[Dnsmasq-discuss] can an authoritative dnsmasq forward queries as well?
Harald Dunkel
harald.dunkel at aixigo.de
Fri Mar 20 13:17:18 GMT 2015
Hi folks,
Question: Can I use the same dnsmasq as an authoritative
DNServer as well as a forwarder for external queries?
No DHCP, but static tables in /etc/hosts and /etc/ethers.
dnsmasq is version 2.72
Here is my configuration:
domain-needed
bogus-priv
no-resolv
server=8.8.4.4
all-servers
auth-server=hosting.example.com,10.10.111.11
auth-zone=hosting.example.com,10.10.111.0/24
auth-sec-servers=172.19.88.123,172.19.88.124
domain=hosting.example.com,10.10.111.0/24,local
expand-hosts
read-ethers
cache-size=1024
log-queries
log-dhcp
log-facility=/var/log/dnsmasq.log
hosting.example.com can use itself to resolve queries
for foo.hosting.example.com and for "external" hostnames.
Other hosts in 10.10.111.0/24 can use this server to
resolve foo.hosting.example.com as well, but if they
query for external hostnames, then they get "WARNING:
recursion requested but not available". Sample:
# dig @10.10.111.11 www.heise.de A
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @10.10.111.11 www.heise.de A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49662
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.heise.de. IN A
;; Query time: 0 msec
;; SERVER: 10.10.111.11#53(10.10.111.11)
;; WHEN: Thu Mar 19 15:51:35 2015
;; MSG SIZE rcvd: 30
I spent (way too) many hours to figure out why dnsmasq doesn't
act as a forwarder for all hosts in the local subnet in this
case. AFAICS the configuration should work, but maybe I missed
something. Every helpful comment is highly appreciated.
Harri
--
aixigo AG, Karl-Friedrich-Strasse 68, 52072 Aachen, Germany
phone: +49 241 559709-79, fax: +49 241 559709-99
eMail: harald.dunkel at aixigo.de, web: http://www.aixigo.de
Amtsgericht Aachen - HRB 8057, Vorstand: Erich Borsch, Christian Friedrich, Tobias Haustein, Vors. des Aufsichtsrates: Prof. Dr. Ruediger von Nitzsch
More information about the Dnsmasq-discuss
mailing list