Discussion:
[Dnsmasq-discuss] Split horizon DNS for NATed LAN with auth-server/auth-zone directives
Eric Engstrom
2018-11-27 19:39:49 UTC
Permalink
In a split horizon situation with an external name server providing the
external resolution of (some) records, I want to be able to have dnsmasq
be authoritative for a NATed subnet (10.7.0.0/16) such that PTR (and
SRV, etc) records are automatically created and returned when queried.

Having read the man page section on "AUTHORITATIVE CONFIGURATION", I
believe the right answer is simply these two directives:

auth-server=mydomain.net
auth-zone=mydomain.net,10.7.0.0/16

Note that I'm NOT putting any interface on the `auth-server` directive.

So, question may be simple: Is that sufficient? Complete?

So far, it appears as if it is both. Resolution of the top-level domain
host (A) record (e.g. mydomain.net) is working correctly, as are local
hostnames and reverse (PTR) lookups. This is working even though I
don't have any `host-record` entries for that or other external-only
resolveable records. Should I be adding those for our top level
domain or for things like MX, even though they would duplicate records I
maintain on our external NS?

FWIW, without those two new directives, including all of my other
configuration to handle the split-horizon situation, including multiple
internal VLANs, using `localize-queries`, and other options as well,
dnsmasq works as I would expect and has for years. I've just lived
without PTR records until now.

Thanks,
Eric
--
Eric Engstrom - ***@mtu.net - PGP Key: 0xC440235DF11F74CF
$/='O'; eval ($_='print $_^pack"c25",<DATA>');
__END__
58O7O26O26O84O65O74O48O42O24O4O17O75O114O6O64O89O2O68O93O39O42O49O51O52
Loading...