![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
My first dns server (secondary host) was a shining beacon of hope, and joy. My second dns server (primary host) was hot garbage. Yes, it worked, but only because it relied completely upon the secondary host. Which was on microsuse. Which was the host I shut down and gave to Dorian.
All hell broke loose.
Eventually, I was able to figure out why the primary dns server was hot garbage, and have shown it another way - a path towards righteousness. A holy path.
Fast, efficient DNS server setup:
DO NOT include the IP of dnsserver itself in its own resolv.conf
DO INCLUDE the gateway IP in the resolv.conf as the last entry
ONLY uncomment/add the following lines to dnsmasq.conf:
domain-needed
bogus-priv
cache-size=300
log-facility=/var/log/dnsmasq.log
conf-dir=/etc/dnsmasq.d/,*.conf
ADD/CONFIRM /etc/dnsmasq.d/trust-anchors.conf
All hell broke loose.
Eventually, I was able to figure out why the primary dns server was hot garbage, and have shown it another way - a path towards righteousness. A holy path.
Fast, efficient DNS server setup:
DO NOT include the IP of dnsserver itself in its own resolv.conf
DO INCLUDE the gateway IP in the resolv.conf as the last entry
ONLY uncomment/add the following lines to dnsmasq.conf:
domain-needed
bogus-priv
cache-size=300
log-facility=/var/log/dnsmasq.log
conf-dir=/etc/dnsmasq.d/,*.conf
ADD/CONFIRM /etc/dnsmasq.d/trust-anchors.conf
# The root DNSSEC trust anchor, valid as at 11/01/2019 # Note that this is a DS record (ie a hash of the root Zone Signing Key) # If was downloaded from https://data.iana.org/root-anchors/root-anchors.xml trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
◾ Tags:
