-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Try
local=/virt/ the extended domain=.... syntax is broken in some recent dnsmasq releases. Cheers, Simon. On 23/12/14 19:59, martin f krafft wrote: > also sprach Simon Kelley <si...@thekelleys.org.uk> [2014-12-23 > 18:14 +0100]: >> My guess is that the SERVFAIL is coming from a server upstream >> of dnsmasq. Unless told to, dnsmasq "overlays" the DNS >> information is has locally onto the global DNS a >> record-at-a-time, not a domain-name at a time. > > Yeah, that could be. tcpdump seems to think you're right. Thank > you! > >> or even better, modify the domain definition to something like >> domain=virt,192.168.122.0/24, local > > Unfortunately, I am seeing absolutely no difference with this > setting. > > % sudo grep domain /var/lib/libvirt/dnsmasq/default.conf > domain=virt,192.168.122.0/24,local > > % dig @192.168.122.1 mx red.virt […] ;; ->>HEADER<<- opcode: QUERY, > status: SERVFAIL, id: 29678 […] > > And according to tcpdump, this SERVFAIL comes from upstream (see > below). > > This (disabling any forwarding of *.virt) would be a really useful > setting for my case because I would also like to delegate the > resolution of *.virt to dnsmasq from my loopback resolver. At the > moment, this is the cause of the frequent timeouts: dnsmasq sends a > query upstream, which is configured to send queries for *.virt > downstream, which… > > Am I doing something wrong still? > > Btw, I managed to fix SERVFAIL upstream, using these instructions: > > http://utcc.utoronto.ca/~cks/space/blog/linux/UnboundDNSforVPN > > tl;dr: DNSSEC is preventing me from using the zone *.virt unless I > declare it private and insecure. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUmdfsAAoJEBXN2mrhkTWio4AP/0K4V4fe7dwo3mnrcGvBSPVQ ZhG6sHFTCotU/p7bipRrQ47/cxcK7PvapKFJ8aacjTPlwpZI/VZNn+iI3bcS+5rZ QFGAZwD3JGFX4d26kE0Gok0gAFNRL9a6OiMHBxw6qsg3yU1RbaL5ZgbhifHbkFw2 8AemXUc4GP+x3G9tqFfGA/Vg2e3DSuJzD0toj4VoBao3FUXTE0JAK1kRIJjX9cd/ G4A+3cLSRRcKEMQNqyqDRe53Io9bbgUakHkVm0HF2MjWWN1BPURruG+/0m4ddYwQ s3FT4OOUdmUzY0pvqHTSUO16OpmTctOd4zOwW7TzZ+jo9sO1R6dLX5lgYXpFmptp Wm/4FYUj/9zOptMTxk84njtJXki1QNs458x+9AwMpE4K/hG5TFxxmzKJt9cmQiiN qwtkBampB1zukQ5hjMZ5iwN7tx76sAosoj7rNvTaRFOefsHlqQmZCvNPwn7u5/5A u0XngmLkp6m/7RcvhTIHwsknfGgekzPsW5c8eRGxwRJRenUIVpPeOHLWNGXubFLA mmstt9RO5b3/Rrn00WMJnGxfvEUnY/dd65Vhds5xdJbKxfUcneKCFQgJLsmVUAEB izihVAcn7kYpoU6tiJHy1ganfDmUnRWX8BqANf5HHjSkR41kicEtTVTT+AtXsPA6 Rq6PR0SGqkNfngDu2V1/ =Ul6r -----END PGP SIGNATURE----- _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss