Re: dnsmasq and SOA

Fri, 09 Mar 2018 09:26:07 -0800 


On 09/03/2018 08:32, Reco wrote:

        Hi.

On Fri, Mar 09, 2018 at 03:34:27AM +0100, Jacques Rodary wrote:


;; AUTHORITY SECTION:
rodary.net.             600     IN      NS      .
rodary.net.             600     IN      NS      ns6.gandi.net.

Here is my new dnsmasq.conf:
    no-dhcp-interface=enp2s0
    auth-server=ns.rodary.net,88.170.1.143
    auth-zone=rodary.net
    auth-soa=2018022800,root.ns.rodary.net,10800,3600,10800
    auth-sec-servers=ns6.gandi.net
    dhcp-range=10.42.0.20,10.42.0.200,infinite
I added the auth-server line, and "dig in soa rodary.net" gives:
    ;; ANSWER SECTION:

    rodary.net.             600     IN      SOA     ns.rodary.net. 
root.ns.rodary.net. 2018022801 10800 3600             10800 600

    ;; AUTHORITY SECTION:
    rodary.net.             600     IN      NS      ns.rodary.net.
    rodary.net.             600     IN      NS      ns6.gandi.net.
    ;; Query time: 0 msec
    ;; SERVER: 88.170.1.143#53(88.170.1.143)

which means ns.rodary.net is SOA of my zone and ns6.gandi.net is slave 
server. Without master server the root zone "." servers were 
authoritative for my zone (as they are for all zones).

Hate to break it to you, but it seems to fail for everyone else.
Today "dig in soa rodary.net" gives me SERVFAIL.

Tell me please if it works now.

and even if I don't quite understand why "." (the root) is my secondary
server, I suppose it means  I succeeded to have my host as a stealth server!

I believe that it means that somehow you're announcing authority on root
domain. I would advise against it.

No, root servers announced authority on rodary.net, since nobody else 
delegated this authority.

I don't understand quite well how NetworkManager works.

I don't understand it either, but frankly I don't need to. IP adresses,
routing table and packet flow are the state of the kernel. Using
always-running userland tool for their configuration *may* be
appropriate in certain cases (DHCP, anyone?), but for your typical
server environment such cases do not apply.
That said, for your typical server environment nothing beats ifupdown.
So my advice is - if you need a predictable behaviour - you exterminate
NetworkManager, connman and other fancy toys, and stick to the ifupdown,
or maybe systemd-networkd.

I may do that soon. Thanks for your precious help.
    Jacques


























					Reply via email to