On Wed, Mar 07, 2018 at 10:19:32PM +0100, RODARY Jacques wrote:
Sorry for my last post: I sent a draft mail instead of the
corrected one. Let's go back to my own concern: dnsmasq and soa,
if you don't mind. Here is my dnsmasq.conf file:
Shouldn't I add a "auth-peer=188.8.131.52" line for AXFR to
ns6.gandi.net? With all my stupid previous acts, I don't dare to try
specially when it could affect outside hosts e.g. my registrar.
I never tried it myself, but the manpage says this on auth-peer:
If this option is not given, then AXFR requests will be accepted from
The way I understand it, your configuration should work without
auth-peer, while being somewhat insecure. You may need to specify
ns6.gandi.net as secondary through auth-sec-servers, on the other hand.
Yet your configuration does not work, apparently, as 'dig +trace'
shows me this:
rodary.net. 3600 IN SOA ns.rodary.net.
root.ns.rodary.net. 2018022101 10800 3600 604800 3600
rodary.net. 3600 IN NS ns.rodary.net.
rodary.net. 3600 IN NS ns6.gandi.net.
;; Received 169 bytes from 184.108.40.206#53(ns6.gandi.net) in 64 ms