Discussion:
[Dnsmasq-discuss] Deferring to external nameserver for certain local domain names
Brandon Beck
2008-01-10 06:47:23 UTC
Permalink
Hi all,

I apologize if this has been asked and answered already. I'm looking for a
way to tell dnsmasq to use an external nameserver for certain names in my
local domain.

My situation is interesting, but I don't think it's an unreasonable one.
I'm using Google's "apps for your domain" service for my email, and in my
public dns entry have a CNAME record that points mail.mydomain.com to
ghs.google.com. On my local network however, dnsmasq believes it knows
everything there is to know about mydomain.com and that since it doesn't see
a dhcp record for mail.mydomain.com one must not exist. Is there a way I
can get dnsmasq to see that CNAME on the public dns server while still
retaining the ability for dnsmasq to pull entries for mydomain.com from
DHCP?


Thanks,
Brandon
r***@frontiernet.net
2008-01-10 08:33:11 UTC
Permalink
Post by Brandon Beck
Hi all,
I apologize if this has been asked and answered already. I'm looking for a
way to tell dnsmasq to use an external nameserver for certain names in my
local domain.
My situation is interesting, but I don't think it's an unreasonable one.
I'm using Google's "apps for your domain" service for my email, and in my
public dns entry have a CNAME record that points mail.mydomain.com to
ghs.google.com. On my local network however, dnsmasq believes it knows
everything there is to know about mydomain.com and that since it doesn't see
a dhcp record for mail.mydomain.com one must not exist. Is there a way I
can get dnsmasq to see that CNAME on the public dns server while still
retaining the ability for dnsmasq to pull entries for mydomain.com from
DHCP?
Thanks,
Brandon
First to answer your question: Is there a way I can get dnsmasq to see
that CNAME on the public dns server while still retaining the ability
for dnsmasq to pull entries for mydomain.com from DHCP?

Yes and No.

dnsmasq is authoritative (or should be) for a particular domain by
design, so no you won't be able to "bypass" dnsmasq for a particular
dns record.

I don't remember a "do not resolv these names locally" option in the
config file.

There is a way to resolv the name locally and force a particular
answer that doesn't have to be on your network.

use your /etc/hosts file on your dnsmasq box and specify the external
ip address for the name "mail" (For the sake of brevity, I'll assume
you know how to do this)

IF google ever changed the ip address of its mail server you would
need to update your dnsmasq config.

In order for this to work you need to make sure that dnsmasq is
reading /etc/hosts in addition to the dhcp lease pool.
Simon Kelley
2008-01-10 09:07:55 UTC
Permalink
Post by Brandon Beck
Hi all,
I apologize if this has been asked and answered already. I'm looking for a
way to tell dnsmasq to use an external nameserver for certain names in my
local domain.
My situation is interesting, but I don't think it's an unreasonable one.
I'm using Google's "apps for your domain" service for my email, and in my
public dns entry have a CNAME record that points mail.mydomain.com to
ghs.google.com. On my local network however, dnsmasq believes it knows
everything there is to know about mydomain.com and that since it doesn't see
a dhcp record for mail.mydomain.com one must not exist. Is there a way I
can get dnsmasq to see that CNAME on the public dns server while still
retaining the ability for dnsmasq to pull entries for mydomain.com from
DHCP?
You can override the knowledge about mydomain.com for more specific domains.

so

server=/mail.mydomain.com/<address of your upstream DNS server>

will send queries to the upstream server for just mail.mydomain.com
(actually for *.mail.mydomain.com too)

That's not perfect, since it means you have to hard-code the IP of the
upstream server rather than using the one in resolv.conf, but it's the
best that's possible, I think.

