[Dnsmasq-discuss] Becoming authoritative DNS for additional netblock

Albert ARIBAUD albert.aribaud at free.fr
Wed Dec 2 06:22:04 GMT 2015


Hi "A C",

Cc:ing Simon in case the problem is indeed a weird dependency of
"server=" on "local=" -- or to ascertain it doesn't.

Le Tue, 1 Dec 2015 19:53:37 -0800
A C <agcme at hotmail.com> a écrit:

> I just got it working.  Your statement "but if the first line wins"
> gave me an idea.  I cleaned up the config file and put these two
> lines in with this specific order:
> 
> server=/vpn.example.com/10.0.0.140
> local=/vpn.example.com/
> 
> This is exactly reversed of the order I was using (I had local first,
> then server).  It works now, any machine on the main network can send
> a DNS query to the router for any of the VPN machines and the query is
> forwarded over to the VPN server (I am able to see the packet arrive
> on the VPN server).
> 
> So perhaps the documents should add that the server/local lines are
> order specific when handling subdomains of the base local domain
> otherwise it attempts to be authoritative for all of the domain even
> if there are other server lines.  The server line works fine for
> external domains because they don't conflict with the local domain
> (in fact I've used them before for that purpose, to fix broken
> outside DNS servers by routing specific domains to alternate DNS
> servers).  I just had never tried a subdomain of my own domain and I
> simply duplicated an old server line all of which came after the
> local directive at the top of the file.

I am not sure that two lines are needed for one subdomain -- the
documentation imples that "server=" does not need a "companion" line
with "local=", and logically, no local= line should be needed for a
server= line to work.

Did you try just removing the "local=/vpn..." line from the (now)
working config?

If it still works with just the "server=" line, then your problem was
elsewhere and some other change of yours has fixed it.

If it needs the "local=" line along with the "server=" line to work,
then there is a weird problem indeed, which IMO justifies my cc:ing
Simon.

> Thanks for the help, that was a bit of a mystery.

Happy that it works now; I'll be happier when we know why it did not.

Amicalement,
-- 
Albert.



More information about the Dnsmasq-discuss mailing list