[Dnsmasq-discuss] [Feature Request?] Per-Domain resolv.conf
bod at bod.org
Wed Sep 26 05:55:25 BST 2007
I have a very similar situation, and am also using vpnc. Since the
rekeying stuff doesn't work for me, and I've never found a good
connect-on-demand solution that didn't assume that there was dialup
modem intimately involved, my vpn connection drops after a few hours,
and manual intervention is required to bring it back up.
I haven't actually tried it yet, but one thing that came up in my
research is pdnsd, a DNS proxy that has features that test whether an
interface is up (see 'uptest='), and can use a resolv.conf-style file to
set the nameservers to query (see 'file='):
I'm thinking of having dnsmasq use a local pdnsd instance only for my
employer's domain. There's certainly overlap between the capabilities of
dnsmasq and pdnsd, but there's plenty of functionality that isn't - I
see the two as complimentary. dnsmasq is also actively developed and
supported by Simon, and I get the distinct impression that pdnsd doesn't
enjoy the same attention.
As I said, haven't subjected it to the acid test myself yet, but might
be worth a look.
It'd be nice if Simon would consider adding similar features to dnsmasq,
but he didn't seem too receptive when I brought it up before (which is
his prerogative, I'm not complaining). I'm not even sure if I created
and submitted a patch if he'd consider incorporating it (I haven't asked).
Thomas Stephens wrote:
> Hello. I am using dnsmasq locally on my computer to solve a split-dns
> problem with the vpnc VPN client. I've got it working, but it's very
> hackish. The setup is:
> When I log into my company's VPN, I need to be able to resolve company
> hostnames. This is done by querying the DNS servers which are sent to
> vpnc. The problem is, they only resolve internal names. Normally,
> using resolvconf, vpnc will concatenate my external and internal
> nameservers. However, since they are all "up" the first one queried
> will respond, but will respond with host-not-found if it's the public
> DNS and an internal name, or vice-versa.
> I got around the problem by adding a server= line to dnsmasq.conf for
> each of the nameservers. For the public nameserver, I did not specify
> a domain, but for the VPN name servers, I had to specify the domain as
> This mostly works, but there are some problems:
> 1) If my company decides to change DNS server IP addresses, I've gotta
> change the dnsmasq config file.
> 2) When I'm not logged into VPN, all accesses to my company's domain
> (i.e. www.mycompany.com) fail, even if they are accessible outside the
> 3) corollary: I have to manually specify the address of the vpn
> connection gateway with an address directive. If this IP changes I
> must, again, change the dnsmasq.conf file.
> The solution I'd like to implement is this: point dnsmasq at a
> resolv.conf for the default nameserver, as well as a resolv.conf for
> the VPN. When I connect with vpnc, the vpn-resolv.conf gets written,
> and when I disconnect it gets deleted or cleared (this part I've
> already implemented).
> I would then tell dnsmasq that the vpn-resolv.conf file is only to be
> used for mycompany.com domain names (either with syntax like
> resolv-file=/mycompany.com/vpn-resolv.conf or by having dnsmasq read
> the domain field of the resolv.conf file). This way, when the
> vpn-resolv.conf file is filled in (I'm connected to the VPN), internal
> names get resolved. When I'm not connected, all requests go to the
> default DNS.
> If this is already possible through some other mechanism, please let
> me know. I'm using dnsmasq 2.40 in Debian unstable.
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
More information about the Dnsmasq-discuss