The issue I am facing:
I am using Pi-hole v6 and I want to setup and SRV record. Is there any way to do this? I've found some old posts on the forum on how to do it, but they don't work. (link)
Should I add them in /etc/pihole/dnsmasq.conf?
The command
host -t srv _kerberos._udp.<domain>
returns
_kerberos._udp.<domain> has SRV record x x x <domain>
but
host -t srv _kerberos._tcp.<domain>
inexplicably returns
_kerberos._tcp.<domain> has SRV record x x x <domain>
even though I only specified "srv-host =_kerberos._udp,,x,x,x" in '/etc/dnsmasq.d/99-my-settings.conf'
When I run (in cmd)
nslookup
> set type = all
> _kerberos._udp.<domian>
returns
*** pi.hole can't find _kerberos._udp.<domain>.: Not implemented
I set up some local dns records and those work fine
nslookup
> set type = all
> something.<domain>
returns
something.<domain> internet address = 192.168.x.x
Details about my system:
Pi-hole-v6 running on Debian 12.2. I've installed cloudflared and set it as the upstream.
Custom records are set via the method outlined in the linked post. Pi-hole (ftl) is an extension of dnsmasq and any instructions for dnsmasq can be used directly.
The proper place for the records are in /etc/dnsmasq.d/, there is no file /etc/pihole/dnsmasq.conf and there should not be one.
To continue going forward with troubleshooting, please include the contents of the files that you are setting.
Can you also try nslookup -type=srv _kerberos._udp.<domain>
1 Like
And for documentation, here is a snippet from the dnsmasq example configuration:
# Change the following lines if you want dnsmasq to serve SRV
# records. These are useful if you want to serve ldap requests for
# Active Directory and other windows-originated DNS requests.
# See RFC 2782.
# You may add multiple srv-host lines.
# The fields are <name>,<target>,<port>,<priority>,<weight>
# If the domain part if missing from the name (so that is just has the
# service and protocol sections) then the domain given by the domain=
# config option is used. (Note that expand-hosts does not need to be
# set for this to work.)
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 389
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 389 (using domain=)
#domain=example.com
#srv-host=_ldap._tcp,ldapserver.example.com,389
# Two SRV records for LDAP, each with different priorities
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
# A SRV record indicating that there is no LDAP server for the domain
# example.com
#srv-host=_ldap._tcp.example.com
1 Like
Thank you so much for your quick response. I don't know why but it now works as it should (didn't touch it since yesterday).
There is a /etc/pihole/dnsmasq.conf.
# Pi-hole: A black hole for Internet advertisements
# (c) 2023 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
##################################################################################
# #
# FILE AUTOMATICALLY POPULATED BY PI-HOLE #
# ANY CHANGES MADE TO THIS FILE WILL BE LOST WHEN THE CONFIGURATION CHANGES #
# #
# IF YOU WISH TO CHANGE ANY OF THESE VALUES, CHANGE THEM IN #
# etc/pihole/pihole.toml #
# and restart pihole-FTL #
# #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
# #
# Last updated: 2023-10-26 08:02:52 #
# by FTL version vDev-8664165 #
# #
##################################################################################
addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list
# Don't read /etc/resolv.conf. Get upstream servers only from the configuration
no-resolv
# DNS port to be used
port=53
# List of upstream DNS server
server=127.0.0.1#5053
# Set the size of dnsmasq's cache. The default is 150 names. Setting the cache
# size to zero disables caching. Note: huge cache size impacts performance
cache-size=10000
etc.
There is another file '/etc/dnsmasq.conf.old'
conf-dir=/etc/dnsmasq.d
Apparently the cmd nslookup's set type=all does not include srv. If I do set type=all it returns not implemented, but set type=srv returns the desired result.
1 Like
Thanks, I skipped over the mention of version 6 where this file does exist.
EDIT: I altered below bc the target should not contain an IP but a domain name instead (with its own A or AAAA records to resolve to an IP address).
A bit late and that link of mine is a bit outdated because Pi-hole doesnt set 127.0.0.1 anymore as a local resolver in the file /etc/resolv.conf.
For posterity:
dehakkelaar@ph6b:~$ man dnsmasq
[..]
-W, --srv-host=<_service>.<_prot>.[<domain>],[<tar-
get>[,<port>[,<priority>[,<weight>]]]]
Return a SRV DNS record. See RFC2782 for details.
If not supplied, the domain defaults to that given
by --domain. The default for the target domain is
empty, and the default for port is one and the de-
faults for weight and priority are zero. Be careful
if transposing data from BIND zone files: the port,
weight and priority numbers are in a different or-
der. More than one SRV record for a given ser-
vice/domain is allowed, all that match are re-
turned.
dehakkelaar@ph6b:~$ sudo nano /etc/dnsmasq.d/99-my-settings.conf
srv-host=_http._tcp.home.web,target_domain,20080,10,1
dehakkelaar@ph6b:~$ pihole-FTL --test
dnsmasq: syntax check OK.
dehakkelaar@ph6b:~$ sudo systemctl reload pihole-FTL.service
dehakkelaar@ph6b:~$
dehakkelaar@ph6b:~$ nslookup -type=srv _http._tcp.home.web 127.0.0.1
Server: localhost
Address: 127.0.0.1#53
_http._tcp.home.web service = 10 1 20080 target_domain.
dehakkelaar@ph6b:~$ dig +short @127.0.0.1 _http._tcp.home.web srv
10 1 20080 target_domain.
As an example how its used to load balance APT mirrors (round robin):
dehakkelaar@ph6b:~$ dig +short _http._tcp.apt.xbian.org srv
10 1 80 xbian-apt.mirrorservice.org.
10 1 80 apt.xbian.org.
10 1 80 apt1.xbian.org.
1 Like