[Dnsmasq-discuss] Reverse lookups not working in authoritative mode

Franco Broi franco.broi at iongeo.com
Thu Mar 13 01:01:39 UTC 2014 

On Wed, 2014-03-12 at 17:29 +0000, Simon Kelley wrote: 
> On 12/03/14 11:09, Franco Broi wrote:
> > 
> > Sorry about the top posting, useless MS webmail.
> > 
> > The reason I need the authoritative dns is because I'm in a regional
> > office of a big company. It's a requirement that we provide an
> > authoritative server for our local machines so they can be accessed
> > from anywhere within the company WAN.
> > 
> > When I run the host and dig commands I'm specifying a dns to use, so
> > there's no other dns involved, plus I've disabled resolve.conf and
> > there are no other dns's defined.
> > 
> > Dig seems to work but host doesn't. When I strace the dnsmasq server
> > I can see it sending the hostname but it just doesn't register with
> > host as a successful lookup. host works fine in non-authoritative
> > mode and from my other dnsmasq servers - non authoritative.
> > 
> > Does the format of the return message from dnsmasq change with the
> > different modes? 
> 
> It can differ, for instance a hostname can appear at different
> full-qualified domain names deoending on "inside" or "outside" queries,
> but that's not relevant here.
> 
> What does
> 
> dig NS perth1.aus.abc.com
> 
> return. 1) When sent to the dnsmasq server,

;; AUTHORITY SECTION:
aus.abc.com.		600	IN	SOA	perth1.aus.abc.com. hostmaster.perth1.abc.gxt.com. 1394671494 1200 180 1209600 600


>  and 2) When sent to your
> main company DNS server.

Can't do this yet, setting the dnsmasq to authoritative was a
prerequisite to having our zone included in the global dns. I also had
to enable zone transfers which I did by setting a fictional secondary
server, without this zone transfer were not allowed.

> 
> Cheers,
> 
> 
> Simon.
> 
> _______________________________________ From: Simon
> > Kelley [simon at thekelleys.org.uk] Sent: Wednesday, March 12, 2014 5:45
> > AM To: Franco Broi; dnsmasq-discuss at lists.thekelleys.org.uk Subject:
> > Re: [Dnsmasq-discuss] Reverse lookups not working in authoritative
> > mode
> > 
> > On 12/03/14 10:27, Franco Broi wrote:
> >> Not sure what you mean but dig -x works so maybe host doesn't
> >> understand the output of dnsmaq?
> >> 
> > 
> > It's quite possible that dig is sending the query to dnsmasq
> > directly, whilst dig is sending it to the recursive servers at your
> > ISP, which are seeing the "global" view of the DNS, and not the local
> > records. Since you're using authoritative mode, I assume you want
> > these records to appear for everyone, everywhere.
> > 
> > To do that for the reverse lookups, you need to have whoever owns the
> > IP space you're using install a record
> > 
> > 35.150.10.in-addr.arpa. NS perth1.aus.abc.com
> > 
> > so that resolvers out on the internet know where to send the query.
> > 
> > 
> > BUT 10.150.32.0 is an RFC1918 reserved address, so there's no point
> > in putting records containing that address in the global internet.
> > Why are you using authoritative mode at all?
> > 
> > Cheers,
> > 
> > Simon.
> > 
> > 
> >> On 12 Mar 2014 18:11, Simon Kelley <simon at thekelleys.org.uk>
> >> wrote: Have you delegated 35.150.10.in-addr.arpa. to the machine
> >> running dnsmasq?
> >> 
> >> Simon.
> >> 
> >> 
> >> 
> >> On 12/03/14 03:39, Franco Broi wrote:
> >>> Hi
> >>> 
> >>> I just configured my dnsmasq server to be authoritative but now
> >>> reverse lookups don't work. With debug turned on I can see that
> >>> the address is resolved and with strace I can even see the
> >>> resolved hostname being sent in sendmsg but the machine doing the
> >>> query says  not found: 3(NXDOMAIN). If I remove the auth-server
> >>> option it works as expected.
> >>> 
> >>> My configuration is minimal:
> >>> 
> >>> domain=aus.abc.com auth-server=perth1.aus.abc.com,eth0 
> >>> auth-zone=aus.abc.com,10.150.32.0/20
> >>> 
> >>> [franco at tc1 ~]$ host 10.150.35.105 perth1 Using domain server: 
> >>> Name: perth1 Address: 10.150.35.111#53 Aliases:
> >>> 
> >>> Host 105.35.150.10.in-addr.arpa. not found: 3(NXDOMAIN)
> >>> 
> >>> 
> >>> [root at perth1 src]# dnsmasq -d -q dnsmasq: started, version 2.68
> >>> cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt
> >>> no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset
> >>> auth dnsmasq: warning: no upstream servers configured dnsmasq:
> >>> read /share/system/etc/hosts - 282 addresses dnsmasq: auth[PTR]
> >>> 105.35.150.10.in-addr.arpa from 10.150.35.201 dnsmasq:
> >>> /share/system/etc/hosts 10.150.35.105 is mds1.aus.abc.com
> >>> 
> >>> Cheers,35.150.10.in-addr.arpa.
> >>> 
> >>> 
> >>> 
> >>> _______________________________________________ Dnsmasq-discuss
> >>> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
> >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>> 
> >> 
> >> 
> >> _______________________________________________ Dnsmasq-discuss
> >> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >> 
> >> ________________________________
> >> 
> >> 
> >> This email and any files transmitted with it are confidential and
> >> are intended solely for the use of the individual or entity to whom
> >> they are addressed. If you are not the original recipient or the
> >> person responsible for delivering the email to the intended
> >> recipient, be advised that you have received this email in error,
> >> and that any use, dissemination, forwarding, printing, or copying
> >> of this email is strictly prohibited. If you received this email in
> >> error, please immediately notify the sender and delete the
> >> original.
> >> 
> >> 
> > 
> > ________________________________
> > 
> > 
> > This email and any files transmitted with it are confidential and are
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you are not the original recipient or the person
> > responsible for delivering the email to the intended recipient, be
> > advised that you have received this email in error, and that any use,
> > dissemination, forwarding, printing, or copying of this email is
> > strictly prohibited. If you received this email in error, please
> > immediately notify the sender and delete the original.
> > 
> > 
>

More information about the Dnsmasq-discuss mailing list