[Dnsmasq-discuss] looking up 'dotless' names in two domains
bod at bod.org
Sun Jun 17 17:29:22 BST 2007
Simon Kelley wrote:
> Paul Chambers wrote:
>> I may be having a 'blond' day, so forgive me if this is a dumb
>> I have dnsmasq set up with a fairly conventional config. I currently
>> have expand-hosts enabled, and 'domain' set up for my local domain.
>> I also have a VPN connection I use some of the time, and have a few
>> strategic 'server' lines to forward queries for hosts in my
>> employer's domain to the internal nameservers, since many servers are
>> 'internal' to that network and won't resolve otherwise.
>> I have two problems:
>> a) if something attempts to resolve a host in my employer's domain,
>> and the VPN connection isn't up, then the lookup fails, even if that
>> host may also have a 'public' DNS record/IP address. Typical scenario
>> is sending an email to a co-worker. The VPN connection is not
>> normally up, and even when it is, it will be closed by the remote end
>> after a few hours. I could stick explicit 'address' entries in for
>> the mail server, like I've already had to do to resolve the VPN
>> server address. But that seems like a workaround, not a solution.
>> What I'd really like is a more dynamic setup, something like the
>> support for the ppp daemon's resolv.conf rewriting, but much smarter.
>> For example, being able to say these server/address statements are
>> conditional on a particular interface being up, or a specific route
>> being available (I'd prefer the latter).
> This is good stuff, and I'm aware of several different people working
> one it. (Gentoo has a really clever "resolvconf" package, based on the
> Debian resolvconf work, and Martin krafft's Debian netconf work is
> looking at it. Because it needs to be flexible, I don't see it as a
> direct dnsmasq thing: dnsmasq needs to have hooks to allow it's
> behaviour to be changed by the network config system as the networks
> change, but the policy and mechanism are outside dnsmasq.
> That's not really an immediate solutuion, more a "watch this space".
I came across 'pdnsd', which looks like it might do the trick (at least
on paper). Outside of being a DNS cache, it's very limited, so I'd end
up using dnsmasq and pdnsd together.
Does anyone on the list have experience with pdnsd? positive or negative?
>> b) the default domain suffix is different for this network, and
>> several of my employer's web servers insist on redirecting to
>> absolute HTTP URLs with the 'dotless' name (Sharepoint in
>> particular). dnsmasq takes the dotless name and adds my domain to it,
>> and the lookup fails because it's in my employer's domain. I'd like
>> to be able to configure dnsmasq to try the 'dotless' search against
>> more than one domain. Preferably in conjunction with the 'dynamic'
>> support above. I may have to turn 'expand-hosts' off and add explicit
>> entries in /etc/hosts to work around this, which is a pretty ugly
> I'd love to be able to do this, but I'm help back by a stupid design
> decision about the format of the DHCP leases file taken long ago.
> Without changing that, and breaking backwards compatibility, it's
> difficult do.
But that's only a one-time hit for someone upgrading, isn't it? surely
no-one else is dependent on the format of the leases file?
> You problem might be fixable by using the "search" facility in the
> resolver. See man resolv.conf for details of that.
It could be made to work for localhost, but usually I need to get to
those sites with a Windows machine on the network (since Microsoft
technologies work so well with other browsers... ;)
More information about the Dnsmasq-discuss