[Dnsmasq-discuss] local=/lan/127.0.0.1 behavior
simon at thekelleys.org.uk
Tue May 1 19:57:46 BST 2007
David Ehrmann wrote:
> If I sent this already, I apologize. I checked, but couldn't find it in
> the archive. I had a little trouble signing up for the mailing list.
> I have two networks that are connected via a vpn tunnel. I wanted both
> of them to be able to look up hosts in each other, so I played around
> with the dnsmasq config file, and this seemed to work:
> (on the other host, the 10.16.1.1 line has a different IP)
> First, why does the 127.0.0.1 work? I think I tried without that, and
> names on the other end didn't resolve. That, and should it cause an
> infinite loop, since dnsmasq is already my nameserver?
dnsmasq has code to detect when it's being asked to use itself as a
server and reject the server. This is mainly useful when people take a
shortcut and put 127.0.0.1 as the first nameserver in /etc/resolv.conf
so that everything else uses dnsmasq, and the real servers further down
which get used by dnsmasq.
I'm not quite sure what you're trying to do with the local= lines: local
is equivalent to address=, so that you'll be resolving everything in the
.lan domain to 127.0.0.1 or 10.16.1.1. It's not defined which one when
both match, so it's not particulary useful to have two.
> Why does it mostly work without the // entry? My guess is that since
> isc-dhcpd is set to tell hosts they're in .lan, they append it
> automatically when pinging.
> Is the order of the local statements the order servers are queried? I
> certainly want to query the local network's server first, especially if
> the tunnel is down.
> One host without a dhcp lease can't ping foo, it has to ping foo.lan.
> Would local=//127.0.0.1 and local=//10.16.1.1 entries fix that?
The best way to do this is to have two domains, and redirect queries using
server=/domain1/<address of server on net1>
server=/domain2/<address of server on net2>
for net 1
You can use the search parameter in /etc/resolv.conf to make the
resolver try names on both domains if you don't want them to be visible.
More information about the Dnsmasq-discuss