[Dnsmasq-discuss] Auth zone definition without DHCP generated entries possible?

[Björn Schmidt]

I'd like to use dnsmasq also to define some zones as authoritative 
server and then have those zones transferred via AXFR to a public secondary.

I did setup this to the best of my knowledge and it's working 90% as 
expected.

However whatever I put in auth-zone, for instance:

--auth-zone=my.domain,exclude:192.168.0.0/16 # explicitly excluding lan 
range but this only affects manual --host-record entries

or

--auth-zone=my.domain,0.0.0.0/32 #including no ips at all but this only 
affects manual --host-record entries

or

--auth-zone=my.domain,lo #using lo in the hope dhcp not serving lo

or

--interface-name=my.domain,lo #using lo in the hope dhcp not serving lo

This only affects A/AAAA entries that were manually added.

If I do an AXFR (for testing to an internal ip (served via dhcp)) I 
always also get entries for all the known local devices.


The man page explains:

In the default mode, where a DHCP lease has an unqualified name, and 
possibly a qualified name constructed using --domain then the name in 
the authoritative zone is constructed from the unqualified name and the 
zone's domain. This may or may not equal that specified by --domain. If 
--dhcp-fqdn is set, then the fully qualified names associated with DHCP 
leases are used, and must match the zone's domain.

Questions:

Is It even possible to suppress this behaviour for certain zones?

Or do I only get those entries cause my AXFR query host is a net served 
by the dhcp server part of dnsmasq?

In general, how can I stop leaking of dhcp host infos out to certain 
zones (and maybe restrict that behaviour only to the zone defined in 
--domain?