I am using version 2.80 and finding dnsmasq's specification of a
domain->server_address configuration to be inconsistent.  My dnsmasq
configuration has:

/etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247

But observe the effects of this configuration:

# dig example.com. ns

; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54659
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: db73aa72005723f41aa030675ddc02cdc50f67cb39133a14 (good)
;; QUESTION SECTION:
;example.com.           IN      NS

;; ANSWER SECTION:
example.com.    86400   IN      NS      server.example.com.

;; ADDITIONAL SECTION:
server.example.com.     1200    IN      A       10.75.22.247
server.example.com.     1200    IN      AAAA    fd31:aeb1:48df::2

;; Query time: 73 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 25 11:35:25 EST 2019
;; MSG SIZE  rcvd: 165

# dig mail.example.com.

; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> mail.example.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17966
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.example.com.              IN      A

;; ANSWER SECTION:
mail.example.com.       300     IN      A       9.1.1.18

;; Query time: 45 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 25 11:43:59 EST 2019
;; MSG SIZE  rcvd: 65

# dig example.com. ns

; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35073
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com.           IN      NS

;; ANSWER SECTION:
example.com.    60      IN      NS      ns5.he.net.
example.com.    60      IN      NS      ns1.he.net.
example.com.    60      IN      NS      ns3.he.net.
example.com.    60      IN      NS      server.example.ca.
example.com.    60      IN      NS      ns2.he.net.
example.com.    60      IN      NS      ns4.he.net.

;; Query time: 52 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 25 11:45:34 EST 2019
;; MSG SIZE  rcvd: 169

As you can see, the first dig returned the proper NS value for the
domain as specified in the dnsmasq configuration.  But the second dig
command returned the address 9.1.1.18 for mail.example.com.  That is
the wrong address.  That is the address that the global Internet copy
of that zone has for that name, not the copy on 10.75.22.247.  Then the
third dig command, which is a duplicate of the first command starts
returning the global Internet addresses for the NSes of example.com,
not the 10.75.22.247 that is configured into dnsmasq.

So somehow, that "server=/example.com/10.75.22.247" is being discarded
by dnsmasq in favour of the global Internet's NS addresses for that
domain.

To be clear, that domain exists both on the global Internet with
addresses suitable for the global Internet but it also exists, with
different content, suitable for the private network at 10.75.22.247. 
dnsmasq should only ever be looking at that latter copy, per the
configuration directive.  But that doesn't seem to be what's happening.
It seems to start out that way and then at some point reverts to the
global Internet copy of the domain.

Thoughts?

b.

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to