[Dnsmasq-discuss] dnsmasq forwarding queries over VPN/IPSec

Simon Kelley simon at thekelleys.org.uk
Mon Sep 28 16:03:33 BST 2009

Ken Bantoft wrote:
> Hi,
> I've run into a case where I'd like dnsmasq to forward queries over an  
> IPSec VPN tunnel to nameservers on the far side, but this doesn't seem  
> to work as expected.
> I've got 2 Interfaces - br-lan ( and ppp0 (PPPoE -  
> 216.x.x.x).  IPsec is terminated on the same machine, so it has a  
> tunnel from to
> dnsmasq is set to forward all queries to 10.x.x.10 and 10.x.y.10  
> nameservers, which are across the tunnel in the datacenter.  What I'm  
> seeing with tcpdump is the requests going out the ppp0 interface, with  
> the 216.x.x.x IP address.  I've tried a variety of options (bind- 
> interfaces, listen-address), as I really want dnsmasq to bind only to  
> the br-lan interface, and use that address as the Source IP for the  
> forwarded queries, but no combination I've tried does the trick.
> Any suggestions?

Stop dnsmasq from looking for servers in /etc/resolv.conf with


in /etc/dnsmasq.conf and then specify them using "server=" lines in 
/etc/dnsmasq.conf like this

server=10.x.x.10 at br-lan
server=10.x.y.10 at br-lan

We've been here before....



More information about the Dnsmasq-discuss mailing list