On 12/03/14 11:09, Franco Broi wrote:
> 
> Sorry about the top posting, useless MS webmail.
> 
> The reason I need the authoritative dns is because I'm in a regional
> office of a big company. It's a requirement that we provide an
> authoritative server for our local machines so they can be accessed
> from anywhere within the company WAN.
> 
> When I run the host and dig commands I'm specifying a dns to use, so
> there's no other dns involved, plus I've disabled resolve.conf and
> there are no other dns's defined.
> 
> Dig seems to work but host doesn't. When I strace the dnsmasq server
> I can see it sending the hostname but it just doesn't register with
> host as a successful lookup. host works fine in non-authoritative
> mode and from my other dnsmasq servers - non authoritative.
> 
> Does the format of the return message from dnsmasq change with the
> different modes? 

It can differ, for instance a hostname can appear at different
full-qualified domain names deoending on "inside" or "outside" queries,
but that's not relevant here.

What does

dig NS perth1.aus.abc.com

return. 1) When sent to the dnsmasq server, and 2) When sent to your
main company DNS server.

Cheers,


Simon.

_______________________________________ From: Simon
> Kelley [si...@thekelleys.org.uk] Sent: Wednesday, March 12, 2014 5:45
> AM To: Franco Broi; dnsmasq-discuss@lists.thekelleys.org.uk Subject:
> Re: [Dnsmasq-discuss] Reverse lookups not working in authoritative
> mode
> 
> On 12/03/14 10:27, Franco Broi wrote:
>> Not sure what you mean but dig -x works so maybe host doesn't
>> understand the output of dnsmaq?
>> 
> 
> It's quite possible that dig is sending the query to dnsmasq
> directly, whilst dig is sending it to the recursive servers at your
> ISP, which are seeing the "global" view of the DNS, and not the local
> records. Since you're using authoritative mode, I assume you want
> these records to appear for everyone, everywhere.
> 
> To do that for the reverse lookups, you need to have whoever owns the
> IP space you're using install a record
> 
> 35.150.10.in-addr.arpa. NS perth1.aus.abc.com
> 
> so that resolvers out on the internet know where to send the query.
> 
> 
> BUT 10.150.32.0 is an RFC1918 reserved address, so there's no point
> in putting records containing that address in the global internet.
> Why are you using authoritative mode at all?
> 
> Cheers,
> 
> Simon.
> 
> 
>> On 12 Mar 2014 18:11, Simon Kelley <si...@thekelleys.org.uk>
>> wrote: Have you delegated 35.150.10.in-addr.arpa. to the machine
>> running dnsmasq?
>> 
>> Simon.
>> 
>> 
>> 
>> On 12/03/14 03:39, Franco Broi wrote:
>>> Hi
>>> 
>>> I just configured my dnsmasq server to be authoritative but now
>>> reverse lookups don't work. With debug turned on I can see that
>>> the address is resolved and with strace I can even see the
>>> resolved hostname being sent in sendmsg but the machine doing the
>>> query says  not found: 3(NXDOMAIN). If I remove the auth-server
>>> option it works as expected.
>>> 
>>> My configuration is minimal:
>>> 
>>> domain=aus.abc.com auth-server=perth1.aus.abc.com,eth0 
>>> auth-zone=aus.abc.com,10.150.32.0/20
>>> 
>>> [franco@tc1 ~]$ host 10.150.35.105 perth1 Using domain server: 
>>> Name: perth1 Address: 10.150.35.111#53 Aliases:
>>> 
>>> Host 105.35.150.10.in-addr.arpa. not found: 3(NXDOMAIN)
>>> 
>>> 
>>> [root@perth1 src]# dnsmasq -d -q dnsmasq: started, version 2.68
>>> cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt
>>> no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset
>>> auth dnsmasq: warning: no upstream servers configured dnsmasq:
>>> read /share/system/etc/hosts - 282 addresses dnsmasq: auth[PTR]
>>> 105.35.150.10.in-addr.arpa from 10.150.35.201 dnsmasq:
>>> /share/system/etc/hosts 10.150.35.105 is mds1.aus.abc.com
>>> 
>>> Cheers,35.150.10.in-addr.arpa.
>>> 
>>> 
>>> 
>>> _______________________________________________ Dnsmasq-discuss
>>> mailing list Dnsmasq-discuss@lists.thekelleys.org.uk 
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>> 
>> 
>> 
>> _______________________________________________ Dnsmasq-discuss
>> mailing list Dnsmasq-discuss@lists.thekelleys.org.uk 
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> 
>> ________________________________
>> 
>> 
>> This email and any files transmitted with it are confidential and
>> are intended solely for the use of the individual or entity to whom
>> they are addressed. If you are not the original recipient or the
>> person responsible for delivering the email to the intended
>> recipient, be advised that you have received this email in error,
>> and that any use, dissemination, forwarding, printing, or copying
>> of this email is strictly prohibited. If you received this email in
>> error, please immediately notify the sender and delete the
>> original.
>> 
>> 
> 
> ________________________________
> 
> 
> This email and any files transmitted with it are confidential and are
> intended solely for the use of the individual or entity to whom they
> are addressed. If you are not the original recipient or the person
> responsible for delivering the email to the intended recipient, be
> advised that you have received this email in error, and that any use,
> dissemination, forwarding, printing, or copying of this email is
> strictly prohibited. If you received this email in error, please
> immediately notify the sender and delete the original.
> 
> 


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to