[Dnsmasq-discuss] [FEAT.REQ] Further localisation of --localise-queries

Alex Hermann alex-lists@waxy.kabel.utwente.nl
Tue, 26 Apr 2005 12:22:22 +0200 

Simon Kelley wrote:
> Alex Hermann wrote:
> 
>> Hello,
>>
>> when asked for the ip-address of the local machine dnsmasq is running 
>> on, is it possible to restrict dnsmasq to only give the ip address of 
>> the _interface_ the request came from. At the moment with 
>> --locallise-queries, dnsmasq returns all ip's corresponding to the 
>> _subnet_ the request came from.
>>
>>
>> If the request is unclear, here is an explanation by example:
>>
>> network layout:
>> every client is connected to an individual NIC on the server.
>>
>> netmask common for all NIC's: 192.168.1.255
> 
> That looks like a plausible broadcast address, not a netmask.
correct, my mistake

> The actual netmask is important for this.
255.255.255.0

>> server: eth0 192.168.1.1 <---> client1 : 192.168.1.101
>>         eth1 192.168.1.2 <---> client2 : 192.168.1.102
>>         eth2 192.168.1.3 <---> client3 : 192.168.1.103
>>         eth3 public ip   <---> inet
>>
>> All server ip's are in /etc/hosts
>>
>>
>> Current situation with --localise queries:
>>
>> client1 requests address of server, server returns all three local 
>> addresses (in random order).
>>
>>
>> Requested situation:
>>
>> client1 requests address of server, response to client1 is _only_ 
>> 192.168.1.1, to client2 _only_ 192.168.1.2, etc.
>>
> 
> This looks like a very strange setup: assuming that the netmask is _not_ 
> 255.255.255.255, then all of 192.168.1.101-103 are on the same subnet 
correct

> and belong to the same host.
wrong.  192.168.101-192.168.103 are separate machines, the clients. They are 
individually connected via cross-link cables to their corresponding nic on the 
server as listed above.

I want client1 (192.168.1.101) when it asks the dns for the address of the 
server to get only 192.168.1.1 as a response as that is the ip on the server 
where client1 is connected to. client2 should only get 192.168.1.2 as 
response. In the current version, client1 also gets 192.168.1.2/3 as a response.


 > Isn't that an implied promise that all three are equivalent?
> 
> I'm trying to understand what this configuration achieves which a more 
> conventional one doesn't.

I'd like all clients to be in the same subnet while connecting them without 
switches/hubs to the server. The server is acting as switch and forwarding the 
packets between clients. Static /etc/hosts on the clients is not an option 
because it is not known a-priori which client is connected to which nic on the 
server.

For security reasons, the server may only react on packets where the 
destination-ip corresponds to the nic the packet arrives at. With the current 
behaviour of dnsmasq, it may give client1 192.168.1.2 as the address of the 
server instead of 192.168.1.1. As client1 is connected to 192.168.1.1 on the 
server, it cannot communicate with the server by using the address 192.168.1.2.



Alex.