Hi,
I'm wondering how to integrate a DNS structure into an autonomous system. We have several OpenWRT routers connected to a mesh network spanning the whole city of Berlin. You can imagine that we have for each house a layer 2 domain with a core-router doing all the routing work. This core-router is connected to multiple clients, such as antennas or dump APs. I would like to give each core-router its own sub-domain and the router should be the authoratitive for this domain. We have multiple gateways running BGP connections. They should be authoritative for the top-domain (funk.berlin or whatever) and should delegate the requests to the corresponding core-routers. Further, servers that are connected to the core-router should also be able to get a domain name, however the core-router should be authoritative for them.
However, I can not find any example for setting a ns record with dnsmasq? I suppose on the gateways I need to delegate subdomains in my zonefile, something like this:
IN NS ns.location.funk.berlin
IN NS ns.otherlocation.funk.berlin
...
Back in the days of Athens WMN, we did it with bind. It was quite a big size of 700+ ASes and each one had a delegated zone, e.g trendy.awmn , as well as a reverse. However this meant that each admin was responsible to set it up properly.
It is possible to do it with dnsmasq, however I am not sure if you can do recursive lookups from one leaf node to the root server and get the answer or a hint about the authoritative. Otherwise you'll have to add a server entry to all instances every time there is a new zone.
The configured prefixes on the interfaces are automatically served.
If you need more zones you need to configure them.
From dnsmasq manual
Dnsmasq acts as an authoritative server for in-addr.arpa and ip6.arpa domains associated with the subnets given in --auth-zone declarations, so reverse (address to name) lookups can be simply configured with a suitable NS record, for instance in this example, where we allow 1.2.3.0/24 addresses.
Note that at present, reverse (in-addr.arpa and ip6.arpa) zones are not available in zone transfers, so there is no point arranging secondary servers for reverse lookups.