[Dnsmasq-discuss] [Feature Request?] Per-Domain resolv.conf

Paul Chambers bod at bod.org
Wed Sep 26 05:55:25 BST 2007


I have a very similar situation, and am also using vpnc. Since the 
rekeying stuff doesn't work for me, and I've never found a good 
connect-on-demand solution that didn't assume that there was dialup 
modem intimately involved, my vpn connection drops after a few hours, 
and manual intervention is required to bring it back up.

I haven't actually tried it yet, but one thing that came up in my 
research is pdnsd, a DNS proxy that has features that test whether an 
interface is up (see 'uptest='), and can use a resolv.conf-style file to 
set the nameservers to query (see 'file='):

http://www.phys.uu.nl/~rombouts/pdnsd/doc.html

I'm thinking of having dnsmasq use a local pdnsd instance only for my 
employer's domain. There's certainly overlap between the capabilities of 
dnsmasq and pdnsd, but there's plenty of functionality that isn't - I 
see the two as complimentary. dnsmasq is also actively developed and 
supported by Simon, and I get the distinct impression that pdnsd doesn't 
enjoy the same attention.

As I said, haven't subjected it to the acid test myself yet, but might 
be worth a look.

It'd be nice if Simon would consider adding similar features to dnsmasq, 
but he didn't seem too receptive when I brought it up before (which is 
his prerogative, I'm not complaining). I'm not even sure if I created 
and submitted a patch if he'd consider incorporating it (I haven't asked).

Paul

Thomas Stephens wrote:
> Hello. I am using dnsmasq locally on my computer to solve a split-dns
> problem with the vpnc VPN client. I've got it working, but it's very
> hackish. The setup is:
>
> When I log into my company's VPN, I need to be able to resolve company
> hostnames. This is done by querying the DNS servers which are sent to
> vpnc. The problem is, they only resolve internal names. Normally,
> using resolvconf, vpnc will concatenate my external and internal
> nameservers. However, since they are all "up" the first one queried
> will respond, but will respond with host-not-found if it's the public
> DNS and an internal name, or vice-versa.
>
> I got around the problem by adding a server= line to dnsmasq.conf for
> each of the nameservers. For the public nameserver, I did not specify
> a domain, but for the VPN name servers, I had to specify the domain as
> mycompany.com.
>
> This mostly works, but there are some problems:
>
> 1) If my company decides to change DNS server IP addresses, I've gotta
> change the dnsmasq config file.
>
> 2) When I'm not logged into VPN, all accesses to my company's domain
> (i.e. www.mycompany.com) fail, even if they are accessible outside the
> VPN.
>
> 3) corollary: I have to manually specify the address of the vpn
> connection gateway with an address directive. If this IP changes I
> must, again, change the dnsmasq.conf file.
>
> The solution I'd like to implement is this: point dnsmasq at a
> resolv.conf for the default nameserver, as well as a resolv.conf for
> the VPN. When I connect with vpnc, the vpn-resolv.conf gets written,
> and when I disconnect it gets deleted or cleared (this part I've
> already implemented).
>
> I would then tell dnsmasq that the vpn-resolv.conf file is only to be
> used for mycompany.com domain names (either with syntax like
> resolv-file=/mycompany.com/vpn-resolv.conf or by having dnsmasq read
> the domain field of the resolv.conf file). This way, when the
> vpn-resolv.conf file is filled in (I'm connected to the VPN), internal
> names get resolved. When I'm not connected, all requests go to the
> default DNS.
>
> If this is already possible through some other mechanism, please let
> me know. I'm using dnsmasq 2.40 in Debian unstable.
>
> Thanks,
> Thomas
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>   



More information about the Dnsmasq-discuss mailing list