[Dnsmasq-discuss] Block PTR queries for local IPs being sent upstream

Matthias Andree matthias.andree at gmx.de
Mon Dec 12 17:40:03 GMT 2011 

Am 11.12.2011 20:00, schrieb Ed W:
> Hi, I have setup my DHCP to allocate to 192.168.111.0/24.  However, I
> notice queries from my ipad for various PTR records for this range
> getting forwarded to my upstream DNS, eg:
> 
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: query[PTR]
> b._dns-sd._udp.225.177.159.10.in-addr.arpa from 192.168.111.137
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: forwarded
> b._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.8.8
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: forwarded
> b._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.4.4
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: query[PTR]
> db._dns-sd._udp.225.177.159.10.in-addr.arpa from 192.168.111.137
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: forwarded
> db._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.8.8
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: forwarded
> db._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.4.4
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: query[PTR]
> r._dns-sd._udp.225.177.159.10.in-addr.arpa from 192.168.111.137
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: forwarded
> r._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.8.8
> Dec 11 18:25:55 localhost daemon.info dnsmasq[32485]: forwarded
> r._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.4.4
> 
> 
> I try and block these using:
> 
>    server=/111.168.192.in-addr.arpa/127.0.0.1

The logs above show queries for a different address, namely for
10.159.177.225.

The server line filters after query contents, not after source IP.

> I'm still left with the ipad inexplicably doing some more queries for
> some 10.x.x.x ips... No idea how/why, can't see this IP anywhere on my
> network:
> 
> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: query[PTR]
> dr._dns-sd._udp.225.177.159.10.in-addr.arpa from 192.168.111.137

This is zeroconfiguration DNS-based service discovery stuff.  Check
Wikipedia for "Zeroconf".

> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
> dr._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.8.8
> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
> dr._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.4.4
> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: query[PTR]
> lb._dns-sd._udp.225.177.159.10.in-addr.arpa from 192.168.111.137
> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
> lb._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.8.8
> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
> lb._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.4.4
> 
> 
> 
> How can I tell dnsmasq that it's effectively authoritive for reverse
> lookups for private IP ranges and prevent upstream lookups?  I do have
> "bogus-priv" set.  Dnsmasq-1.58

By adding another server-line for 10.in-addr.arpa.

More information about the Dnsmasq-discuss mailing list