On 06/09/18 15:36, Wojtek Swiatek wrote:
> Hello everyone,
> 
> Following the documentation for auth-zone, I tried to declare my dnsmasq
> server as authoritative for the 10.0.0.0/8 <http://10.0.0.0/8> zone (I
> server several IP sub-ranges in 10.x). Unfortunately, whatever I try I
> end up with
> 
> Sep 06 16:29:28 bind named[4677]: zone 10.in-addr.arpa/IN: refresh:
> non-authoritative answer from master 10.100.10.254#53 (source 0.0.0.0#0)
> 
> on the secondary bind server (the direct zones are transferred OK).
> 
> How should I set this up? I tried
> 
> auth-zone=10.0.0.0/8 <http://10.0.0.0/8>
> auth-zone=10.in-addr.arpa
> 
> but none of them worked (no errors in dnsmasq, just the bind message above).
> 
> Thanks for any pointers!
> 
>

auth-zone specifies the zone within the domain-name tree first, then
(optionally) the subnet range which gets serverd for reverse queries, so
something like

auth-zone=swtk.info/0.0.0.0/8

would do the trick.

The important thing to understand about dnsmasq is that it continues to
work as a normal DNS forwarder, and only acts as an authoritative server
when queries arrive at a particular interface or address. Typically,
it's acting as DNS forwarder on "internal" networks, and as
authoritative when queries arrive from the "internet" side of the router
it's running on. To tell it which queries to answer in authoritative
mode, you need to use the --auth-server configuration.


There's quite a long step-by-step guide to setting up auth mode as a
separate  section of the man page. It's worth reading that.


Cheers

Simon.

Cheers,

Simon.



> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to