[Dnsmasq-discuss] Authorized DNS served by dnsmasq is not recognized by third-parties resolvers

Frank fhriley at gmail.com
Sat Jul 18 15:40:05 BST 2020


This is the configuration I’m using to have dnsmasq as an authoritative server for my domain. I’m not using any cnames, though, so I don’t know if that works.

auth-server=dns.example.com,eth0
auth-zone=example.com,192.168.0.0/16
host-record=dns.example.com,192.168.1.224
domain=example.com
local=/example.com/

> On Jul 18, 2020, at 3:38 AM, Nicholas Guriev <guriev-ns at ya.ru> wrote:
> 
> I have investigated the issue deeper and discovered that dnsmasq does
> not set the "Authority Answer" bit in its replies, and so some resolvers
> do not accept such responses. Then I have modified dnsmasq
> source so
> that it always returns the AA bit, and the problem gone, all resolvers
> that I tested, give right demo IP.
> 
> I just commented out authority check in answer_auth(). This should not
> be considered as a complete solution, treat this as an illustration.
> Unfortunately, I do not get how the auth, the local_auth and the
> local_query flags effect on each other, and so I can not prepare a
> better patch. And I hope someone will offer a real fix of the issue with
> authority mode for dnsmasq.
> 
> diff -Nru dnsmasq-2.81/src/auth.c dnsmasq-2.82~rc1/src/auth.c
> --- dnsmasq-2.81/src/auth.c·    2020-04-08 20:33:15.000000000 +0300
> +++ dnsmasq-2.82~rc1/src/auth.c·2020-07-17 12:43:21.000000000 +0300
> @@ -844,7 +844,7 @@
>   header->hb4 &= ~HB4_AD;
> ·
>   /* authoritative */
> -  if (auth)
> +  //if (auth)
>     header->hb3 |= HB3_AA;
> ···
>   /* truncation */
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss




More information about the Dnsmasq-discuss mailing list