[Dnsmasq-discuss] [Feature Request?] Per-Domain resolv.conf

Thomas Stephens spiralman at gmail.com
Tue Sep 25 23:39:03 BST 2007

Hello. I am using dnsmasq locally on my computer to solve a split-dns
problem with the vpnc VPN client. I've got it working, but it's very
hackish. The setup is:

When I log into my company's VPN, I need to be able to resolve company
hostnames. This is done by querying the DNS servers which are sent to
vpnc. The problem is, they only resolve internal names. Normally,
using resolvconf, vpnc will concatenate my external and internal
nameservers. However, since they are all "up" the first one queried
will respond, but will respond with host-not-found if it's the public
DNS and an internal name, or vice-versa.

I got around the problem by adding a server= line to dnsmasq.conf for
each of the nameservers. For the public nameserver, I did not specify
a domain, but for the VPN name servers, I had to specify the domain as

This mostly works, but there are some problems:

1) If my company decides to change DNS server IP addresses, I've gotta
change the dnsmasq config file.

2) When I'm not logged into VPN, all accesses to my company's domain
(i.e. www.mycompany.com) fail, even if they are accessible outside the

3) corollary: I have to manually specify the address of the vpn
connection gateway with an address directive. If this IP changes I
must, again, change the dnsmasq.conf file.

The solution I'd like to implement is this: point dnsmasq at a
resolv.conf for the default nameserver, as well as a resolv.conf for
the VPN. When I connect with vpnc, the vpn-resolv.conf gets written,
and when I disconnect it gets deleted or cleared (this part I've
already implemented).

I would then tell dnsmasq that the vpn-resolv.conf file is only to be
used for mycompany.com domain names (either with syntax like
resolv-file=/mycompany.com/vpn-resolv.conf or by having dnsmasq read
the domain field of the resolv.conf file). This way, when the
vpn-resolv.conf file is filled in (I'm connected to the VPN), internal
names get resolved. When I'm not connected, all requests go to the
default DNS.

If this is already possible through some other mechanism, please let
me know. I'm using dnsmasq 2.40 in Debian unstable.


More information about the Dnsmasq-discuss mailing list