Hi Simon,<br><br>I'm trying to implement your suggestion, but I'm having some troubles with it. Here's what I've done/what I know:<br><br>1) I've added the line"server=/mail.isomorphism.org/69.60.109.125" to my
dnsmasq.conf. The ip address corresponds to my primary name server for my domain (<a href="http://ns.dominia.org">ns.dominia.org</a>).<br>2) <a href="http://ns.dominia.org">ns.dominia.org</a> has a CNAME record for <a href="http://mail.isomorphism.org">
mail.isomorphism.org</a> mapping it to <a href="http://ghs.google.com">ghs.google.com</a>. Here's the line from the bind configuration for this "mail 43200 IN CNAME <a href="http://ghs.google.com">ghs.google.com
</a>."<br>3) Externally to my network (e.g. when dnsmasq is not invovled) <a href="http://mail.isomorphism.org">mail.isomorphism.org</a> works just fine.<br>4) Internally it doesn't work properly. Here's as much relevant output that I could think to collect:
<br><font size="2"><br style="font-family: courier new,monospace;"><b><span style="font-family: courier new,monospace;">bbeck@server:~$ nslookup <a href="http://mail.isomorphism.org">mail.isomorphism.org</a></span><br style="font-family: courier new,monospace;">
</b><span style="font-family: courier new,monospace;">Server: <a href="http://127.0.0.1">127.0.0.1</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Address:
127.0.0.1#53</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Non-authoritative answer:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"><a href="http://mail.isomorphism.org">mail.isomorphism.org</a> canonical name = <a href="http://ghs.GOOGLE.COM">ghs.GOOGLE.COM</a>.</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"><a href="http://ghs.GOOGLE.COM">ghs.GOOGLE.COM</a> canonical name = <a href="http://ghs.l.GOOGLE.COM">ghs.l.GOOGLE.COM</a>.</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><b><span style="font-family: courier new,monospace;">bbeck@server:~$ dig <a href="http://mail.isomorphism.org">mail.isomorphism.org</a></span><br style="font-family: courier new,monospace;">
</b><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">; <<>> DiG 9.4.1-P1 <<>> <a href="http://mail.isomorphism.org">mail.isomorphism.org</a></span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">;; global options: printcmd</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">;; Got answer:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18191</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">
;; QUESTION SECTION:</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">;mail.isomorphism.org. IN A</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">;; ANSWER SECTION:</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">
<a href="http://mail.isomorphism.org">mail.isomorphism.org</a>. 41407 IN CNAME <a href="http://ghs.GOOGLE.COM">ghs.GOOGLE.COM</a>.</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">
<a href="http://ghs.GOOGLE.COM">ghs.GOOGLE.COM</a>. 464425 IN CNAME <a href="http://ghs.l.GOOGLE.COM">ghs.l.GOOGLE.COM</a>.</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">;; Query time: 0 msec</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">;; SERVER: 127.0.0.1#53(<a href="http://127.0.0.1">
127.0.0.1</a>)</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">;; WHEN: Thu Jan 10 22:46:21 2008</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">
;; MSG SIZE rcvd: 96</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;"><b><span style="font-family: courier new,monospace;">bbeck@server:~$ host <a href="http://mail.isomorphism.org">
mail.isomorphism.org</a></span><br style="font-family: courier new,monospace;"></b><span style="font-family: courier new,monospace;"><a href="http://mail.isomorphism.org">mail.isomorphism.org</a> is an alias for <a href="http://ghs.GOOGLE.COM">
ghs.GOOGLE.COM</a>.</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"><a href="http://ghs.GOOGLE.COM">ghs.GOOGLE.COM</a> is an alias for <a href="http://ghs.l.GOOGLE.COM">
ghs.l.GOOGLE.COM</a>.</span></font><br><br>This was collected during the above commands, I bolded what I think is the relevant line below. I think dnsmasq is doing the right thing in forwarding the query, but I'm not sure what's going on with the response. It seems to follow a CNAME chain that ends in
