[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: dnsmasq and SOA

On Thu, Mar 01, 2018 at 02:04:40AM +0100, RODARY Jacques wrote:
> 	I learnt about dnsmasq when I used Tor to see wiki, thanks for this hint. For now it works but I am not sure your help about auth-soa is all I need to get
> notifying to the other name server.

Ok.

> I just added this line: 
> 			"auth-soa=2018022800,root.ns.rodary.net,10800,3600,10800" 
> in /etc/dnsmasq.conf, and after restarting dnsmasq (systemctl restart dnsmaq.service) I get this result with "systemctl status dnsmaq.service: " dnsmasq.service - dnsmasq
> - A lightweight DHCP and caching DNS server
> ................................
>      
> févr. 28 23:52:33 ns dnsmasq[24452]: ignore le serveur de nom 88.170.1.143 - interface locale
> févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom 217.70.177.40#53
> févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom 212.27.40.240#53
> févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom 212.27.40.241#53
> févr. 28 23:52:33 ns dnsmasq[24452]: aucun serveur trouvé dans /run/dnsmasq/resolv.conf, va réessayer
> févr. 28 23:52:33 ns dnsmasq[24452]: Lecture de /run/dnsmasq/resolv.conf
> févr. 28 23:52:33 ns dnsmasq[24452]: ignore le serveur de nom 88.170.1.143 - interface locale
> févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom 217.70.177.40#53
> févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom 212.27.40.240#53
> févr. 28 23:52:33 ns dnsmasq[24452]: utilise le serveur de nom 212.27.40.241#53"
> 	
> First 88.170.1.14 is my main IP to the outside, is it local?

My French is *very* rusty (tried to learn the language back in high
school, and that was some time ago). I remember some expletives vaguely,
but that's it.

Can you please provide your dnsmasq.conf? A simple

grep -v '^#' /etc/dnsmasq.conf | uniq

would suffice.

> Second, before I added the refresh,retry, expire fields, supposed to have defaults values (said man 8
> dnsmasq), I had another line in the output: 
> 	"févr. 28 23:20:17 ns dnsmasq[24453]: Too few arguments."

Dnsmasq can be stubborn sometimes. While manpage says that everything
except serial is optional, it may not be the truth.

The idea is that you define "auth-zone" for your domain first, and
create a SOA record for it with "auth-soa" secord.


> Does this mean dnsmasq will notify the other name server (ns6.gandi.net,  217.70.177.40#53) when needed?

Your registered domain is "rodary.net", so that means that your
registrar nameserver should see appropriate SOA record.
The question is - does it see it now? What does show (your DNS):

dig in soa rodary.net @127.0.0.1


Because dig shows old SOA record for me:

dig in soa rodary.net

rodary.net.             3599    IN      SOA     ns.rodary.net.  root.ns.rodary.net. 2018022101 10800 3600 604800 3600


> For now this server answers query about hosts I didn't put in
> /etc/hosts? 

Unless you put some domains into "local" stanza, queries for such domain
should be resolved via nameservers put in /etc/resolv.conf or "server"
stanza. In your case it's resolv.conf.

The exception to the rule is auto-registered DHCP leases. As long as
DHCP client provides "client-id" identifier, dnsmasq should create
temporary A and PTR records for such client.

Reco
Reply to: