[Dnsmasq-discuss] Authoritative and recursive service from the same interface
Marc Heckmann
marc.w.heckmann at gmail.com
Fri Sep 28 23:07:34 BST 2018
Very nice, I will test this.
I am curious though: what will be used for the NS record if the auth-server
configuration is omitted?
-m
On Fri, Sep 28, 2018 at 4:42 PM Simon Kelley <simon at thekelleys.org.uk>
wrote:
> On 28/09/18 02:33, Marc Heckmann wrote:
> > Hello,
> >
> > I'm currently running dnsmasq in a Docker container and have setup a
> > domain for which dnsmasq is to be authoritative for. This is to do
> > subdomain delegation to the dnsmasq server. I am using the auth-server &
> > auth-zone configuration options for this. This works as expected and is
> > verifiable using dig with the "+norecurse" option to query for the NS
> > and SOA records. However, as it's a Docker container, I only have and
> > actually need a single interface (eth0) and when I specify eth0 in the
> > "auth-server" option, i.e "auth-server=<glue_record>,eth0", I noticed
> > that it stops answering recursive queries for names that it is not
> > authoritative for.
> >
> > I worked around this by replacing "eth0" with an IP that is not present
> > in the container's network namespace and dnsmasq now does what I want
> > which is to answer to both non-recursive and recursive queries from the
> > same interface.
> >
> > My question is the following: Are there any side effects to this hack?
> > Is there any reason why dnsmasq should not be able to provide recursive
> > and authoritative service from the same interface? I can understand the
> > security reasons for wanting to prevent this on an Internet exposed
> > interface, but why not at allow for an option to officially support
> > providing both kinds of service on the same interface?
> >
> > Thanks.
> >
> > -m
> >
> >
>
>
> This patch, in the pending 2.80 release, addresses this, is allows you
> to omit the auth-server configuration and get both recursive and
> authoritative answers on the interface(s) that dnsmasq is listening on.
>
>
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=397c0502e255ea0a470982666dea93e0b2f52043
>
>
>
> Cheers,
>
> Simon.
>
>
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180928/3920005f/attachment.html>
More information about the Dnsmasq-discuss
mailing list