[Dnsmasq-discuss] Becoming authoritative DNS for additional netblock

A C agcme at hotmail.com
Tue Dec 1 17:59:07 GMT 2015


On 2015-12-01 07:46, Albert ARIBAUD wrote:
> Hi "A C",
> 
> Le Mon, 30 Nov 2015 21:34:58 -0800
> A C <agcme at hotmail.com> a écrit:
> 
>> On 2015-11-30 05:02, Albert ARIBAUD wrote:
>>
>>> Can you watch the router's DNS traffic rather than the VPN server's?
>>> Possibly give a tcpdump of a successful and a failed DNS request? I
>>> assume you cannot change how dnsmasq runs on the router but if you
>>> can, then try having it log the successful and failed DNS requests
>>> too. This log might show whether a request is forwarded or cached,
>>> for instance.
>>
>>
>> Ok.  I ran with query logging turned on and queried for a device
>> already on the main 10.0.0.0/16 network from another machine and one
>> of the VPN clients that the VPN server should know and answer from
>> the same machine (the machine being 10.0.0.2).
>>
>>
>> The working query:
>> dnsmasq: query[A] device.example.com from 10.0.0.2
>> dnsmasq: /etc/hosts device.example.com is 10.0.0.180
>>
>>
>> The query that should be forwarded to the VPN server's instance of
>> dnsmasq responds like this:
>> dnsmasq: query[A] client1.vpn.example.com from 10.0.0.2
>> dnsmasq: config client1.vpn.example.com is <NXDOMAIN>-IPv4
> 
> Can you copy-paste, with as little modifications as possible, the
> complete dnsmasq configuration of the router?

This is it in the most recent version including some of my edits related
to this testing.  Until this new DNS work I had only one local statement
and no server statements.

interface=eth0
domain-needed
bogus-priv
filterwin2k
localise-queries
local=/example.com/
local=/vpn.example.com/
domain=example.com
expand-hosts
server=/vpn.example.com/10.0.0.140
server=/0.100.10.in-addr.arpa/10.0.0.140
dhcp-authoritative
dhcp-range=10.0.10.100,10.0.10.105,255.255.0.0,24h
dhcp-leasefile=/tmp/dhcp.leases

read-ethers
dhcp-option=3,10.0.0.1
dhcp-option=6,10.0.0.1
dhcp-option=42,10.0.0.141




More information about the Dnsmasq-discuss mailing list