[Dnsmasq-discuss] dnsmasq works beautifully in our setup
Carlos Carvalho
carlos at fisica.ufpr.br
Wed Jan 24 19:06:36 GMT 2007
Simon Kelley (simon at thekelleys.org.uk) wrote on 23 January 2007 20:36:
>Carlos Carvalho wrote:
>> This is just to say that dnsmasq is working very fine in our unusual
>> setup. Its feature set seems to have been written exactly for us :-)
>>
>
>It would be interesting if you could share a few details with the list.
The department used a single class C address range but it's divided in
several isolated vlans. Using a single range posed some limitations so
I decided to change to different subnets. This is easy since the vlans
are isolated. The problem is that a few servers must be accessible by
everyone, thus they are in all vlans. Using different address ranges
each server gets many IP's. However their names must remain the same in
all vlans otherwise the users will be severely confused and bothered.
It's easy to make a list
server1 ip1
server1 ip2
server1 ip3
...
server2 ip...
server2 ip...
but the dns must return to the client the single IP of the server that
is in its vlan.
I looked at four dns packages: bind, djb, maradns and powerdns. The
ones that implement the zone publisher/recursor in different programs
are not suitable because localization is done in the publisher, which
doesn't see the client address. One could use one instance for each
vlan but there are about *70* of them, so this is out of question.
maradns doesn't have localization, so we're left with using visions in
bind... Well...
Then I found dnsmasq, which is incredibly suited to the task. It can
read /etc/hosts or not, and use another file as well, polls for
changes but can disable it, runs without being root, filters win*
trash, does controllable caching, can send recursive queries to
different servers... and binds only to the specified interfaces if
desired, which allows one to run a recursor in the same machine.
Further, after using it dns performance improved, and it's very small
and fast. Here's the dns part config
no-hosts
addn-hosts = /etc/dnsmasq/hosts
log-queries <--- important in the beginning to see what's going on!
user = dnsmasq
group = dnsmasq
except-interface = lo
except-interface = eth0
bind-interfaces
localise-queries
bogus-priv
filterwin2k
no-resolv
no-poll
domain-needed
cache-size = 1000
local-ttl = 30
server = 127.0.0.1
local = /fisica.ufpr.br/
I don't use /etc/hosts because the vision from the server side is not
the same as from the client's. Also, in dnsmasq/hosts I put all the
addresses of each server.
It also does dhcp, which matched exactly my wish to abandon dhcpd,
which works but is too big. dnsmasq misses some sophistications
(according to Simon) like saving packet space, and this caused trouble
with some clients here but I could work around it in the config. Also
the configuration is not very user-friendly, but in my case it's
created by a script from a table so this is not an issue. What's
important is that it's very flexible so one has detailed control of
what to send to the client.
I'm amazed at how well dnsmasq meets our needs. And it's even actively
supported!
More information about the Dnsmasq-discuss
mailing list