[Dnsmasq-discuss] How to prevent LAN DNS for remote guests
Koos Pol
koos2019 at pohw.nl
Sun Dec 22 19:58:59 GMT 2019
That actually makes a lot of sense. I'll see if I can make that work.
Thanks for the suggestion!
Koos
Op 22-12-2019 om 16:35 schreef Uwe Schindler:
>
> Hi,
>
> I think you should have 2 DNSMASQ instances running, one for each
> interface. So each one only registers their own known DHCP clients (I
> assume the DHCP is also different for both subnets) and also returns
> them. You just need to make DNSMASQ bind to the interfaces directly
> (see bind-interfaces) option.
>
> Uwe
>
> -----
>
> Uwe Schindler
>
> Achterdiek 19, D-28357 Bremen
>
> https://www.thetaphi.de
>
> eMail: uwe at thetaphi.de
>
> *From:* Dnsmasq-discuss
> <dnsmasq-discuss-bounces at lists.thekelleys.org.uk> *On Behalf Of *Koos Pol
> *Sent:* Saturday, December 21, 2019 9:11 AM
> *To:* dnsmasq-discuss at lists.thekelleys.org.uk
> *Subject:* [Dnsmasq-discuss] How to prevent LAN DNS for remote guests
>
> Hi,
>
> I'm setting up my openwrt modem as an internet gateway for remote guests.
> The modem is running openvpn and dnsmasq.
> The guests arrive at their own interface (tun1 = openvpn) with a
> different subnet. Guest > LAN forwarding is disabled in the firewall
> for security reasons.
> However, once the guests have connected, dnsmasq will resolve the LAN
> for them. Although guests won't be able to connect to anything on the
> LAN (forwarding is off) they are still able to go on a fishing
> expedition thanks to DNS. I don't want to turn off DNS completely. So
> |--except-interface=tun1|is not an option.
> So, for anything connecting to tun1, how can I enable DNS resolving
> the internet space, while preventing resolving my LAN?
>
> Thanks!
> Koos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20191222/03951ad8/attachment.html>
More information about the Dnsmasq-discuss
mailing list