Re: dnsmasq and SOA

To: debian-user@lists.debian.org
Subject: Re: dnsmasq and SOA
From: Reco <recoverym4n@gmail.com>
Date: Fri, 9 Mar 2018 21:21:34 +0300
Message-id: <[🔎] 20180309182133.wu2ss2cckj4546qn@p5k.home>
In-reply-to: <[🔎] 018d38c4-540b-8bcc-c107-379a210b3430@free.fr>
References: <[🔎] 20180301063654.b3s65pefbtu4vqmn@p5k.home> <[🔎] 1520457572.7912.1.camel@free.fr> <[🔎] 20180308085118.uire3qhcwzsnqtpq@p5k.home> <[🔎] 28d076f1-7f33-e6e8-a503-cd7bda5e37a0@free.fr> <[🔎] 130aad30-883c-110c-5ed3-fba3af12bd95@free.fr> <[🔎] 20180309073248.c7jn6fthh2phubz6@i5378.home> <[🔎] 018d38c4-540b-8bcc-c107-379a210b3430@free.fr>

	Hi.

On Fri, Mar 09, 2018 at 06:25:24PM +0100, Jacques Rodary wrote:
> > On Fri, Mar 09, 2018 at 03:34:27AM +0100, Jacques Rodary wrote:
> > 
> > > ;; AUTHORITY SECTION:
> > > rodary.net.             600     IN      NS      .
> > > rodary.net.             600     IN      NS      ns6.gandi.net.
> Here is my new dnsmasq.conf:
>     no-dhcp-interface=enp2s0
>     auth-server=ns.rodary.net,88.170.1.143
>     auth-zone=rodary.net
>     auth-soa=2018022800,root.ns.rodary.net,10800,3600,10800
>     auth-sec-servers=ns6.gandi.net
>     dhcp-range=10.42.0.20,10.42.0.200,infinite
> I added the auth-server line, and "dig in soa rodary.net" gives:
>     ;; ANSWER SECTION:
>     rodary.net.             600     IN      SOA     ns.rodary.net.
> root.ns.rodary.net. 2018022801 10800 3600             10800 600
>     ;; AUTHORITY SECTION:
>     rodary.net.             600     IN      NS      ns.rodary.net.
>     rodary.net.             600     IN      NS      ns6.gandi.net.
>     ;; Query time: 0 msec
>     ;; SERVER: 88.170.1.143#53(88.170.1.143)
> which means ns.rodary.net is SOA of my zone and ns6.gandi.net is slave
> server. Without master server the root zone "." servers were authoritative
> for my zone (as they are for all zones).
> > > Hate to break it to you, but it seems to fail for everyone else.
> > > Today "dig in soa rodary.net" gives me SERVFAIL.
> Tell me please if it works now.

Yup, all lights are green:

; <<>> DiG 9.10.3-P4-Debian <<>> in soa rodary.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31015
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;rodary.net.                    IN      SOA

;; ANSWER SECTION:
rodary.net.             599     IN      SOA     ns.rodary.net.
root.ns.rodary.net. 2018022801 10800 3600 10800 600

Save this config elsewhere just in case. A backup never hurts.


> > > I don't understand quite well how NetworkManager works.
> > I don't understand it either, but frankly I don't need to. IP adresses,
> > routing table and packet flow are the state of the kernel. Using
> > always-running userland tool for their configuration *may* be
> > appropriate in certain cases (DHCP, anyone?), but for your typical
> > server environment such cases do not apply.
> > That said, for your typical server environment nothing beats ifupdown.
> > So my advice is - if you need a predictable behaviour - you exterminate
> > NetworkManager, connman and other fancy toys, and stick to the ifupdown,
> > or maybe systemd-networkd.
> I may do that soon. Thanks for your precious help.

You're welcome.

Reco

Reply to:

References:
- Re: Re: dnsmasq and SOA
  - From: Reco <recoverym4n@gmail.com>
- Re: Re: Re: dnsmasq and SOA
  - From: RODARY Jacques <rodaryj@free.fr>
- Re: Re: Re: dnsmasq and SOA
  - From: Reco <recoverym4n@gmail.com>
- Re: dnsmasq and SOA
  - From: Jacques Rodary <rodaryj@free.fr>
- Re: dnsmasq and SOA
  - From: Jacques Rodary <rodaryj@free.fr>
- Re: dnsmasq and SOA
  - From: Reco <recoverym4n@gmail.com>
- Re: dnsmasq and SOA
  - From: Jacques Rodary <rodaryj@free.fr>

Prev by Date: Re: Help needed with home network configuration
Next by Date: Re: Help needed with home network configuration
Previous by thread: Re: dnsmasq and SOA
Next by thread: Re: Were is gapcmon?
Index(es):
- Date
- Thread