[Dnsmasq-discuss] VPN DNS prioritization

David Schnur dnschnur at gmail.com
Sat Jul 11 02:06:23 BST 2009

I just set up Dnsmasq on my small home network.  I previously spent quite
some time trying, unsucessfully, to get the Windows Server DNS service
working.  So it made me smile to go from tarball to compiled, configured &
working in about five minutes with Dnsmasq.  I am having one issue, though,
and I apologize if it's just because of a lack of understanding of DNS.
Prior to setting up Dnsmasq, I had DHCP enabled on my router, set up to
forward DNS to OpenDNS.  Now, I'm using Dnsmasq DHCP on an OS X 10.5
machine, with some /etc/hosts entries, and the OpenDNS servers in

I also have a Windows machine that occasionally VPNs into a company network.
 Before Dnsmasq, Windows gave priority to the VPN DNS; now it does not.  So
server.company.com used to resolve to the correct internal address.  Now, it
resolves to the OpenDNS wildcard address.

I tried two things to fix this:

1.  Adding a server entry for company.com in dnsmasq.conf
2.  Adding a bogus-nxdomain entry for OpenDNS in dnsmasq.conf

The problem with #1 is that there are machines in the company.com domain
with public addresses.  For example, www.company.com does not have an entry
in internal DNS.  Also, vpn.company.com no longer resolves, since I'm not
actually VPNed in when it needs to be resolved.

Solution #2 again almost works.  Without the bogus success from OpenDNS,
Windows properly falls back to the VPN DNS.  The problem is that, due to
security restrictions, I need to connect to some machines on their internal
address to perform certain tasks.  But OpenDNS legitimately resolves those
names to their public address.

I'm sure I can work around this easily enough with a little extra work.  But
at this point I'm curious why the behavior changed in the first place.  What
is different about Dnsmasq that would cause Windows to change where it
checks first?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20090710/e01fa2ac/attachment.htm 

More information about the Dnsmasq-discuss mailing list