[Dnsmasq-discuss] auth-server reverse zones / Re: PTR records with auth-zone and auth-server

[Lutz Preßler]

Hello Simon,

On Do, 03 Apr 2014, Simon Kelley wrote:

> On 03/04/14 08:22, Craig McQueen wrote:
> > I'm using dnsmasq 2.68. It's mostly working, however I'm having a few
> > troubles with PTR records when using auth-zone and auth-server. If I use
> > these options, then:
> > 
> > * PTR look-up of IP addresses defined by interface-name=example.lan,br0
> > return an answer, but the returned status is NXDOMAIN rather than NOERROR.
(Coincidentally yesterday I found that problem, too)
> 
> That's a bug, nasty one. Fix pushed to git,
Thanks, works.
> 
> > * No custom PTR records can be defined with ptr-record.
> 
> That's behaving as documented, --ptr-record doesn't appear in the list
> of data included in an authoritative zone given in the AUTHORITATIVE
> CONFIGURATION section of the man page. The reason is, I think, that
> PTR-records can have any name, not just w.x.y.x.in-addr.arpa. It's
> therefore difficult to use the subnet(s) associated with an auth-zone to
> filter them. It would be possible to filter on the name using the domain
> associated with an auth zone, and filter w.x.y.x.in-addr.arpa on the
> subnet. That's quite complex to understand/document/use.
Obviously I'm missing something. Why cannot PTR replies be filtered on
either x.y.x.in-addr.arpa / ...d.c.b.a.ip6.arpa fitting associated
subnets (maybe complicated by the non-nibble IPv4 case) OR any PTR content
for defined auth-zone-s?
(Btw, in the documentation it sometimes reads "ipv6.arpa" instead of 
"ip6.arpa".)

To add to the wish list: I'd really like the ability to also do AXFRs
for reverse zones. Is the difficulty to enumerate the records?
Usage is an DNSSEC signing front-end server.

Another question: dnsmasq is not sending NOTIFYs, is it?

Regards,
  Lutz
-- 
Lutz Preßler, Göttingen, Germany