Cheers,

Simon.
Post by Brandon Beck
Thanks,
Brandon
------------------------------------------------------------------------
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Brandon Beck
2008-01-11 05:03:14 UTC
Permalink
Hi Simon,

I'm trying to implement your suggestion, but I'm having some troubles with
it. Here's what I've done/what I know:

1) I've added the line"server=/mail.isomorphism.org/69.60.109.125" to my
dnsmasq.conf. The ip address corresponds to my primary name server for my
domain (ns.dominia.org).
2) ns.dominia.org has a CNAME record for mail.isomorphism.org mapping it to
ghs.google.com. Here's the line from the bind configuration for this
"mail 43200 IN CNAME ghs.google.com."
3) Externally to my network (e.g. when dnsmasq is not invovled)
mail.isomorphism.org works just fine.
4) Internally it doesn't work properly. Here's as much relevant output
that I could think to collect:

****@server:~$ nslookup mail.isomorphism.org
*Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
mail.isomorphism.org canonical name = ghs.GOOGLE.COM.
ghs.GOOGLE.COM canonical name = ghs.l.GOOGLE.COM.

****@server:~$ dig mail.isomorphism.org
*
; <<>> DiG 9.4.1-P1 <<>> mail.isomorphism.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18191
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.isomorphism.org. IN A

;; ANSWER SECTION:
mail.isomorphism.org. 41407 IN CNAME ghs.GOOGLE.COM.
ghs.GOOGLE.COM. 464425 IN CNAME ghs.l.GOOGLE.COM.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 10 22:46:21 2008
;; MSG SIZE rcvd: 96

****@server:~$ host mail.isomorphism.org
*mail.isomorphism.org is an alias for ghs.GOOGLE.COM.
ghs.GOOGLE.COM is an alias for ghs.l.GOOGLE.COM.

This was collected during the above commands, I bolded what I think is the
relevant line below. I think dnsmasq is doing the right thing in forwarding
the query, but I'm not sure what's going on with the response. It seems to
follow a CNAME chain that ends in ghs.l.google.com which it can't resolve.
Not sure why it works externally to my network.

****@server:~$ tail -f /var/log/syslog*
Jan 10 22:56:45 server dnsmasq[23930]: reading /var/run/dnsmasq/resolv.conf
Jan 10 22:56:45 server dnsmasq[23930]: using nameserver 24.93.41.126#53
Jan 10 22:56:45 server dnsmasq[23930]: using nameserver 24.93.41.125#53
Jan 10 22:56:45 server dnsmasq[23930]: using local addresses only for domain
isomorphism.org
Jan 10 22:56:45 server dnsmasq[23930]: using nameserver 69.60.109.125#53 for
domain mail.isomorphism.org
Jan 10 22:56:45 server dnsmasq[23930]: exiting on receipt of SIGTERM
Jan 10 22:56:45 server dnsmasq[23994]: started, version 2.39 cachesize 150
Jan 10 22:56:45 server dnsmasq[23994]: compile time options: IPv6 GNU-getopt
no-ISC-leasefile DBus I18N TFTP
Jan 10 22:56:45 server dnsmasq[23994]: DHCP, IP range 192.168.1.100 --
192.168.1.200, lease time 12h
Jan 10 22:56:45 server dnsmasq[23994]: using local addresses only for domain
isomorphism.org
Jan 10 22:56:45 server dnsmasq[23994]: using nameserver 69.60.109.125#53 for
domain mail.isomorphism.org
Jan 10 22:56:45 server dnsmasq[23994]: reading /var/run/dnsmasq/resolv.conf
Jan 10 22:56:45 server dnsmasq[23994]: using nameserver 24.93.41.126#53
Jan 10 22:56:45 server dnsmasq[23994]: using nameserver 24.93.41.125#53
Jan 10 22:56:45 server dnsmasq[23994]: using local addresses only for domain
isomorphism.org
Jan 10 22:56:45 server dnsmasq[23994]: using nameserver 69.60.109.125#53 for
domain mail.isomorphism.org
Jan 10 22:56:45 server dnsmasq[23994]: read /etc/hosts - 8 addresses
Jan 10 22:57:22 server dnsmasq[23994]: reading /var/run/dnsmasq/resolv.conf
Jan 10 22:57:22 server dnsmasq[23994]: using nameserver 24.93.41.126#53
Jan 10 22:57:22 server dnsmasq[23994]: using nameserver 24.93.41.125#53
Jan 10 22:57:22 server dnsmasq[23994]: using local addresses only for domain
isomorphism.org
Jan 10 22:57:22 server dnsmasq[23994]: using nameserver 69.60.109.125#53 for
domain mail.isomorphism.org
Jan 10 22:57:56 server dnsmasq[23994]: query[A] mail.isomorphism.org from
127.0.0.1
Jan 10 22:57:56 server dnsmasq[23994]: forwarded mail.isomorphism.org to
69.60.109.125
Jan 10 22:57:57 server dnsmasq[23994]: reply mail.isomorphism.org is <CNAME>
Jan 10 22:57:57 server dnsmasq[23994]: reply ghs.GOOGLE.COM is <CNAME>
*Jan 10 22:57:57 server dnsmasq[23994]: reply ghs.l.GOOGLE.COM is
<NODATA>-IPv4
*Jan 10 22:57:57 server dnsmasq[23994]: query[A] mail.isomorphism.org from
127.0.0.1
Jan 10 22:57:57 server dnsmasq[23994]: cached mail.isomorphism.org is
<CNAME>
Jan 10 22:57:57 server dnsmasq[23994]: cached ghs.GOOGLE.COM is <CNAME>
Jan 10 22:57:57 server dnsmasq[23994]: cached ghs.l.GOOGLE.COM is
<NODATA>-IPv4
Jan 10 22:57:57 server dnsmasq[23994]: query[A] mail.isomorphism.org from
127.0.0.1
Jan 10 22:57:57 server dnsmasq[23994]: cached mail.isomorphism.org is
<CNAME>
Jan 10 22:57:57 server dnsmasq[23994]: cached ghs.GOOGLE.COM is <CNAME>
Jan 10 22:57:57 server dnsmasq[23994]: cached ghs.l.GOOGLE.COM is
<NODATA>-IPv4
Jan 10 22:57:57 server dnsmasq[23994]: query[AAAA] ghs.l.GOOGLE.COM from
127.0.0.1
Jan 10 22:57:57 server dnsmasq[23994]: forwarded ghs.l.GOOGLE.COM to
24.93.41.125
Jan 10 22:57:57 server dnsmasq[23994]: reply ghs.l.GOOGLE.COM is
<NODATA>-IPv6
Jan 10 22:57:57 server dnsmasq[23994]: query[MX] ghs.l.GOOGLE.COM from
127.0.0.1
Jan 10 22:57:57 server dnsmasq[23994]: forwarded ghs.l.GOOGLE.COM to
24.93.41.125

