This answer came just in time, as I have just returned from holiday and
was starting to consider if I should try out another dhcp-dns solution.
On 30.08.2024 Petr Menšík wrote:
Make sure (sub)domains served exclusively by dnsmasq are marked as
local=/tier1.internal/.
Thanks for pointing out the local= setting. So setting this - and remove
😳 another setting I had totally forgot about, it all starting working
immediately.
That will prevent dnsmasq to forward any other
queries to upstream nameserver, which very likely does not know them.
That is if sshgw.tier1.internal has only A address, but AAAA is
forwarded further and timeouts there. In fact make sure whole .internal
is stopped somewhere at your border and not forwarded to your ISP. IPv4
works better, because those names are defined by dnsmasq and it does not
forward them. For AAAA it is not defined and therefore forwarded.
Although it is also problem at ISP, it should respond with NXDOMAIN or
REFUSED, but it should respond with some response anyway.
So the reason the upstream was not returning a NXDOMAIN or REFUSED was
that I had a
server=/tier1.internal/192.168.80.1
that I forgot to remove. It had been in use before I disabled the build
in pfSense resolver, and thus the reason the forwarded AAAA query was
ignored.
Thanks a lot for directing onto the right path.
--
Regards
Klaus
_______________________________________________
Dnsmasq-discuss mailing list
[email protected]
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
