Re: dnsmasq and SOA
Hi.
On Fri, Mar 09, 2018 at 06:25:24PM +0100, Jacques Rodary wrote:
> > On Fri, Mar 09, 2018 at 03:34:27AM +0100, Jacques Rodary wrote:
> >
> > > ;; AUTHORITY SECTION:
> > > rodary.net. 600 IN NS .
> > > rodary.net. 600 IN NS ns6.gandi.net.
> Here is my new dnsmasq.conf:
> no-dhcp-interface=enp2s0
> auth-server=ns.rodary.net,88.170.1.143
> auth-zone=rodary.net
> auth-soa=2018022800,root.ns.rodary.net,10800,3600,10800
> auth-sec-servers=ns6.gandi.net
> dhcp-range=10.42.0.20,10.42.0.200,infinite
> I added the auth-server line, and "dig in soa rodary.net" gives:
> ;; ANSWER SECTION:
> rodary.net. 600 IN SOA ns.rodary.net.
> root.ns.rodary.net. 2018022801 10800 3600 10800 600
> ;; AUTHORITY SECTION:
> rodary.net. 600 IN NS ns.rodary.net.
> rodary.net. 600 IN NS ns6.gandi.net.
> ;; Query time: 0 msec
> ;; SERVER: 88.170.1.143#53(88.170.1.143)
> which means ns.rodary.net is SOA of my zone and ns6.gandi.net is slave
> server. Without master server the root zone "." servers were authoritative
> for my zone (as they are for all zones).
> > > Hate to break it to you, but it seems to fail for everyone else.
> > > Today "dig in soa rodary.net" gives me SERVFAIL.
> Tell me please if it works now.
Yup, all lights are green:
; <<>> DiG 9.10.3-P4-Debian <<>> in soa rodary.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31015
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;rodary.net. IN SOA
;; ANSWER SECTION:
rodary.net. 599 IN SOA ns.rodary.net.
root.ns.rodary.net. 2018022801 10800 3600 10800 600
Save this config elsewhere just in case. A backup never hurts.
> > > I don't understand quite well how NetworkManager works.
> > I don't understand it either, but frankly I don't need to. IP adresses,
> > routing table and packet flow are the state of the kernel. Using
> > always-running userland tool for their configuration *may* be
> > appropriate in certain cases (DHCP, anyone?), but for your typical
> > server environment such cases do not apply.
> > That said, for your typical server environment nothing beats ifupdown.
> > So my advice is - if you need a predictable behaviour - you exterminate
> > NetworkManager, connman and other fancy toys, and stick to the ifupdown,
> > or maybe systemd-networkd.
> I may do that soon. Thanks for your precious help.
You're welcome.
Reco
Reply to: