Markus Hartung
2018-03-11 02:43:06 UTC
I have dug a little more and I can't think of this behaviour to be
nothing else than a bug.
I have made a simple config now to reproduce the bug:
Start server with this command:
dnsmasq -p 1153 --synth-domain=hartmark.se,2001:db8::/64,dynamic-
--auth-server=ns1.hartmark.se,192.168.1.1
--auth-zone=hartmark.se,192.168.1.1,2001:db8::/64
--auth-soa=,hostmaster.hartmark.se,1200,180,1209600 --ho
st-record=foo.hartmark.se,2001:db8::f00 -d --bind-dynamic
Replace 192.168.1.1 with your local ip.
Run these dig:s
1. dig -p 1153 -x 2001:db8::f00
2. dig -p 1153 -x 2001:db8::f00 @192.168.1.1
3. dig -p 1153 -x 2001:db8::d00
4. dig -p 1153 -x 2001:db8::d00 @192.168.1.1
dig 1 and 2 both return foo.hartmark.se as response. 1 is using
localhost (127.0.0.1 or ::1) and that is not part of neither auth-server
and auth-zone
dig 3 returns dynamic-2001-db8--d00.hartmark.se
dig 4 returns NXDOMAIN
Have I misunderstood something?? From my understanding it seems dnsmasq
doesn't check synth-domain when responding on requests where dnsmasq is
authoritative.
Kind regards,
Markus
nothing else than a bug.
I have made a simple config now to reproduce the bug:
Start server with this command:
dnsmasq -p 1153 --synth-domain=hartmark.se,2001:db8::/64,dynamic-
--auth-server=ns1.hartmark.se,192.168.1.1
--auth-zone=hartmark.se,192.168.1.1,2001:db8::/64
--auth-soa=,hostmaster.hartmark.se,1200,180,1209600 --ho
st-record=foo.hartmark.se,2001:db8::f00 -d --bind-dynamic
Replace 192.168.1.1 with your local ip.
Run these dig:s
1. dig -p 1153 -x 2001:db8::f00
2. dig -p 1153 -x 2001:db8::f00 @192.168.1.1
3. dig -p 1153 -x 2001:db8::d00
4. dig -p 1153 -x 2001:db8::d00 @192.168.1.1
dig 1 and 2 both return foo.hartmark.se as response. 1 is using
localhost (127.0.0.1 or ::1) and that is not part of neither auth-server
and auth-zone
dig 3 returns dynamic-2001-db8--d00.hartmark.se
dig 4 returns NXDOMAIN
Have I misunderstood something?? From my understanding it seems dnsmasq
doesn't check synth-domain when responding on requests where dnsmasq is
authoritative.
Kind regards,
Markus