Re: dnsmasq and SOA

To: Reco <recoverym4n@gmail.com>, debian-user@lists.debian.org
Subject: Re: dnsmasq and SOA
From: Jacques Rodary <rodaryj@free.fr>
Date: Fri, 9 Mar 2018 18:25:24 +0100
Message-id: <[🔎] 018d38c4-540b-8bcc-c107-379a210b3430@free.fr>
In-reply-to: <[🔎] 20180309073248.c7jn6fthh2phubz6@i5378.home>
References: <[🔎] 20180301063654.b3s65pefbtu4vqmn@p5k.home> <[🔎] 1520457572.7912.1.camel@free.fr> <[🔎] 20180308085118.uire3qhcwzsnqtpq@p5k.home> <[🔎] 28d076f1-7f33-e6e8-a503-cd7bda5e37a0@free.fr> <[🔎] 130aad30-883c-110c-5ed3-fba3af12bd95@free.fr> <[🔎] 20180309073248.c7jn6fthh2phubz6@i5378.home>



On 09/03/2018 08:32, Reco wrote:

	Hi.

On Fri, Mar 09, 2018 at 03:34:27AM +0100, Jacques Rodary wrote:

;; AUTHORITY SECTION:
rodary.net.             600     IN      NS      .
rodary.net.             600     IN      NS      ns6.gandi.net.

Here is my new dnsmasq.conf:
    no-dhcp-interface=enp2s0
    auth-server=ns.rodary.net,88.170.1.143
    auth-zone=rodary.net
    auth-soa=2018022800,root.ns.rodary.net,10800,3600,10800
    auth-sec-servers=ns6.gandi.net
    dhcp-range=10.42.0.20,10.42.0.200,infinite
I added the auth-server line, and "dig in soa rodary.net" gives:
    ;; ANSWER SECTION:

rodary.net. 600 IN SOA ns.rodary.net.root.ns.rodary.net. 2018022801 10800 3600 10800 600

    ;; AUTHORITY SECTION:
    rodary.net.             600     IN      NS      ns.rodary.net.
    rodary.net.             600     IN      NS      ns6.gandi.net.
    ;; Query time: 0 msec
    ;; SERVER: 88.170.1.143#53(88.170.1.143)

which means ns.rodary.net is SOA of my zone and ns6.gandi.net is slaveserver. Without master server the root zone "." servers wereauthoritative for my zone (as they are for all zones).

Hate to break it to you, but it seems to fail for everyone else.
Today "dig in soa rodary.net" gives me SERVFAIL.

Tell me please if it works now.

and even if I don't quite understand why "." (the root) is my secondary
server, I suppose it means  I succeeded to have my host as a stealth server!

I believe that it means that somehow you're announcing authority on root
domain. I would advise against it.

No, root servers announced authority on rodary.net, since nobody elsedelegated this authority.

I don't understand quite well how NetworkManager works.

I don't understand it either, but frankly I don't need to. IP adresses,
routing table and packet flow are the state of the kernel. Using
always-running userland tool for their configuration *may* be
appropriate in certain cases (DHCP, anyone?), but for your typical
server environment such cases do not apply.
That said, for your typical server environment nothing beats ifupdown.
So my advice is - if you need a predictable behaviour - you exterminate
NetworkManager, connman and other fancy toys, and stick to the ifupdown,
or maybe systemd-networkd.

I may do that soon. Thanks for your precious help.
    Jacques

Reply to:

Follow-Ups:
- Re: dnsmasq and SOA
  - From: Reco <recoverym4n@gmail.com>

References:
- Re: Re: dnsmasq and SOA
  - From: Reco <recoverym4n@gmail.com>
- Re: Re: Re: dnsmasq and SOA
  - From: RODARY Jacques <rodaryj@free.fr>
- Re: Re: Re: dnsmasq and SOA
  - From: Reco <recoverym4n@gmail.com>
- Re: dnsmasq and SOA
  - From: Jacques Rodary <rodaryj@free.fr>
- Re: dnsmasq and SOA
  - From: Jacques Rodary <rodaryj@free.fr>
- Re: dnsmasq and SOA
  - From: Reco <recoverym4n@gmail.com>

Prev by Date: Re: Help needed with home network configuration
Next by Date: Re: Help needed with home network configuration
Previous by thread: Re: dnsmasq and SOA
Next by thread: Re: dnsmasq and SOA
Index(es):
- Date
- Thread