[Dnsmasq-discuss] dnsmasq forwarding queries over VPN/IPSec

Ken Bantoft ken at netfunctional.ca
Mon Sep 28 16:08:26 BST 2009

On 28-Sep-09, at 11:03 AM, Simon Kelley wrote:

> Ken Bantoft wrote:
>> Hi,
>> I've run into a case where I'd like dnsmasq to forward queries over  
>> an  IPSec VPN tunnel to nameservers on the far side, but this  
>> doesn't seem  to work as expected.
>> I've got 2 Interfaces - br-lan ( and ppp0 (PPPoE -   
>> 216.x.x.x).  IPsec is terminated on the same machine, so it has a   
>> tunnel from to
>> dnsmasq is set to forward all queries to 10.x.x.10 and 10.x.y.10   
>> nameservers, which are across the tunnel in the datacenter.  What  
>> I'm  seeing with tcpdump is the requests going out the ppp0  
>> interface, with  the 216.x.x.x IP address.  I've tried a variety of  
>> options (bind- interfaces, listen-address), as I really want  
>> dnsmasq to bind only to  the br-lan interface, and use that address  
>> as the Source IP for the  forwarded queries, but no combination  
>> I've tried does the trick.
>> Any suggestions?
> Stop dnsmasq from looking for servers in /etc/resolv.conf with
> no-resolv
> in /etc/dnsmasq.conf and then specify them using "server=" lines in / 
> etc/dnsmasq.conf like this
> server=10.x.x.10 at br-lan
> server=10.x.y.10 at br-lan
> We've been here before....

That was my 1st step... so I do see it sending the requests to 10.x.x. 
10 and 10.x.y.10 as expected - just out the wrong interface...


More information about the Dnsmasq-discuss mailing list