[Dnsmasq-discuss] Becoming authoritative DNS for additional netblock

[Albert ARIBAUD]

Hi again "A C",

Le Sun, 29 Nov 2015 23:19:28 -0800
A C <agcme at hotmail.com> a écrit:

> On 2015-11-29 22:50, Albert ARIBAUD wrote:
> > Hi "A C",
> >
> > Le Sun, 29 Nov 2015 14:08:50 -0800
> > A C <agcme at hotmail.com> a écrit:
> >
> >> Ok, this question is for a much older version of dnsmasq because I
> >> haven't been able to update the router firmware to bring in a newer
> >> version.  I'm currently using version 2.35
> >>
> >> My current internal IP space is 10.0.0.0/255.255.0.0 (A Class B
> >> subnet of the 10.x.x.x Class A space).   I have a VPN server on
> >> the network that I use when I'm away from home.  It uses the
> >> 10.100.0.0 network space for the remote clients.
> >>
> >> What I would like to do is configure dnsmasq on my router to answer
> >> authoritatively for any requests about addresses in that 10.100.0.0
> >> network even though the main network is outside that space.  The
> >> VPN clients are assigned these extra IPs statically so I would
> >> just be adding them to the router's hosts file for dnsmasq to pick
> >> up.
> >>
> >> According to online man pages (the router doesn't have them
> >> because of space) there's a rev-server option which appears to be
> >> what I want but I can't determine if rev-server is supported in
> >> 2.35 or if it's a later addition.
> > As per the current manpage, the --rev-server option is just
> > syntactic sugar for --server. Therefore, if --rev-server does what
> > you need, do does --server, and IIUC, it does not work as a
> > "reverse query router". 
> >
> 
> Hi Albert,
> 
> I did try server but it's not working.  Attempting to resolve a
> hostname in the alternate netblock tries to send upstream.
> 
> My current network has my router serving as DNS and DHCP server via
> dnsmasq.  The VPN server has dnsmasq running with the goal of being
> authoritative for any of the VPN clients (the VPN software can write
> to the hosts file on the server as clients come and go).
> 
> My router's configuration has local=/example.com/ (of course I'm using
> my real domain but it's not important for this)
> I added an additional line server=vpn.example.com/10.0.0.140 (my vpn
> server having the address 10.0.0.140)

OK, so from the docs, any request for "*.vpn.example.com" will be
forwarded to 10.0.0.140. Is that what you want?

> On the VPN server, I have local=/vpn.example.com/ and the hosts file
> is populated by the server, for example:
> 10.100.0.10 client1.vpn.example.com
>
> On the VPN server I can run a DNS query against localhost and dnsmasq
> there returns the proper IP address.  However, if I query using the
> router as the DNS server, the query actually gets sent upstream to the
> ISP and I eventually a failure.
> 
> I also tried server=/0.100.10.in-addr.arpa/10.0.0.140 with no luck
> and I also added local=/vpn.example.com/ (so now there are two local
> directives) but the end result is that the query is not forwarded over
> to the VPN server, it's sent up to the ISP.

What is the physical and logical topology of your network, and what are
your router's and name server's networking configurations, both in
terms of hardware interfaces and of software settings such as IP
addresses and netmasks per interface, gateway(s), and routing table(s)?

Amicalement,
-- 
Albert.