[Dnsmasq-discuss] Reverse lookups not working in authoritative mode
Franco Broi
franco.broi at iongeo.com
Thu Mar 13 01:01:39 UTC 2014
On Wed, 2014-03-12 at 17:29 +0000, Simon Kelley wrote:
> On 12/03/14 11:09, Franco Broi wrote:
> >
> > Sorry about the top posting, useless MS webmail.
> >
> > The reason I need the authoritative dns is because I'm in a regional
> > office of a big company. It's a requirement that we provide an
> > authoritative server for our local machines so they can be accessed
> > from anywhere within the company WAN.
> >
> > When I run the host and dig commands I'm specifying a dns to use, so
> > there's no other dns involved, plus I've disabled resolve.conf and
> > there are no other dns's defined.
> >
> > Dig seems to work but host doesn't. When I strace the dnsmasq server
> > I can see it sending the hostname but it just doesn't register with
> > host as a successful lookup. host works fine in non-authoritative
> > mode and from my other dnsmasq servers - non authoritative.
> >
> > Does the format of the return message from dnsmasq change with the
> > different modes?
>
> It can differ, for instance a hostname can appear at different
> full-qualified domain names deoending on "inside" or "outside" queries,
> but that's not relevant here.
>
> What does
>
> dig NS perth1.aus.abc.com
>
> return. 1) When sent to the dnsmasq server,
;; AUTHORITY SECTION:
aus.abc.com. 600 IN SOA perth1.aus.abc.com. hostmaster.perth1.abc.gxt.com. 1394671494 1200 180 1209600 600
> and 2) When sent to your
> main company DNS server.
Can't do this yet, setting the dnsmasq to authoritative was a
prerequisite to having our zone included in the global dns. I also had
to enable zone transfers which I did by setting a fictional secondary
server, without this zone transfer were not allowed.
>
> Cheers,
>
>
> Simon.
>
> _______________________________________ From: Simon
> > Kelley [simon at thekelleys.org.uk] Sent: Wednesday, March 12, 2014 5:45
> > AM To: Franco Broi; dnsmasq-discuss at lists.thekelleys.org.uk Subject:
> > Re: [Dnsmasq-discuss] Reverse lookups not working in authoritative
> > mode
> >
> > On 12/03/14 10:27, Franco Broi wrote:
> >> Not sure what you mean but dig -x works so maybe host doesn't
> >> understand the output of dnsmaq?
> >>
> >
> > It's quite possible that dig is sending the query to dnsmasq
> > directly, whilst dig is sending it to the recursive servers at your
> > ISP, which are seeing the "global" view of the DNS, and not the local
> > records. Since you're using authoritative mode, I assume you want
> > these records to appear for everyone, everywhere.
> >
> > To do that for the reverse lookups, you need to have whoever owns the
> > IP space you're using install a record
> >
> > 35.150.10.in-addr.arpa. NS perth1.aus.abc.com
> >
> > so that resolvers out on the internet know where to send the query.
> >
> >
> > BUT 10.150.32.0 is an RFC1918 reserved address, so there's no point
> > in putting records containing that address in the global internet.
> > Why are you using authoritative mode at all?
> >
> > Cheers,
> >
> > Simon.
> >
> >
> >> On 12 Mar 2014 18:11, Simon Kelley <simon at thekelleys.org.uk>
> >> wrote: Have you delegated 35.150.10.in-addr.arpa. to the machine
> >> running dnsmasq?
> >>
> >> Simon.
> >>
> >>
> >>
> >> On 12/03/14 03:39, Franco Broi wrote:
> >>> Hi
> >>>
> >>> I just configured my dnsmasq server to be authoritative but now
> >>> reverse lookups don't work. With debug turned on I can see that
> >>> the address is resolved and with strace I can even see the
> >>> resolved hostname being sent in sendmsg but the machine doing the
> >>> query says not found: 3(NXDOMAIN). If I remove the auth-server
> >>> option it works as expected.
> >>>
> >>> My configuration is minimal:
> >>>
> >>> domain=aus.abc.com auth-server=perth1.aus.abc.com,eth0
> >>> auth-zone=aus.abc.com,10.150.32.0/20
> >>>
> >>> [franco at tc1 ~]$ host 10.150.35.105 perth1 Using domain server:
> >>> Name: perth1 Address: 10.150.35.111#53 Aliases:
> >>>
> >>> Host 105.35.150.10.in-addr.arpa. not found: 3(NXDOMAIN)
> >>>
> >>>
> >>> [root at perth1 src]# dnsmasq -d -q dnsmasq: started, version 2.68
> >>> cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt
> >>> no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset
> >>> auth dnsmasq: warning: no upstream servers configured dnsmasq:
> >>> read /share/system/etc/hosts - 282 addresses dnsmasq: auth[PTR]
> >>> 105.35.150.10.in-addr.arpa from 10.150.35.201 dnsmasq:
> >>> /share/system/etc/hosts 10.150.35.105 is mds1.aus.abc.com
> >>>
> >>> Cheers,35.150.10.in-addr.arpa.
> >>>
> >>>
> >>>
> >>> _______________________________________________ Dnsmasq-discuss
> >>> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
> >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>>
> >>
> >>
> >> _______________________________________________ Dnsmasq-discuss
> >> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>
> >> ________________________________
> >>
> >>
> >> This email and any files transmitted with it are confidential and
> >> are intended solely for the use of the individual or entity to whom
> >> they are addressed. If you are not the original recipient or the
> >> person responsible for delivering the email to the intended
> >> recipient, be advised that you have received this email in error,
> >> and that any use, dissemination, forwarding, printing, or copying
> >> of this email is strictly prohibited. If you received this email in
> >> error, please immediately notify the sender and delete the
> >> original.
> >>
> >>
> >
> > ________________________________
> >
> >
> > This email and any files transmitted with it are confidential and are
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you are not the original recipient or the person
> > responsible for delivering the email to the intended recipient, be
> > advised that you have received this email in error, and that any use,
> > dissemination, forwarding, printing, or copying of this email is
> > strictly prohibited. If you received this email in error, please
> > immediately notify the sender and delete the original.
> >
> >
>
More information about the Dnsmasq-discuss
mailing list