[Dnsmasq-discuss] Using dnsmasq to test coworkers' dev web sites within the office

Tom Boutell tom at punkave.com
Tue Oct 27 16:46:42 GMT 2009

We're web developers. Each of us runs Apache on our individual
computer in order to do web development. Later we sync to staging and
production servers as needed.

For some time I've wanted to set things up so that we can check out
each other's live development sites within the office and when on the
VPN. Also I'd like to make it easy to access a dev site from a virtual
machine (eg Windows running IE6 in VMware...) without tweaking the
host file on the virtual machine to know where to find the site.

I recently set this up with dnsmasq. dnsmasq runs on our Intranet
server as our DHCP and DNS server. Anything in the tom.punk domain
resolves to my IP, so if you visit anyclientsite.tom.punk from within
the office you always reach my machine.

This is working, and that's great. But I'm wondering if it's possible
to do it more elegantly, using names rather than IPs in more
situations. Perhaps we could even use the DHCP client ID (although
that could lead to problems when a guest in the office innocently used
a conflicting ID, or when both the wireless and wired interfaces of
the same computer connect and are supposed to get the same IP - who

We also use pptpd, which allows us to do the same trick when some or
all of us are connected via our VPN. (Yes I know about the security
concerns of PPTP, however if you use a truly random password it
doesn't seem to be practical to crack it. It's definitely not safe to
use more typical passwords with PPTP.)

This is what it looks like in dnsmasq.conf:

# These IPs must also appear in /etc/ppp/chap-secrets
# and below as dhcp-host entries with MAC addresses

# I replaced the actual fixed IP for me for privacy reasons, but this
is a fixed IP

This is two places the IP must appear. Is there a way to improve on
that? Can we ditch the MAC address in favor of a DHCP client ID

Also, in ppp/chap-secrets:

tom * obnoxious-password-here x.x.x.y

Perhaps I could get away with tom.punk rather than x.x.x.y here? Will
pppd resolve it?

If no one sees an obvious way to improve on this scheme, I'll probably
write a script to build these configuration files from a single
configuration file of names, mac addresses, passwords and fixed IPs
(or perhaps determine the fixed IPs on the fly). It's working great,
I'm just looking to make sure I'm not making it difficult for myself.


Tom Boutell
P'unk Avenue
215 755 1330

More information about the Dnsmasq-discuss mailing list