[Dnsmasq-discuss] inconsistent use of a server=/example.com/<ip_addr> specification

Brian J. Murrell brian at interlinx.bc.ca
Mon Nov 25 17:41:22 GMT 2019


I am using version 2.80 and finding dnsmasq's specification of a
domain->server_address configuration to be inconsistent.  My dnsmasq
configuration has:

/etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247

But observe the effects of this configuration:

# dig example.com. ns

; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54659
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: db73aa72005723f41aa030675ddc02cdc50f67cb39133a14 (good)
;; QUESTION SECTION:
;example.com.		IN	NS

;; ANSWER SECTION:
example.com.	86400	IN	NS	server.example.com.

;; ADDITIONAL SECTION:
server.example.com.	1200	IN	A	10.75.22.247
server.example.com.	1200	IN	AAAA	fd31:aeb1:48df::2

;; Query time: 73 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 25 11:35:25 EST 2019
;; MSG SIZE  rcvd: 165

# dig mail.example.com.

; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> mail.example.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17966
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.example.com.		IN	A

;; ANSWER SECTION:
mail.example.com.	300	IN	A	9.1.1.18

;; Query time: 45 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 25 11:43:59 EST 2019
;; MSG SIZE  rcvd: 65

# dig example.com. ns

; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35073
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com.		IN	NS

;; ANSWER SECTION:
example.com.	60	IN	NS	ns5.he.net.
example.com.	60	IN	NS	ns1.he.net.
example.com.	60	IN	NS	ns3.he.net.
example.com.	60	IN	NS	server.example.ca.
example.com.	60	IN	NS	ns2.he.net.
example.com.	60	IN	NS	ns4.he.net.

;; Query time: 52 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 25 11:45:34 EST 2019
;; MSG SIZE  rcvd: 169

As you can see, the first dig returned the proper NS value for the
domain as specified in the dnsmasq configuration.  But the second dig
command returned the address 9.1.1.18 for mail.example.com.  That is
the wrong address.  That is the address that the global Internet copy
of that zone has for that name, not the copy on 10.75.22.247.  Then the
third dig command, which is a duplicate of the first command starts
returning the global Internet addresses for the NSes of example.com,
not the 10.75.22.247 that is configured into dnsmasq.

So somehow, that "server=/example.com/10.75.22.247" is being discarded
by dnsmasq in favour of the global Internet's NS addresses for that
domain.

To be clear, that domain exists both on the global Internet with
addresses suitable for the global Internet but it also exists, with
different content, suitable for the private network at 10.75.22.247. 
dnsmasq should only ever be looking at that latter copy, per the
configuration directive.  But that doesn't seem to be what's happening.
It seems to start out that way and then at some point reverts to the
global Internet copy of the domain.

Thoughts?

b.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20191125/fb63ccb2/attachment.sig>


More information about the Dnsmasq-discuss mailing list