Very nice, I will test this. I am curious though: what will be used for the NS record if the auth-server configuration is omitted?
-m On Fri, Sep 28, 2018 at 4:42 PM Simon Kelley <si...@thekelleys.org.uk> wrote: > On 28/09/18 02:33, Marc Heckmann wrote: > > Hello, > > > > I'm currently running dnsmasq in a Docker container and have setup a > > domain for which dnsmasq is to be authoritative for. This is to do > > subdomain delegation to the dnsmasq server. I am using the auth-server & > > auth-zone configuration options for this. This works as expected and is > > verifiable using dig with the "+norecurse" option to query for the NS > > and SOA records. However, as it's a Docker container, I only have and > > actually need a single interface (eth0) and when I specify eth0 in the > > "auth-server" option, i.e "auth-server=<glue_record>,eth0", I noticed > > that it stops answering recursive queries for names that it is not > > authoritative for. > > > > I worked around this by replacing "eth0" with an IP that is not present > > in the container's network namespace and dnsmasq now does what I want > > which is to answer to both non-recursive and recursive queries from the > > same interface. > > > > My question is the following: Are there any side effects to this hack? > > Is there any reason why dnsmasq should not be able to provide recursive > > and authoritative service from the same interface? I can understand the > > security reasons for wanting to prevent this on an Internet exposed > > interface, but why not at allow for an option to officially support > > providing both kinds of service on the same interface? > > > > Thanks. > > > > -m > > > > > > > This patch, in the pending 2.80 release, addresses this, is allows you > to omit the auth-server configuration and get both recursive and > authoritative answers on the interface(s) that dnsmasq is listening on. > > > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=397c0502e255ea0a470982666dea93e0b2f52043 > > > > Cheers, > > Simon. > > > > > > _______________________________________________ > > Dnsmasq-discuss mailing list > > Dnsmasqemail@example.com > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasqfirstname.lastname@example.org > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasqemail@example.com http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss