[Dnsmasq-discuss] Problems forwarding DNS lookups for local domain

Simon Kelley simon at thekelleys.org.uk
Sun Dec 21 17:25:33 GMT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 21/12/14 11:01, Malte Forkel wrote:
> Hello,
> 
> I'm trying to convince two instances of dnsmasq to cooperate while
> their LANs are connected by a bridged OpenVPN connection. Both LANs
> use the same domain name and subnet. DHCP traffic through the VPN
> tunnel is blocked by ebtables rules. I'm using dnsmasq 2.71 on the
> OpenVPN client side and dnsmasq 2.62 on the server side
> 
> I have two questions regarding the configuration of dnsmasq on the 
> client side (at the moment :)).
> 
> With server=/<local-domain>/<server-side-server-ip> and the VPN up,
> the client-side instance uses the server-side instance for lookups.
> But if I put the above line into a file and use 
> servers-file=<temp-file> lookups don't work. The advantage of the
> second approach should be that on a VPN status change I could
> adjust the file's contents and have dnsmasq reread it with SIGHUP.

After the SIGHUP, dnsmasq will log the complete set of upstream
servers and the domains they'll be used for, so looking in the log is
the first think to do for clue about what's happening (or isn't
happening) here.

> 
> With server=/<local-domain>/<server-side-server-ip> and the VPN up,
> lookups only work for fully-qualified names. So I tried 
> server=//<server-side-server-ip> but then lookups do not work at
> all. I was hoping the eventually put both variants into the file
> mentioned in my first question.

Add --log-queries to your dnsmasq configuration and look (again) in
the logs. You should see exactly what queries are arriving at dnsmasq
and what it's doing with them.


> 
> In case it should matter: None of the servers is configured to be 
> authoritative and rebind protection on the client side is
> configured with stop-dns-rebind rebind-localhost-ok 
> rebind-domain-ok=<local-domain>
> 
> Thanks for your help, Malte
> 
> 

Cheers,

Simon.

> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUlwKNAAoJEBXN2mrhkTWi7wYQAKoQ+qnuqJPfQFodCisKHmN8
bTGUflPYmK8MiJRhKbxo31lZu+qVEaS2Tp2N71KP3DV33itJ2YZlDkAUO8/DLIsT
qC7XYV6KEcu8TPReFsfJP3yn5eguZxVF6dTx4TtT+Bf5iqYCFnjhPWd3aEc8y8V6
keW3O+kXgIa4Z5R2IVxQ2cuSqo+R1h33zQhLWIbV6BaH5BnnCrEkt24DS/Bx8KGU
fwyQFZjcRlRP403W66pkGdoCkJikco/DM+ouilia1nMijwchFTNeqSAIx/fNJwpT
vuty4RAwt/q2CG62G7M/RMDrRNI80tfAjPX3EXo73eAXyCIUoL4hFzg8rry6DZWP
uyaD5dwRU1jR4q7s1pyeeghGDLH5Zn1yy5iiblUk5h0a0EE5LIXprmoiJqs75fip
/2FHshXd1gjTI0Kck08SAZeuXLKuzeFyx6BqOGuJ6sjC1NzOKHJXNJUfFnzXTgHH
KNhKKXRhV/V24bPhsYeVROdnu9jW92vvsJpkZbZMTq0V0cXwppzZMFONw9Qmixjv
HCT87HPydcO1LHUAJ+QPR4+CgQ0UP5+Xi0YaCK9UgaQutiBei7XNtbqkegUEOILD
Lf1xHhvQQ7Yvrrmnf5WnVHKx4UQz6nvWH7bWm5gI5nqjNk/hrqZ+5gXtSrHvTpkN
JeH6Vz6dzeF3JdwZX6mh
=HrcR
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list