[Dnsmasq-discuss] AA bit on auth-zone
Bryce Larson
blarson at saltstack.com
Thu Jul 23 17:06:31 BST 2020
I've been using dnsmasq as an authoritative server for my lan under a
subdomain of my regular domain. So something like lan.example.com is the
internal only zone, where lan.example.com is delegated from example.com
which is available to the public internet. I have dnssec on example.com,
but obviously not on lan.example.com since dnsmasq doesn't automatically
create dnssec records.
When resolving those with systemd-resolved, It shows servfail.
I used https://dnsviz.net to check what was up and it said the problem was
that the AA bit wasn't getting set in the responses.
my relevant config is something like
domain=lan.example.com
auth-server=int-ns1.example.com # this is the dnsmasq server
auth-zone=lan.example.com
Am I doing something wrong? It seems like a bug to not have dnsmasq add
the AA bit to responses that are part of an auth-zone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20200723/aa2fc83d/attachment.html>
More information about the Dnsmasq-discuss
mailing list