Authoritative DNS Forwarder (dnsmasq) Problem



  • Running 2.1.4 x64. I am attempting to make the PFS dnsmasq authoritative for my local domain by adding the following entries to the Advanced section of the config form:

    log-queries
    local=/phony.com/
    auth-server=pfw.phony.com,igb0
    host-record=pfw.phony.com,10.20.30.1
    auth-zone=phony.com,10.20.30.0/24
    mx-host=phony.com,mailsvr.phony.com,1

    When added, I can nslookup  the domain and MX successfully so it appears to be working. Prob is it stops resolving external addresses like www.google.com and dig shows "WARNING: recursion requested but not available". When the above lines are removed, it starts working again. Probably unrelated, I've noticed that under General Settings, 127.0.0.1 is never listed as a DNS server regardless if the "Do not use" checkbox is unchecked or if the above lines are added to the Advanced section or not.

    I've done lots or searching and reading but have found no solution.

    What am I missing?

    Thanx,
    Garth



  • A quick google search on authoritative DNS server (was unsure about its definition), reveals that an authoritative DNS server only responds to requests about zones configured on the dns server (unless configured otherwise). In other words, it's probably unable to resolve www.google.com, because it doesn't know about it.

    Could be that this is your problem.

    http://superuser.com/questions/370105/what-does-authoritative-dns-server-mean



  • Understood but I have specified Forwarders in the General Setup and checked Query DNS Servers sequentially in the config for the DNS Forwarder (which mentions that the forwarders are specified in the General Setup) so if it can't find an address locally, it should try the next DNS server in the list. Right?

    Still not sure what I'm missing.

    Thanx for the reply,
    Garth



  • I thought it only contacted the next DNS server in the list if it was unable to contact the first (timeout etc.). In this case, it is able to contact the first DNS server, and therefore it doesn't try the next one. That's my theory atleast :)



  • I'll not disagree but that raises the next question. How do I specify where an ADNS server is supposed to look if the address is not local? I've seen discussions where there is an /etc/resolv.dnsmasq which contains the IP addresses of forwarding nameservers. Is this required beyond listing them in General Setup?

    Thanx,
    Garth



  • Just tested this in my test environment by adding the same advanced config (changed the interface). Exactly the same happens here, it will now only resolve the records added in the advanced config, it doesn't forward to the upstream servers. Have read up on dnsmasq-manual, it should have forwarded the queries, but it doesn't. Could it be a bug? Also tested adding server=8.8.8.8 to the advanced config, didn't do much good.

    Edit: May have misunderstood the manual. Also, when I removed "auth-server=pfw.phony.com,igb0" from the config, I was able to resolve both pfw.phony.com and other DNS names.



  • I removed that same line and it started working here as well. Apparently using that config directive indicates that dnsmasq should not forward if the query is unresolved.

    Thanx Much,
    Garth