[Dnsmasq-discuss] Deferring to external nameserver for certain local domain names

Brandon Beck bmbeck at gmail.com
Fri Jan 11 05:03:14 GMT 2008


Hi Simon,

I'm trying to implement your suggestion, but I'm having some troubles with
it.  Here's what I've done/what I know:

1)  I've added the line"server=/mail.isomorphism.org/69.60.109.125" to my
dnsmasq.conf.  The ip address corresponds to my primary name server for my
domain (ns.dominia.org).
2)  ns.dominia.org has a CNAME record for mail.isomorphism.org mapping it to
ghs.google.com.  Here's the line from the bind configuration for this
"mail    43200   IN      CNAME   ghs.google.com."
3)  Externally to my network (e.g. when dnsmasq is not invovled)
mail.isomorphism.org works just fine.
4)  Internally it doesn't work properly.  Here's as much relevant output
that I could think to collect:

*bbeck at server:~$ nslookup mail.isomorphism.org
*Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
mail.isomorphism.org    canonical name = ghs.GOOGLE.COM.
ghs.GOOGLE.COM  canonical name = ghs.l.GOOGLE.COM.

*bbeck at server:~$ dig mail.isomorphism.org
*
; <<>> DiG 9.4.1-P1 <<>> mail.isomorphism.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18191
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.isomorphism.org.          IN      A

;; ANSWER SECTION:
mail.isomorphism.org.   41407   IN      CNAME   ghs.GOOGLE.COM.
ghs.GOOGLE.COM.         464425  IN      CNAME   ghs.l.GOOGLE.COM.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 10 22:46:21 2008
;; MSG SIZE  rcvd: 96

*bbeck at server:~$ host mail.isomorphism.org
*mail.isomorphism.org is an alias for ghs.GOOGLE.COM.
ghs.GOOGLE.COM is an alias for ghs.l.GOOGLE.COM.

This was collected during the above commands, I bolded what I think is the
relevant line below.  I think dnsmasq is doing the right thing in forwarding
the query, but I'm not sure what's going on with the response.  It seems to
follow a CNAME chain that ends in ghs.l.google.com which it can't resolve.
Not sure why it works externally to my network.

