[Dnsmasq-discuss] Limit DNS queries to the local subnet clients

[Don Muller]

Yes if dmsmasq was open to internet but that would not prevent the request from coming in, just from it being answered. The question was how limit dnsmasq to answer DNS queries only to clients of the subnet served by dnsmasq or to a defined subnet. So assuming it is in a controlled environment (internal lan) if you don't setup the other subnets to send requests to dnamasq then it would only receive requests on the subnets you do want to service. Besides why would you want to set up the dns resolver on subnets you were not going to answer? I think the answer to this is better network set up on the client subnets and also at the routers and firewalls.

Don

> -----Original Message-----
> From: Brian Rak [mailto:brak at gameservers.com]
> Sent: Friday, November 29, 2013 9:45 AM
> To: Don Muller; dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] Limit DNS queries to the local subnet
> clients
> 
> That's how you end up with an open DNS resolver, and unwittingly DDOS
> other machines.
> 
> On 11/28/2013 10:52 PM, Don Muller wrote:
> > Wouldn't it be better to not define dnsmasq as the DNS resolver for
> the subnets you don't want handle.
> >
> > Sent from my iPad
> >
> > Don Muller
> >
> >> On Nov 28, 2013, at 12:26 PM, Édouard Thuleau <thuleau at gmail.com>
> wrote:
> >>
> >> Hi,
> >>
> >> I'm new with dnsmasq and I like to know if we can limit it to answer
> >> DNS queries only to clients of the subnet served by dnsmasq or to a
> >> defined subnet ?
> >>
> >> Regards,
> >> Édouard.
> >>
> >> _______________________________________________
> >> Dnsmasq-discuss mailing list
> >> Dnsmasq-discuss at lists.thekelleys.org.uk
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss