i have openwrt set up on a linksys 6350v3. everything seems to be working. what changes are needed to be able to do a dns transfer to a host on the lan? if i run "dig -t axfr mynetwork" on a host on the lan i get "Transfer failed" in the router log.
@grump, welcome to the community!
I hope you're not referring to the built-in/bundled dnsmasq software on the OpenWrt...unless you have a use case defined in its manual.
Yea, this is starting not to sound like a use case described in the manual...but...
- I assume your
mynetworkis actually a FQDN, correct?
- Next, given your exact use case isn't clear, I can only syggest looking at all sections in the manual that begin with:
--auth-*
I've seen examples in the past to file transfer the necessary file between the main dnsmasq server and the "secondary devices" that would be easier than this. I really only suggest this setup if your device will actually be an Authoritative [Master] DNS server for a real Global domain (usually implying a network setup where the subnet on the Interface is Public IP space)...then, if that were the case, I'd advise not to using dnsmasq for that! 
1 Like
What is your final goal?
Why do you need this feature?
1 Like
to have zone data transferred to my secondary bind server. so if the router is down my network still has a working dns server. i can't imagine a network with only one dns server.
1 Like
99.999% of home routers, provide 99.999% of homes with one dns server for their network...
business grade networks have design requirements internally regarding local resolution. home environments typically forego this as un-needed or superfluous with a backup router being the a much more feasible solution.
besides... zone transfers from a 'caching' server are kind of ill conceived as @lleachii mentions... anything more complex than a few pointers and you should be running a proper dnsserver implementation or revising your topology to let the caching server do what it's best at...
caching...
4 Likes
I can't imagine you don't see the big issue in your statement; but OK. Nonetheless, I reiterate the sentiments of @anon50098793 100% - as noted above.
I'd advise easier things (which make more sense to the router down scenario):
- Use a second device connected on it's LAN
- On this second device, if so equipped/installed/running, disable/uncheck the DHCP service on LAN (if OpenWrt, you'd uncheck this)
- Assign an IP from the main LAN
- Assign the main router as its LAN's DNS and gateway
- Use DHCP Option No. 6 on the main router to assign both devices to LAN clients
-AND/OR-
- Additionally script a transfer of the file between devices (this seems like what you desire)...not employing the auth method; but e.g. SCP
1 Like
See also:
1 Like
Why wouldn't you make this server the primary (or at least the one that OpenWrt forwards to)?
In my network, my OpenWrt forwards to a REAL Local Bind server (and other DNS Servers ones on WAN too); but my clients simply get 192.168.1.1 as their DNS.
Is your BIND Authoritative for another Global Zone???
Mine happens to be a slave of a real Global zone (for actual client usage); but it's not Globally Authoritative (no real NS record exists on the Internet).
2 Likes
i saw the --auth-peer and --auth-sec-servers. i finally realized that these would not work since my dnsmasq was not an authority for my domain. if the dnsmasq-full package is the solution can i install it over my current dnsmasq package without losing my config and trashing my system?
Then why would you install it - if you admit it won't work???
(BTW, your understanding of the manual is not clear...unless you are using a real Global FQDN - and haven't answered us yet.)
EDIT:
I thought I should make this clear:
$router_down == $no_internet
$no_internet == $no_global_dns
If your router/Internet connection has less reliability than a LAN client, there's another problem.
@lleachii i think maybe you do not understand my situation. i have several computers around my property and a good amount of wifi home automation. internet connection here is not 100% reliable. a few days ago lightning struck a tree near my house and fried a few pieces of equipment. my router being one. but even without a main router or internet connection my home network kept functioning because i have a secondary dns. i bought a new router and installed openwrt. this is my first look at openwrt. i would like for opwnwrt to be authoritative for my home domain and be able to transfer this domain data to my secondary dns. i hope this helps make thing a bit clearer.
4 Likes
i installed dnsmasq-full with no problems. it reports it is compiled with auth support but i can not find the proper config options to get it to work. i have added auth-zone and auth-server to /etc/dnsmasq.conf and still no authority server. i have added auth-zone and auth-server to /etc/config/dhcp and still no authority. a little insight would go a long way to preserving my sanity.
I really don't understand the terminology "still no authority" (it has no meaning in DNS-talk...as least not as you employ the phrase) - can you clarify?
- Does this mean you cannot successfully perform an AXFR from OpenWrt to BIND?
- Again, are you using a FQDN? (I'm not sure why you're not willing to answer this.)
- Does your actual use case involve a situation where your DNS server is Authoritative for a real Global FQDN???
- Does the subnet use Public Ip addresses?
You insanity may be quelled if you can answer simple (and required) questions.
EDIT:
Also, most importantly, did you run the correct command???
dig @<router_ip> -t axfr mynetwork.fqdn
3 Likes