Hello, I'm currently running dnsmasq in a Docker container and have setup a domain for which dnsmasq is to be authoritative for. This is to do subdomain delegation to the dnsmasq server. I am using the auth-server & auth-zone configuration options for this. This works as expected and is verifiable using dig with the "+norecurse" option to query for the NS and SOA records. However, as it's a Docker container, I only have and actually need a single interface (eth0) and when I specify eth0 in the "auth-server" option, i.e "auth-server=<glue_record>,eth0", I noticed that it stops answering recursive queries for names that it is not authoritative for.
I worked around this by replacing "eth0" with an IP that is not present in the container's network namespace and dnsmasq now does what I want which is to answer to both non-recursive and recursive queries from the same interface. My question is the following: Are there any side effects to this hack? Is there any reason why dnsmasq should not be able to provide recursive and authoritative service from the same interface? I can understand the security reasons for wanting to prevent this on an Internet exposed interface, but why not at allow for an option to officially support providing both kinds of service on the same interface? Thanks. -m
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasqemail@example.com http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss