[Dnsmasq-discuss] Split horizon DNS for NATed LAN with auth-server/auth-zone directives

Eric Engstrom engstrom+dnsmasq at mtu.net
Tue Nov 27 19:39:49 GMT 2018


In a split horizon situation with an external name server providing the
external resolution of (some) records, I want to be able to have dnsmasq
be authoritative for a NATed subnet (10.7.0.0/16) such that PTR (and
SRV, etc) records are automatically created and returned when queried.

Having read the man page section on "AUTHORITATIVE CONFIGURATION", I
believe the right answer is simply these two directives:

  auth-server=mydomain.net
  auth-zone=mydomain.net,10.7.0.0/16

Note that I'm NOT putting any interface on the `auth-server` directive.

So, question may be simple:  Is that sufficient?  Complete?

So far, it appears as if it is both.  Resolution of the top-level domain
host (A) record (e.g. mydomain.net) is working correctly, as are local
hostnames and reverse (PTR) lookups.  This is working even though I
don't have any `host-record` entries for that or other external-only
resolveable records.    Should I be adding those for our top level
domain or for things like MX, even though they would duplicate records I
maintain on our external NS?

FWIW, without those two new directives, including all of my other
configuration to handle the split-horizon situation, including multiple
internal VLANs, using `localize-queries`, and other options as well,
dnsmasq works as I would expect and has for years.  I've just lived
without PTR records until now.

Thanks,
Eric
-- 
Eric Engstrom - engstrom at mtu.net - PGP Key: 0xC440235DF11F74CF
$/='O'; eval ($_='print $_^pack"c25",<DATA>');
__END__
58O7O26O26O84O65O74O48O42O24O4O17O75O114O6O64O89O2O68O93O39O42O49O51O52



More information about the Dnsmasq-discuss mailing list