Re: Re: dnsmasq and SOA
On Thu, Mar 01, 2018 at 02:04:40AM +0100, RODARY Jacques wrote:
> I learnt about dnsmasq when I used Tor to see wiki, thanks for this hint. For now it works but I am not sure your help about auth-soa is all I need to get
> notifying to the other name server.
Ok.
> I just added this line:
> "auth-soa=2018022800,root.ns.rodary.net,10800,3600,10800"
> in /etc/dnsmasq.conf, and after restarting dnsmasq (systemctl restart dnsmaq.service) I get this result with "systemctl status dnsmaq.service: " dnsmasq.service - dnsmasq
> - A lightweight DHCP and caching DNS server
> ................................
>
> févr. 28 23:52:33 ns dnsmasq[24452]: ignore le serveur de nom 88.170.1.143 - interface locale
> févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom 217.70.177.40#53
> févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom 212.27.40.240#53
> févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom 212.27.40.241#53
> févr. 28 23:52:33 ns dnsmasq[24452]: aucun serveur trouvé dans /run/dnsmasq/resolv.conf, va réessayer
> févr. 28 23:52:33 ns dnsmasq[24452]: Lecture de /run/dnsmasq/resolv.conf
> févr. 28 23:52:33 ns dnsmasq[24452]: ignore le serveur de nom 88.170.1.143 - interface locale
> févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom 217.70.177.40#53
> févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom 212.27.40.240#53
> févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom 212.27.40.241#53"
>
> First 88.170.1.14 is my main IP to the outside, is it local?
My French is *very* rusty (tried to learn the language back in high
school, and that was some time ago). I remember some expletives vaguely,
but that's it.
Can you please provide your dnsmasq.conf? A simple
grep -v '^#' /etc/dnsmasq.conf | uniq
would suffice.
> Second, before I added the refresh,retry, expire fields, supposed to have defaults values (said man 8
> dnsmasq), I had another line in the output:
> "févr. 28 23:20:17 ns dnsmasq[24453]: Too few arguments."
Dnsmasq can be stubborn sometimes. While manpage says that everything
except serial is optional, it may not be the truth.
The idea is that you define "auth-zone" for your domain first, and
create a SOA record for it with "auth-soa" secord.
> Does this mean dnsmasq will notify the other name server (ns6.gandi.net, 217.70.177.40#53) when needed?
Your registered domain is "rodary.net", so that means that your
registrar nameserver should see appropriate SOA record.
The question is - does it see it now? What does show (your DNS):
dig in soa rodary.net @127.0.0.1
Because dig shows old SOA record for me:
dig in soa rodary.net
rodary.net. 3599 IN SOA ns.rodary.net. root.ns.rodary.net. 2018022101 10800 3600 604800 3600
> For now this server answers query about hosts I didn't put in
> /etc/hosts?
Unless you put some domains into "local" stanza, queries for such domain
should be resolved via nameservers put in /etc/resolv.conf or "server"
stanza. In your case it's resolv.conf.
The exception to the rule is auto-registered DHCP leases. As long as
DHCP client provides "client-id" identifier, dnsmasq should create
temporary A and PTR records for such client.
Reco
Reply to: