[Dnsmasq-discuss] looking up 'dotless' names in two domains

Simon Kelley simon at thekelleys.org.uk
Fri Jun 15 18:08:23 BST 2007

Paul Chambers wrote:
> I may be having a 'blond' day, so forgive me if this is a dumb question...
> I have dnsmasq set up with a fairly conventional config. I currently 
> have expand-hosts enabled, and 'domain' set up for my local domain.
> I also have a VPN connection I use some of the time, and have a few 
> strategic 'server' lines to forward queries for hosts in my employer's 
> domain to the internal nameservers, since many servers are 'internal' to 
> that network and won't resolve otherwise.
> I have two problems:
> a) if something attempts to resolve a host in my employer's domain, and 
> the VPN connection isn't up, then the lookup fails, even if that host 
> may also have a 'public' DNS record/IP address. Typical scenario is 
> sending an email to a co-worker. The VPN connection is not normally up, 
> and even when it is, it will be closed by the remote end after a few 
> hours. I could stick explicit 'address' entries in for the mail server, 
> like I've already had to do to resolve the VPN server address. But that 
> seems like a workaround, not a solution. What I'd really like is a more 
> dynamic setup, something like the support for the ppp daemon's 
> resolv.conf rewriting, but much smarter. For example, being able to say 
> these server/address statements are conditional on a particular 
> interface being up, or a specific route being available (I'd prefer the 
> latter).

This is good stuff, and I'm aware of several different people working 
one it. (Gentoo has a really clever "resolvconf" package, based on the 
Debian resolvconf work, and Martin krafft's Debian netconf work is 
looking at it. Because it needs to be flexible, I don't see it as a 
direct dnsmasq thing: dnsmasq needs to have hooks to allow it's 
behaviour to be changed by the network config system as the networks 
change, but the policy and mechanism are outside dnsmasq.
That's not really an immediate solutuion, more a "watch this space".

> b) the default domain suffix is different for this network, and several 
> of my employer's web servers insist on redirecting to absolute HTTP URLs 
> with the 'dotless' name (Sharepoint in particular). dnsmasq takes the 
> dotless name and adds my domain to it, and the lookup fails because it's 
> in my employer's domain. I'd like to be able to configure dnsmasq to try 
> the 'dotless' search against more than one domain. Preferably in 
> conjunction with the 'dynamic' support above. I may have to turn 
> 'expand-hosts' off and add explicit entries in /etc/hosts to work around 
> this, which is a pretty ugly solution.

I'd love to be able to do this, but I'm help back by a stupid design 
decision about the format of the DHCP leases file taken long ago. 
Without changing that, and breaking backwards compatibility, it's 
difficult do. You problem might be fixable by using the "search" 
facility in the resolver. See man resolv.conf for details of that.



> None of this is exactly life-threatening, but given how trouble-free and 
> elegant dnsmasq is in other areas, this stands out all the more.
> Paul
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list