[Dnsmasq-discuss] DNSmasq on a VPS instead of bind

Carl marsepein at gmail.com
Sat Jan 6 01:47:32 GMT 2007 

Some followup issues:

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
listen-address=127.0.0.1

# If you want dnsmasq to provide only DNS service on an interface,
# configure it as shown above, and then use the following line to
# disable DHCP on it.
#no-dhcp-interface=

In the above, what do I do?

I have two physical network interfaces on the machine:

venet0:0 ... inet addr: 88.1x.2x.8x
venet0:1 ... inet addr: 88.1x.2x.9x

they are both connected to the world and should not allow requests
from the outside going in (the other way around is of course needed
for cacheing).

Then I have the one non-physical interface, 127.0.0.1 i.e. localhost.

Which one do I enter what way in the interfaces config?

I also need none of them to echo anything on DHCP.
Can I disable DHCP for dnsmasq entirely with a switch?

And then, also: Carlos Carvalho <carlos at fisica.ufpr.br> wrote:

> Yes, use no-resolv and no-poll, plus server = <ipaddr> in the config.
> If you want certain domains answered by certain servers you can do
> server = /domain/<ipaddr>.

What is the syntax for 3 addresses? (This is not very clear to me
from the manual or example config. How should the user know what
the devloper likes to use? I for one see this "/" used for the first time.)

Is this what it should look like:

server = /1.2.3.4/2.3.4.5/3.4.5.6

?

> You have to tell the MTA which domains the machine responsible for,
> and then it won't look anywhere and do local delivery directly. The
> dns (whatever it is) is not the place to do this.

Not only MTAs, there are virus and spamfilters etc.
many applications that can throw in a local domain,
and then - to me anyway - it's unclear what happens
with the resolving if it's a local domain.
If it resolves to the public IP, will it then go through the NIC and back?
What physical routes do the packets actually take?

>  ># Add domains which you want to force to an IP address here.
>  ># The example below send any host in doubleclick.net to a local
>  ># webserver.
>  >#address=/doubleclick.net/127.0.0.1
>  >
>  >(and how do I enter more names and more IPs?)
>
> Use other address lines but as I said I don't recommend in this case.

OK, so the /etc/hosts file does that.

>  >listen-address=127.0.0.1
>
> That's fine.

But does that suffice? Will it block DNS requests from outside?
I never really understood that, since packets simply go straight
from the NIC address to localhost. At what layer does dnsmasq
'block' queries? Does it function as a software firewall in that regard?

Thanks for your interest in my noob dnsmasq questions.

Crl

More information about the Dnsmasq-discuss mailing list