[Dnsmasq-discuss] Dnsmasq responding with SOA instead of A

Albert ARIBAUD albert.aribaud at free.fr
Mon Jul 11 22:18:15 BST 2016


Hi Aaron,

Le Mon, 11 Jul 2016 20:20:56 +0000
Aaron Germuth <aagermuth at gmail.com> a écrit:

> Hey guys,
> 
> I'm trying to run my own dnsmasq instance on a computer. I want it to
> be authoritative for my domain (local.example.com). However I am
> getting different results for the same query from different computers.
> 
> dig @100.108.108.176 b.local.example.com. A
> 
> When I run this from the dns server itself (100.108.108.176) I get an
> ip as a response and the following in the logs:
> 
> Jul 11 14:47:53 MY_DNS_SERVER.com dnsmasq[30817]: query[A]
> b.local.example.com from 100.108.108.176
> Jul 11 14:47:53 MY_DNS_SERVER.com dnsmasq[30817]: /etc/hosts 1.2.3.50
> is b.local.example.com
> 
> When I run this from a different computer on a different network I do
> not get an IP. Instead dig returns an a SOA pointing to itself
> (MY_DNS_SERVER.com). Furthermore, the logs show the following:
> 
> Jul 11 14:49:29 MY_DNS_SERVER.com dnsmasq[30817]: auth[A]
> b.local.example.com from 172.27.88.26
> Jul 11 14:49:29 MY_DNS_SERVER.com dnsmasq[30817]: auth
> b.local.example.com is NODATA-IPv4
> 
> I'm not sure whats happening. It seems it interprets one as a
> query[A] and one auth[A]. It seems in the 2nd response it thinks it
> doesn't know how to handle that domain so it returns who it thinks is
> authoritative for that domain, which is itself. This is what my
> dnsmasq.conf looks like:
> 
> auth-server=MY_DNS_SERVER.com,eth0
> auth-zone=local.example.com,eth0
> 
> log-queries
> 
> #do not read resolv.conf to find servers where to lookup dns
> no-resolv
> #do not poll resolve.conf for changes
> no-poll
> 
> #address to use when address not local
> server=8.8.8.8
> server=4.4.4.4
> 
> local=/local.example.com/
> domain=local.example.com
> 
> If you need any more information, let me know.

First thing you should do is not to filter out or explain the dig
commands you use and their results, but instead to just copy-paste the
command and its output. Here, for instance, none of what you provide
allows checking how the request was sent exactly, and what principal
and additional info was returned.

> Thanks,
> 
> Aaron

Amicalement,
-- 
Albert.



More information about the Dnsmasq-discuss mailing list