[Dnsmasq-discuss] inconsistent use of a server=/example.com/<ip_addr> specification
Brian J. Murrell
brian at interlinx.bc.ca
Mon Nov 25 17:41:22 GMT 2019
I am using version 2.80 and finding dnsmasq's specification of a
domain->server_address configuration to be inconsistent. My dnsmasq
configuration has:
/etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247
But observe the effects of this configuration:
# dig example.com. ns
; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54659
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: db73aa72005723f41aa030675ddc02cdc50f67cb39133a14 (good)
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 86400 IN NS server.example.com.
;; ADDITIONAL SECTION:
server.example.com. 1200 IN A 10.75.22.247
server.example.com. 1200 IN AAAA fd31:aeb1:48df::2
;; Query time: 73 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 25 11:35:25 EST 2019
;; MSG SIZE rcvd: 165
# dig mail.example.com.
; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> mail.example.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17966
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.example.com. IN A
;; ANSWER SECTION:
mail.example.com. 300 IN A 9.1.1.18
;; Query time: 45 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 25 11:43:59 EST 2019
;; MSG SIZE rcvd: 65
# dig example.com. ns
; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35073
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 60 IN NS ns5.he.net.
example.com. 60 IN NS ns1.he.net.
example.com. 60 IN NS ns3.he.net.
example.com. 60 IN NS server.example.ca.
example.com. 60 IN NS ns2.he.net.
example.com. 60 IN NS ns4.he.net.
;; Query time: 52 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 25 11:45:34 EST 2019
;; MSG SIZE rcvd: 169
As you can see, the first dig returned the proper NS value for the
domain as specified in the dnsmasq configuration. But the second dig
command returned the address 9.1.1.18 for mail.example.com. That is
the wrong address. That is the address that the global Internet copy
of that zone has for that name, not the copy on 10.75.22.247. Then the
third dig command, which is a duplicate of the first command starts
returning the global Internet addresses for the NSes of example.com,
not the 10.75.22.247 that is configured into dnsmasq.
So somehow, that "server=/example.com/10.75.22.247" is being discarded
by dnsmasq in favour of the global Internet's NS addresses for that
domain.
To be clear, that domain exists both on the global Internet with
addresses suitable for the global Internet but it also exists, with
different content, suitable for the private network at 10.75.22.247.
dnsmasq should only ever be looking at that latter copy, per the
configuration directive. But that doesn't seem to be what's happening.
It seems to start out that way and then at some point reverts to the
global Internet copy of the domain.
Thoughts?
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20191125/fb63ccb2/attachment.sig>
More information about the Dnsmasq-discuss
mailing list