[Dnsmasq-discuss] AA bit on auth-zone
Geert Stappers
stappers at stappers.nl
Thu Jul 23 17:46:33 BST 2020
On Thu, Jul 23, 2020 at 10:06:31AM -0600, Bryce Larson wrote:
> I've been using dnsmasq as an authoritative server for my lan under a
> subdomain of my regular domain. So something like lan.example.com is the
> internal only zone, where lan.example.com is delegated from example.com
> which is available to the public internet. I have dnssec on example.com,
> but obviously not on lan.example.com since dnsmasq doesn't automatically
> create dnssec records.
>
> When resolving those with systemd-resolved, It shows servfail.
>
> I used https://dnsviz.net to check what was up and it said the problem was
> that the AA bit wasn't getting set in the responses.
>
> my relevant config is something like
>
> domain=lan.example.com
> auth-server=int-ns1.example.com # this is the dnsmasq server
> auth-zone=lan.example.com
>
> Am I doing something wrong? It seems like a bug to not have dnsmasq add
> the AA bit to responses that are part of an auth-zone.
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q3/014200.html
isn't yet confirmed.
Regards
Geert Stappers
--
Silence is hard to parse
More information about the Dnsmasq-discuss
mailing list