I'm not sure what's going on. I'd appreciate any help you could give here?

Thanks,
Brandon
Post by Simon Kelley
Post by Brandon Beck
Hi all,
I apologize if this has been asked and answered already. I'm looking
for a
Post by Brandon Beck
way to tell dnsmasq to use an external nameserver for certain names in
my
Post by Brandon Beck
local domain.
My situation is interesting, but I don't think it's an unreasonable one.
I'm using Google's "apps for your domain" service for my email, and in
my
Post by Brandon Beck
public dns entry have a CNAME record that points mail.mydomain.com to
ghs.google.com. On my local network however, dnsmasq believes it knows
everything there is to know about mydomain.com and that since it doesn't
see
Post by Brandon Beck
a dhcp record for mail.mydomain.com one must not exist. Is there a way
I
Post by Brandon Beck
can get dnsmasq to see that CNAME on the public dns server while still
retaining the ability for dnsmasq to pull entries for mydomain.com from
DHCP?
You can override the knowledge about mydomain.com for more specific domains.
so
server=/mail.mydomain.com/<address of your upstream DNS server>
will send queries to the upstream server for just mail.mydomain.com
(actually for *.mail.mydomain.com too)
That's not perfect, since it means you have to hard-code the IP of the
upstream server rather than using the one in resolv.conf, but it's the
best that's possible, I think.
Cheers,
Simon.
Post by Brandon Beck
Thanks,
Brandon
------------------------------------------------------------------------
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Simon Kelley
2008-01-11 12:03:55 UTC
Permalink
Post by Brandon Beck
Hi Simon,
I'm trying to implement your suggestion, but I'm having some troubles with
1) I've added the line"server=/mail.isomorphism.org/69.60.109.125" to my
dnsmasq.conf. The ip address corresponds to my primary name server for my
domain (ns.dominia.org).
*
; <<>> DiG 9.4.1-P1 <<>> mail.isomorphism.org
;; global options: printcmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18191
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;mail.isomorphism.org. IN A
mail.isomorphism.org. 41407 IN CNAME ghs.GOOGLE.COM.
ghs.GOOGLE.COM. 464425 IN CNAME ghs.l.GOOGLE.COM.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 10 22:46:21 2008
;; MSG SIZE rcvd: 96
I think the problem is just that you're using the wrong server. I guess
that the primary name server for your domain is configured as just that:
an authoritative nameserver. If instead, you just use the same
nameserver that's in /etc/resolv.conf, probably the recursive nameserver
that's provided by your ISP, then it will just work.

