[Dnsmasq-discuss] make synth-domain a authoritative response
Simon Kelley
simon at thekelleys.org.uk
Thu Mar 15 16:14:01 GMT 2018
On 11/03/18 02:43, Markus Hartung wrote:
> I have dug a little more and I can't think of this behaviour to be
> nothing else than a bug.
>
> I have made a simple config now to reproduce the bug:
>
> Start server with this command:
>
> dnsmasq -p 1153 --synth-domain=hartmark.se,2001:db8::/64,dynamic-
> --auth-server=ns1.hartmark.se,192.168.1.1
> --auth-zone=hartmark.se,192.168.1.1,2001:db8::/64
> --auth-soa=,hostmaster.hartmark.se,1200,180,1209600 --ho
> st-record=foo.hartmark.se,2001:db8::f00 -d --bind-dynamic
>
> Replace 192.168.1.1 with your local ip.
>
> Run these dig:s
>
> 1. dig -p 1153 -x 2001:db8::f00
>
> 2. dig -p 1153 -x 2001:db8::f00 @192.168.1.1
>
> 3. dig -p 1153 -x 2001:db8::d00
>
> 4. dig -p 1153 -x 2001:db8::d00 @192.168.1.1
>
>
> dig 1 and 2 both return foo.hartmark.se as response. 1 is using
> localhost (127.0.0.1 or ::1) and that is not part of neither auth-server
> and auth-zone
>
> dig 3 returns dynamic-2001-db8--d00.hartmark.se
>
> dig 4 returns NXDOMAIN
>
>
> Have I misunderstood something?? From my understanding it seems dnsmasq
> doesn't check synth-domain when responding on requests where dnsmasq is
> authoritative.
>
>
Is it a bug if it fulfils the specification? :-)
The section of the man page on AUTHORITATIVE CONFIGURATION lists all the
sources of data for an auth zone, and it doesn't include synth-domain.
So there's no bug :)
The main reason that synth-domain is not included is that it makes doing
domain-transfer difficult. That sends every record in the domain to a
secondary server, and synth-domain would rapdily balloon into a LOT of
records (especially in IPv6-land).
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list