On 11/03/18 02:43, Markus Hartung wrote: > I have dug a little more and I can't think of this behaviour to be > nothing else than a bug. > > I have made a simple config now to reproduce the bug: > > Start server with this command: > > dnsmasq -p 1153 --synth-domain=hartmark.se,2001:db8::/64,dynamic- > --auth-server=ns1.hartmark.se,192.168.1.1 > --auth-zone=hartmark.se,192.168.1.1,2001:db8::/64 > --auth-soa=,hostmaster.hartmark.se,1200,180,1209600 --ho > st-record=foo.hartmark.se,2001:db8::f00 -d --bind-dynamic > > Replace 192.168.1.1 with your local ip. > > Run these dig:s > > 1. dig -p 1153 -x 2001:db8::f00 > > 2. dig -p 1153 -x 2001:db8::f00 @192.168.1.1 > > 3. dig -p 1153 -x 2001:db8::d00 > > 4. dig -p 1153 -x 2001:db8::d00 @192.168.1.1 > > > dig 1 and 2 both return foo.hartmark.se as response. 1 is using > localhost (127.0.0.1 or ::1) and that is not part of neither auth-server > and auth-zone > > dig 3 returns dynamic-2001-db8--d00.hartmark.se > > dig 4 returns NXDOMAIN > > > Have I misunderstood something?? From my understanding it seems dnsmasq > doesn't check synth-domain when responding on requests where dnsmasq is > authoritative. > >
Is it a bug if it fulfils the specification? :-) The section of the man page on AUTHORITATIVE CONFIGURATION lists all the sources of data for an auth zone, and it doesn't include synth-domain. So there's no bug :) The main reason that synth-domain is not included is that it makes doing domain-transfer difficult. That sends every record in the domain to a secondary server, and synth-domain would rapdily balloon into a LOT of records (especially in IPv6-land). Cheers, Simon. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss