[Dnsmasq-discuss] Reverse lookups not working in authoritative mode

Albert ARIBAUD albert.aribaud at free.fr
Wed Mar 12 09:30:59 UTC 2014


Le 12/03/2014 09:04, Franco Broi a écrit :
> On Wed, 2014-03-12 at 08:55 +0100, Albert ARIBAUD wrote:
>> Hi Franco,
>>
>> Le 12/03/2014 04:39, Franco Broi a écrit :
>>> Hi
>>>
>>> I just configured my dnsmasq server to be authoritative but now reverse
>>> lookups don't work. With debug turned on I can see that the address is
>>> resolved and with strace I can even see the resolved hostname being sent
>>> in sendmsg but the machine doing the query says  not found: 3(NXDOMAIN).
>>> If I remove the auth-server option it works as expected.
>>>
>>> My configuration is minimal:
>>>
>>> domain=aus.abc.com
>>> auth-server=perth1.aus.abc.com,eth0
>>> auth-zone=aus.abc.com,10.150.32.0/20
>>>
>>> [franco at tc1 ~]$ host 10.150.35.105 perth1
>>> Using domain server:
>>> Name: perth1
>>> Address: 10.150.35.111#53
>>> Aliases:
>>>
>>> Host 105.35.150.10.in-addr.arpa. not found: 3(NXDOMAIN)
>>
>> Rather than 'host', try using 'dig' and see what server answered the
>> request (comment at the end of the dig output). Either it is perth1, and
>> you will have to investigate further, or it is e.g. a local DNS on
>> franco, which forwards to perth1 (and does something weird regarding
>> aythoritative answers) and you'll have to investigate that other NS.
>
> Dig works, and it's perth1 listed as the server:
>
> [franco at tc1 ~]$ dig -x 10.150.35.105 @perth1
>
> ; <<>> DiG 9.9.4-P2-RedHat-9.9.4-11.P2.fc20 <<>> -x 10.150.35.105 @perth1
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51432
> ;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;105.35.150.10.in-addr.arpa.	IN	PTR
>
> ;; ANSWER SECTION:
> 105.35.150.10.in-addr.arpa. 600	IN	PTR	mds1.aus.abc.com.
>
> ;; AUTHORITY SECTION:
> 150.10.in-addr.arpa.	600	IN	NS	perth1.aus.abc.com.
>
> ;; Query time: 0 msec
> ;; SERVER: 10.150.35.111#53(10.150.35.111)
> ;; WHEN: Wed Mar 12 16:00:54 WST 2014
> ;; MSG SIZE  rcvd: 125

Ok -- so next step is to ask an independent observer what is going on 
both with and without auth-server. Can you run Wireshark on Franco ?

Amicalement,
-- 
Albert.



More information about the Dnsmasq-discuss mailing list