i have openwrt set up on a linksys 6350v3. everything seems to be working. what changes are needed to be able to do a dns transfer to a host on the lan? if i run "dig -t axfr mynetwork" on a host on the lan i get "Transfer failed" in the router log.
@grump, welcome to the community!
I hope you're not referring to the built-in/bundled dnsmasq software on the OpenWrt...unless you have a use case defined in its manual.
Yea, this is starting not to sound like a use case described in the manual...but...
- I assume your
mynetwork
is actually a FQDN, correct? - Next, given your exact use case isn't clear, I can only syggest looking at all sections in the manual that begin with:
--auth-*
I've seen examples in the past to file transfer the necessary file between the main dnsmasq server and the "secondary devices" that would be easier than this. I really only suggest this setup if your device will actually be an Authoritative [Master] DNS server for a real Global domain (usually implying a network setup where the subnet on the Interface is Public IP space)...then, if that were the case, I'd advise not to using dnsmasq for that!
What is your final goal?
Why do you need this feature?
to have zone data transferred to my secondary bind server. so if the router is down my network still has a working dns server. i can't imagine a network with only one dns server.
99.999% of home routers, provide 99.999% of homes with one dns server for their network...
business grade networks have design requirements internally regarding local resolution. home environments typically forego this as un-needed or superfluous with a backup router being the a much more feasible solution.
besides... zone transfers from a 'caching' server are kind of ill conceived as @lleachii mentions... anything more complex than a few pointers and you should be running a proper dnsserver implementation or revising your topology to let the caching server do what it's best at...
caching...
I can't imagine you don't see the big issue in your statement; but OK. Nonetheless, I reiterate the sentiments of @anon50098793 100% - as noted above.
I'd advise easier things (which make more sense to the router down scenario):
- Use a second device connected on it's LAN
- On this second device, if so equipped/installed/running, disable/uncheck the DHCP service on LAN (if OpenWrt, you'd uncheck this)
- Assign an IP from the main LAN
- Assign the main router as its LAN's DNS and gateway
- Use DHCP Option No. 6 on the main router to assign both devices to LAN clients
-AND/OR-
- Additionally script a transfer of the file between devices (this seems like what you desire)...not employing the auth method; but e.g. SCP
See also:
Why wouldn't you make this server the primary (or at least the one that OpenWrt forwards to)?
In my network, my OpenWrt forwards to a REAL Local Bind server (and other DNS Servers ones on WAN too); but my clients simply get 192.168.1.1 as their DNS.
Is your BIND Authoritative for another Global Zone???
Mine happens to be a slave of a real Global zone (for actual client usage); but it's not Globally Authoritative (no real NS record exists on the Internet).
i saw the --auth-peer and --auth-sec-servers. i finally realized that these would not work since my dnsmasq was not an authority for my domain. if the dnsmasq-full package is the solution can i install it over my current dnsmasq package without losing my config and trashing my system?
Then why would you install it - if you admit it won't work???
(BTW, your understanding of the manual is not clear...unless you are using a real Global FQDN - and haven't answered us yet.)
EDIT:
I thought I should make this clear:
$router_down == $no_internet
$no_internet == $no_global_dns
If your router/Internet connection has less reliability than a LAN client, there's another problem.
@lleachii i think maybe you do not understand my situation. i have several computers around my property and a good amount of wifi home automation. internet connection here is not 100% reliable. a few days ago lightning struck a tree near my house and fried a few pieces of equipment. my router being one. but even without a main router or internet connection my home network kept functioning because i have a secondary dns. i bought a new router and installed openwrt. this is my first look at openwrt. i would like for opwnwrt to be authoritative for my home domain and be able to transfer this domain data to my secondary dns. i hope this helps make thing a bit clearer.
i installed dnsmasq-full with no problems. it reports it is compiled with auth support but i can not find the proper config options to get it to work. i have added auth-zone and auth-server to /etc/dnsmasq.conf and still no authority server. i have added auth-zone and auth-server to /etc/config/dhcp and still no authority. a little insight would go a long way to preserving my sanity.
I really don't understand the terminology "still no authority" (it has no meaning in DNS-talk...as least not as you employ the phrase) - can you clarify?
- Does this mean you cannot successfully perform an AXFR from OpenWrt to BIND?
- Again, are you using a FQDN? (I'm not sure why you're not willing to answer this.)
- Does your actual use case involve a situation where your DNS server is Authoritative for a real Global FQDN???
- Does the subnet use Public Ip addresses?
You insanity may be quelled if you can answer simple (and required) questions.
EDIT:
Also, most importantly, did you run the correct command???
dig @<router_ip> -t axfr mynetwork.fqdn