[Dnsmasq-discuss] exceptions for a subdomain
bod at bod.org
Mon Dec 29 15:48:12 GMT 2008
Please excuse me if I've missed something obvious here...
I have some default DNS servers set up:
server=220.127.116.11 # OpenDNS
server=18.104.22.168 # OpenDNS
and then route my employer's domain to their internal DNS server, over a
Which leads to a chicken-and-egg problem. The VPN client wants to
resolve vpn.acmecorp.com in order to establish the VPN tunnel.Though
vpn.acmecorp.com does resolve via the public servers, since it's a
subdomain of acmecorp, dnsmasq tries to resolve via 10.22.33.44 - which
is unreachable since the tunnel isn't established yet.
How do I make vpn.acmecorp.com an exception to the rule that
acmecorp.com requests should go to 10.22.33.44? so far I've been working
around it by adding an 'address=' line for vpn.acmecorp.com, but if it
ever moves, or they add load balancing...
I guess I could do something as simple as:
server=/vpn.acmecorp.com/22.214.171.124 # OpenDNS
server=/vpn.acmecorp.com/126.96.36.199 # OpenDNS
...though that gets a little clumsy for more than two upstream DNS
servers (I actually use four, OpenDNS plus my ISP) and more than one
domain (currently three - VPN, OWA, and mail). Anyone have a better
idea? What would server=/vpn.acmecorp.com/127.0.0.1 do? endless loop, I
If I add the interface to the acmecorp rule, something like:
server=/acmecorp.com/10.22.33.44 at tun0
does dnsmasq ignore the rule and query the public servers if the
interface isn't up? I haven't started digging though code yet, though it
seemed to still try 10.22.33.44 even though tun0 was down. Though I
guess that's not desirable behavior for everyone...
If that option were implemented, it would only be proper that cache
entries obtained from a server via tun0 were treated specially if tun0
went down? though what 'specially' means is a good question.
A second part of this is a bad practice our IT department has - they
frequently use simple names in URLs, on the assumption that all the
client devices on their network are set up to search 'acmecorp.com' in
I'd love to see a 'search=first.dom,second.dom,...' option added for
simple names, so dnsmasq's cache could first be searched for a match,
before firing off requests to upstream servers. I'd like to be able to
write 'search=local.net,acmecorp.com,google.com' in my config file :)
Yes, I know resolvers on desktop machines can already do this, but a)
I'd like it done (and cached) centrally, and b) I have more 'appliance'
type networking devices on my home network than I have desktops.
sorry for the long email...
More information about the Dnsmasq-discuss