[Dnsmasq-discuss] dnsmasq works beautifully in our setup

Simon Kelley simon at thekelleys.org.uk
Thu Jan 25 14:19:29 GMT 2007


Carlos Carvalho wrote:
> Simon Kelley (simon at thekelleys.org.uk) wrote on 23 January 2007 20:36:
>  >Carlos Carvalho wrote:
>  >> This is just to say that dnsmasq is working very fine in our unusual
>  >> setup. Its feature set seems to have been written exactly for us :-)
>  >> 
>  >
>  >It would be interesting if you could share a few details with the list.
> 
> The department used a single class C address range but it's divided in
> several isolated vlans. Using a single range posed some limitations so
> I decided to change to different subnets. This is easy since the vlans
> are isolated. The problem is that a few servers must be accessible by
> everyone, thus they are in all vlans. Using different address ranges
> each server gets many IP's. However their names must remain the same in
> all vlans otherwise the users will be severely confused and bothered.
> It's easy to make a list
> 
> server1 ip1
> server1 ip2
> server1 ip3
> ...
> server2 ip...
> server2 ip...
> 
> but the dns must return to the client the single IP of the server that
> is in its vlan.
> 
> I looked at four dns packages: bind, djb, maradns and powerdns. The
> ones that implement the zone publisher/recursor in different programs
> are not suitable because localization is done in the publisher, which
> doesn't see the client address. One could use one instance for each
> vlan but there are about *70* of them, so this is out of question.
> maradns doesn't have localization, so we're left with using visions in
> bind... Well...
> 
> Then I found dnsmasq, which is incredibly suited to the task. It can
> read /etc/hosts or not, and use another file as well, polls for
> changes but can disable it, runs without being root, filters win*
> trash, does controllable caching, can send recursive queries to
> different servers... and binds only to the specified interfaces if
> desired, which allows one to run a recursor in the same machine.
> Further, after using it dns performance improved, and it's very small
> and fast. Here's the dns part config
> 
> no-hosts
> addn-hosts = /etc/dnsmasq/hosts
> log-queries  <--- important in the beginning to see what's going on!
> user = dnsmasq
> group = dnsmasq
> except-interface = lo
> except-interface = eth0
> bind-interfaces
> localise-queries
> bogus-priv
> filterwin2k
> no-resolv
> no-poll
> domain-needed
> cache-size = 1000
> local-ttl = 30
> server = 127.0.0.1
> local = /fisica.ufpr.br/
> 
> I don't use /etc/hosts because the vision from the server side is not
> the same as from the client's. Also, in dnsmasq/hosts I put all the
> addresses of each server.
> 
> It also does dhcp, which matched exactly my wish to abandon dhcpd,
> which works but is too big. dnsmasq misses some sophistications
> (according to Simon) like saving packet space, and this caused trouble
> with some clients here but I could work around it in the config. Also
> the configuration is not very user-friendly, but in my case it's
> created by a script from a table so this is not an issue. What's
> important is that it's very flexible so one has detailed control of
> what to send to the client.
> 
> I'm amazed at how well dnsmasq meets our needs. And it's even actively
> supported! 
> 

Thanks for that. It's amazing how it is possible to make something which
works is situations which I never thought about at the time. The secret,
I think, is just to try and make stuff as clean and general as possible.


Cheers,

Simon.

> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 




More information about the Dnsmasq-discuss mailing list