[Dnsmasq-discuss] dnsmasq reverse auth zone transfers
Petr Menšík
pemensik at redhat.com
Mon Apr 3 16:11:10 UTC 2023
If dnsmasq on the router is down, what exactly those hosts would be able
to do? Ping themselves? I expect the casa.lan assigns addresses via DHCP.
dnsmasq can provide zone transfer ability when --auth-zone is used. But
I would not recommend it for your use. Windows DNS should cache
previously queried hosts, so even on small downtime it will serve their
addresses. Abilities of dnsmasq are limited, it is not full fledged
named server, which can send notifies on every change in dns zone. It
does not support incremental transfers. Zones would need to query
dnsmasq for serial number changes. There is some support for auth zone
and downloads, but forwarding seems better suited to me. Also much more
tested.
I would expect various incompatibilities with AXFR downloads, because
dnsmasq implements just small subset of common primary server features.
On 3/31/23 17:32, Juanca wrote:
>
>
> El vie, 31 mar 2023 a las 17:29, Andrew Miskell
> (<andrewmiskell at mac.com>) escribió:
>
> You technically don’t need a zone transfer, you can use a
> conditional forwarder on the Active Directory DNS. Setup a
> conditional forwarder for casa.lan and point it to the IP of your
> router where dnsmasq is running. After that, when AD DNS receives
> a query for anything in the casa.lan domain, it’ll forward the
> query to dnsmasq and it’ll respond with the appropriate IP address.
>
> More details:
> https://www.interfacett.com/blogs/windows-server-how-to-configure-a-conditional-forwarder-in-dns/
>
>
> Thanks for your fast response. But in case that casa.lan is down, no
> resolve is made. That is why I'd like to make zone transfers.
>
> Regards
>
>> On Mar 31, 2023, at 10:25 AM, Juanca <emaildejuanca at gmail.com> wrote:
>>
>>
>>
>> El vie, 31 mar 2023 a las 2:45, Andrew Miskell
>> (<andrewmiskell at mac.com>) escribió:
>>
>> What exactly are you trying to accomplish? Your windows
>> clients to be able to resolve the clients on your router’s
>> domain (casa.lan) via DNS?
>> Yes, this is what I need, but I'm unable to list the clients
>> from the dominio.lab windows server machine.
>>
>>
>>
>> Sent from my iPhone
>>
>>> On Mar 30, 2023, at 18:45, Juanca <emaildejuanca at gmail.com>
>>> wrote:
>>>
>>>
>>> I appreciate these tips
>>>
>>> Do you think that I should write a new post?
>>>
>>>
>>> Thanks!!
>>>
>>>
>>> Regards
>>>
>>> El vie, 31 mar 2023 a las 1:11, Geert Stappers
>>> (<stappers at stappers.nl>) escribió:
>>>
>>> On Wed, Mar 29, 2023 at 06:25:25PM +0200, Juanca wrote:
>>> > Hi,
>>> >
>>> > I'm using dnsmasq in muy tomato router (mips arch).
>>> This is the main dns
>>> > sever for my home (casa.lan). Also, I've a windows
>>> server lab, with a
>>> > domain and it's own dns server as well (dominio.lab).
>>> I need the windows
>>> > server to be able to get all the dns clients from main
>>> dns server in my
>>> > router, so I'm trying to make a transfer zone from
>>> router to windows dns
>>> > server. I'm facing some issues, and I've just read
>>> that dnsmasq does not
>>> > provide reverse zone transfer. I've also just found a
>>> fork that says toi be
>>> > able to make it possible (basezen/dnsmasq: Fork of
>>> Simon Kelley's dnsmasq
>>> > to add IPv6 zone transfer. Proposed patch (github.com
>>> <http://github.com/>)
>>> > <https://github.com/basezen/dnsmasq>), but it seems
>>> quite complicated for
>>> > me to compile and make it work in my router.
>>> >
>>> > As you can see, I'm not an expert in dns stuff, so
>>> it's being difficult to
>>> > me to understand all options, and the way I should be
>>> configuring it.
>>> >
>>> > What I really need is to make my windows server be
>>> able to "get and see"
>>> > all my dnsmasq router's dns clients (for example, in
>>> case my router shuts
>>> > down, and my windows server's clients should be able
>>> to resolve router's
>>> > dns clients). Also, I'd need the very same, but
>>> viceversa, so in case of my
>>> > windows server fails, my dnsmasq router's dns server
>>> is able to resolve my
>>> > windows server's dns clients.
>>> >
>>> > My question is..
>>> > is it able for me to get it working without needing
>>> any patch?
>>>
>>> > I'd love to have some tips from you guys.
>>>
>>> Tips:
>>> - Do not ask others what your limits should be ( "able
>>> for me" )
>>> - Drop restrictions ( "without needing any ..." )
>>> - Use open questions (avoid "get it working [yes/no]"
>>> questions)
>>>
>>>
>>> > Please, let me know if I should give you any other
>>> information
>>>
>>> Tell your audience what they might be missing.
>>> Explain them the cool thing that you want, aim for
>>> common interrest.
>>>
>>>
>>> > Thanks a lot in advance
>>>
>>> No, not accepted.
>>> Express "thanks" when you get something usefull.
>>>
>>>
>>> > Regards
>>> > Juanca
>>>
>>>
>>>
>>> Groeten
>>> Geert Stappers
>>> --
>>> Silence is hard to parse
>>>
>>> _______________________________________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>>>
>>> _______________________________________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230403/09dda272/attachment-0001.htm>
More information about the Dnsmasq-discuss
mailing list