[Dnsmasq-discuss] A reason for setting NS records in dnsmasq
Gui Iribarren
gui at altermundi.net
Fri Nov 2 12:43:49 GMT 2012
On Fri, Nov 2, 2012 at 8:58 AM, Simon Kelley <simon at thekelleys.org.uk>wrote:
> That looks very interesting. It's out of comfort-zone for DNS-wrangling,
> but I will cause it to be looked at by people who know more about this.
> If they think it's a valid thing to do, I'll implement enough NS record
> functionality to make it possible.
>
When I first changed the NS at the registrar, (from a proper, authoritative
one) to pointing to my frankestein, there was a window of a couple of
hours, until it propagated completely, where i could ask 8.8.8.8, and my
dnsmasq would return a cached correct NS reply, thus it all worked for an
afternoon. I was delighted. :)
since then i've been banging my head, trying different configs in bind9 /
dnsmasq, until accepting an NS record in dnsmasq would make it.
> One thought: to make this work, you are going to have to make dnsmasq
> open to queries from "outside". That's normally seen as a really bad
> idea. It may be necessary to limit the domains and/or query types for
> queries from outside.
>
Definitely: as it stands right now, when asked for A records, it answers
with 10.x.x.x to queries from the Internet, which is a *big* no-no...
So that would need a "reverse" bogus-priv option or something
But i'm really glad you liked the idea
it's a simple free-ride on the inspiringly elegant hack that is ra-names ;)
Cheers!
Gui
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20121102/a103b66a/attachment.html>
More information about the Dnsmasq-discuss
mailing list