<a href="http://ghs.l.google.com">ghs.l.google.com</a> which it can't resolve. Not sure why it works externally to my network.<br><br><b style="font-family: courier new,monospace;">bbeck@server:~$ tail -f /var/log/syslog
</b><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23930]: reading /var/run/dnsmasq/resolv.conf</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23930]: using nameserver 24.93.41.126#53</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">
Jan 10 22:56:45 server dnsmasq[23930]: using nameserver 24.93.41.125#53</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23930]: using local addresses only for domain
<a href="http://isomorphism.org">isomorphism.org</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23930]: using nameserver 69.60.109.125#53
for domain <a href="http://mail.isomorphism.org">mail.isomorphism.org</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23930]: exiting on receipt of SIGTERM
</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23994]: started, version 2.39 cachesize 150</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23994]: compile time options: IPv6 GNU-getopt no-ISC-leasefile DBus I18N TFTP</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">
Jan 10 22:56:45 server dnsmasq[23994]: DHCP, IP range <a href="http://192.168.1.100">192.168.1.100</a> -- <a href="http://192.168.1.200">192.168.1.200</a>, lease time 12h</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23994]: using local addresses only for domain <a href="http://isomorphism.org">isomorphism.org</a></span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23994]: using nameserver 69.60.109.125#53 for domain <a href="http://mail.isomorphism.org">mail.isomorphism.org</a></span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23994]: reading /var/run/dnsmasq/resolv.conf</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">
Jan 10 22:56:45 server dnsmasq[23994]: using nameserver 24.93.41.126#53</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23994]: using nameserver
24.93.41.125#53</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23994]: using local addresses only for domain <a href="http://isomorphism.org">
isomorphism.org</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23994]: using nameserver 69.60.109.125#53 for domain <a href="http://mail.isomorphism.org">
mail.isomorphism.org</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:56:45 server dnsmasq[23994]: read /etc/hosts - 8 addresses</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Jan 10 22:57:22 server dnsmasq[23994]: reading /var/run/dnsmasq/resolv.conf</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">
Jan 10 22:57:22 server dnsmasq[23994]: using nameserver 24.93.41.126#53</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:22 server dnsmasq[23994]: using nameserver
24.93.41.125#53</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:22 server dnsmasq[23994]: using local addresses only for domain <a href="http://isomorphism.org">
isomorphism.org</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:22 server dnsmasq[23994]: using nameserver 69.60.109.125#53 for domain <a href="http://mail.isomorphism.org">
mail.isomorphism.org</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"></span><span style="font-family: courier new,monospace;">Jan 10 22:57:56 server dnsmasq[23994]: query[A]
<a href="http://mail.isomorphism.org">mail.isomorphism.org</a> from <a href="http://127.0.0.1">127.0.0.1</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:56 server dnsmasq[23994]: forwarded
<a href="http://mail.isomorphism.org">mail.isomorphism.org</a> to <a href="http://69.60.109.125">69.60.109.125</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: reply
<a href="http://mail.isomorphism.org">mail.isomorphism.org</a> is <CNAME></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: reply
<a href="http://ghs.GOOGLE.COM">ghs.GOOGLE.COM</a> is <CNAME></span><br style="font-family: courier new,monospace;"><b><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: reply <a href="http://ghs.l.GOOGLE.COM">
ghs.l.GOOGLE.COM</a> is <NODATA>-IPv4</span><br style="font-family: courier new,monospace;"></b><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: query[A] <a href="http://mail.isomorphism.org">
mail.isomorphism.org</a> from <a href="http://127.0.0.1">127.0.0.1</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: cached
