[Dnsmasq-discuss] AAAA requests: long delay or SERVFAIL
simon at thekelleys.org.uk
Tue Dec 23 17:14:38 GMT 2014
-----BEGIN PGP SIGNED MESSAGE-----
My guess is that the SERVFAIL is coming from a server upstream of
dnsmasq. Unless told to, dnsmasq "overlays" the DNS information is has
locally onto the global DNS a record-at-a-time, not a domain-name at a
time. So if dnsmasq knows the IPv4 address of red.virt, and not the
IPv6 address, then it will forward AAAA queries for red.virt upstream,
a particular domain-name is not either all local, or all usptream.
You can stop dnsmasq ever forwarding any query in *.virt like this.
or even better, modify the domain definition to something like
which will automatically give you "local" declarations for the forward
(*.virt) and reverse (122.168.192.in-addr.arpa) domains.
On 16/12/14 21:32, martin f krafft wrote:
> I am using dnsmasq from libvirt, like so:
> dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
> The configuration file is included below. Basically, this is a
> DHCP server and DNS forwarder, but I've also configured it to turn
> DHCP leases into DNS records, using the --domain keyword.
> This works splendidly and OMG did I rejoice to see how wonderfully
> easy this was to set up and just get it working.
> However, there's an issue relating to nonexistent RRs for the
> hosts configured by DHCP, as exemplified by a call to
> % host red.virt red.virt has address 192.168.122.60 Host red.virt
> not found: 2(SERVFAIL) Host red.virt not found: 2(SERVFAIL)
> This is because host queries the DNS server for A, AAAA, and MX
> all at once.
> It's obvious that dnsmasq does not know about AAAA or MX for the
> host in this setup. However, why is it returning SERVFAIL?
> Moreover, this is not consistently the case. At other times, I get
> timeouts when asking for these RRs:
> % dig @192.168.122.1 aaaa green.virt
> *** 5–10 seconds later ***
> ; <<>> DiG 9.9.5-7-Debian <<>> @192.168.122.1 aaaa green.virt ; (1
> server found) ;; global options: +cmd ;; connection timed out; no
> servers could be reached
> Am I doing something wrong?
> I thought that the correct behaviour for a DNS server when asked
> about a record it does not have is to respond with NOERROR,
> AUTHORITY:1 and ANSWER:0.
> ==> /var/lib/libvirt/dnsmasq/default.conf: strict-order
> domain=virt expand-hosts
> pid-file=/var/run/libvirt/network/default.pid except-interface=lo
> bind-dynamic interface=virbr0
> dhcp-range=192.168.122.2,192.168.122.254 dhcp-no-override
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss