[Dnsmasq-discuss] It's possible to prevent names from DHCP being resolved whilst keeping then on the leases

klondike klondike at klondike.es
Sun Feb 23 00:35:07 UTC 2014


Hi guys,

This is yet another dnsmasq question, involving the Gothemburg Hackerspace.

After getting localised queries to work (thanks a lot for the hint) I'm
trying to get networks reosanably isolated whilst still using (if
possible) the same daemon.

In general cross network traffic can be easily filtered using iptables
rules on the router, but the problem I have is with name leakage. Using
dhcp-fqdn I can prevent computers with the same name from clashing by
assigning internal domains to each network, by forcing the domain-name
option I managed to get the computers to query only for the public
network and finally by disabling the expand-hostnames option I prevented
the private domains from being disclosed whilst (thanks to the previous
change) getting requests for hostnames to still work (mostly, android
refuses to make them work, but other systems seem to work fine).

I know I can use dhcp-ignore-names to do exactly that but then the
hostname is not added to the lease file which is problematic as it is
very helpful to debug network issues (and to try to contact users if
they missbehave in some cases).

So well, here is what I'm looking for: is there a way to keep the names
of the leases but prevent the DNS server from resolving them?

Thanks a lot!
klondike

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140223/dec55e19/attachment.sig>


More information about the Dnsmasq-discuss mailing list