<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.3020" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>dnsmasq will read /etc/hosts if you just put your
local servers in there (if they're static) then that'll work fine.
Otherwise, if you're using DHCP (not likely for servers, granted) you can
reserve the names and ip-addresses for the leases in the conf file
too.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>If you don't want to edit the files (which I found
clean-enough to keep, IMHO), I think the "server=" syntax allows you to specify
other nameservers.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>To protect yourself from the "RED" interface
(Internet) from servicing lookups, set "except-interface=eth#" (where
"eth#" is the interface name from ifconfig).</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Does that help?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>-AJ</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=marsepein@gmail.com href="mailto:marsepein@gmail.com">Carl</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=dnsmasq-discuss@lists.thekelleys.org.uk
href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk">dnsmasq-discuss@lists.thekelleys.org.uk</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, January 05, 2007 3:45
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Dnsmasq-discuss] DNSmasq on
a VPS instead of bind</DIV>
<DIV><BR></DIV>On 1/5/07, Aaron J Weber <<A
href="mailto:aweber@comcast.net">aweber@comcast.net</A>> wrote:<BR>>
dnsmasq will be a lot more lightweight to configure/install/maintain
(by<BR>> far, IMHO).<BR><BR>Also as far as memory-use and security go, you
think?<BR><BR>> For the first two bullets, I've found that setting up a
resolv.dnsmasq file<BR>> (in /etc) with the name of the "upstream servers"
-- the three external<BR>> IP-Addresses you reference in your first
bullet. It's basically your<BR>> current resolv.conf with the name
changed.<BR>><BR>> Then set your actual resolv.conf to:<BR>>
nameserver 127.0.0.1<BR>><BR>> And set the
"resolv-file=/etc/resolv.dnsmasq" in the<BR>> dnsmasq.conf
file.<BR><BR>Yes, I got that, but I also read you wouldn't even need the
dnsmasq<BR>resolv file, and put them straight in the config? Then I read on,
but<BR>never saw it mentioned further, as in:<BR><BR> # If you don't want
dnsmasq to read /etc/resolv.conf or any other<BR> # file, getting its
servers from this file instead (see below), then<BR> # uncomment
this<BR> #no-resolv<BR><BR>So where is 'see below' ? I could not find it.
It indeed seems silly<BR>to have to resort to separate files for only 2 or 3
IP-addresses that<BR>rarely change, if at all.<BR><BR>> This should keep
you from the round-trips -- your localhost should look to<BR>> dnsmasq
first for name resolution, and if dnsmasq doesn't find it in the<BR>>
cache, dhcp leases (if feature-used), (or in your configured hosts
files,<BR>> etc.) it'll then go to the upstream nameservers. If I
understood the<BR>> questions correctly! ;)<BR><BR>Well not entirely. Say
the mail-server sends mail to an internal<BR>domain, for which I use the same
server, shouldn't it stick with<BR>127.0.0.1 instead of even looking for
public IP's?<BR>How do I tell this machine or dnsmasq these domains are
local?<BR>Or should I use those Alias options for their
IP-addresses?<BR><BR>So should I use this :<BR><BR># Add domains which you
want to force to an IP address here.<BR># The example below send any host in
doubleclick.net to a local<BR>#
webserver.<BR>#address=/doubleclick.net/127.0.0.1<BR><BR>(and how do I enter
more names and more IPs?)<BR><BR>or this :<BR><BR># If you want to fix up DNS
results from upstream servers, use the<BR># alias option. This only works for
IPv4.<BR># This alias makes a result of 1.2.3.4 appear as
5.6.7.8<BR>alias=the.outside.ip.address,127.0.0.1<BR><BR>?<BR><BR>Or does
dnsmasq use /etc/hosts for that?<BR><BR># If you don't want dnsmasq to read
/etc/hosts, uncomment the<BR># following line.<BR>#no-hosts<BR>?<BR>By the
way, it gets more complicated:<BR><BR>What do I put in the hosts file for each
of the served domains?<BR><BR> 127.0.0.1 domain.org
otherdomain.net localhost localhost.localdomain<BR><BR>or do I also need
to add<BR><BR> some.public.ip.address domain.org<BR>
some.public.ip.address
otherdomain.net<BR><BR>?<BR><BR><BR><BR>> As for being on the internet,
your iptables should keep name-resolution<BR>> requests (port 53, right?)
blocked from the internet interface, but you can<BR>> also set an ignore
for that NIC/interface in the config file to be sure.<BR><BR>Do I use this for
that :<BR><BR># Or which to listen on by address (remember to include
127.0.0.1 if<BR># you use this.)<BR>#listen-address=<BR><BR>And then only
set<BR><BR>listen-address=127.0.0.1<BR><BR>? Or will something go wrong
there?<BR><BR>To me there seem to be a thousand ways to Rome, but I am at a
loss<BR>about what actually happens, and mainly looking for the
fastest<BR>method, using the least memory/cpu-resources.<BR><BR>Hope to see
some more
advice,<BR><BR>thanks!<BR><BR>Carl<BR><BR>_______________________________________________<BR>Dnsmasq-discuss
mailing list<BR><A
href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.thekelleys.org.uk</A><BR><A
href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</A></BLOCKQUOTE></BODY></HTML>