[Dnsmasq-discuss] DNS redundant queries to internet and extranet
Arno Wald
arno.wald at netcologne.de
Sun Jun 22 10:48:46 BST 2008
Hello,
I am not sure if the dnsmasq mailing list is the right place to ask
this. Please excuse me, if not. But I do not have an idea in which layer
of the whole network configuration I have to check the configuration.
The situation: I have one PC running dnsmasq that has different network
interfaces
* one goes to a DSL-modem (pppoe) to connect to the internet.
* one is for my local LAN (that I have named ".here").
* only when I need it, I turn on openvpn to have access to the LAN of my
office network (that I now do call ".myoffice.de").
In the debug.log of dnsmasq I see that when accessing a site in the
internet, not only the internet-DNS of my provider is queried for the
site-name, but also resolving of site.here and site.myoffice.de does happen:
: query[A] www.pro-linux.de from 127.0.0.1
: forwarded www.pro-linux.de to 194.8.194.60 # my provider's DNS
: query[AAAA] www.pro-linux.de from 127.0.0.1
: forwarded www.pro-linux.de to 194.8.194.60
: reply www.pro-linux.de is 213.239.211.178 # IP is found!
: query[AAAA] www.pro-linux.de.here from 127.0.0.1
: config www.pro-linux.de.here is NXDOMAIN-IPv6
: query[AAAA] www.pro-linux.de.myoffice.de from 127.0.0.1
: forwarded www.pro-linux.de.myoffice.de to xxx.xxx.xxx.xxx
(I have x-ed out the last IP address)
Why does this happen as the first query allready answers the host-IP? I
had expected that the resolv.conf "search" path only is walked through
as long as the IP-address cannot be found.
--- resolv.conf ----
nameserver 127.0.0.1
search here myoffice.de
--------------------
--- dnsmasq.conf (only the important lines ---
domain-needed
bogus-priv
resolv-file=/etc/ppp/resolv.conf
server=/myoffice.de/xxx.xxx.xxx.xxx
local=/localnet/
local=/here/
----------------------------------------------
Does anybody has an idea how to change this? I do not want myoffice's
DNS to see all the sites that I am visiting.
Who is doing all the queries? Is it the application (konqueror), the
resolver or dnsmasq?
Greetings,
Arno
More information about the Dnsmasq-discuss
mailing list