what's wrong with recent bind-utils against dnsmasq

Matus UHLAR - fantomas uhlar at fantomas.sk
Fri Apr 27 10:37:22 UTC 2018

On 26.04.18 10:44, Reindl Harald wrote:
>when the server is dnsmasq you get all sort of funny results from
>SERVFAIL to REFUSED combined with the right answer

>that now even goes so far that named is no longer able to resolve
>zone-delegations pointing to a dnsmasq

dnsmasq is not full DNS server. 
and thus I don't recommend pointing delegations to dnsmasq server.

>[root at testserver:~]$ nslookup rhsoft.testserver.example.com

>** server can't find rhsoft.testserver.example.com: REFUSED

>[root at flow-home:~]$ nslookup contentlounge.flow-home.example.net

>** server can't find contentlounge.flow-home.example.net: SERVFAIL

nslokup is not reliable tool for debugging DNS problems. nslookup asks the
DNS server for more data than you ask it for and thus can show error message
when data you ask are available, but data it searches for are not.

>[root at testserver:~]$ host rhsoft.testserver.example.com
>Using domain server:
>rhsoft.testserver.example.com has address
>Host rhsoft.testserver.example.com not found: 5(REFUSED)
>Host rhsoft.testserver.example.com not found: 5(REFUSED)

"host" by default searches for A, AAAA and MX (as described in "-t" option),
this shows that dnsmasq has returned "" for A, and REFUSED for AAAA
and MX records.

>[root at testserver:~]$ dig rhsoft.testserver.example.com @

>rhsoft.testserver.example.com. 30 IN     A

dig by default only asks for A which is why you got proper answer here.

Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors

More information about the bind-users mailing list