Tinydns dnscache and dns forwarder

emabiz

Hi,
I've found a simple solution to use both internal dns forwarder and tinydns.

I've enabled dns forwarder to serve internal clients and resolve local hosts into local ips (split horizon).
I've configured tinydns listening on WAN IP to serve external requests as authoritative server (for my domains). No firewall rule.
I've change the listen ip written in /service/dnscache/env/IP with 127.0.0.1.

Could this solution be wrong, or cause problems?
Is there a better solution, that avoid to manually configure dnscache?

Thank you for help,
Emanuele

PS. Sorry fo my poor english.

emabiz

Hi,
I've found an issue into my previous configuration.
The resolution fails for domains managed by tinydns, if the request comes from lan clients.

Now my configuration is:

General setup
  DNS servers:
  a.b.c.d
  e.f.g.h

WAN
  ip address a.b.c.d

VIRTUAL IP:
  ip address e.f.g.h

NAT
  WAN  UDP  53  127.0.0.1 (ext.: any) 53

Rules
  UDP  *  *  127.0.0.1  53

TinyDNS and dnscache listening on 127.0.0.1

TinyDns domain records:
example.com  SOA  ns1.example.com
example.com  SOA  ns2.example.com

ns1.example.com  A  w1.x1.y1.z1
ns2.example.com  A w2.x2.y2.z2

Internal DNS forwarder enabled

Now, if an internal client try to resolve  ns1.example.com, it fails.

I can't understand how to configure both autoritative dns and split horizon, on the same machine.

Help would be appreciated,
thank you

Emanuele

infratek

Hello,

I have a similar issue.
Multi-wan setup.
Each public ip NATed to 172.0.0.1.
Tinydns listening on 127.0.0.1.

External dns requests work well.

Internal dns requests time out, even though the NAT reflection for DNS traffic is configured.

Any reason for that ?
Is it because tinydns is istening on 127.0.0.1, which is also used by NAT reflection ?

Thanks.

emabiz

Hi,
thankyou for unlock topic.

Hi infratek, did you resolve?
I've resolved overriding domains in "Services -> Dns Forwarder" for domains managed by TinyDns.
The section is "Below you can override an entire domain by specifying an authoritative dns server to be queried for that domain".
I've insert 127.0.0.1 inside field "IP address of the authoritative DNS server for this domain".

I know it is not the best solution, but it works and I don't find nothing better than this.

So this is my configuration in order to have a single machine with authoritative dns and dns forwarder:

• "General Setup -> Dns Servers": configure external dns ips

• "Services -> Dns Forwarder": enable dns forwarder and configure forwarded hosts and forwarder domains (the ones managed by TinyDns): Configure "IP address of the authoritative DNS server for this domain" to 127.0.0.1

• "Dns Servers -> Settings": configure Binding IP Address to 127.0.0.1 and enable dns forwarder

• "Dns Servers -> Add/Edit record": configure zones

The only thing that doesn't work is dns resolution for CNAME records.

I hope this will be usefull for other users.

Thankyou,
emanuele