dnsmasq secondary dns

[koenraadl]

Hi,
I have a number of subnets, connected via VPN. works OK. All those subnets have an opnsense router.
On one of those subnets, I have a server (windows-server 2019) that needs to access the Windows-PC's on all subnets. It's a two step process : the server first scans those subnets. In that step it collects the FQDN of the PC's. That works OK.
But the second step is problematic : it tries to access those devices via FQDN. The opnsense-router on the server's subnet has no idea about the FQDN of the other subnets.
So, on a test-network I configured opnsense and a client.
On opnsense I setup dnsmasq and configured it to get the names of the local devices via dhcp, with some static dns-entries. Local dns-queries are OK. Queries for the Internet also work fine.
Next I tried to configure dnsmasq to be able to send the dns-data to that server's dns-server acting as a secondary dns-server. I got that working, but then the dns-queries to the outside internet do not work any more.
I added a file to /usr/local/etc/dnsmasq.conf.d/ (like the manual of dnsmasq says) containing this :

Code Select Expand

auth-server=opnsense2.test2.mylan.lan,em1
auth-zone=test2.mylan.lan,10.0.2.0/32
auth-peer=10.0.2.100 # <- client's IP
auth-sec-servers=opnsense1.test1.mylan.lan
host-record=opnsense2.test2.mylan.lan,10.0.2.1

From the client, without that file, I can

Code Select Expand

host www.gmail.com 10.0.2.1
With that file

Code Select Expand

host www.gmail.com 10.0.2.1
does not give a result, but

Code Select Expand

dig -t axfr test1.mylan.lan @10.0.2.1
works.
Also

Code Select Expand

host opnsense2.test1.mylan.lan 10.0.2.1
works fine.

Any suggestion what I'm doing wrong ? Or what to do to get what I want. I'm thinking of installing bind9 but that's a last option.

TIA,
Koenraad