On 25-11-2019 18:41, Brian J. Murrell wrote:

> I am using version 2.80 and finding dnsmasq's specification of a
> domain->server_address configuration to be inconsistent.  My dnsmasq
> configuration has:
>
> /etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247
>
> But observe the effects of this configuration:
>
> # dig example.com. ns
>
> ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54659
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 4
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: db73aa72005723f41aa030675ddc02cdc50f67cb39133a14 (good)
> ;; QUESTION SECTION:
> ;example.com.         IN      NS
>
> ;; ANSWER SECTION:
> example.com.  86400   IN      NS      server.example.com.
>
> ;; ADDITIONAL SECTION:
> server.example.com.   1200    IN      A       10.75.22.247
> server.example.com.   1200    IN      AAAA    fd31:aeb1:48df::2
>
> ;; Query time: 73 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Nov 25 11:35:25 EST 2019
> ;; MSG SIZE  rcvd: 165
>
> # dig mail.example.com.
>
> ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> mail.example.com.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17966
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;mail.example.com.            IN      A
>
> ;; ANSWER SECTION:
> mail.example.com.     300     IN      A       9.1.1.18
>
> ;; Query time: 45 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Nov 25 11:43:59 EST 2019
> ;; MSG SIZE  rcvd: 65
>
> # dig example.com. ns
>
> ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35073
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;example.com.         IN      NS
>
> ;; ANSWER SECTION:
> example.com.  60      IN      NS      ns5.he.net.
> example.com.  60      IN      NS      ns1.he.net.
> example.com.  60      IN      NS      ns3.he.net.
> example.com.  60      IN      NS      server.example.ca.
> example.com.  60      IN      NS      ns2.he.net.
> example.com.  60      IN      NS      ns4.he.net.
>
> ;; Query time: 52 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Nov 25 11:45:34 EST 2019
> ;; MSG SIZE  rcvd: 169
>
> As you can see, the first dig returned the proper NS value for the
> domain as specified in the dnsmasq configuration.  But the second dig
> command returned the address 9.1.1.18 for mail.example.com.  That is
> the wrong address.  That is the address that the global Internet copy
> of that zone has for that name, not the copy on 10.75.22.247.  Then the
> third dig command, which is a duplicate of the first command starts
> returning the global Internet addresses for the NSes of example.com,
> not the 10.75.22.247 that is configured into dnsmasq.
>
> So somehow, that "server=/example.com/10.75.22.247" is being discarded
> by dnsmasq in favour of the global Internet's NS addresses for that
> domain.
>
> To be clear, that domain exists both on the global Internet with
> addresses suitable for the global Internet but it also exists, with
> different content, suitable for the private network at 10.75.22.247. 
> dnsmasq should only ever be looking at that latter copy, per the
> configuration directive.  But that doesn't seem to be what's happening.
> It seems to start out that way and then at some point reverts to the
> global Internet copy of the domain.
>
> Thoughts?
>

hostname && cat /etc/resolv.conf




_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to