[Dnsmasq-discuss] Help required with Zone authority & transfers due Docker

Geert Stappers stappers at stappers.nl
Sun Aug 22 19:42:57 UTC 2021


Hi,


On Thu, Aug 19, 2021 at 11:40:02AM +0100, Kevin Tedder wrote:
> I've been running DNSMASQ v2.72 on a RPI 1A very successfully at home for
> the past few years.
> 
> I can run 'dig', 'host' and 'nslookup' and resolve any name, both locally
> and across the I'net.   I can also run 'host -l home' (zone transfer) from
> my home domain.  Everything works just as I want it.
> 
>  
     .....
>  
> 
> I now want to port it across to a RPI 3B running OpenMediaVault-5 and
> docker.    I thought this would be simple since I only have to build a
> docker image, using DNSMASQ v2.8, and port the DNSMASQ.CONF file across.
>  
> 
> I can resolve my local devices and perform a zone transfer,  but cannot
> resolve any remote names across the I'net.
> 
>  
> 
> # dig www.bbc.co.uk
> ; <<>> DiG 9.8.4-P2 <<>> www.bbc.co.uk
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11869
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>  
> ;; QUESTION SECTION:
> ;www.bbc.co.uk.                 IN      A
> 
> ;; Query time: 1 msec
> ;; SERVER: 192.168.1.72#53(192.168.1.72)
> ;; WHEN: Thu Aug 19 11:14:50 2021
> ;; MSG SIZE  rcvd: 31
> 
>  
     ...
>  
> 
> However, if I reconfigure dnsmasq to no longer be authorative for my home
> domain, I can perform 'dig', 'host' and 'nslookup' to resolve any name, both
> locally and across the I'net.
> 
> But, I cannot perform a zone transfer
> 
> # host -v -l home.
> Trying "home"
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62729
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;
> ; Transfer failed.
> 
>  
> 
> Clearly I'm doing something wrong but I cannot see what it is.

https://datatracker.ietf.org/doc/html/rfc1925 section 6,
comes to mind.  Consider that as an odd way to express
that adding technology is no garantee for instant improvement.  ;-)


> Any guidance would be gratefully appreciated.

It doesn't work that way.  Understand that the biggest change in the
"upgrade" was adding Docker to the equation. So tell more that new part.



Groeten
Geert Stappers
-- 
Silence is hard to parse



More information about the Dnsmasq-discuss mailing list