[Dnsmasq-discuss] It's possible to prevent names from DHCP being resolved whilst keeping then on the leases
klondike
klondike at klondike.es
Mon Feb 24 12:05:28 UTC 2014
El 24/02/14 12:58, Simon Kelley escribió:
> On 23/02/14 00:35, klondike wrote:
>> Hi guys,
>>
>> This is yet another dnsmasq question, involving the Gothemburg Hackerspace.
>>
>> After getting localised queries to work (thanks a lot for the hint) I'm
>> trying to get networks reosanably isolated whilst still using (if
>> possible) the same daemon.
>>
>> In general cross network traffic can be easily filtered using iptables
>> rules on the router, but the problem I have is with name leakage. Using
>> dhcp-fqdn I can prevent computers with the same name from clashing by
>> assigning internal domains to each network, by forcing the domain-name
>> option I managed to get the computers to query only for the public
>> network and finally by disabling the expand-hostnames option I prevented
>> the private domains from being disclosed whilst (thanks to the previous
>> change) getting requests for hostnames to still work (mostly, android
>> refuses to make them work, but other systems seem to work fine).
>>
>> I know I can use dhcp-ignore-names to do exactly that but then the
>> hostname is not added to the lease file which is problematic as it is
>> very helpful to debug network issues (and to try to contact users if
>> they missbehave in some cases).
>>
>> So well, here is what I'm looking for: is there a way to keep the names
>> of the leases but prevent the DNS server from resolving them?
> Run two instances of dnsmasq. One to do DHCP but not DNS (--port=0) and
> one to do DNS but not DHCP.
>
> I've probably missing something, but I think that would work.
Wouldn't instead be possible to mark the ranges that shouldn't be solved
with a parameter called "nodns" or "staticdns" or something like that?
I'm quite sure I can get some patch doing that written if you point me
in the right direction.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140224/37eea595/attachment.sig>
More information about the Dnsmasq-discuss
mailing list