[Dnsmasq-discuss] DNS redundant queries to internet and extranet

Arno Wald arno.wald at netcologne.de
Sun Jun 22 10:48:46 BST 2008


Hello,

I am not sure if the dnsmasq mailing list is the right place to ask 
this. Please excuse me, if not. But I do not have an idea in which layer 
of the whole network configuration I have to check the configuration.

The situation: I have one PC running dnsmasq that has different network 
interfaces
* one goes to a DSL-modem (pppoe) to connect to the internet.
* one is for my local LAN (that I have named ".here").
* only when I need it, I turn on openvpn to have access to the LAN of my 
office network (that I now do call ".myoffice.de").

In the debug.log of dnsmasq I see that when accessing a site in the 
internet, not only the internet-DNS of my provider is queried for the 
site-name, but also resolving of site.here and site.myoffice.de does happen:

: query[A] www.pro-linux.de from 127.0.0.1
: forwarded www.pro-linux.de to 194.8.194.60  # my provider's DNS
: query[AAAA] www.pro-linux.de from 127.0.0.1
: forwarded www.pro-linux.de to 194.8.194.60
: reply www.pro-linux.de is 213.239.211.178   # IP is found!
: query[AAAA] www.pro-linux.de.here from 127.0.0.1
: config www.pro-linux.de.here is NXDOMAIN-IPv6
: query[AAAA] www.pro-linux.de.myoffice.de from 127.0.0.1
: forwarded www.pro-linux.de.myoffice.de to xxx.xxx.xxx.xxx

(I have x-ed out the last IP address)

Why does this happen as the first query allready answers the host-IP? I 
had expected that the resolv.conf "search" path only is walked through 
as long as the IP-address cannot be found.

--- resolv.conf ----
nameserver 127.0.0.1
search here myoffice.de
--------------------

--- dnsmasq.conf (only the important lines ---
domain-needed
bogus-priv
resolv-file=/etc/ppp/resolv.conf
server=/myoffice.de/xxx.xxx.xxx.xxx
local=/localnet/
local=/here/
----------------------------------------------

Does anybody has an idea how to change this? I do not want myoffice's 
DNS to see all the sites that I am visiting.

Who is doing all the queries? Is it the application (konqueror), the 
resolver or dnsmasq?

Greetings,
Arno



More information about the Dnsmasq-discuss mailing list