-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 My guess is that the SERVFAIL is coming from a server upstream of dnsmasq. Unless told to, dnsmasq "overlays" the DNS information is has locally onto the global DNS a record-at-a-time, not a domain-name at a time. So if dnsmasq knows the IPv4 address of red.virt, and not the IPv6 address, then it will forward AAAA queries for red.virt upstream, a particular domain-name is not either all local, or all usptream.
You can stop dnsmasq ever forwarding any query in *.virt like this. local=/virt/ or even better, modify the domain definition to something like domain=virt,192.168.122.0/24, local which will automatically give you "local" declarations for the forward (*.virt) and reverse (122.168.192.in-addr.arpa) domains. Cheers, Simon. On 16/12/14 21:32, martin f krafft wrote: > Hey, > > I am using dnsmasq from libvirt, like so: > > dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \ > --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper > > The configuration file is included below. Basically, this is a > DHCP server and DNS forwarder, but I've also configured it to turn > DHCP leases into DNS records, using the --domain keyword. > > This works splendidly and OMG did I rejoice to see how wonderfully > easy this was to set up and just get it working. > > However, there's an issue relating to nonexistent RRs for the > hosts configured by DHCP, as exemplified by a call to > /usr/bin/host: > > % host red.virt red.virt has address 192.168.122.60 Host red.virt > not found: 2(SERVFAIL) Host red.virt not found: 2(SERVFAIL) > > This is because host queries the DNS server for A, AAAA, and MX > all at once. > > It's obvious that dnsmasq does not know about AAAA or MX for the > host in this setup. However, why is it returning SERVFAIL? > > Moreover, this is not consistently the case. At other times, I get > timeouts when asking for these RRs: > > % dig @192.168.122.1 aaaa green.virt > > *** 5–10 seconds later *** > > ; <<>> DiG 9.9.5-7-Debian <<>> @192.168.122.1 aaaa green.virt ; (1 > server found) ;; global options: +cmd ;; connection timed out; no > servers could be reached > > Am I doing something wrong? > > I thought that the correct behaviour for a DNS server when asked > about a record it does not have is to respond with NOERROR, > AUTHORITY:1 and ANSWER:0. > > ==> /var/lib/libvirt/dnsmasq/default.conf: strict-order > domain=virt expand-hosts > pid-file=/var/run/libvirt/network/default.pid except-interface=lo > bind-dynamic interface=virbr0 > dhcp-range=192.168.122.2,192.168.122.254 dhcp-no-override > dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases > dhcp-lease-max=253 > dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile > addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts > > > > _______________________________________________ Dnsmasq-discuss > mailing list Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUmaL+AAoJEBXN2mrhkTWibt0P/0TYkdnvWMo2QcV2aKo72J4f p3DYVX3+I38ZTBHuD7LZWALw5TKW0xSPkcJIgfQh5wpppqf2Z/JMhcFbDY0eNc2t 5bsDBO3xQ9yU/GwchbaHUjme0f0PfvHCXNNbSQUioPIKgqHBDVHQDfQezhf2Fp0X xPBjGcB3gMtO2/E5Nknsk7M6VIvYVWdGzPYgndBwFde/DZEnvybCCW2TnNrx4yUO 6qB+8ibQH6DchYr1NPX0ryvTwgiPR/3/NDPLxLjMrrF8Q+6njpTYHFkkDvmvRiFz /aoeMyhFdaQHeqOUKVJCYzLGkQQciEHBQh5m4zWqi8JKmCIeZBLUplswGDa2pgEr QLmIbGK5bm7opP9UfIBJG7WryQPzqX0AMXImgBefVU75eqnVOYPGuYpYZVMZhvG0 2lldJbxzAM9veWSNFEnBCvfBOSznqnGVqmOVb8K5hwaBYD8FYMRVI8nBEcG5mak1 5j3vEN79simtkr+9RCx62/cyLuGK/8jFJYd84Mf6KAuma69XXkIZGsv1MBIAqgqC u9VDh1tjC3/kS3bn2+xuRNcZwTVQpHNTDRXy4u+vmdCAB2z+XSl3lMmdptMqOMFj 3FwtHUWs2Woqvfs+DfVHBR96Tg/lVFnOqLvqWQuBXrvh8+J07GL3dR8U+e88ahCQ KZz/bBx8loiJuJ/iH7dE =aCfJ -----END PGP SIGNATURE----- _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss