[Dnsmasq-discuss] Dnsmasq responding with SOA instead of A

Aaron Germuth aagermuth at gmail.com
Mon Jul 11 22:53:21 BST 2016 

Hey Albert,

Thanks for the reply and sorry about that. The dig command used is

dig @100.108.108.176 b.local.example.com A.

100.108.108.176 is the IP of my dns server. This dns server has an entry in
/etc/hosts mapping
b.local.example.com -> 1.2.3.50.

My domain 'example.com' has a RR:
local.example.com      NS     3600   MY_DNS_SERVER.com

I'm expecting the following dig response (which i get when running it
locally on my dns server):

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @100.108.108.176 b.local.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24172
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;b.local.example.com. IN A

;; ANSWER SECTION:
b.local.example.com. 600 IN A 1.2.3.50

;; Query time: 0 msec
;; SERVER: 100.108.108.176#53(100.108.108.176)
;; WHEN: Mon Jul 11 17:38:03 EDT 2016
;; MSG SIZE  rcvd: 51

The response if ran from the other computer is:

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @100.108.108.176 b.local.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25320
;; flags: qr aa rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;b.local.example.com. IN A

;; AUTHORITY SECTION:
local.example.com. 600 IN SOA   MY_DNS_SERVER.com.
hostmaster.MY_DNS_SERVER.com
<http://hostmaster.cpe-dynamic-dns.hot.corp.google.com>. 1468262852 1200
180 1209600 600

;; Query time: 60 msec
;; SERVER: 100.108.108.176#53(100.108.108.176)
;; WHEN: Mon Jul 11 14:32:23 PDT 2016
;; MSG SIZE  rcvd: 1

The only filtering I've done is changing the domain to example.com and
replacing MY_DNS_SERVER url. Otherwise its copy paste. I don't think the
exact URL should matter?

Let me know if you need anything else.

Thanks,

Aaron

On Mon, Jul 11, 2016 at 2:26 PM Albert ARIBAUD <albert.aribaud at free.fr>
wrote:

> Hi Aaron,
>
> Le Mon, 11 Jul 2016 20:20:56 +0000
> Aaron Germuth <aagermuth at gmail.com> a écrit:
>
> > Hey guys,
> >
> > I'm trying to run my own dnsmasq instance on a computer. I want it to
> > be authoritative for my domain (local.example.com). However I am
> > getting different results for the same query from different computers.
> >
> > dig @100.108.108.176 b.local.example.com. A
> >
> > When I run this from the dns server itself (100.108.108.176) I get an
> > ip as a response and the following in the logs:
> >
> > Jul 11 14:47:53 MY_DNS_SERVER.com dnsmasq[30817]: query[A]
> > b.local.example.com from 100.108.108.176
> > Jul 11 14:47:53 MY_DNS_SERVER.com dnsmasq[30817]: /etc/hosts 1.2.3.50
> > is b.local.example.com
> >
> > When I run this from a different computer on a different network I do
> > not get an IP. Instead dig returns an a SOA pointing to itself
> > (MY_DNS_SERVER.com). Furthermore, the logs show the following:
> >
> > Jul 11 14:49:29 MY_DNS_SERVER.com dnsmasq[30817]: auth[A]
> > b.local.example.com from 172.27.88.26
> > Jul 11 14:49:29 MY_DNS_SERVER.com dnsmasq[30817]: auth
> > b.local.example.com is NODATA-IPv4
> >
> > I'm not sure whats happening. It seems it interprets one as a
> > query[A] and one auth[A]. It seems in the 2nd response it thinks it
> > doesn't know how to handle that domain so it returns who it thinks is
> > authoritative for that domain, which is itself. This is what my
> > dnsmasq.conf looks like:
> >
> > auth-server=MY_DNS_SERVER.com,eth0
> > auth-zone=local.example.com,eth0
> >
> > log-queries
> >
> > #do not read resolv.conf to find servers where to lookup dns
> > no-resolv
> > #do not poll resolve.conf for changes
> > no-poll
> >
> > #address to use when address not local
> > server=8.8.8.8
> > server=4.4.4.4
> >
> > local=/local.example.com/
> > domain=local.example.com
> >
> > If you need any more information, let me know.
>
> First thing you should do is not to filter out or explain the dig
> commands you use and their results, but instead to just copy-paste the
> command and its output. Here, for instance, none of what you provide
> allows checking how the request was sent exactly, and what principal
> and additional info was returned.
>
> > Thanks,
> >
> > Aaron
>
> Amicalement,
> --
> Albert.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160711/16997fee/attachment-0001.html>

More information about the Dnsmasq-discuss mailing list