[Dnsmasq-discuss] inconsistent use of a server=/example.com/<ip_addr> specification
Geert Stappers
geert.stappers at hendrikx-itc.nl
Mon Nov 25 18:15:59 GMT 2019
On 25-11-2019 18:41, Brian J. Murrell wrote:
> I am using version 2.80 and finding dnsmasq's specification of a
> domain->server_address configuration to be inconsistent. My dnsmasq
> configuration has:
>
> /etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247
>
> But observe the effects of this configuration:
>
> # dig example.com. ns
>
> ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54659
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 4
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: db73aa72005723f41aa030675ddc02cdc50f67cb39133a14 (good)
> ;; QUESTION SECTION:
> ;example.com. IN NS
>
> ;; ANSWER SECTION:
> example.com. 86400 IN NS server.example.com.
>
> ;; ADDITIONAL SECTION:
> server.example.com. 1200 IN A 10.75.22.247
> server.example.com. 1200 IN AAAA fd31:aeb1:48df::2
>
> ;; Query time: 73 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Nov 25 11:35:25 EST 2019
> ;; MSG SIZE rcvd: 165
>
> # dig mail.example.com.
>
> ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> mail.example.com.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17966
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;mail.example.com. IN A
>
> ;; ANSWER SECTION:
> mail.example.com. 300 IN A 9.1.1.18
>
> ;; Query time: 45 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Nov 25 11:43:59 EST 2019
> ;; MSG SIZE rcvd: 65
>
> # dig example.com. ns
>
> ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35073
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;example.com. IN NS
>
> ;; ANSWER SECTION:
> example.com. 60 IN NS ns5.he.net.
> example.com. 60 IN NS ns1.he.net.
> example.com. 60 IN NS ns3.he.net.
> example.com. 60 IN NS server.example.ca.
> example.com. 60 IN NS ns2.he.net.
> example.com. 60 IN NS ns4.he.net.
>
> ;; Query time: 52 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Nov 25 11:45:34 EST 2019
> ;; MSG SIZE rcvd: 169
>
> As you can see, the first dig returned the proper NS value for the
> domain as specified in the dnsmasq configuration. But the second dig
> command returned the address 9.1.1.18 for mail.example.com. That is
> the wrong address. That is the address that the global Internet copy
> of that zone has for that name, not the copy on 10.75.22.247. Then the
> third dig command, which is a duplicate of the first command starts
> returning the global Internet addresses for the NSes of example.com,
> not the 10.75.22.247 that is configured into dnsmasq.
>
> So somehow, that "server=/example.com/10.75.22.247" is being discarded
> by dnsmasq in favour of the global Internet's NS addresses for that
> domain.
>
> To be clear, that domain exists both on the global Internet with
> addresses suitable for the global Internet but it also exists, with
> different content, suitable for the private network at 10.75.22.247.
> dnsmasq should only ever be looking at that latter copy, per the
> configuration directive. But that doesn't seem to be what's happening.
> It seems to start out that way and then at some point reverts to the
> global Internet copy of the domain.
>
> Thoughts?
>
hostname && cat /etc/resolv.conf
More information about the Dnsmasq-discuss
mailing list