[Dnsmasq-discuss] Reverse lookups not working in authoritative mode

Franco Broi Franco.Broi at iongeo.com
Wed Mar 12 11:09:05 UTC 2014


Sorry about the top posting, useless MS webmail.

The reason I need the authoritative dns is because I'm in a regional office of a big company. It's a requirement that we provide an authoritative server for our local machines so they can be accessed from anywhere within the company WAN.

When I run the host and dig commands I'm specifying a dns to use, so there's no other dns involved, plus I've disabled resolve.conf and there are no other dns's defined.

Dig seems to work but host doesn't. When I strace the dnsmasq server I can see it sending the hostname but it just doesn't register with host as a successful lookup. host works fine in non-authoritative mode and from my other dnsmasq servers - non authoritative.

Does the format of the return message from dnsmasq change with the different modes?
________________________________________
From: Simon Kelley [simon at thekelleys.org.uk]
Sent: Wednesday, March 12, 2014 5:45 AM
To: Franco Broi; dnsmasq-discuss at lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] Reverse lookups not working in authoritative mode

On 12/03/14 10:27, Franco Broi wrote:
> Not sure what you mean but dig -x works so maybe host doesn't understand the output of dnsmaq?
>

It's quite possible that dig is sending the query to dnsmasq directly,
whilst dig is sending it to the recursive servers at your ISP, which are
seeing the "global" view of the DNS, and not the local records. Since
you're using authoritative mode, I assume you want these records to
appear for everyone, everywhere.

To do that for the reverse lookups, you need to have whoever owns the IP
space you're using install a record

35.150.10.in-addr.arpa. NS perth1.aus.abc.com

so that resolvers out on the internet know where to send the query.


BUT 10.150.32.0 is an RFC1918 reserved address, so there's no point in
putting records containing that address in the global internet. Why are
you using authoritative mode at all?

Cheers,

Simon.


> On 12 Mar 2014 18:11, Simon Kelley <simon at thekelleys.org.uk> wrote:
> Have you delegated 35.150.10.in-addr.arpa. to the machine running dnsmasq?
>
> Simon.
>
>
>
> On 12/03/14 03:39, Franco Broi wrote:
>> Hi
>>
>> I just configured my dnsmasq server to be authoritative but now reverse
>> lookups don't work. With debug turned on I can see that the address is
>> resolved and with strace I can even see the resolved hostname being sent
>> in sendmsg but the machine doing the query says  not found: 3(NXDOMAIN).
>> If I remove the auth-server option it works as expected.
>>
>> My configuration is minimal:
>>
>> domain=aus.abc.com
>> auth-server=perth1.aus.abc.com,eth0
>> auth-zone=aus.abc.com,10.150.32.0/20
>>
>> [franco at tc1 ~]$ host 10.150.35.105 perth1
>> Using domain server:
>> Name: perth1
>> Address: 10.150.35.111#53
>> Aliases:
>>
>> Host 105.35.150.10.in-addr.arpa. not found: 3(NXDOMAIN)
>>
>>
>> [root at perth1 src]# dnsmasq -d -q
>> dnsmasq: started, version 2.68 cachesize 150
>> dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth
>> dnsmasq: warning: no upstream servers configured
>> dnsmasq: read /share/system/etc/hosts - 282 addresses
>> dnsmasq: auth[PTR] 105.35.150.10.in-addr.arpa from 10.150.35.201
>> dnsmasq: /share/system/etc/hosts 10.150.35.105 is mds1.aus.abc.com
>>
>> Cheers,35.150.10.in-addr.arpa.
>>
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
> ________________________________
>
>
> This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original.
>
>

________________________________


This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original.




More information about the Dnsmasq-discuss mailing list