[Dnsmasq-discuss] CNAME with no IP treated as SUCCESS

2016-09-10 Thread Shantanu Gadgil 

Hi,

I am using Dnsmasq version 2.76.
I have facing a problem that Dnsmasq returns "success" when it should not.
Explanation below:

My organization has a Windows' AD server running as a DHCP/DNS server 
at: 192.168.30.254

* The Windows AD is not under my control.

I have a dnsmasq running at 192.168.15.254
For my Dnsmasq (192.168.15.254) I have set the Windows' Ad 
(192.168.30.254) as one of my upstream servers,

along with the usual suspects like 8.8.8.8, 8.8.4.4, etc.
(I need to keep the AD server as one of the upstream as I need some 
other local names)


--- /etc/dnsmasq.conf ---
expand-hosts
domain = mydomain.net
all-servers
#strict-order
domain-needed
log-facility = /var/log/dnsmasq.log
clear-on-reload
no-negcache
#log-queries
--

--- /etc/resolv.conf ---
nameserver 127.0.0.1
nameserver 192.168.30.254
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 64.6.64.6
nameserver 64.6.65.6
--


As part of a workflow (and for various other resaons), I create a DNS 
entry in AWS's Route53 DNS as follows:

realhost.mydomain.net (A)
somehost.mydomain.net (CNAME to realhost)

The problem begins when, during my workflow, I try to ping 
"somehost.mydomain.net"


==
1. nslookup using the internal Windows AD (which only returns the CNAME, 
no IP)

# nslookup somehost.mydomain.net
Server: 192.168.30.254
Address:192.168.30.254#53

Non-authoritative answer:
somehost.mydomain.net  canonical name = realhost.mydomain.net.
==

==
2. nslookup using Google Nameserver (which only returns the CNAME and IP)
# nslookup somehost.mydomain.net 8.8.8.8
Server: 8.8.8.8
Address:8.8.8.8#53

Non-authoritative answer:
somehost.mydomain.net  canonical name = realhost.mydomain.net.
Name:   realhost.mydomain.net
Address: 192.168.58.216

==
2. nslookup using internal Dnsmasq (which only returns the CNAME, no IP)
*** This is because it gets this information from the Windows' AD, even 
though "all-servers" is set.


# nslookup somehost.mydomain.net 192.168.15.254
Server: 192.168.15.254
Address:192.168.15.254#53

Non-authoritative answer:
somehost.mydomain.net  canonical name = realhost.mydomain.net.
==

My question is this:
Can Dnsmasq be configured to treat the "CNAME but no IP" as a failure 
and thus ignore it, and fetch

the information from the next/another name server ?!?

*** I know I can use "server=/mydomain.net/8.8.8.8" in my Dnsmasq, but I 
still would need to
get the Windows' AD to hand out my Dnsmasq as a nameserver (which is not 
possible).


Regards,
Shantanu Gadgil


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Hiding/obscuring version.bind

2016-09-10 Thread Kevin Darbyshire-Bryant 
Hmm.  Ideally then with 'NO_ID' we shouldn't forward Chaosnet queries 
for *.bind.
Can we just get away with the equivalent of 'local=/bind/' or is that 
too broad a brush to apply by default in the code?


I can see me digging into how the code for 'local' works in my near 
future :-)


On 09/09/16 20:56, Simon Kelley wrote:

Applied.

Something to think about: with this in effect, queries to *.bind get
treated like all others, ie they get forwarded upstream, so the
requestor may get an answer from an upstream nameserver. I've added a
comment to this effect to the definition of NO_ID.

Cheers,

Simon.





___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss