[Dnsmasq-discuss] Becoming authoritative DNS for additional netblock
Albert ARIBAUD
albert.aribaud at free.fr
Wed Dec 2 07:43:05 GMT 2015
Hi "A C",
Le Tue, 1 Dec 2015 22:46:40 -0800
A C <agcme at hotmail.com> a écrit:
> On 2015-12-01 22:22, Albert ARIBAUD wrote:
> > Hi "A C",
> >
> > Cc:ing Simon in case the problem is indeed a weird dependency of
> > "server=" on "local=" -- or to ascertain it doesn't.
> >
> > Le Tue, 1 Dec 2015 19:53:37 -0800
> > A C <agcme at hotmail.com> a écrit:
> >
> >> I just got it working. Your statement "but if the first line wins"
> >> gave me an idea. I cleaned up the config file and put these two
> >> lines in with this specific order:
------------------------------------------------------
> >> server=/vpn.example.com/10.0.0.140
> >> local=/vpn.example.com/
------------------------------------------------------
> >> This is exactly reversed of the order I was using (I had local
> >> first, then server). It works now, any machine on the main
> >> network can send a DNS query to the router for any of the VPN
> >> machines and the query is forwarded over to the VPN server (I am
> >> able to see the packet arrive on the VPN server).
> >>
> >> So perhaps the documents should add that the server/local lines are
> >> order specific when handling subdomains of the base local domain
> >> otherwise it attempts to be authoritative for all of the domain
> >> even if there are other server lines. The server line works fine
> >> for external domains because they don't conflict with the local
> >> domain (in fact I've used them before for that purpose, to fix
> >> broken outside DNS servers by routing specific domains to
> >> alternate DNS servers). I just had never tried a subdomain of my
> >> own domain and I simply duplicated an old server line all of which
> >> came after the local directive at the top of the file.
> > I am not sure that two lines are needed for one subdomain -- the
> > documentation imples that "server=" does not need a "companion" line
> > with "local=", and logically, no local= line should be needed for a
> > server= line to work.
> >
> > Did you try just removing the "local=/vpn..." line from the (now)
> > working config?
> >
> > If it still works with just the "server=" line, then your problem
> > was elsewhere and some other change of yours has fixed it.
> >
> > If it needs the "local=" line along with the "server=" line to work,
> > then there is a weird problem indeed, which IMO justifies my cc:ing
> > Simon.
> >
>
>
> The local=/vpn.../ line is already gone, only my base domain is local.
This does not match the extract you gave above (which I marked with
lines in this reply) where you have two lines where the domain part of
the local= directive starts with "vpn."
I infer that what you have in your working config is not
server=/vpn.example.com/10.0.0.140
local=/vpn.example.com/
as indicated above, but actually
server=/vpn.example.com/10.0.0.140
local=/example.com/
and what you witness is that it works in this order, but will not work
in that order:
local=/example.com/
server=/vpn.example.com/10.0.0.140
Am I correct?
Amicalement,
--
Albert.
More information about the Dnsmasq-discuss
mailing list