diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 index e3a5d18..a0f84e3 100644 --- a/man/dnsmasq.8 +++ b/man/dnsmasq.8 @@ -231,7 +231,7 @@ options always override the others. The comments about interface labels for .B --listen-address apply here. .TP -.B --auth-server=,| +.B --auth-server=,[|...] Enable DNS authoritative mode for queries arriving at an interface or address. Note that the interface or address need not be mentioned in .B --interface @@ -244,7 +244,7 @@ specified interface. The is the "glue record". It should resolve in the global DNS to an A and/or AAAA record which points to the address dnsmasq is listening on. When an interface is specified, it may be qualified with "/4" or "/6" to specify only the IPv4 or IPv6 -addresses associated with the interface. +addresses associated with the interface. Since any defined authoritative zones are also available as part of the normal recusive DNS service supplied by dnsmasq, it can make sense to have an --auth-server declaration with no interfaces or address, but simply specifying the glue record. .TP .B --local-service Accept DNS queries only from hosts whose address is on a local subnet, diff --git a/src/dnsmasq.c b/src/dnsmasq.c index ac5d8aa..aa29bbf 100644 --- a/src/dnsmasq.c +++ b/src/dnsmasq.c @@ -216,7 +216,7 @@ int main (int argc, char **argv) #endif #ifndef HAVE_AUTH - if (daemon->authserver || daemon->auth_zones) + if (daemon->auth_zones) die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF); #endif @@ -235,13 +235,20 @@ int main (int argc, char **argv) now = dnsmasq_time(); - /* Create a serial at startup if not configured. */ - if (daemon->auth_zones && daemon->soa_sn == 0) + if (daemon->auth_zones) + { + if (!daemon->authserver) + die(_("--auth-server required when an auth zone is defined."), NULL, EC_BADCONF); + + /* Create a serial at startup if not configured. */ #ifdef HAVE_BROKEN_RTC - die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF); + if (daemon_>soa_sn == 0) + die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF); #else - daemon->soa_sn = now; + if (daemon->soa_sn == 0) + daemon->soa_sn = now; #endif + } #ifdef HAVE_DHCP6 if (daemon->dhcp6) diff --git a/src/option.c b/src/option.c index 7ccbdea..44b1dc5 100644 --- a/src/option.c +++ b/src/option.c @@ -1902,44 +1902,42 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma } case LOPT_AUTHSERV: /* --auth-server */ - if (!(comma = split(arg))) - ret_err(gen_err); + comma = split(arg); daemon->authserver = opt_string_alloc(arg); - arg = comma; - do { - struct iname *new = opt_malloc(sizeof(struct iname)); - comma = split(arg); - new->name = NULL; - unhide_metas(arg); - if (inet_pton(AF_INET, arg, &new->addr.in.sin_addr) > 0) - new->addr.sa.sa_family = AF_INET; + + while ((arg = comma)) + { + struct iname *new = opt_malloc(sizeof(struct iname)); + comma = split(arg); + new->name = NULL; + unhide_metas(arg); + if (inet_pton(AF_INET, arg, &new->addr.in.sin_addr) > 0) + new->addr.sa.sa_family = AF_INET; #ifdef HAVE_IPV6 - else if (inet_pton(AF_INET6, arg, &new->addr.in6.sin6_addr) > 0) - new->addr.sa.sa_family = AF_INET6; + else if (inet_pton(AF_INET6, arg, &new->addr.in6.sin6_addr) > 0) + new->addr.sa.sa_family = AF_INET6; #endif - else - { - char *fam = split_chr(arg, '/'); - new->name = opt_string_alloc(arg); - new->addr.sa.sa_family = 0; - if (fam) - { - if (strcmp(fam, "4") == 0) - new->addr.sa.sa_family = AF_INET; + else + { + char *fam = split_chr(arg, '/'); + new->name = opt_string_alloc(arg); + new->addr.sa.sa_family = 0; + if (fam) + { + if (strcmp(fam, "4") == 0) + new->addr.sa.sa_family = AF_INET; #ifdef HAVE_IPV6 - else if (strcmp(fam, "6") == 0) - new->addr.sa.sa_family = AF_INET6; + else if (strcmp(fam, "6") == 0) + new->addr.sa.sa_family = AF_INET6; #endif - else - ret_err(gen_err); - } - } - new->next = daemon->authinterface; - daemon->authinterface = new; - - arg = comma; - } while (arg); + else + ret_err(gen_err); + } + } + new->next = daemon->authinterface; + daemon->authinterface = new; + }; break;