimitry
Please (re-)read the manual page: [...] -A, --address=/<domain>[/<domain>...]/[<ipaddr>] Specify an IP address to return for any host in the given do‐ mains. A (or AAAA) queries in the domains are never forwarded and always replied to with the specified IP address which may be IPv4 or IPv6. To give multiple addresses or both IPv4 and IPv6 addresses for a domain, use repeated --address flags. Note that /etc/hosts and DHCP leases override this for individual names. A common use of this is to redirect the entire doubleclick.net do‐ main to some friendly local web server to avoid banner ads. The domain specification works in the same way as for --server, with the additional facility that /#/ matches any domain. Thus --ad‐ dress=/#/1.2.3.4 will always return 1.2.3.4 for any query not an‐ swered from /etc/hosts or DHCP and not sent to an upstream name‐ server by a more specific --server directive. As for --server, one or more domains with no address returns a no-such-domain an‐ swer, so --address=/example.com/ is equivalent to --server=/exam‐ ple.com/ and returns NXDOMAIN for example.com and all its subdo‐ mains. An address specified as '#' translates to the NULL address of 0.0.0.0 and its IPv6 equivalent of :: so --address=/exam‐ ple.com/# will return NULL addresses for example.com and its sub‐ domains. This is partly syntactic sugar for --address=/exam‐ ple.com/0.0.0.0 and --address=/example.com/:: but is also more efficient than including both as separate configuration lines. Note that NULL addresses normally work in the same way as local‐ host, so beware that clients looking up these names are likely to end up talking to themselves. Note that the behaviour for queries which don't match the speci‐ fied address literal changed in version 2.86. Previous versions, configured with (eg) --address=/example.com/1.2.3.4 and then queried for a RR type other than A would return a NoData answer. From 2.86, the query is sent upstream. To restore the pre-2.86 behaviour, use the configuration --address=/example.com/1.2.3.4 --local=/example.com/ [...] Regards, Sven -- GPG Fingerprint 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
