[Dnsmasq-discuss] Becoming authoritative DNS for additional netblock

[A C]

On 2015-12-01 22:22, Albert ARIBAUD wrote:
> Hi "A C",
>
> Cc:ing Simon in case the problem is indeed a weird dependency of
> "server=" on "local=" -- or to ascertain it doesn't.
>
> Le Tue, 1 Dec 2015 19:53:37 -0800
> A C <agcme at hotmail.com> a écrit:
>
>> I just got it working.  Your statement "but if the first line wins"
>> gave me an idea.  I cleaned up the config file and put these two
>> lines in with this specific order:
>>
>> server=/vpn.example.com/10.0.0.140
>> local=/vpn.example.com/
>>
>> This is exactly reversed of the order I was using (I had local first,
>> then server).  It works now, any machine on the main network can send
>> a DNS query to the router for any of the VPN machines and the query is
>> forwarded over to the VPN server (I am able to see the packet arrive
>> on the VPN server).
>>
>> So perhaps the documents should add that the server/local lines are
>> order specific when handling subdomains of the base local domain
>> otherwise it attempts to be authoritative for all of the domain even
>> if there are other server lines.  The server line works fine for
>> external domains because they don't conflict with the local domain
>> (in fact I've used them before for that purpose, to fix broken
>> outside DNS servers by routing specific domains to alternate DNS
>> servers).  I just had never tried a subdomain of my own domain and I
>> simply duplicated an old server line all of which came after the
>> local directive at the top of the file.
> I am not sure that two lines are needed for one subdomain -- the
> documentation imples that "server=" does not need a "companion" line
> with "local=", and logically, no local= line should be needed for a
> server= line to work.
>
> Did you try just removing the "local=/vpn..." line from the (now)
> working config?
>
> If it still works with just the "server=" line, then your problem was
> elsewhere and some other change of yours has fixed it.
>
> If it needs the "local=" line along with the "server=" line to work,
> then there is a weird problem indeed, which IMO justifies my cc:ing
> Simon.
>


The local=/vpn.../ line is already gone, only my base domain is local.

Without the server=/vpn.../ line, it does not work (local with no server
was my very original configuration).  With the server line after local
it does not work either.  But with server first and local last it works
fine.

My whole (working) configuration:

interface=br0
domain-needed
bogus-priv
filterwin2k
localise-queries
domain=example.com
expand-hosts
server=/vpn.example.com/10.0.0.140
server=/0.100.10.in-addr.arpa/10.0.0.140
local=/example.com/
dhcp-authoritative
dhcp-range=10.0.10.100,10.0.10.105,255.255.0.0,24h
dhcp-leasefile=/tmp/dhcp.leases
read-ethers
dhcp-option=3,10.0.0.1
dhcp-option=6,10.0.0.1
dhcp-option=42,10.0.0.141

My original configuration was exactly the same above except the server
lines were not present (commented copies from older configurations were
present).  When I added them they were all located below
local=/example.com/ (that's where the commented copies were located). 
Once I moved local=/example.com/ below server=//, it worked.  I tested
again by swapping the lines in the above configuration, with local first
the whole thing fails but with local last it works.