[Dnsmasq-discuss] using dnsmasq to restrict dns resolution to only certain domains

Mandeep Sandhu mandeepsandhu.chd at gmail.com
Wed Jul 1 05:04:58 BST 2009 

>> Here's my requirement:
>>
>> * I have a small device with to communication interfaces - lets call
>> them if1 and if2.
>> * if1 is connected to say a PC and if2 is connected to a dsl modem/router.
>> * I want that the PC host, when using this device, should connect to
>> only 1 server on the internet (say myserver.net).
>> * The PC cannot use IP addresses directly as IP routing between the 2
>> interfaces on the device is disabled.
>
> If routing is disabled, then you've got a proxy, right?  You won't
> need to provide any DNS service to clients at all, because they
> wouldn't be able to use the IP addresses they got back.  And the proxy
> implementation can easily filter or redirect based on hostname or any
> other part of the URL.

Well you're right...but there's a catch! The client on the PC does NOT have
proxy support!! :(

So I thought, I'll put a tiny webserver on my device. Clients on the PC can
request for only say myserver.com...and this gets resolved to the device's
IP address (on if1) (the device has dnsmasq running on if1). The client can
then request for services only from this webserver.

I also don't want the client s/w to change when, say the PC gets
direct connectivity
to the net w/o my device attached (it's directly connected to  a DSL
modem/router).

In that case, dns requests for myserver.com will be resolved by some public
(or ISPs) DNS server, which would point to my server on the internet!
Thats why I wanted to prevent any DNS lookups for domains other than
myserver.com

Does this make sense?

Thanks,
-mandeep

>
>> * If the PC tries to resolve any other public server, it should fail
>> (something like how we force a dns resolution with the "address="
>> directive).
>>
>> Please pardon me if this sounds crazy! :)
>>
>> Any helps really appreciated.
>>
>> Thanks,
>> -mandeep
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>

More information about the Dnsmasq-discuss mailing list