[Dnsmasq-discuss] MX forwarding

Gene Czarcinski gene at czarc.net
Thu Aug 23 15:26:25 BST 2012 

I am a recent convert to dnsmasq.  Previously, I was using bind(named) 
and dhcpd to support my small research network.  I also run 
libvirt/qemu/kvm virtualization and noticed its use of dnsmasq ... I was 
impressed.  In fact, since every system upgrade results in a bind(named) 
and dhcpd  "adventure", I thought I would give dnsmasq a try.

Much to my amazement, a couple of hours of reading and creating a 
dnsmasq.conf for my networks plus another couple of hours of testing 
with virtual guest systems and I had a working dnsmasq.  To say the 
least, I was pleased.

Naturally, since I was new to dnsmasq, I turned on query logging and 
kept an eye on it.  Much to my amazement, I saw MX queries from virtual 
guests as well as MX queries for the systems on my local networks 
(dnsmasq was handling both dns and dhcp services for these system) being 
FORWARDED up to my ISP on the Internet.

I checked my dnsmasq.conf and I have "local=/xxx/", "domain xxx", and 
"domain-needed" specified.  According to what I read, this should not be 
happening.  I added "selfmx" so that this would not happen for the local 
systems.  However, if i did a "host test.", the responses were  
NXDOMAIN-IPv4, NXDOMAIN-IPv6, MX forwarded to the Internet.

I did more testing and set up two virtual systems: test1 and test2. 
Test1 has two networks defined: a connection to the default network with 
connects to the local network and on to the Internet and second 
connection to a private virtual network.  Test1 uses dnsmasq to provide 
dns and dhcp services on the private network.  Test2 has one network 
connection to the private network and uses test1 to get dns and dhcp 
services.  With these two systems, I can "play" with the dnsmasq 
parameters and use test2 to issue queries.  Although I have not tried 
every possible combination, these are the two I concentrated on:

--domain-needed --local=//

For a query from test2 of "host test2", the responses were:

query[A]: DHCP test2 is 192.168.100.173
query[AAAA]: config test2 is NODATA-IPv6
query[MX]: config test2 is NODATA

For a query from test2 of "host xxx", the response were:
query[A] config xxx is NXDOMAIN-IPv4

This is what I expected and this is what I wanted to see. Naturally, any 
query with a qualified name specified (good or bad) was forwarded up the 
the next server in the chain.

--domain-needed --domain tst --local=/tst/

For a query from test2 of "host test2", the responses were:

query[A]: DHCP test2.tst is 192.168.100.173
query[AAAA]: config test2.tst is NODATA-IPv6
query[MX]: config test2.tst is NODATA

For a query from test2 of "host xxx", the response were:

query[A]: config xxx.tst is NXDOMAIN-IPv6
query[A]: config xxx is NODATA-IPv4
query[AAAA]: config xxx is NODATA-IPv6
query[MX]: forwarded xxx to 192.168.122.1    <<------------


Everything looks like it is mostly working the way I wanted except for 
the query[MX} handling.

I can see no reason that this "should" be happening but it is. Besides 
fixing this (or if there is areason that some users might need it), it 
might be nice if there was a "no-mx"/"mx=no" option besides "selfmx" and 
"localmx".

The system is Fedora 17.  The version of the dnsmasq is 2.59.

If you need any other info or some testing on my part, this is 
relatively easy to do with the virtual setup I have.

Gene

More information about the Dnsmasq-discuss mailing list