Tinydns dnscache and dns forwarder


  • Hi,
    I've found a simple solution to use both internal dns forwarder and tinydns.

    I've enabled dns forwarder to serve internal clients and resolve local hosts into local ips (split horizon).
    I've configured tinydns listening on WAN IP to serve external requests as authoritative server (for my domains). No firewall rule.
    I've change the listen ip written in /service/dnscache/env/IP with 127.0.0.1.

    Could this solution be wrong, or cause problems?
    Is there a better solution, that avoid to manually configure dnscache?

    Thank you for help,
    Emanuele

    PS. Sorry fo my poor english.


  • Hi,
    I've found an issue into my previous configuration.
    The resolution fails for domains managed by tinydns, if the request comes from lan clients.

    Now my configuration is:

    General setup
      DNS servers:
      a.b.c.d
      e.f.g.h

    WAN
      ip address a.b.c.d

    VIRTUAL IP:
      ip address e.f.g.h

    NAT
      WAN  UDP  53  127.0.0.1 (ext.: any) 53

    Rules
      UDP  *  *  127.0.0.1  53

    TinyDNS and dnscache listening on 127.0.0.1

    TinyDns domain records:
    example.com  SOA  ns1.example.com
    example.com  SOA  ns2.example.com

    ns1.example.com  A  w1.x1.y1.z1
    ns2.example.com  A w2.x2.y2.z2

    Internal DNS forwarder enabled

    Now, if an internal client try to resolve  ns1.example.com, it fails.

    I can't understand how to configure both autoritative dns and split horizon, on the same machine.

    Help would be appreciated,
    thank you

    Emanuele


  • Hello,

    I have a similar issue.
    Multi-wan setup.
    Each public ip NATed to 172.0.0.1.
    Tinydns listening on 127.0.0.1.

    External dns requests work well.

    Internal dns requests time out, even though the NAT reflection for DNS traffic is configured.

    Any reason for that ?
    Is it because tinydns is istening on 127.0.0.1, which is also used by NAT reflection ?

    Thanks.


  • Hi,
    thankyou for unlock topic.

    Hi infratek, did you resolve?
    I've resolved overriding domains in "Services -> Dns Forwarder" for domains managed by TinyDns.
    The section is "Below you can override an entire domain by specifying an authoritative dns server to be queried for that domain".
    I've insert 127.0.0.1 inside field "IP address of the authoritative DNS server for this domain".

    I know it is not the best solution, but it works and I don't find nothing better than this.

    So this is my configuration in order to have a single machine with authoritative dns and dns forwarder:

    • "General Setup -> Dns Servers": configure external dns ips

    • "Services -> Dns Forwarder": enable dns forwarder and configure forwarded hosts and forwarder domains (the ones managed by TinyDns): Configure "IP address of the authoritative DNS server for this domain" to 127.0.0.1

    • "Dns Servers -> Settings": configure Binding IP Address to 127.0.0.1 and enable dns forwarder

    • "Dns Servers -> Add/Edit record": configure zones

    The only thing that doesn't work is dns resolution for CNAME records.

    I hope this will be usefull for other users.

    Thankyou,
    emanuele