I did the same query as you to 69.60.109.125 and got the same answer. If
I send the query instead to my ISPs nameserver, via dnsmasq, I get the
correct answer

***@spike:~/dnsmasq-2.41/dnsmasq-2.41$ dig mail.isomorphism.org

; <<>> DiG 9.3.2-P1 <<>> mail.isomorphism.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64849
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.isomorphism.org. IN A

;; ANSWER SECTION:
mail.isomorphism.org. 42503 IN CNAME ghs.google.com.
ghs.google.com. 593393 IN CNAME ghs.l.google.com.
ghs.l.google.com. 174 IN A 72.14.207.121

;; Query time: 16 msec
;; SERVER: 192.168.0.4#53(192.168.0.4)
;; WHEN: Fri Jan 11 11:59:14 2008
;; MSG SIZE rcvd: 102


HTH


Simon.


I get exc
Brandon Beck
2008-01-12 15:50:13 UTC
Permalink
Hi Simon,

I looked into this some more. I still feel like maybe something might be
wrong with either my configuration or maybe dnsmasq itself. I just launched
dnsmasq using the -d argument and executed "host mail.isomorphism.org". The
output was slightly different this time and pretty interesting. Here's the
output of the host command:

$ host mail.isomorphism.org
mail.isomorphism.org is an alias for ghs.GOOGLE.COM.
ghs.GOOGLE.COM is an alias for ghs.l.GOOGLE.COM.
Host ghs.l.GOOGLE.COM.austin.rr.com not found: 5(REFUSED)
Host ghs.l.GOOGLE.COM.austin.rr.com not found: 5(REFUSED)

And the output from "dnsmasq -d":

$ sudo dnsmasq -d
dnsmasq: started, version 2.39 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt no-ISC-leasefile DBus I18N
TFTP
dnsmasq: DHCP, IP range 192.168.1.100 -- 192.168.1.200, lease time 12h
dnsmasq: using local addresses only for domain isomorphism.org
dnsmasq: using nameserver 69.60.109.125#53 for domain mail.isomorphism.org
dnsmasq: reading /etc/resolv.conf
dnsmasq: ignoring nameserver 127.0.0.1 - local interface
dnsmasq: using local addresses only for domain isomorphism.org
dnsmasq: using nameserver 69.60.109.125#53 for domain mail.isomorphism.org
dnsmasq: read /etc/hosts - 8 addresses
dnsmasq: query[A] mail.isomorphism.org from 127.0.0.1
dnsmasq: forwarded mail.isomorphism.org to 69.60.109.125
dnsmasq: reply mail.isomorphism.org is <CNAME>
dnsmasq: reply ghs.GOOGLE.COM is <CNAME>
dnsmasq: reply ghs.l.GOOGLE.COM is <NODATA>-IPv4
dnsmasq: query[AAAA] ghs.l.GOOGLE.COM from 127.0.0.1
dnsmasq: query[AAAA] ghs.l.GOOGLE.COM.austin.rr.com from 127.0.0.1
dnsmasq: query[MX] ghs.l.GOOGLE.COM from 127.0.0.1
dnsmasq: query[MX] ghs.l.GOOGLE.COM.austin.rr.com from 127.0.0.1

So it seems like dnsmasq is somehow appending my domain name (
isomorphism.org) to full domain names.

