[Dnsmasq-discuss] expand-hosts

Jean-Pierre van Melis fraterdnsmasq at hetemail.com
Tue Dec 28 23:18:40 GMT 2010 

Hi Richard,



I own the the domain mirmana.com which 
points with most of its records including a wildcard to my private 
DSL-connection on which I have a DD-WRT router.



DD-WRT is running DNSMasq for its DHCP 
& DNS.

I have set my local domain also to 
mirmana.com.

I know this should really be 
mirmana.local, but I'm doing this so my portable devices will access the 
LAN-side of the services when they are used local and will get forwarded by 
the router when they access these same services from WAN.

This is the config generated by DD-WRT 
according to its webif:

:~# cat /tmp/dnsmasq.conf


interface=br0

resolv-file=/tmp/resolv.dnsmasq

all-servers

domain=mirmana.com

dhcp-leasefile=/tmp/dnsmasq.leases

dhcp-lease-max=21

dhcp-option=lan,3,192.168.10.1

dhcp-option=44,192.168.10.120

dhcp-authoritative

dhcp-range=lan,192.168.10.248,192.168.10.254,255.255.255.0,1440m

dhcp-host=00:13:D3:08:CC:81,win32,192.168.10.120,144m

.

.

ptr-record=254.0.191.85.in-addr.arpa,cj1616-gateway.mirmana.com

addn-hosts=/opt/etc/pixelserv/blacks

dhcp-option=option:ntp-server,194.171.167.130,81.171.44.131,87.251.35.240,213.239.154.12,131.211.84.189



This is what happens when I resolve 
www.google.com and when I resolve the non-existing wwww-google.com



# host www.google.com

www.google.com is an alias for www.l.google.com.

www.l.google.com has address 74.125.77.104

www.l.google.com has address 74.125.77.99

www.l.google.com has address 74.125.77.147

root at WAN:~# host wwww.google.com

wwww.google.com.mirmana.com is an alias for jpmarion.dyndns.org.

jpmarion.dyndns.org has address 85.191.0.241

I'm afraid I will now get a lecture 
about wildcards I should not be using or WAN-domains that are used on a LAN, 

but the point is really that I never asked for a 2nd query. There's even an 
option called 'expand-hosts', but I that's not turned on.

If a foreign DNS-server is a bit slow, 
my DNSMasq suddenly decides to return my WAN-IP.

I don't want this!



I want it to just query the record I 
asked it to and just give NXDOMAIN if it can't deliver.



I understand the default behaviour can't 
suddenly be changed, so an optional variable called 'expand-never' could be 
given to achieve this.



Cheers all









-----Original 
Message-----

From: "richardvoigt at gmail.com" <richardvoigt at gmail.com>


To: Jean-Pierre van Melis <fraterdnsmasq at hetemail.com>

Cc: dnsmasq-discuss at lists.thekelleys.org.uk

Date: Tue, 28 Dec 2010 13:34:15 -0600

Subject: Re: [Dnsmasq-discuss] expand-hosts



Maybe Simon can figure out what you're saying, but I can't.  If you 
included some specific examples it would make your situation much easier to 
understand.



e.g. (and if your situation doesn't substantially match this made-up 
example, go and re-read the description of the expand-hosts option)



<<<Begin made-up example>>>



/etc/hosts has an entry for the unqualified name xyzzy:



aaa.bbb.ccc.71 xyzzy



/etc/resolv.conf points to localhost first, then my ISP



server 127.0.0.1

server aaa.bbb.ccc.ddd



nslookup xyzzy works:



> nslookup xyzzy

Authoritative response from 127.0.0.1 [http://127.0.0.1/]: 
aaa.bbb.ccc.71 (A record)



nslookup xyzzy.domain.com [http://xyzzy.domain.com/] also 
succeeds, but I think it shouldn't with expand-hosts turned off:



> nslookup xyzzy.domain.com [http://xyzzy.domain.com/]

Authoritative response from 127.0.0.1 [http://127.0.0.1/]: aaa.bbb.ccc.71 (A 
record)



I want this to return NXDOMAIN instead.  How can I configure 
dnsmasq to do that?



<<<End made-up example>>>




On Tue, Dec 28, 2010 at 12:34 AM, Jean-Pierre van 
Melis <fraterdnsmasq at hetemail.com [mailto:fraterdnsmasq at hetemail.com]> 
wrote:


I am having trouble with the feature expand-hosts.

The dnsmasq running on my router has no 'expand-hosts' in its   
dnsmasq.conf and it still expands hosts for domains that are unable to   
resolve.

It is especially troublesome in my setup as I also have wildcard set on 
  my <domain> so these requests will be redirected to my WAN IP   
address.



On my router I have a pound reverse proxy running which then gets   
traffic which it shouldn't receive.



Why is dnsmasq expanding the host?

It seems it does it always when I set <domain=domain.com 
[http://domain.com/]>. Is   this true?

If so, why is there a separate setting for expand-hosts?



I understand the need for such a feature, but I don't understand why it 
  also expands on hosts that don't contain a dot.



Is it possible to have a switch so I can better control its   
behavior?



Cheers all...


_______________________________________________

Dnsmasq-discuss mailing list

Dnsmasq-discuss at lists.thekelleys.org.uk 
[mailto:Dnsmasq-discuss at lists.thekelleys.org.uk]

http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss 
[http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20101229/55a22edd/attachment-0001.htm

More information about the Dnsmasq-discuss mailing list