[Dnsmasq-discuss] auth-server reverse zones / Re: PTR records with auth-zone and auth-server

[Simon Kelley]

On 04/04/14 10:47, Lutz Preßler wrote:
> Hello Simon,
> 
> On Do, 03 Apr 2014, Simon Kelley wrote:
> 
>> On 03/04/14 08:22, Craig McQueen wrote:
>>> I'm using dnsmasq 2.68. It's mostly working, however I'm having a few
>>> troubles with PTR records when using auth-zone and auth-server. If I use
>>> these options, then:
>>>
>>> * PTR look-up of IP addresses defined by interface-name=example.lan,br0
>>> return an answer, but the returned status is NXDOMAIN rather than NOERROR.
> (Coincidentally yesterday I found that problem, too)
>>
>> That's a bug, nasty one. Fix pushed to git,
> Thanks, works.
>>
>>> * No custom PTR records can be defined with ptr-record.
>>
>> That's behaving as documented, --ptr-record doesn't appear in the list
>> of data included in an authoritative zone given in the AUTHORITATIVE
>> CONFIGURATION section of the man page. The reason is, I think, that
>> PTR-records can have any name, not just w.x.y.x.in-addr.arpa. It's
>> therefore difficult to use the subnet(s) associated with an auth-zone to
>> filter them. It would be possible to filter on the name using the domain
>> associated with an auth zone, and filter w.x.y.x.in-addr.arpa on the
>> subnet. That's quite complex to understand/document/use.
> Obviously I'm missing something. Why cannot PTR replies be filtered on
> either x.y.x.in-addr.arpa / ...d.c.b.a.ip6.arpa fitting associated
> subnets (maybe complicated by the non-nibble IPv4 case) OR any PTR content
> for defined auth-zone-s?
> (Btw, in the documentation it sometimes reads "ipv6.arpa" instead of 
> "ip6.arpa".)
> 
> To add to the wish list: I'd really like the ability to also do AXFRs
> for reverse zones. Is the difficulty to enumerate the records?
> Usage is an DNSSEC signing front-end server.
> 
> Another question: dnsmasq is not sending NOTIFYs, is it?

Wishlist for version 2.70 opened.......


Cheers,


Simon.

> 
> Regards,
>   Lutz
>