Here is what is effectively in my dnsmasq.conf file (I stripped comments and
blank lines):

$ cat dnsmasq.conf | grep -v "^#" | grep -v "^\s*$"
domain-needed
server=/mail.isomorphism.org/69.60.109.125
local=/isomorphism.org/
except-interface=eth1
expand-hosts
domain=isomorphism.org
dhcp-range=192.168.1.100,192.168.1.200,12h

... bunch of lines mapping MAC address to ip address and name removed ...

dhcp-authoritative
log-queries
log-dhcp


Am I doing something wrong here? Maybe the domain-needed parameter is
causing this?

Thanks,
Brandon
Post by Simon Kelley
Post by Brandon Beck
Hi Simon,
I'm trying to implement your suggestion, but I'm having some troubles
with
Post by Brandon Beck
1) I've added the line"server=/mail.isomorphism.org/69.60.109.125" to
my
Post by Brandon Beck
dnsmasq.conf. The ip address corresponds to my primary name server for
my
Post by Brandon Beck
domain (ns.dominia.org).
*
; <<>> DiG 9.4.1-P1 <<>> mail.isomorphism.org
;; global options: printcmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18191
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;mail.isomorphism.org. IN A
mail.isomorphism.org. 41407 IN CNAME ghs.GOOGLE.COM.
ghs.GOOGLE.COM. 464425 IN CNAME ghs.l.GOOGLE.COM.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 10 22:46:21 2008
;; MSG SIZE rcvd: 96
I think the problem is just that you're using the wrong server. I guess
an authoritative nameserver. If instead, you just use the same
nameserver that's in /etc/resolv.conf, probably the recursive nameserver
that's provided by your ISP, then it will just work.
I did the same query as you to 69.60.109.125 and got the same answer. If
I send the query instead to my ISPs nameserver, via dnsmasq, I get the
correct answer
; <<>> DiG 9.3.2-P1 <<>> mail.isomorphism.org
;; global options: printcmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64849
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;mail.isomorphism.org. IN A
mail.isomorphism.org. 42503 IN CNAME ghs.google.com.
ghs.google.com. 593393 IN CNAME ghs.l.google.com.
ghs.l.google.com. 174 IN A 72.14.207.121
;; Query time: 16 msec
;; SERVER: 192.168.0.4#53(192.168.0.4)
;; WHEN: Fri Jan 11 11:59:14 2008
;; MSG SIZE rcvd: 102
HTH
Simon.
I get exc
Simon Kelley
2008-01-15 19:28:00 UTC
Permalink
Post by Brandon Beck
Hi Simon,
I looked into this some more. I still feel like maybe something might
be wrong with either my configuration or maybe dnsmasq itself.
Yes, you're still using 69.60.109.125 as the upstream server for
mail.isomorphism.org and it's not giving the correct answers, probably
because it's been configured to answer queries about some domains, but
not answer general queries about any domains, and specifically not about
google.com. Use your ISP's nameservers instead (or whatever you have in
/etc/resolv.conf) and it will work.

