[Dnsmasq-discuss] Becoming authoritative DNS for additional netblock

A C agcme at hotmail.com
Wed Dec 2 14:11:38 GMT 2015


On 2015-12-02 00:50, Albert ARIBAUD wrote:
> Hi "A C",
>
> Le Wed, 2 Dec 2015 00:00:06 -0800
> A C <agcme at hotmail.com> a écrit:
>
>>> I infer that what you have in your working config is not
>>>
>>> 	server=/vpn.example.com/10.0.0.140
>>> 	local=/vpn.example.com/
>>>
>>> as indicated above, but actually
>>>
>>> 	server=/vpn.example.com/10.0.0.140 
>>> 	local=/example.com/
>>>
>>> and what you witness is that it works in this order, but will not
>>> work in that order:
>>>
>>> 	local=/example.com/
>>> 	server=/vpn.example.com/10.0.0.140
>>>
>>> Am I correct?
>>>
>>
>> Yes, that was a typo on my part.  The actual config file has
>> local=/example.com/ I just typed the vpn into the email by accident. 
>> The config file has no other local directives.
>>
>> Also, your final observation is correct.  If local appears before
>> server, the queries to the subdomain fail.  If local appears after
>> server it works.  Just for fun I tried out a couple extra server lines
>> that point to entirely different domains outside of mine (e.g.
>> server=/example.org/1.2.3.4 where local=/example.com/).  In that case
>> the position of server and local doesn't matter the query is forwarded
>> as I remembered from previous usage.  So there appears to be an
>> interaction between local and server when both contain the same domain
>> and the order must be from most specific to least specific.
> Hmm. Option --local is supposed to be syntactic sugar for "--server
> without a server IP" (or maybe even just a synonym if the manpage is
> literal about it), and --server is supposed to be order-insensitive,
> so it /looks/ like the dnsmasq documentation and actual behaviour differ
> here.
>
> I guess at this point, Simon (now To:) is the one to confirm the issue
> and analysis.
>
> Amicalement,

Yes, it does look that way.  It also appears that it causes issues with
setting up reverse (i.e. in-addr.arpa) lookups, too.  I configured the
VPN server's dnsmasq to be local for both vpn.example.com and for
0.100.10.in-addr.arpa (two local statements) and lookups directed to it
are fine.  But when I add a server directive to the router's config to
redirect 0.100.10.in-addr.arpa over to the VPN server
(server=/0.100.10.in-addr.arpa/10.0.0.140) it behaves strangely. 
Depending on the order, sometimes it forwards the query and other times
it doesn't.  In either case it ignores replies.  It actually causes a
loop, ping ponging queries back and forth between the two systems.  I
had to disable that for now but I would like to get that sorted too,
that might need be another thread unless they're related.



More information about the Dnsmasq-discuss mailing list