<a href="http://mail.isomorphism.org">mail.isomorphism.org</a> is <CNAME></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: cached
<a href="http://ghs.GOOGLE.COM">ghs.GOOGLE.COM</a> is <CNAME></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: cached <a href="http://ghs.l.GOOGLE.COM">
ghs.l.GOOGLE.COM</a> is <NODATA>-IPv4</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: query[A] <a href="http://mail.isomorphism.org">
mail.isomorphism.org</a> from <a href="http://127.0.0.1">127.0.0.1</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: cached
<a href="http://mail.isomorphism.org">mail.isomorphism.org</a> is <CNAME></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: cached
<a href="http://ghs.GOOGLE.COM">ghs.GOOGLE.COM</a> is <CNAME></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: cached <a href="http://ghs.l.GOOGLE.COM">
ghs.l.GOOGLE.COM</a> is <NODATA>-IPv4</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: query[AAAA] <a href="http://ghs.l.GOOGLE.COM">
ghs.l.GOOGLE.COM</a> from <a href="http://127.0.0.1">127.0.0.1</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: forwarded <a href="http://ghs.l.GOOGLE.COM">
ghs.l.GOOGLE.COM</a> to <a href="http://24.93.41.125">24.93.41.125</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: reply <a href="http://ghs.l.GOOGLE.COM">
ghs.l.GOOGLE.COM</a> is <NODATA>-IPv6</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: query[MX] <a href="http://ghs.l.GOOGLE.COM">
ghs.l.GOOGLE.COM</a> from <a href="http://127.0.0.1">127.0.0.1</a></span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jan 10 22:57:57 server dnsmasq[23994]: forwarded <a href="http://ghs.l.GOOGLE.COM">
ghs.l.GOOGLE.COM</a> to <a href="http://24.93.41.125">24.93.41.125</a></span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;">I'm not sure what's going on. I'd appreciate any help you could give here?
<br><br>Thanks,<br>Brandon<br><br><br><div class="gmail_quote">On Jan 10, 2008 3:07 AM, Simon Kelley <<a href="mailto:simon@thekelleys.org.uk">simon@thekelleys.org.uk</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div class="Wj3C7c">Brandon Beck wrote:<br>> Hi all,<br>><br>> I apologize if this has been asked and answered already. I'm looking for a<br>> way to tell dnsmasq to use an external nameserver for certain names in my
<br>> local domain.<br>><br>> My situation is interesting, but I don't think it's an unreasonable one.<br>> I'm using Google's "apps for your domain" service for my email, and in my<br>
> public dns entry have a CNAME record that points <a href="http://mail.mydomain.com" target="_blank">mail.mydomain.com</a> to<br>> <a href="http://ghs.google.com" target="_blank">ghs.google.com</a>. On my local network however, dnsmasq believes it knows
<br>> everything there is to know about <a href="http://mydomain.com" target="_blank">mydomain.com</a> and that since it doesn't see<br>> a dhcp record for <a href="http://mail.mydomain.com" target="_blank">mail.mydomain.com
</a> one must not exist. Is there a way I<br>> can get dnsmasq to see that CNAME on the public dns server while still<br>> retaining the ability for dnsmasq to pull entries for <a href="http://mydomain.com" target="_blank">
mydomain.com</a> from<br>> DHCP?<br>><br><br></div></div>You can override the knowledge about <a href="http://mydomain.com" target="_blank">mydomain.com</a> for more specific domains.<br><br>so<br><br>server=/mail.mydomain.com/<address of your upstream DNS server>
<br><br>will send queries to the upstream server for just <a href="http://mail.mydomain.com" target="_blank">mail.mydomain.com</a><br>(actually for *.mail.mydomain.com too)<br><br>That's not perfect, since it means you have to hard-code the IP of the
<br>upstream server rather than using the one in resolv.conf, but it's the<br>best that's possible, I think.<br><br>Cheers,<br><br>Simon.<br><br>><br>> Thanks,<br>> Brandon<br>><br>><br>><br>> ------------------------------------------------------------------------
<br><div><div></div><div class="Wj3C7c">><br>> _______________________________________________<br>> Dnsmasq-discuss mailing list<br>> <a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.thekelleys.org.uk
</a><br>> <a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br><br></div></div></blockquote></div><br>