[Dnsmasq-discuss] Authoritative zone and no recursion replies
Hi everyone. I think it is handy to be able to delegate some suffix from internal domain, lets say example.com provided by BIND or any bigger server. But recursive servers do not set recursive queries on normal delegation. Delegation is when I just add line into zone file: $ORIGIN example.com. dnsmasq-private IN A 10.0.0.53 private IN NS dnsmasq-private Then query to xy.private.example.com would be forwarded to dnsmasq. It is great this can be configured by dynamic update of a zone. No change of configuration is necessary. It requires dnsmasq to be accessible by recursive resolvers. Great for trusted network configuration. Unfortunately, dnsmasq does not cooperate very well with them. Recursive servers use queries without recursion desired flag set. Dnsmasq tends to refuse it or servfail if any forwarder is configured. For each host it reads from /etc/hosts or configured from DHCP, I think it would be nice to respond also without recursion to every host from hosts. The same way for DHCP assigned names. AFAIK it is denied to disallow cache probing. What is point to deny provided names without recursion set, when it gracefully offers it when recursion is desired? compare when at least one server is set: dig +rec mydnsmasqhost dig +norec mydnsmasqhost where mydnsmasqhost is hostname which obtained address from dnsmasq. It just makes delegation from big resolvers difficult. Without auth-zone with common prefix, it would not work. Is there a good reason for it? If domain is set, it would be easy to create delegation without need to auth-zone set. My example would work if --auth-zone=private.example.com would be used. While it is better, why should not --domain private.example.com be sufficient? It would be quite useful for VM configuration, because current libvirt does not support adding auth-zone to dnsmasq configuration file. Any comments welcome. Have a nice day, Petr -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: 65C6C973 ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dry run mode
I think tools from contrib/lease-tools might help you with that. It makes dnsmasq to release some lease on demand. If you shut down VM, it can be used to free its former lease. I think also d-bus API can be used for the same thing, it might be more reliable. On 2/11/19 9:43 PM, Graeme Peterson wrote: > Hi all. Happy 2019! > > A bit of an odd question: Is there any way to run dnsmasq in some kind > of standalone test or dry-run mode without being connected to > actual/virtual networks, where I could define subnets and IP ranges, > somehow issue requests for IPs on subnets, and then use those IPs in my > VM deployment tests that require static IPs, releasing them when done or > when their lease expires? > > EXPLANATION > === > > I work in a test team on a product that does a lot of virtual network > configuration for various deployed VMs. Some of the testing uses dhcp > for the VMs' interfaces, so far so good. Some tests need to exercise > static IP configuration. I need a way to manage the allocation of static > IPs on all the test VMs in our automation. Hard coding the values is > cumbersome, error prone, and we run out of IPs in most /24 subnets > pretty quickly if we make sure every test deployment has a unique static > IP. > > So I got to thinking. I could write some kind of static IP allocator > that would respond to requests on a per-subnet basis, release the IPs > back into a pool of some kind when the test is done with them, maybe > have a timeout to auto-release the IPs in case the release is missed,... > > > Hang on. Sounds like dhcp. Which brings me to my above question, and > this email. > > Thank you, > Graeme > > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: 65C6C973 ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] [PATCH] auth-server without interface
Hi! I was playing a bit with auth-vm and auth-server together with virtual machine manager. I think it might be useful to omit interface in auth-server at all, just change name reported by auth-vm zones on normal dns port. Libvirt uses dnsmasq as DHCP and DNS server on each virtual network configured. It listens just on one interface excluding loopback (virbr0 for example). If I specify its interface, it stops responding normal recursive queries on it. I think there is no good reason to demand it. Anyway, current manual page indicates it is optional... Regards, Petr -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: 65C6C973 ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss