[Dnsmasq-discuss] Help required with Zone authority & transfers

Simon Kelley simon at thekelleys.org.uk
Mon Aug 23 20:22:57 UTC 2021


I think the problem is that you're configuring dnsmasq to be a recursive
server listening on 102.168.1.172 with

listen-address=192.168.1.72

and configuring it to be an authoritative server listening on
102.168.1.172 with

auth-server=home,192.168.1.72

It can do one or the other, but not both.


Simon.


On 19/08/2021 11:40, Kevin Tedder wrote:
> I’ve been running DNSMASQ v2.72 on a RPI 1A very successfully at home
> for the past few years.
> 
> I can run ‘dig’, ‘host’ and ‘nslookup’ and resolve any name, both
> locally and across the I’net.   I can also run ‘host –l home’ (zone
> transfer) from my home domain.  Everything works just as I want it.
> 
>  
> 
> The extract from the working DNSMASQ.CONF is:
> 
> server=8.8.8.8
> 
> server=8.8.4.4
> 
> # Set this DNS as Authorative for our domain
> 
> #auth-server=home,192.168.1.68
> 
> auth-zone=home,ariel.home
> 
> auth-sec-servers=home
> 
> host-record=ariel.home,192.168.1.68
> 
> local=/home/
> 
> interface=eth0
> 
> listen-address=127.0.0.1
> 
>  
> 
>  
> 
> I now want to port it across to a RPI 3B running OpenMediaVault-5 and
> docker.    I thought this would be simple since I only have to build a
> docker image, using DNSMASQ v2.8, and port the DNSMASQ.CONF file
> across.    I was wrong.
> 
>  
> 
> I can resolve my local devices and perform a zone transfer,  but cannot
> resolve any remote names across the I’net.
> 
>  
> 
> # dig www.bbc.co.uk
> 
>  
> 
> ; <<>> DiG 9.8.4-P2 <<>> www.bbc.co.uk
> 
> ;; global options: +cmd
> 
> ;; Got answer:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11869
> 
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; WARNING: recursion requested but not available
> 
>  
> 
> ;; QUESTION SECTION:
> 
> ;www.bbc.co.uk.                 IN      A
> 
>  
> 
> ;; Query time: 1 msec
> 
> ;; SERVER: 192.168.1.72#53(192.168.1.72)
> 
> ;; WHEN: Thu Aug 19 11:14:50 2021
> 
> ;; MSG SIZE  rcvd: 31
> 
>  
> 
> The extract from the DNSMASQ.CONF is :
> 
> server=8.8.8.8
> 
> server=8.8.4.4
> 
> # Set this DNS as Authorative for our domain
> 
> auth-server=home,192.168.1.72
> 
> host-record=home,192.168.1.72
> 
> auth-zone=home,192.168.1.72/24
> 
> auth-sec-servers=home
> 
> listen-address=127.0.0.1
> 
> listen-address=192.168.1.72
> 
> no-dhcp-interface=enxb827ebb41d1e      #  I don’t want two DHCP servers
> running yet whilst I port this
> 
>  
> 
>  
> 
> However, if I reconfigure dnsmasq to no longer be authorative for my
> home domain, I can perform ‘dig’, ‘host’ and ‘nslookup’ to resolve any
> name, both locally and across the I’net.
> 
> But, I cannot perform a zone transfer
> 
> # host -v -l home.
> 
> Trying "home"
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62729
> 
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
>  
> 
> ;; QUESTION SECTION:
> 
> ;
> 
> ; Transfer failed.
> 
>  
> 
> The extract from the DNSMASQ.CONF is :
> 
> server=8.8.8.8
> 
> server=8.8.4.4
> 
> # Set this DNS as Authorative for our domain
> 
> #auth-server=home,192.168.1.72                                            #
> removed
> 
> host-record=home,192.168.1.72
> 
> #auth-zone=home,192.168.1.72/24                                        
> # removed
> 
> #auth-sec-servers=home                                                           
> # removed
> 
> listen-address=127.0.0.1
> 
> listen-address=192.168.1.72
> 
> no-dhcp-interface=enxb827ebb41d1e      #  I don’t want two DHCP servers
> running yet whilst I port this
> 
>  
> 
>  
> 
> Clearly I’m doing something wrong but I cannot see what it is.    Any
> guidance would be gratefully appreciated.
> 
>  
> 
> Thanks
> 
> Kevin
> 
>  
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> 



More information about the Dnsmasq-discuss mailing list