Hello Simon

Le sam. 8 sept. 2018 à 17:20, Simon Kelley <si...@thekelleys.org.uk> a
écrit :

> auth-zone specifies the zone within the domain-name tree first, then
> (optionally) the subnet range which gets serverd for reverse queries, so
> something like
> auth-zone=swtk.info/
> would do the trick.
> The important thing to understand about dnsmasq is that it continues to
> work as a normal DNS forwarder, and only acts as an authoritative server
> when queries arrive at a particular interface or address. Typically,
> it's acting as DNS forwarder on "internal" networks, and as
> authoritative when queries arrive from the "internet" side of the router
> it's running on. To tell it which queries to answer in authoritative
> mode, you need to use the --auth-server configuration.
I am a bit confused because the manpage mentions only commas in auth-zone
but I tried your version anyway and it does not work. The complete setup
for the authoritative part is now


This is a result of several trial and errors and it is the one which goes
closest to the solution, as the bind server now states

Sep 10 13:45:37 bind named[11209]: transfer of '10.in-addr.arpa/IN' from connected using
Sep 10 13:45:37 bind named[11209]: transfer of '10.in-addr.arpa/IN' from failed while receiving responses: SERVFAIL
Sep 10 13:45:37 bind named[11209]: transfer of '10.in-addr.arpa/IN' from Transfer status: SERVFAIL
Sep 10 13:45:37 bind named[11209]: transfer of '10.in-addr.arpa/IN' from Transfer completed: 0 messages, 0 records, 0 bytes, 0.001
secs (0 bytes/sec)

I believe that dnsmasq is not authoritative but does not allow for the
transfer from the secondary.
What is particularly weird is that the direct resolution (for domain
swtk.info) is transferred correctly. It looks like this is specifically the
transfer of the 10.x zone which is problematic.

> There's quite a long step-by-step guide to setting up auth mode as a
> separate  section of the man page. It's worth reading that.

Yes, I did read it several times (if you mean the "AUTHORITATIVE

Dnsmasq-discuss mailing list

Reply via email to