[Dnsmasq-discuss] inconsistent use of a server=/example.com/<ip_addr> specification
Geert Stappers
stappers at stappers.nl
Mon Nov 25 19:59:12 GMT 2019
On Mon, Nov 25, 2019 at 01:44:48PM -0500, Brian J. Murrell wrote:
> On Mon, 2019-11-25 at 19:15 +0100, Geert Stappers wrote:
> > On 25-11-2019 18:41, Brian J. Murrell wrote:
> >
> > > I am using version 2.80 and finding dnsmasq's specification of a
> > > domain->server_address configuration to be inconsistent. My dnsmasq
> > > configuration has:
> > >
> > > /etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247
> > >
> > > But observe the effects of this configuration:
> > >
> > > # dig example.com. ns
> > > example.com. 86400 IN NS server.example.com.
> > > server.example.com. 1200 IN A 10.75.22.247
> > > server.example.com. 1200 IN AAAA fd31:aeb1:48df::2
> > >
> > > # dig mail.example.com.
> > > mail.example.com. 300 IN A 9.1.1.18
> > >
> > > # dig example.com. ns
> > > example.com. 60 IN NS ns5.he.net.
> > > example.com. 60 IN NS ns1.he.net.
> > > example.com. 60 IN NS ns3.he.net.
> > > example.com. 60 IN NS server.example.ca.
> > > example.com. 60 IN NS ns2.he.net.
> > > example.com. 60 IN NS ns4.he.net.
> > >
> > > As you can see, the first dig returned the proper NS value for the
> > > domain as specified in the dnsmasq configuration. But the second dig
> > > command returned the address 9.1.1.18 for mail.example.com. That is
> > > the wrong address. That is the address that the global Internet copy
> > > of that zone has for that name, not the copy on 10.75.22.247. Then the
> > > third dig command, which is a duplicate of the first command starts
> > > returning the global Internet addresses for the NSes of example.com,
> > > not the 10.75.22.247 that is configured into dnsmasq.
> > >
> > > So somehow, that "server=/example.com/10.75.22.247" is being discarded
> > > by dnsmasq in favour of the global Internet's NS addresses for that
> > > domain.
> > >
> > > To be clear, that domain exists both on the global Internet with
> > > addresses suitable for the global Internet but it also exists, with
> > > different content, suitable for the private network at 10.75.22.247.
> > > dnsmasq should only ever be looking at that latter copy, per the
> > > configuration directive. But that doesn't seem to be what's happening.
> > > It seems to start out that way and then at some point reverts to the
> > > global Internet copy of the domain.
> > >
> > > Thoughts?
> > >
> >
> > hostname && cat /etc/resolv.conf
> >
>
> # hostname
> host.example.com
Please confirm that each of the above `dig` commands
was **all** done at `host.example.com`
Please, pretty please, say if I missed that `dig example.com. ns` was
done on two different machines.
> # cat /etc/resolv.conf
> # Generated by NetworkManager
> search example.com
> nameserver 127.0.0.1
Acknowledge. Please repeat the original test[1] with
dig +short @127.0.0.1 example.com. ns
dig +short @127.0.0.1 mail.example.com.
dig +short @127.0.0.1 example.com. ns
and report back.
Groeten
Geert Stappers
[1] multiple tests
in case multiple servers were involved in the original test.
--
Leven en laten leven
More information about the Dnsmasq-discuss
mailing list