[Dnsmasq-discuss] RFC 8735 and Dnsmasq

john doe johndoe65534 at mail.com
Tue Feb 11 10:53:05 GMT 2020


Any help on how I can comply to '4.4' would be appriciated.

On 12/21/2019 9:12 AM, john doe wrote:
> On 12/21/2019 7:41 AM, john doe wrote:
>> Thank you, Simon for your answer.
>>
>> On 12/20/2019 6:36 PM, Simon Kelley wrote:
>>> On 18/12/2019 11:19, john doe wrote:
>>>> On 12/18/2019 11:29 AM, Kurt H Maier wrote:
>>>>> On Wed, Dec 18, 2019 at 08:46:22AM +0100, john doe wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I was wondering what is the state of (1) with regard to Dnsmasq?
>>>>>>
>>>>>> Any help is appriciated.
>>>>>>
>>>>>> 1)  https://tools.ietf.org/html/rfc8375
>>>>>
>>>>> It works.
>>>>>
>>>>> Are you looking for something in particular?
>>>>>
>>>>
>>>> As far as I understand it, HNCP will automatically manage IPv4/6 and I'm
>>>> not sure how Dnsmasq will come into play?
>>>>
>>>> As the RFC suggest, for my home network I will change to '.home.arpa'.
>>>>
>>>> Thanks for confirming that Dnsmasq works with '.home.arpa'.
>>>>
>>>> --
>>>
>>>
>>> To comply with 4.4 requires some configuration
>>>
>>> local=/home.arpa/
>>>
>>> and, for section C
>>>
>>> server=/home.arpa/<IP-of-auth>
>>>
>>
>> Okay, I'm at a lost on how to get this straight and would appriciate any
>> help.
>>
>> If I  look at (1) :
>>
>> "-S, --local,
>> --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]"
>>
>> I can group the above two lines as follow:
>>
>> local=/home.arpa/<IP-of-auth>
>>
>> Is that correct?
>>
>>
>>
>> I use dnsmasq on two different boxes, gateway is behind perimeterfirewall:
>> - perimeterfirewall
>> # Add local-only domains here, queries in these domains are answered
>> # from /etc/dnsmasq-hosts.d or DHCP only.
>> local=/london.home/
>> # Set the domain for dnsmasq
>> domain=london.home
>> # Set a different domain for a particular subnet
>> domain=wired.london.home,172.19.100.0/24,local
>> # Specify DHCP range with a tag
>> dhcp-range=set:wired,172.19.100.200,static
>>
>> - gateway
>> # Add local-only domains here, queries in these domains are answered
>> # from /etc/dnsmasq-hosts.d or DHCP only.
>> local=/vancouver.home/
>> # Set the domain for dnsmasq
>> domain=vancouver.home
>> # Set a different domain for a particular subnet
>> domain=dmz.vancouver.home,172.19.150.0/24,local
>> domain=wifi.vancouver.home,172.19.200.0/24,local
>> # Specify DHCP range with a tag
>> dhcp-range=set:dmz,172.19.150.200,172.19.150.253
>> dhcp-range=set:wifi,172.19.200.200,static
>>
>>
>> With the exceptionof the above, both  dnsmasq.conf files are identical.
>>
>> In your server line above, I don't understand what the '<IP-of-auth>'
>> should be?
>>
>> I would'd  like to understand this before I go ahead with changing
>> '.home' to '.home.arpa'.
>> Upstream DNS is handled by systemd-resolvd and the resolvconf package.
>>
>> Any help is welcome.
>>
>>
>> 1)  http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
>>
>
> Also From above:
>
> "Also permitted is a -S flag which gives a domain but no IP address;
> this tells dnsmasq that a domain is local and it may answer queries from
> /etc/hosts or DHCP but should never forward queries on that domain to
> any upstream servers. --local is a synonym for --server to make
> configuration files clearer in this case."
>
> If I understand the above correctly, there is no difference between
> '--local' and '--server' but '-S' makes dnsmasq treate the domain as
> 'local' and thus is different.
>
> Are '-S' and '--local' realy diffrent?
>
> In other words, what are the differences between '--local', '--server'
> and '-S'.
>
> --
> John Doe
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>


--
John Doe



More information about the Dnsmasq-discuss mailing list