[Dnsmasq-discuss] DNSmasq on a VPS instead of bind
Carl
marsepein at gmail.com
Fri Jan 5 20:45:43 GMT 2007
On 1/5/07, Aaron J Weber <aweber at comcast.net> wrote:
> dnsmasq will be a lot more lightweight to configure/install/maintain (by
> far, IMHO).
Also as far as memory-use and security go, you think?
> For the first two bullets, I've found that setting up a resolv.dnsmasq file
> (in /etc) with the name of the "upstream servers" -- the three external
> IP-Addresses you reference in your first bullet. It's basically your
> current resolv.conf with the name changed.
>
> Then set your actual resolv.conf to:
> nameserver 127.0.0.1
>
> And set the "resolv-file=/etc/resolv.dnsmasq" in the
> dnsmasq.conf file.
Yes, I got that, but I also read you wouldn't even need the dnsmasq
resolv file, and put them straight in the config? Then I read on, but
never saw it mentioned further, as in:
# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this
#no-resolv
So where is 'see below' ? I could not find it. It indeed seems silly
to have to resort to separate files for only 2 or 3 IP-addresses that
rarely change, if at all.
> This should keep you from the round-trips -- your localhost should look to
> dnsmasq first for name resolution, and if dnsmasq doesn't find it in the
> cache, dhcp leases (if feature-used), (or in your configured hosts files,
> etc.) it'll then go to the upstream nameservers. If I understood the
> questions correctly! ;)
Well not entirely. Say the mail-server sends mail to an internal
domain, for which I use the same server, shouldn't it stick with
127.0.0.1 instead of even looking for public IP's?
How do I tell this machine or dnsmasq these domains are local?
Or should I use those Alias options for their IP-addresses?
So should I use this :
# Add domains which you want to force to an IP address here.
# The example below send any host in doubleclick.net to a local
# webserver.
#address=/doubleclick.net/127.0.0.1
(and how do I enter more names and more IPs?)
or this :
# If you want to fix up DNS results from upstream servers, use the
# alias option. This only works for IPv4.
# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
alias=the.outside.ip.address,127.0.0.1
?
Or does dnsmasq use /etc/hosts for that?
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
#no-hosts
?
By the way, it gets more complicated:
What do I put in the hosts file for each of the served domains?
127.0.0.1 domain.org otherdomain.net localhost localhost.localdomain
or do I also need to add
some.public.ip.address domain.org
some.public.ip.address otherdomain.net
?
> As for being on the internet, your iptables should keep name-resolution
> requests (port 53, right?) blocked from the internet interface, but you can
> also set an ignore for that NIC/interface in the config file to be sure.
Do I use this for that :
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
#listen-address=
And then only set
listen-address=127.0.0.1
? Or will something go wrong there?
To me there seem to be a thousand ways to Rome, but I am at a loss
about what actually happens, and mainly looking for the fastest
method, using the least memory/cpu-resources.
Hope to see some more advice,
thanks!
Carl
More information about the Dnsmasq-discuss
mailing list