[Dnsmasq-discuss] RFC 8735 and Dnsmasq

john doe johndoe65534 at mail.com
Sat Dec 21 08:12:59 GMT 2019


On 12/21/2019 7:41 AM, john doe wrote:
> Thank you, Simon for your answer.
>
> On 12/20/2019 6:36 PM, Simon Kelley wrote:
>> On 18/12/2019 11:19, john doe wrote:
>>> On 12/18/2019 11:29 AM, Kurt H Maier wrote:
>>>> On Wed, Dec 18, 2019 at 08:46:22AM +0100, john doe wrote:
>>>>> Hi,
>>>>>
>>>>> I was wondering what is the state of (1) with regard to Dnsmasq?
>>>>>
>>>>> Any help is appriciated.
>>>>>
>>>>> 1)  https://tools.ietf.org/html/rfc8375
>>>>
>>>> It works.
>>>>
>>>> Are you looking for something in particular?
>>>>
>>>
>>> As far as I understand it, HNCP will automatically manage IPv4/6 and I'm
>>> not sure how Dnsmasq will come into play?
>>>
>>> As the RFC suggest, for my home network I will change to '.home.arpa'.
>>>
>>> Thanks for confirming that Dnsmasq works with '.home.arpa'.
>>>
>>> --
>>
>>
>> To comply with 4.4 requires some configuration
>>
>> local=/home.arpa/
>>
>> and, for section C
>>
>> server=/home.arpa/<IP-of-auth>
>>
>
> Okay, I'm at a lost on how to get this straight and would appriciate any
> help.
>
> If I  look at (1) :
>
> "-S, --local,
> --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]"
>
> I can group the above two lines as follow:
>
> local=/home.arpa/<IP-of-auth>
>
> Is that correct?
>
>
>
> I use dnsmasq on two different boxes, gateway is behind perimeterfirewall:
> - perimeterfirewall
> # Add local-only domains here, queries in these domains are answered
> # from /etc/dnsmasq-hosts.d or DHCP only.
> local=/london.home/
> # Set the domain for dnsmasq
> domain=london.home
> # Set a different domain for a particular subnet
> domain=wired.london.home,172.19.100.0/24,local
> # Specify DHCP range with a tag
> dhcp-range=set:wired,172.19.100.200,static
>
> - gateway
> # Add local-only domains here, queries in these domains are answered
> # from /etc/dnsmasq-hosts.d or DHCP only.
> local=/vancouver.home/
> # Set the domain for dnsmasq
> domain=vancouver.home
> # Set a different domain for a particular subnet
> domain=dmz.vancouver.home,172.19.150.0/24,local
> domain=wifi.vancouver.home,172.19.200.0/24,local
> # Specify DHCP range with a tag
> dhcp-range=set:dmz,172.19.150.200,172.19.150.253
> dhcp-range=set:wifi,172.19.200.200,static
>
>
> With the exceptionof the above, both  dnsmasq.conf files are identical.
>
> In your server line above, I don't understand what the '<IP-of-auth>'
> should be?
>
> I would'd  like to understand this before I go ahead with changing
> '.home' to '.home.arpa'.
> Upstream DNS is handled by systemd-resolvd and the resolvconf package.
>
> Any help is welcome.
>
>
> 1)  http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
>

Also From above:

"Also permitted is a -S flag which gives a domain but no IP address;
this tells dnsmasq that a domain is local and it may answer queries from
/etc/hosts or DHCP but should never forward queries on that domain to
any upstream servers. --local is a synonym for --server to make
configuration files clearer in this case."

If I understand the above correctly, there is no difference between
'--local' and '--server' but '-S' makes dnsmasq treate the domain as
'local' and thus is different.

Are '-S' and '--local' realy diffrent?

In other words, what are the differences between '--local', '--server'
and '-S'.

--
John Doe



More information about the Dnsmasq-discuss mailing list