Make interface spec optional in --auth-server.

But make auth-server required when any auth-zones are defined. The "glue record" field in auth-server is needed to synthesise SOA and NS records in auth zones, so the --auth-server has to be specified. If makes sense, however to define one or more auth-zones that appear within the normal recursive DNS service without actually acting as an authoritative DNS server on any interface. Hence making the interface field optional.
2025-12-19 10:18:25 +00:00 · 2018-10-05 16:34:35 +01:00
parent 7cbf497da4
commit 08933475ab
3 changed files with 44 additions and 39 deletions
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -231,7 +231,7 @@ options always override the others. The comments about interface labels for
 .B --listen-address
 apply here.
 .TP
-.B --auth-server=<domain>,<interface>|<ip-address>
+.B --auth-server=<domain>,[<interface>|<ip-address>...]
 Enable DNS authoritative mode for queries arriving at an interface or address. Note that the interface or address
 need not be mentioned in 
 .B --interface
@@ -244,7 +244,7 @@ specified interface. The <domain> is the "glue record". It should
 resolve in the global DNS to an A and/or AAAA record which points to
 the address dnsmasq is listening on. When an interface is specified,
 it may be qualified with "/4" or "/6" to specify only the IPv4 or IPv6
-addresses associated with the interface.
+addresses associated with the interface. Since any defined authoritative zones are also available as part of the normal recusive DNS service supplied by dnsmasq, it can make sense to have an --auth-server declaration with no interfaces or address, but simply specifying the glue record. 
 .TP
 .B --local-service
 Accept DNS queries only from hosts whose address is on a local subnet,
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -216,7 +216,7 @@ int main (int argc, char **argv)
 #endif

 #ifndef HAVE_AUTH
-  if (daemon->authserver || daemon->auth_zones)
+  if (daemon->auth_zones)
    die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
 #endif

@@ -235,13 +235,20 @@ int main (int argc, char **argv)

  now = dnsmasq_time();

-  /* Create a serial at startup if not configured. */
-  if (daemon->auth_zones && daemon->soa_sn == 0)
+  if (daemon->auth_zones)
+    {
+      if (!daemon->authserver)
+	die(_("--auth-server required when an auth zone is defined."), NULL, EC_BADCONF);
+
+      /* Create a serial at startup if not configured. */
 #ifdef HAVE_BROKEN_RTC
-    die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
+      if (daemon_>soa_sn == 0)
+	die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
 #else
-  daemon->soa_sn = now;
+      if (daemon->soa_sn == 0)
+	daemon->soa_sn = now;
 #endif
+    }
  
 #ifdef HAVE_DHCP6
  if (daemon->dhcp6)
--- a/src/option.c
+++ b/src/option.c
@@ -1902,44 +1902,42 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
      }
      
    case LOPT_AUTHSERV: /* --auth-server */
-      if (!(comma = split(arg)))
-	ret_err(gen_err);
+      comma = split(arg);
      
      daemon->authserver = opt_string_alloc(arg);
-      arg = comma;
-      do {
-	struct iname *new = opt_malloc(sizeof(struct iname));
-	comma = split(arg);
-	new->name = NULL;
-	unhide_metas(arg);
-	if (inet_pton(AF_INET, arg, &new->addr.in.sin_addr) > 0)
-	  new->addr.sa.sa_family = AF_INET;
-#ifdef HAVE_IPV6
-	else if (inet_pton(AF_INET6, arg, &new->addr.in6.sin6_addr) > 0)
-	  new->addr.sa.sa_family = AF_INET6;
-#endif
-	else
-	  {
-	    char *fam = split_chr(arg, '/');
-	    new->name = opt_string_alloc(arg);
-	    new->addr.sa.sa_family = 0;
-	    if (fam)
-	      {
-		if (strcmp(fam, "4") == 0)
-		  new->addr.sa.sa_family = AF_INET;
-#ifdef HAVE_IPV6
-		else if (strcmp(fam, "6") == 0)
-		  new->addr.sa.sa_family = AF_INET6;
-#endif
-		else
-		  ret_err(gen_err);
-	      } 
-	  }
-	new->next = daemon->authinterface;
-	daemon->authinterface = new;
      
-	arg = comma;
-      } while (arg);
+      while ((arg = comma))
+	{
+	  struct iname *new = opt_malloc(sizeof(struct iname));
+	  comma = split(arg);
+	  new->name = NULL;
+	  unhide_metas(arg);
+	  if (inet_pton(AF_INET, arg, &new->addr.in.sin_addr) > 0)
+	    new->addr.sa.sa_family = AF_INET;
+#ifdef HAVE_IPV6
+	  else if (inet_pton(AF_INET6, arg, &new->addr.in6.sin6_addr) > 0)
+	    new->addr.sa.sa_family = AF_INET6;
+#endif
+	  else
+	    {
+	      char *fam = split_chr(arg, '/');
+	      new->name = opt_string_alloc(arg);
+	      new->addr.sa.sa_family = 0;
+	      if (fam)
+		{
+		  if (strcmp(fam, "4") == 0)
+		    new->addr.sa.sa_family = AF_INET;
+#ifdef HAVE_IPV6
+		  else if (strcmp(fam, "6") == 0)
+		    new->addr.sa.sa_family = AF_INET6;
+#endif
+		  else
+		    ret_err(gen_err);
+		} 
+	    }
+	  new->next = daemon->authinterface;
+	  daemon->authinterface = new;
+	};
            
      break;