[Dnsmasq-discuss] DNSmasq on a VPS instead of bind

Carl marsepein at gmail.com
Fri Jan 5 20:45:43 GMT 2007 

On 1/5/07, Aaron J Weber <aweber at comcast.net> wrote:
> dnsmasq will be a lot more lightweight to configure/install/maintain (by
> far, IMHO).

Also as far as memory-use and security go, you think?

> For the first two bullets, I've found that setting up a resolv.dnsmasq file
> (in /etc) with the name of the "upstream servers" -- the three external
> IP-Addresses you reference in your first bullet.  It's basically your
> current resolv.conf with the name changed.
>
> Then set your actual resolv.conf to:
> nameserver 127.0.0.1
>
> And set the "resolv-file=/etc/resolv.dnsmasq" in the
> dnsmasq.conf file.

Yes, I got that, but I also read you wouldn't even need the dnsmasq
resolv file, and put them straight in the config? Then I read on, but
never saw it mentioned further, as in:

 # If you don't want dnsmasq to read /etc/resolv.conf or any other
 # file, getting its servers from this file instead (see below), then
 # uncomment this
 #no-resolv

So where is 'see below' ? I could not find it. It indeed seems silly
to have to resort to separate files for only 2 or 3 IP-addresses that
rarely change, if at all.

> This should keep you from the round-trips -- your localhost should look to
> dnsmasq first for name resolution, and if dnsmasq doesn't find it in the
> cache, dhcp leases (if feature-used), (or in your configured hosts files,
> etc.) it'll then go to the upstream nameservers.  If I understood the
> questions correctly! ;)

Well not entirely. Say the mail-server sends mail to an internal
domain, for which I use the same server, shouldn't it stick with
127.0.0.1 instead of even looking for public IP's?
How do I tell this machine or dnsmasq these domains are local?
Or should I use those Alias options for their IP-addresses?

So should I use this :

# Add domains which you want to force to an IP address here.
# The example below send any host in doubleclick.net to a local
# webserver.
#address=/doubleclick.net/127.0.0.1

(and how do I enter more names and more IPs?)

or this :

# If you want to fix up DNS results from upstream servers, use the
# alias option. This only works for IPv4.
# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
alias=the.outside.ip.address,127.0.0.1

?

Or does dnsmasq use /etc/hosts for that?

# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
#no-hosts
?
By the way, it gets more complicated:

What do I put in the hosts file for each of the served domains?

  127.0.0.1   domain.org  otherdomain.net  localhost localhost.localdomain

or do I also need to add

  some.public.ip.address   domain.org
  some.public.ip.address   otherdomain.net

?



> As for being on the internet, your iptables should keep name-resolution
> requests (port 53, right?) blocked from the internet interface, but you can
> also set an ignore for that NIC/interface in the config file to be sure.

Do I use this for that :

# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
#listen-address=

And then only set

listen-address=127.0.0.1

? Or will something go wrong there?

To me there seem to be a thousand ways to Rome, but I am at a loss
about what actually happens, and mainly looking for the fastest
method, using the least memory/cpu-resources.

Hope to see some more advice,

thanks!

Carl

More information about the Dnsmasq-discuss mailing list