Shantanu Gadgil
2016-09-10 20:20:57 UTC
Hi,
I am using Dnsmasq version 2.76.
I have facing a problem that Dnsmasq returns "success" when it should not.
Explanation below:
My organization has a Windows' AD server running as a DHCP/DNS server
at: 192.168.30.254
* The Windows AD is not under my control.
I have a dnsmasq running at 192.168.15.254
For my Dnsmasq (192.168.15.254) I have set the Windows' Ad
(192.168.30.254) as one of my upstream servers,
along with the usual suspects like 8.8.8.8, 8.8.4.4, etc.
(I need to keep the AD server as one of the upstream as I need some
other local names)
--- /etc/dnsmasq.conf ---
expand-hosts
domain = mydomain.net
all-servers
#strict-order
domain-needed
log-facility = /var/log/dnsmasq.log
clear-on-reload
no-negcache
#log-queries
------
--- /etc/resolv.conf ---
nameserver 127.0.0.1
nameserver 192.168.30.254
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 64.6.64.6
nameserver 64.6.65.6
------
As part of a workflow (and for various other resaons), I create a DNS
entry in AWS's Route53 DNS as follows:
realhost.mydomain.net (A)
somehost.mydomain.net (CNAME to realhost)
The problem begins when, during my workflow, I try to ping
"somehost.mydomain.net"
==================================================================
1. nslookup using the internal Windows AD (which only returns the CNAME,
no IP)
# nslookup somehost.mydomain.net
Server: 192.168.30.254
Address: 192.168.30.254#53
Non-authoritative answer:
somehost.mydomain.net canonical name = realhost.mydomain.net.
==================================================================
==================================================================
2. nslookup using Google Nameserver (which only returns the CNAME and IP)
# nslookup somehost.mydomain.net 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
somehost.mydomain.net canonical name = realhost.mydomain.net.
Name: realhost.mydomain.net
Address: 192.168.58.216
==================================================================
2. nslookup using internal Dnsmasq (which only returns the CNAME, no IP)
*** This is because it gets this information from the Windows' AD, even
though "all-servers" is set.
# nslookup somehost.mydomain.net 192.168.15.254
Server: 192.168.15.254
Address: 192.168.15.254#53
Non-authoritative answer:
somehost.mydomain.net canonical name = realhost.mydomain.net.
==================================================================
My question is this:
Can Dnsmasq be configured to treat the "CNAME but no IP" as a failure
and thus ignore it, and fetch
the information from the next/another name server ?!?
*** I know I can use "server=/mydomain.net/8.8.8.8" in my Dnsmasq, but I
still would need to
get the Windows' AD to hand out my Dnsmasq as a nameserver (which is not
possible).
Regards,
Shantanu Gadgil
I am using Dnsmasq version 2.76.
I have facing a problem that Dnsmasq returns "success" when it should not.
Explanation below:
My organization has a Windows' AD server running as a DHCP/DNS server
at: 192.168.30.254
* The Windows AD is not under my control.
I have a dnsmasq running at 192.168.15.254
For my Dnsmasq (192.168.15.254) I have set the Windows' Ad
(192.168.30.254) as one of my upstream servers,
along with the usual suspects like 8.8.8.8, 8.8.4.4, etc.
(I need to keep the AD server as one of the upstream as I need some
other local names)
--- /etc/dnsmasq.conf ---
expand-hosts
domain = mydomain.net
all-servers
#strict-order
domain-needed
log-facility = /var/log/dnsmasq.log
clear-on-reload
no-negcache
#log-queries
------
--- /etc/resolv.conf ---
nameserver 127.0.0.1
nameserver 192.168.30.254
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 64.6.64.6
nameserver 64.6.65.6
------
As part of a workflow (and for various other resaons), I create a DNS
entry in AWS's Route53 DNS as follows:
realhost.mydomain.net (A)
somehost.mydomain.net (CNAME to realhost)
The problem begins when, during my workflow, I try to ping
"somehost.mydomain.net"
==================================================================
1. nslookup using the internal Windows AD (which only returns the CNAME,
no IP)
# nslookup somehost.mydomain.net
Server: 192.168.30.254
Address: 192.168.30.254#53
Non-authoritative answer:
somehost.mydomain.net canonical name = realhost.mydomain.net.
==================================================================
==================================================================
2. nslookup using Google Nameserver (which only returns the CNAME and IP)
# nslookup somehost.mydomain.net 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
somehost.mydomain.net canonical name = realhost.mydomain.net.
Name: realhost.mydomain.net
Address: 192.168.58.216
==================================================================
2. nslookup using internal Dnsmasq (which only returns the CNAME, no IP)
*** This is because it gets this information from the Windows' AD, even
though "all-servers" is set.
# nslookup somehost.mydomain.net 192.168.15.254
Server: 192.168.15.254
Address: 192.168.15.254#53
Non-authoritative answer:
somehost.mydomain.net canonical name = realhost.mydomain.net.
==================================================================
My question is this:
Can Dnsmasq be configured to treat the "CNAME but no IP" as a failure
and thus ignore it, and fetch
the information from the next/another name server ?!?
*** I know I can use "server=/mydomain.net/8.8.8.8" in my Dnsmasq, but I
still would need to
get the Windows' AD to hand out my Dnsmasq as a nameserver (which is not
possible).
Regards,
Shantanu Gadgil