<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Hi,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I seem to have a problem with the way dnsmasq handles requests for SOA and NS records for domains I’ve defined with “server” lines.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’m based in a satellite office of an international company, and I’m using dnsmasq to split the DNS requests from our computers between local Internet DNS servers for general Internet requests, and the company Active Directory DNS servers for internal lookups. The two main reasons for doing this are for resiliency if our connectivity to the rest of the company fails, and speed because an in-country Internet lookup seems to be significantly quicker than the international lookup via the AD servers.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>However, if I use “nslookup” to query NS and SOA records for things handled by the AD servers, which are filtered using “server=” lines in the config, then the results don’t match what is returned if I point “nslookup” directly at an AD server.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Things usually seem to be OK for the “forward” domains, but always just give negative results for the “reverse” domains.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>This wouldn’t be an issue for most applications, but PowerBroker Identity Services (formerly Likewise) has a DNS update tool that (in the standard build) relies entirely on being able to get a valid SOA record for the AD domains, and this breaks with the current dnsmasq behaviour.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Some Google searching turned up this post <a href="http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2009q4/003405.html">http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2009q4/003405.html</a> from 2009, but nothing more recent.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’m running dnsmasq V2.57, in case the behaviour has changed recently.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanks in advance for any advice / assistance.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Michael Firth<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>