[Dnsmasq-discuss] It's possible to prevent names from DHCP being resolved whilst keeping then on the leases

Simon Kelley simon at thekelleys.org.uk
Mon Feb 24 11:58:03 UTC 2014


On 23/02/14 00:35, klondike wrote:
> Hi guys,
> 
> This is yet another dnsmasq question, involving the Gothemburg Hackerspace.
> 
> After getting localised queries to work (thanks a lot for the hint) I'm
> trying to get networks reosanably isolated whilst still using (if
> possible) the same daemon.
> 
> In general cross network traffic can be easily filtered using iptables
> rules on the router, but the problem I have is with name leakage. Using
> dhcp-fqdn I can prevent computers with the same name from clashing by
> assigning internal domains to each network, by forcing the domain-name
> option I managed to get the computers to query only for the public
> network and finally by disabling the expand-hostnames option I prevented
> the private domains from being disclosed whilst (thanks to the previous
> change) getting requests for hostnames to still work (mostly, android
> refuses to make them work, but other systems seem to work fine).
> 
> I know I can use dhcp-ignore-names to do exactly that but then the
> hostname is not added to the lease file which is problematic as it is
> very helpful to debug network issues (and to try to contact users if
> they missbehave in some cases).
> 
> So well, here is what I'm looking for: is there a way to keep the names
> of the leases but prevent the DNS server from resolving them?

Run two instances of dnsmasq. One to do DHCP but not DNS (--port=0) and
one to do DNS but not DHCP.

I've probably missing something, but I think that would work.



Cheers,

Simon.

> 
> Thanks a lot!
> klondike
> 
> 
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss




More information about the Dnsmasq-discuss mailing list