[Dnsmasq-discuss] looking up 'dotless' names in two domains

Paul Chambers bod at bod.org
Sun Jun 17 17:29:22 BST 2007

Simon Kelley wrote:
> Paul Chambers wrote:
>> I may be having a 'blond' day, so forgive me if this is a dumb 
>> question...
>> I have dnsmasq set up with a fairly conventional config. I currently 
>> have expand-hosts enabled, and 'domain' set up for my local domain.
>> I also have a VPN connection I use some of the time, and have a few 
>> strategic 'server' lines to forward queries for hosts in my 
>> employer's domain to the internal nameservers, since many servers are 
>> 'internal' to that network and won't resolve otherwise.
>> I have two problems:
>> a) if something attempts to resolve a host in my employer's domain, 
>> and the VPN connection isn't up, then the lookup fails, even if that 
>> host may also have a 'public' DNS record/IP address. Typical scenario 
>> is sending an email to a co-worker. The VPN connection is not 
>> normally up, and even when it is, it will be closed by the remote end 
>> after a few hours. I could stick explicit 'address' entries in for 
>> the mail server, like I've already had to do to resolve the VPN 
>> server address. But that seems like a workaround, not a solution. 
>> What I'd really like is a more dynamic setup, something like the 
>> support for the ppp daemon's resolv.conf rewriting, but much smarter. 
>> For example, being able to say these server/address statements are 
>> conditional on a particular interface being up, or a specific route 
>> being available (I'd prefer the latter).
> This is good stuff, and I'm aware of several different people working 
> one it. (Gentoo has a really clever "resolvconf" package, based on the 
> Debian resolvconf work, and Martin krafft's Debian netconf work is 
> looking at it. Because it needs to be flexible, I don't see it as a 
> direct dnsmasq thing: dnsmasq needs to have hooks to allow it's 
> behaviour to be changed by the network config system as the networks 
> change, but the policy and mechanism are outside dnsmasq.
> That's not really an immediate solutuion, more a "watch this space".
I came across 'pdnsd', which looks like it might do the trick (at least 
on paper). Outside of being a DNS cache, it's very limited, so I'd end 
up using dnsmasq and pdnsd together.

Does anyone on the list have experience with pdnsd? positive or negative?
>> b) the default domain suffix is different for this network, and 
>> several of my employer's web servers insist on redirecting to 
>> absolute HTTP URLs with the 'dotless' name (Sharepoint in 
>> particular). dnsmasq takes the dotless name and adds my domain to it, 
>> and the lookup fails because it's in my employer's domain. I'd like 
>> to be able to configure dnsmasq to try the 'dotless' search against 
>> more than one domain. Preferably in conjunction with the 'dynamic' 
>> support above. I may have to turn 'expand-hosts' off and add explicit 
>> entries in /etc/hosts to work around this, which is a pretty ugly 
>> solution.
> I'd love to be able to do this, but I'm help back by a stupid design 
> decision about the format of the DHCP leases file taken long ago. 
> Without changing that, and breaking backwards compatibility, it's 
> difficult do.
But that's only a one-time hit for someone upgrading, isn't it? surely 
no-one else is dependent on the format of the leases file?
> You problem might be fixable by using the "search" facility in the 
> resolver. See man resolv.conf for details of that.
It could be made to work for localhost, but usually I need to get to 
those sites with a Windows machine on the network (since Microsoft 
technologies work so well with other browsers... ;)


More information about the Dnsmasq-discuss mailing list