[Dnsmasq-discuss] local=/lan/ behavior

Simon Kelley simon at thekelleys.org.uk
Tue May 1 19:57:46 BST 2007

David Ehrmann wrote:
> If I sent this already, I apologize.  I checked, but couldn't find it in 
> the archive.  I had a little trouble signing up for the mailing list. 
> Anyway...
> I have two networks that are connected via a vpn tunnel.  I wanted both
> of them to be able to look up hosts in each other, so I played around
> with the dnsmasq config file, and this seemed to work:
> domain-needed
> bogus-priv
> filterwin2k
> localise-queries
> local=/lan/
> local=/lan/
> domain=lan
> expand-hosts
> dhcp-leasefile=/tmp/dhcpd.leases
> (on the other host, the line has a different IP)
> First, why does the work?  I think I tried without that, and
> names on the other end didn't resolve.  That, and should it cause an
> infinite loop, since dnsmasq is already my nameserver?

dnsmasq has code to detect when it's being asked to use itself as a 
server and reject the server. This is mainly useful when people take a 
shortcut and put as the first nameserver in /etc/resolv.conf 
so that everything else uses dnsmasq, and the real servers further down 
which get used by dnsmasq.

I'm not quite sure what you're trying to do with the local= lines: local 
is equivalent to address=, so that you'll be resolving everything in the 
.lan domain to or It's not defined which one when 
both match, so it's not particulary useful to have two.

> Why does it mostly work without the // entry?  My guess is that since
> isc-dhcpd is set to tell hosts they're in .lan, they append it
> automatically when pinging.
> Is the order of the local statements the order servers are queried?  I
> certainly want to query the local network's server first, especially if
> the tunnel is down.
> One host without a dhcp lease can't ping foo, it has to ping foo.lan.
> Would local=// and local=// entries fix that?
> Thanks-

The best way to do this is to have two domains, and redirect queries using

server=/domain1/<address of server on net1>

for net2


server=/domain2/<address of server on net2>

for net 1

You can use the search parameter in /etc/resolv.conf to make the 
resolver try names on both domains if you don't want them to be visible.



More information about the Dnsmasq-discuss mailing list