On Mon, Nov 25, 2019 at 01:44:48PM -0500, Brian J. Murrell wrote: > On Mon, 2019-11-25 at 19:15 +0100, Geert Stappers wrote: > > On 25-11-2019 18:41, Brian J. Murrell wrote: > > > > > I am using version 2.80 and finding dnsmasq's specification of a > > > domain->server_address configuration to be inconsistent. My dnsmasq > > > configuration has: > > > > > > /etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247 > > > > > > But observe the effects of this configuration: > > > > > > # dig example.com. ns > > > example.com. 86400 IN NS server.example.com. > > > server.example.com. 1200 IN A 10.75.22.247 > > > server.example.com. 1200 IN AAAA fd31:aeb1:48df::2 > > > > > > # dig mail.example.com. > > > mail.example.com. 300 IN A 9.1.1.18 > > > > > > # dig example.com. ns > > > example.com. 60 IN NS ns5.he.net. > > > example.com. 60 IN NS ns1.he.net. > > > example.com. 60 IN NS ns3.he.net. > > > example.com. 60 IN NS server.example.ca. > > > example.com. 60 IN NS ns2.he.net. > > > example.com. 60 IN NS ns4.he.net. > > > > > > As you can see, the first dig returned the proper NS value for the > > > domain as specified in the dnsmasq configuration. But the second dig > > > command returned the address 9.1.1.18 for mail.example.com. That is > > > the wrong address. That is the address that the global Internet copy > > > of that zone has for that name, not the copy on 10.75.22.247. Then the > > > third dig command, which is a duplicate of the first command starts > > > returning the global Internet addresses for the NSes of example.com, > > > not the 10.75.22.247 that is configured into dnsmasq. > > > > > > So somehow, that "server=/example.com/10.75.22.247" is being discarded > > > by dnsmasq in favour of the global Internet's NS addresses for that > > > domain. > > > > > > To be clear, that domain exists both on the global Internet with > > > addresses suitable for the global Internet but it also exists, with > > > different content, suitable for the private network at 10.75.22.247. > > > dnsmasq should only ever be looking at that latter copy, per the > > > configuration directive. But that doesn't seem to be what's happening. > > > It seems to start out that way and then at some point reverts to the > > > global Internet copy of the domain. > > > > > > Thoughts? > > > > > > > hostname && cat /etc/resolv.conf > > > > # hostname > host.example.com
Please confirm that each of the above `dig` commands was **all** done at `host.example.com` Please, pretty please, say if I missed that `dig example.com. ns` was done on two different machines. > # cat /etc/resolv.conf > # Generated by NetworkManager > search example.com > nameserver 127.0.0.1 Acknowledge. Please repeat the original test[1] with dig +short @127.0.0.1 example.com. ns dig +short @127.0.0.1 mail.example.com. dig +short @127.0.0.1 example.com. ns and report back. Groeten Geert Stappers [1] multiple tests in case multiple servers were involved in the original test. -- Leven en laten leven _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss