[Dnsmasq-discuss] Block PTR queries for local IPs being sent upstream
Matthias Andree
matthias.andree at gmx.de
Mon Dec 12 17:40:03 GMT 2011
Am 11.12.2011 20:00, schrieb Ed W:
> Hi, I have setup my DHCP to allocate to 192.168.111.0/24. However, I
> notice queries from my ipad for various PTR records for this range
> getting forwarded to my upstream DNS, eg:
>
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: query[PTR]
> b._dns-sd._udp.225.177.159.10.in-addr.arpa from 192.168.111.137
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: forwarded
> b._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.8.8
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: forwarded
> b._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.4.4
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: query[PTR]
> db._dns-sd._udp.225.177.159.10.in-addr.arpa from 192.168.111.137
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: forwarded
> db._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.8.8
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: forwarded
> db._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.4.4
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: query[PTR]
> r._dns-sd._udp.225.177.159.10.in-addr.arpa from 192.168.111.137
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: forwarded
> r._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.8.8
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: forwarded
> r._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.4.4
>
>
> I try and block these using:
>
> server=/111.168.192.in-addr.arpa/127.0.0.1
The logs above show queries for a different address, namely for
10.159.177.225.
The server line filters after query contents, not after source IP.
> I'm still left with the ipad inexplicably doing some more queries for
> some 10.x.x.x ips... No idea how/why, can't see this IP anywhere on my
> network:
>
> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: query[PTR]
> dr._dns-sd._udp.225.177.159.10.in-addr.arpa from 192.168.111.137
This is zeroconfiguration DNS-based service discovery stuff. Check
Wikipedia for "Zeroconf".
> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
> dr._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.8.8
> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
> dr._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.4.4
> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: query[PTR]
> lb._dns-sd._udp.225.177.159.10.in-addr.arpa from 192.168.111.137
> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
> lb._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.8.8
> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
> lb._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.4.4
>
>
>
> How can I tell dnsmasq that it's effectively authoritive for reverse
> lookups for private IP ranges and prevent upstream lookups? I do have
> "bogus-priv" set. Dnsmasq-1.58
By adding another server-line for 10.in-addr.arpa.
More information about the Dnsmasq-discuss
mailing list