*bbeck at server:~$ tail -f /var/log/syslog*
Jan 10 22:56:45 server dnsmasq[23930]: reading /var/run/dnsmasq/resolv.conf
Jan 10 22:56:45 server dnsmasq[23930]: using nameserver 24.93.41.126#53
Jan 10 22:56:45 server dnsmasq[23930]: using nameserver 24.93.41.125#53
Jan 10 22:56:45 server dnsmasq[23930]: using local addresses only for domain
isomorphism.org
Jan 10 22:56:45 server dnsmasq[23930]: using nameserver 69.60.109.125#53 for
domain mail.isomorphism.org
Jan 10 22:56:45 server dnsmasq[23930]: exiting on receipt of SIGTERM
Jan 10 22:56:45 server dnsmasq[23994]: started, version 2.39 cachesize 150
Jan 10 22:56:45 server dnsmasq[23994]: compile time options: IPv6 GNU-getopt
no-ISC-leasefile DBus I18N TFTP
Jan 10 22:56:45 server dnsmasq[23994]: DHCP, IP range 192.168.1.100 --
192.168.1.200, lease time 12h
Jan 10 22:56:45 server dnsmasq[23994]: using local addresses only for domain
isomorphism.org
Jan 10 22:56:45 server dnsmasq[23994]: using nameserver 69.60.109.125#53 for
domain mail.isomorphism.org
Jan 10 22:56:45 server dnsmasq[23994]: reading /var/run/dnsmasq/resolv.conf
Jan 10 22:56:45 server dnsmasq[23994]: using nameserver 24.93.41.126#53
Jan 10 22:56:45 server dnsmasq[23994]: using nameserver 24.93.41.125#53
Jan 10 22:56:45 server dnsmasq[23994]: using local addresses only for domain
isomorphism.org
Jan 10 22:56:45 server dnsmasq[23994]: using nameserver 69.60.109.125#53 for
domain mail.isomorphism.org
Jan 10 22:56:45 server dnsmasq[23994]: read /etc/hosts - 8 addresses
Jan 10 22:57:22 server dnsmasq[23994]: reading /var/run/dnsmasq/resolv.conf
Jan 10 22:57:22 server dnsmasq[23994]: using nameserver 24.93.41.126#53
Jan 10 22:57:22 server dnsmasq[23994]: using nameserver 24.93.41.125#53
Jan 10 22:57:22 server dnsmasq[23994]: using local addresses only for domain
isomorphism.org
Jan 10 22:57:22 server dnsmasq[23994]: using nameserver 69.60.109.125#53 for
domain mail.isomorphism.org
Jan 10 22:57:56 server dnsmasq[23994]: query[A] mail.isomorphism.org from
127.0.0.1
Jan 10 22:57:56 server dnsmasq[23994]: forwarded mail.isomorphism.org to
69.60.109.125
Jan 10 22:57:57 server dnsmasq[23994]: reply mail.isomorphism.org is <CNAME>
Jan 10 22:57:57 server dnsmasq[23994]: reply ghs.GOOGLE.COM is <CNAME>
*Jan 10 22:57:57 server dnsmasq[23994]: reply ghs.l.GOOGLE.COM is
<NODATA>-IPv4
*Jan 10 22:57:57 server dnsmasq[23994]: query[A] mail.isomorphism.org from
127.0.0.1
Jan 10 22:57:57 server dnsmasq[23994]: cached mail.isomorphism.org is
<CNAME>
Jan 10 22:57:57 server dnsmasq[23994]: cached ghs.GOOGLE.COM is <CNAME>
Jan 10 22:57:57 server dnsmasq[23994]: cached ghs.l.GOOGLE.COM is
<NODATA>-IPv4
Jan 10 22:57:57 server dnsmasq[23994]: query[A] mail.isomorphism.org from
127.0.0.1
Jan 10 22:57:57 server dnsmasq[23994]: cached mail.isomorphism.org is
<CNAME>
Jan 10 22:57:57 server dnsmasq[23994]: cached ghs.GOOGLE.COM is <CNAME>
Jan 10 22:57:57 server dnsmasq[23994]: cached ghs.l.GOOGLE.COM is
<NODATA>-IPv4
Jan 10 22:57:57 server dnsmasq[23994]: query[AAAA] ghs.l.GOOGLE.COM from
127.0.0.1
Jan 10 22:57:57 server dnsmasq[23994]: forwarded ghs.l.GOOGLE.COM to
24.93.41.125
Jan 10 22:57:57 server dnsmasq[23994]: reply ghs.l.GOOGLE.COM is
<NODATA>-IPv6
Jan 10 22:57:57 server dnsmasq[23994]: query[MX] ghs.l.GOOGLE.COM from
127.0.0.1
Jan 10 22:57:57 server dnsmasq[23994]: forwarded ghs.l.GOOGLE.COM to
24.93.41.125

I'm not sure what's going on.  I'd appreciate any help you could give here?

Thanks,
Brandon


On Jan 10, 2008 3:07 AM, Simon Kelley <simon at thekelleys.org.uk> wrote:

> Brandon Beck wrote:
> > Hi all,
> >
> > I apologize if this has been asked and answered already.  I'm looking
> for a
> > way to tell dnsmasq to use an external nameserver for certain names in
> my
> > local domain.
> >
> > My situation is interesting, but I don't think it's an unreasonable one.
> > I'm using Google's "apps for your domain" service for my email, and in
> my
> > public dns entry have a CNAME record that points mail.mydomain.com to
> > ghs.google.com.  On my local network however, dnsmasq believes it knows
> > everything there is to know about mydomain.com and that since it doesn't
> see
> > a dhcp record for mail.mydomain.com one must not exist.  Is there a way
> I
> > can get dnsmasq to see that CNAME on the public dns server while still
> > retaining the ability for dnsmasq to pull entries for mydomain.com from
> > DHCP?
> >
>
> You can override the knowledge about mydomain.com for more specific
> domains.
>
> so
>
> server=/mail.mydomain.com/<address of your upstream DNS server>
>
> will send queries to the upstream server for just mail.mydomain.com
> (actually for *.mail.mydomain.com too)
>
> That's not perfect, since it means you have to hard-code the IP of the
> upstream server rather than using the one in resolv.conf, but it's the
> best that's possible, I think.
>
> Cheers,
>
> Simon.
>
> >
> > Thanks,
> > Brandon
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20080110/2929361a/attachment-0001.htm


More information about the Dnsmasq-discuss mailing list