I just
Post by Brandon Beck
launched dnsmasq using the -d argument and executed "host
mail.isomorphism.org <http://mail.isomorphism.org>". The output was
slightly different this time and pretty interesting. Here's the output
$ host mail.isomorphism.org <http://mail.isomorphism.org>
mail.isomorphism.org <http://mail.isomorphism.org> is an alias for
ghs.GOOGLE.COM <http://ghs.GOOGLE.COM>.
ghs.GOOGLE.COM <http://ghs.GOOGLE.COM> is an alias for ghs.l.GOOGLE.COM
<http://ghs.l.GOOGLE.COM>.
Host ghs.l.GOOGLE.COM.austin.rr.com
<http://ghs.l.GOOGLE.COM.austin.rr.com> not found: 5(REFUSED)
Host ghs.l.GOOGLE.COM.austin.rr.com
<http://ghs.l.GOOGLE.COM.austin.rr.com> not found: 5(REFUSED)
$ sudo dnsmasq -d
dnsmasq: started, version 2.39 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt no-ISC-leasefile DBus
I18N TFTP
dnsmasq: DHCP, IP range 192.168.1.100 <http://192.168.1.100> --
192.168.1.200 <http://192.168.1.200>, lease time 12h
dnsmasq: using local addresses only for domain isomorphism.org
<http://isomorphism.org>
dnsmasq: using nameserver 69.60.109.125#53 for domain
mail.isomorphism.org <http://mail.isomorphism.org>
dnsmasq: reading /etc/resolv.conf
dnsmasq: ignoring nameserver 127.0.0.1 <http://127.0.0.1> - local interface
dnsmasq: using local addresses only for domain isomorphism.org
<http://isomorphism.org>
dnsmasq: using nameserver 69.60.109.125#53 for domain
mail.isomorphism.org <http://mail.isomorphism.org>
dnsmasq: read /etc/hosts - 8 addresses
dnsmasq: query[A] mail.isomorphism.org <http://mail.isomorphism.org>
from 127.0.0.1 <http://127.0.0.1>
dnsmasq: forwarded mail.isomorphism.org <http://mail.isomorphism.org> to
69.60.109.125 <http://69.60.109.125>
dnsmasq: reply mail.isomorphism.org <http://mail.isomorphism.org> is <CNAME>
dnsmasq: reply ghs.GOOGLE.COM <http://ghs.GOOGLE.COM> is <CNAME>
dnsmasq: reply ghs.l.GOOGLE.COM <http://ghs.l.GOOGLE.COM> is <NODATA>-IPv4
dnsmasq: query[AAAA] ghs.l.GOOGLE.COM <http://ghs.l.GOOGLE.COM> from
127.0.0.1 <http://127.0.0.1>
dnsmasq: query[AAAA] ghs.l.GOOGLE.COM.austin.rr.com
<http://ghs.l.GOOGLE.COM.austin.rr.com> from 127.0.0.1 <http://127.0.0.1>
dnsmasq: query[MX] ghs.l.GOOGLE.COM <http://ghs.l.GOOGLE.COM> from
127.0.0.1 <http://127.0.0.1>
dnsmasq: query[MX] ghs.l.GOOGLE.COM.austin.rr.com
<http://ghs.l.GOOGLE.COM.austin.rr.com> from 127.0.0.1 <http://127.0.0.1>
So it seems like dnsmasq is somehow appending my domain name (
isomorphism.org <http://isomorphism.org>) to full domain names.
do "man resolv.conf" and look at the section on "search". All will
become clear.
Post by Brandon Beck
Here is what is effectively in my dnsmasq.conf file (I stripped comments
$ cat dnsmasq.conf | grep -v "^#" | grep -v "^\s*$"
domain-needed
server=/mail.isomorphism.org/69.60.109.125
local=/isomorphism.org/
except-interface=eth1
expand-hosts
domain=isomorphism.org <http://isomorphism.org>
dhcp-range= 192.168.1.100 <http://192.168.1.100>,192.168.1.200
<http://192.168.1.200>,12h
... bunch of lines mapping MAC address to ip address and name removed ...
dhcp-authoritative
log-queries
log-dhcp
Am I doing something wrong here? Maybe the domain-needed parameter is
causing this?
Thanks,
Brandon
Post by Brandon Beck
Hi Simon,
I'm trying to implement your suggestion, but I'm having some
troubles with
Post by Brandon Beck
1) I've added the
line"server=/mail.isomorphism.org/69.60.109.125" to my
Post by Brandon Beck
dnsmasq.conf. The ip address corresponds to my primary name
server for my
Post by Brandon Beck
domain (ns.dominia.org <http://ns.dominia.org>).
<http://mail.isomorphism.org>
Post by Brandon Beck
*
; <<>> DiG 9.4.1-P1 <<>> mail.isomorphism.org
<http://mail.isomorphism.org>
Post by Brandon Beck
;; global options: printcmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18191
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;mail.isomorphism.org. IN A
mail.isomorphism.org <http://mail.isomorphism.org>. 41407 IN
CNAME ghs.GOOGLE.COM <http://ghs.GOOGLE.COM>.
Post by Brandon Beck
ghs.GOOGLE.COM <http://ghs.GOOGLE.COM>. 464425 IN
CNAME ghs.l.GOOGLE.COM <http://ghs.l.GOOGLE.COM>.
Post by Brandon Beck
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1 <http://127.0.0.1>)
;; WHEN: Thu Jan 10 22:46:21 2008
;; MSG SIZE rcvd: 96
I think the problem is just that you're using the wrong server. I guess
an authoritative nameserver. If instead, you just use the same
nameserver that's in /etc/resolv.conf, probably the recursive nameserver
that's provided by your ISP, then it will just work.
I did the same query as you to 69.60.109.125 <http://69.60.109.125>
and got the same answer. If
I send the query instead to my ISPs nameserver, via dnsmasq, I get the
correct answer
<http://mail.isomorphism.org>
; <<>> DiG 9.3.2-P1 <<>> mail.isomorphism.org
<http://mail.isomorphism.org>
;; global options: printcmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64849
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;mail.isomorphism.org. IN A
mail.isomorphism.org <http://mail.isomorphism.org>. 42503 IN
CNAME ghs.google.com <http://ghs.google.com>.
ghs.google.com <http://ghs.google.com>. 593393 IN
CNAME ghs.l.google.com <http://ghs.l.google.com>.
ghs.l.google.com <http://ghs.l.google.com>. 174 IN A
72.14.207.121 <http://72.14.207.121>
;; Query time: 16 msec
;; SERVER: 192.168.0.4#53( 192.168.0.4 <http://192.168.0.4>)
;; WHEN: Fri Jan 11 11:59:14 2008
;; MSG SIZE rcvd: 102
HTH
Simon.
I get exc
Cheers,

