[Dnsmasq-discuss] How to declare dnsmasq as authoritative for the 10.x subnet?
Simon Kelley
simon at thekelleys.org.uk
Sat Sep 8 15:53:50 BST 2018
On 06/09/18 15:36, Wojtek Swiatek wrote:
> Hello everyone,
>
> Following the documentation for auth-zone, I tried to declare my dnsmasq
> server as authoritative for the 10.0.0.0/8 <http://10.0.0.0/8> zone (I
> server several IP sub-ranges in 10.x). Unfortunately, whatever I try I
> end up with
>
> Sep 06 16:29:28 bind named[4677]: zone 10.in-addr.arpa/IN: refresh:
> non-authoritative answer from master 10.100.10.254#53 (source 0.0.0.0#0)
>
> on the secondary bind server (the direct zones are transferred OK).
>
> How should I set this up? I tried
>
> auth-zone=10.0.0.0/8 <http://10.0.0.0/8>
> auth-zone=10.in-addr.arpa
>
> but none of them worked (no errors in dnsmasq, just the bind message above).
>
> Thanks for any pointers!
>
>
auth-zone specifies the zone within the domain-name tree first, then
(optionally) the subnet range which gets serverd for reverse queries, so
something like
auth-zone=swtk.info/0.0.0.0/8
would do the trick.
The important thing to understand about dnsmasq is that it continues to
work as a normal DNS forwarder, and only acts as an authoritative server
when queries arrive at a particular interface or address. Typically,
it's acting as DNS forwarder on "internal" networks, and as
authoritative when queries arrive from the "internet" side of the router
it's running on. To tell it which queries to answer in authoritative
mode, you need to use the --auth-server configuration.
There's quite a long step-by-step guide to setting up auth mode as a
separate section of the man page. It's worth reading that.
Cheers
Simon.
Cheers,
Simon.
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list