[Dnsmasq-discuss] split DNS, multiple --local entries and secondary DNS

Simon Kelley simon at thekelleys.org.uk
Thu May 24 09:50:58 BST 2007


Martijn Brinkers (List) wrote:
> Hi,
> 
> Background:
> 
> A company has a split DNS ie. they have an internal DNS containing only
> records for private internal domains and an external DNS containing only
> public records. Normally you would have the internal DNS forward unknown
> requests to the external DNS but that's not possible in this situation.
> 
> Problem:
> 
> The problem is that our machine need to lookup internal private domains as
> well as external public domains. It seems this is not possible with the
> default Linux resolvers because when a DNS server reports a negative result
> the secondary DNS is never queried (which is normal). 
> The way we solved it is by using the following DNSMasq option:
> 
> -S, --local,
> --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source>[#<port>]]]
> 
> We can now specify that lookups for an internal domain should go to the
> internal DNS server and lookups for an external domain will go to the
> default external DNS servers.
> 
> This seems to fix the split DNS problem. We only have one problem left.
> There are two internal DNS servers. The primary and the secondary. When the
> primary internal DNS stops answering queries all internal requests should go
> to the secondary internal DNS server.
> 
> What we have tried is to add multiple 'local' options with the same domain
> but with a different <ipaddr> but this seems not to work. Only the first
> entry is used and if the lookup fails it does not try the secondary internal
> DNS server but falls back on the external DNS.
> 
> 
> Can someone help me to get this working? Or is this an impossible request?
> 

It should work, but it's a rare use case on some old and knarly code, so
a bug is certainly possible.

Note that the behaviour for servers with a domain is different to
"domainless" servers: servers with a domain will always attempt to use
servers in the same order, so if the first server is down, there might
be a delay before the second server is used. "domainless" servers have a
system to optimise choosing the first server.

This certainly isn't an impossible request: if it turns out to broken
I'm happy to fix the bug.


Cheers,

Simon.

> 
> Martijn Brinkers
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 




More information about the Dnsmasq-discuss mailing list