On 10.10.24 12:13, Roger Lucas via Dnsmasq-discuss wrote:
We have corporate Windows domain servers which delegate
"labs.internal.company.com" to a DNSMASQ
instance running on the lab gateway.
This DNSMASQ instance has to run in authoritative mode otherwise we have
problems with Windows DNS refusing to use it.
Can you elaborate that 'authoritative' requirement?
dnsmasq would answer local definitions with the 'aa' bit set, so I have
difficulties reasoning what else that Windows DNS would look for. As you
write that you delegate DNS requests to your dnsmasq instance directly,
you would by-pass the authoritative lookup via public DNS anyway, and
the replies would be the same as if you wouldn't use authoritative modes?
As you state this is a lab environment, I wonder if you are indeed using
dnsmasq in authoritative mode, making its records available via public
DNS servers?
Also, it seems you are just catering or private range IPs, based on your
private DHCP range definition.
It would be highly unusual (and could be considered unwanted) to have a
public DNS server return private IP addresses. Even if they would be
served, routers are likely to intercept and disregard them, as private
IP answers may be considered as DNS rebind attack attempts.
I somehow suspect that your issue should better be addressed by
configuring your Windows DNS server to accept answers directly from dnsmasq.
When you run your setup without the auth-* lines, would that work?
If not, how do Windows DNS complaints look like?
Kind regards,
Buck
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
