On 20/03/2020 14:29, William Edwards wrote: >> This sounds like a bug, doing auth DNS without an auth-server statement >> is a recent addition, and I probably forgot this effect on secondary >> servers. Will take a look in the next day or two. > > No worries. What's important to me is that only entries in 'auth-sec-servers' > are returned as NS records, being my public DNS servers. > Thanks, > William
I just pushed http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=b43585c34baf0c5eb478aa07423da534b2118536 which addresses this. If --auth-server is a complete configuration auth-server=dnsmasq.example.com,eth0 then dnsmasq.example.com will appear in the NS RRset and dnsmasq will act as a nameserver for the domain on queries via eth0 IF instead, there's no interface or address specification, then the domain will NO LONGER appear in the NS RRset, only the entries in auth-sec-servers will. Under these circumstances, the only use made of the domain in auth-server is to fill in the MNAME field in the SOA RR, so it makes most sense for it to be the name of whichever of the auth-sec-servers is acting as "primary". That seems to make sense. As a workaround, with 2.80, just pick which of your servers is primary and remove it from the --auth-sec-servers list and add it as --auth-server. Remember to undo that when you upgrade to 2.81 Cheers, Simon. > > > On 20/03/2020 08:25, William Edwards wrote: >> >>> Op 20 mrt. 2020 om 00:23 heeft Simon Kelley <si...@thekelleys.org.uk> het >>> volgende geschreven: >>> >>>> On 19/03/2020 17:23, William Edwards wrote: >>>> Hi, >>>> >>>> I have auth-sec-servers set to: >>>> 'auth-sec-servers=nsauth0.cyberfusion.nl,nsauth1.cyberfusion.be,nsauth2.cyberfusion.nu,nsauth3.cyberfusion.nl' >>>> >>>> These nameservers are shown, but I am also getting back an NS record >>>> consisting of '.': >>>> >>>> --- >>>> ;; ANSWER SECTION: >>>> vlan5.hosts.cyberfusion.space. 600 IN NS nsauth1.cyberfusion.be. >>>> vlan5.hosts.cyberfusion.space. 600 IN NS . >>>> vlan5.hosts.cyberfusion.space. 600 IN NS nsauth0.cyberfusion.nl. >>>> vlan5.hosts.cyberfusion.space. 600 IN NS nsauth2.cyberfusion.nu. >>>> vlan5.hosts.cyberfusion.space. 600 IN NS nsauth3.cyberfusion.nl. >>>> -- >>>> >>>> Where does 'NS .' come from? >>> >>> The --auth-server configuration, probably. What does that look like? >> >> I did not specify an ‘auth-server’ directive. I did so, and now, the first >> NS record indeed is no longer a dot. >> >> This brings me to the next question: how do I prevent dnsmasq from even >> showing itself in NS records? dnsmasq will not answer queries to the >> internet. >> >>> >>> >>> Simon. >>> >>> >>>> >>>> Met vriendelijke groeten, >>>> >>>> William Edwards >>>> T. 040 - 711 44 96 >>>> E. wedwa...@cyberfusion.nl >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Dnsmasq-discuss mailing list >>>> Dnsmasq-discuss@lists.thekelleys.org.uk >>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >>>> >>> >>> >>> _______________________________________________ >>> Dnsmasq-discuss mailing list >>> Dnsmasq-discuss@lists.thekelleys.org.uk >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss@lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
