[Dnsmasq-discuss] Dnsmasq only to respond to local queries?

Mon Oct 6 01:05:15 BST 2008

I apologize to the list, my reply button was not setup correctly.

On Sun, Oct 5, 2008 at 10:09 AM, Michal Sawicz <michal at sawicz.net> wrote:
> I got a direct response so I'm forwarding it here and my following
> responses are below...
>
>> depends on your setup but for me dnsmasq is authoritative for the
>> locally served domain, and forwards all other domains out to the
>> internet.
>
> But it's still dnsmasq that does the reply, or does it tell the hosts
> somehow that they should ask the other ns?
>
>> so if hosts 4 and 5 are setup correctly with TWO dns sources of
>> information your dnsmasq ip first, and a public internet source
>> second.
>
> I'm not sure I understand that sentence...

after reading it again theres no way you should.

the information is there, but in a garbaged way, so Im sorry about that.

on the wireless link, you can setup the clients with multiple dns
servers, which I would do, your local one having first priority, and a
public one.

so that in case something went wrong with dnsmasq or the wireless
bridge, then the other segment can still access the internet
successfully.

>
>> You said that router2 only had one ip cable interface which to me
>> suggests that router1 and router2 are connected to each other via WIFI
>> link since the ip cable interface hooks router2 up to the internet.
>
> Yes I didn't explain that part - the WiFi link are two APs separate from
> the routers, connected to my networks through standard switches.
>
> So the setup actually looks like this:
>
>            ------  Internet  ------
>          /                        \
>         /                          \
>        /                            \
>    Router1 --- AP <======> AP --- Router2
>  (w/dnsmasq)                   (proprietary)
>  /    |    \                         |     \
>  host1 host2 host3                    host4 host5
>
> Where /|\- are ethernet/DSL links, = is WiFi.
>
>> if router2 suddenly has a WIFI problem, then yes hosts 4 and 5 do lose
>> all inet capability because the link is broken.
>
> Router1 has its own DSL link, as does router2. The WiFi link should only
> be responsible of linking the two LAN segments, not participating in
> internet communication at all.
>
>> You'll forgive me, but I dont see the value in the extra work you are
>> doing here.
>>
>> Seems to me like you have added extra equipment you dont need and made
>> your network more complex, but have not solved a problem.
>>
>> whats wrong with this:
>>
>>          internet
>>          -----------
>>               |
>>          router1 w/dnsmasq
>>          -----------
>>          /          \
>>    cabled        wifi router2
>>    hosts          ---------------
>>    repeated               \
>>                             wireless hosts
>
> I don't want the second segment to depend on the first one. They have
> their separate web connections (which, in turn, I can use as a fallback
> for the other one.
>
>> I understand (I think) what problem you were trying to solve with your
>> original setup, but I guess I dont think you solved it.
>> they arent two seperate subnets that need to talk to each other, so
>> since they are the same subnet I would try to wire them that way.
>>
>> Feel free to enlighten me if you think I missing something.
>
> Router1 and 2 are on two different physical locations (the WiFi is a
> 200m bridge). I want the two locations to be independent when it comes
> to internet connection, I only want the WiFi to allow fast connections
> between the hosts on either side, but still use their
> respective connections to the internet.
>

This helps me out a little, its clearer now what you are trying to accomplish.

you want dnsmasq to decided if the request is forwarded or
authoritative, and if it would be forwarded, shut up, right.

This means that all your clients need to NS servers one for dnsmasq
and one for the public internet when dnsmasq doesnt respond.

dnsmasq has to be listed first so it will be tried first, but there
has to be a fallback position.

> Thanks for the insight anyway, the basic idea is that I'd like dnsmasq
> to say 'dunno, ask the other guy' to queries for remote domains. On the
> other hand if that's not possible there's no real problem, it's not like
> DNS traffic is a big one and if dnsmasq would be unavailable, the hosts
> will ask upstream anyway.
>

I couldnt find a specific sample of a command either from the man page
or re-reading the sample config file that suggests that what you are
asking for is possible.

> --
> Michal Sawicz <michal at sawicz.net>
>
>