[Dnsmasq-discuss] DNS pattern response

richardvoigt at gmail.com richardvoigt at gmail.com
Fri Dec 4 17:47:28 GMT 2009 

On Fri, Dec 4, 2009 at 10:27 AM, Eric Laganowski <eric at laganowski.net> wrote:
> richardvoigt at gmail.com wrote:
>>
>> On Thu, Dec 3, 2009 at 10:06 PM, Perette Barella <perette at barella.org>
>> wrote:
>>
>>>
>>> I think there's a misunderstanding on how the WPAD DNS version operates.
>>> The "wpad.domain.localnet" is used by the browser at startup to locate the
>>> proxy configuration file which applies to all domains.  You don't need a
>>> separate wpad.google.com and wpad.amazon.com for every domain users are
>>> trying to connect to.
>>>
>>> If for some reason your local hosts are configured with different domain
>>> names (and therefore looking up wpad.google.com or wpad.amazon.com), I think
>>> we need more explanation on just what strangeness you've got going on.
>>>
>>
>> In general, I think we can say that users who have ignored the
>> DHCP-provided domain and configured their own intend to opt-out of
>> wpad.  Browser proxy settings are at the discretion of the user
>> anyway, if you want a mandatory proxy setup you'll need to use
>> iptables to accomplish that, not DNS.
>>
>> There's no need to wildcard match wpad hostnames, which are subject to
>> user-side DNS caching anyway (a user who has configured for
>> domain=google.com probably already has wpad.google.com cached and
>> won't get information from dnsmasq).
>>
>> Any solution to this which involves DNS is inherently broken.
>
> Guys, all I want to do is to be able to use my company-provided laptop at
> home which has proxy in the network. It is configured with a different
> domain than my local subnet for obvious reasons.
> DHCP was tested and confirmed to work properly with MSIE. FF does not work
> as it relies purely on DNS (wpad). The idea is to make this as transparent
> as possible.

And when your laptop has the IP address of wpad.mycompany.com already
in the local cache?  dnsmasq cannot solve this, you need to use
iptables to force traffic through a proxy.  Santiago showed you how to
configure that.

>
> -Eric
>

More information about the Dnsmasq-discuss mailing list