[Dnsmasq-discuss] configure different "external" A records?

Florian Klink flokli at flokli.de
Wed Jul 31 13:31:37 BST 2013 


Am Mittwoch, den 31.07.2013, 12:43 +0100 schrieb Simon Kelley:
> On 29/07/13 18:38, Florian Klink wrote:
> >
> >
> > Am Montag, den 29.07.2013, 16:43 +0100 schrieb Simon Kelley:
> >> On 24/07/13 13:01, Florian Klink wrote:
> >>> Hi,
> >>>
> >>> I have a setup here with some virtual machines attached to br0 that get
> >>> their ipv4 and ra-stateless/ra-names from dnsmasq.
> >>>
> >>> dnsmasq.conf:
> >>>           resolv-file=/etc/resolv.conf.dnsmasq
> >>>           interface=br0
> >>>           interface=net0
> >>>           no-dhcp-interface=net0
> >>>           bind-interfaces
> >>>           domain=vms.mydomain.com,172.16.0.0/16
> >>>           dhcp-range=172.16.0.20,172.16.0.50
> >>>           dhcp-range=2a01:xxxx:xxxx:xxxx::, ra-stateless, ra-names
> >>>           dhcp-option=option6:dns-server,[::]
> >>>           dhcp-option=option6:information-refresh-time,6h
> >>>           enable-ra
> >>>
> >>> The nameserver for mydomain.com has a NS entry for vms.mydomain.com
> >>> pointing to the external (net0) interface, so you can dig
> >>> vm1.vms.mydomain.com AAAA and get the correct address.
> >>>
> >>> However, a problem is that I also get the A record to 172.16.0.x for
> >>> this machine when digging from the outside.
> >>>
> >>>
> >>> What I basically want to archive:
> >>>    - AAAA records point to internal vm addresses (works)
> >>>    - when digging from the outsidem, A records for all vms point to a
> >>> globally reachable ipv4 addr (proxy that does the http requests for all
> >>> ipv4-only visitors)
> >>>    - when digging from the inside, A records still point to the
> >>> 172.168.0.x adresses offered by dnsmasq dhcp
> >>>
> >>> Is it possible to get such a behaviour with dnsmasq?
> >>> "localise-queries" is not what I want, right?
> >>>
> >>> Thanks for your help,
> >>>
> >>> Florian
> >>>
> >>>
> >>
> >> Check the latest dnsmasq release, and look in the man page for thr
> >> AUTHORITATIVE CONFIGURATION section. That describes tools that may be
> >> able to help.
> >>
> >>
> >> Simon.
> >>
> >>
> >
> > Cool, I didn't knew that there is an authoritative mode :-)
> >
> > After removing
> >
> > interface=net0
> > no-dhcp-interface=net0
> >
> > and adding
> >
> > auth-server=vms.mydomain.com,net0
> > auth-zone=vms.mydomain.com,2a01:xxxx:xxxx:xxxx::/64
> >
> > dnsmasq answers to "AAAA" queries. "A" queries get NXDOMAIN.
> >
> > How can I now configure the "autoritative part" of dnsmasq to answer
> > with a "static A record" for *.vms.mydomain.com?
> >
> > Something like address=/vm.mydomain.com/x.x.x.x doesn't seem to work...
> 
> address= lines don't work for the authoritative stuff. In fact there's 
> no way to a widlcard - sorry.
> 
> If there was you'd need an auth-zone for the relevant IPv4 subnet, of 
> course.
> 
> Maybe I should think about wildcards.
> 
> Simon.

My idea was to configure the dns entries for *.vms.mydomain.com as
described above, and put then put a CNAME on the "real" domains pointing
to these entries.

So users with IPv6 access could reach the container directly, IPv4-only
world reaches the proxy which forwards everything transparently.

Florian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20130731/d58fe05e/attachment.pgp>

More information about the Dnsmasq-discuss mailing list