Simon.

r***@gmail.com
2008-01-11 00:34:53 UTC
Permalink
Post by Brandon Beck
Hi all,
I apologize if this has been asked and answered already. I'm looking for a
way to tell dnsmasq to use an external nameserver for certain names in my
local domain.
My situation is interesting, but I don't think it's an unreasonable one.
I'm using Google's "apps for your domain" service for my email, and in my
public dns entry have a CNAME record that points mail.mydomain.com to
ghs.google.com. On my local network however, dnsmasq believes it knows
everything there is to know about mydomain.com and that since it doesn't see
a dhcp record for mail.mydomain.com one must not exist. Is there a way I
can get dnsmasq to see that CNAME on the public dns server while still
retaining the ability for dnsmasq to pull entries for mydomain.com from
DHCP?
Slightly off-topic, but your MX record is ghs.google.com, not
mail.mydomain.com, correct? MX records can't be CNAMEs and quite a
few providers will actually blacklist servers that use them.
Post by Brandon Beck
Thanks,
Brandon
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Brandon Beck
2008-01-11 04:05:56 UTC
Permalink
Not quite, I have several MX records that point to
[{,alt1.,alt2.}aspmx.l.google.com, alt2.aspmx.l.google.com,
aspmx[2-5].googlemail.com]. I then have a CNAME record for mail that points
to ghs.google.com. I believe this should be fine, does it seem okay to you?
Post by r***@gmail.com
Post by Brandon Beck
Hi all,
I apologize if this has been asked and answered already. I'm looking
for a
Post by Brandon Beck
way to tell dnsmasq to use an external nameserver for certain names in
my
Post by Brandon Beck
local domain.
My situation is interesting, but I don't think it's an unreasonable one.
I'm using Google's "apps for your domain" service for my email, and in
my
Post by Brandon Beck
public dns entry have a CNAME record that points mail.mydomain.com to
ghs.google.com. On my local network however, dnsmasq believes it knows
everything there is to know about mydomain.com and that since it doesn't
see
Post by Brandon Beck
a dhcp record for mail.mydomain.com one must not exist. Is there a way
I
Post by Brandon Beck
can get dnsmasq to see that CNAME on the public dns server while still
retaining the ability for dnsmasq to pull entries for mydomain.com from
DHCP?
Slightly off-topic, but your MX record is ghs.google.com, not
mail.mydomain.com, correct? MX records can't be CNAMEs and quite a
few providers will actually blacklist servers that use them.
Post by Brandon Beck
Thanks,
Brandon
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Loading...