I just set up Dnsmasq on my small home network. I previously spent quite some time trying, unsucessfully, to get the Windows Server DNS service working. So it made me smile to go from tarball to compiled, configured & working in about five minutes with Dnsmasq. I am having one issue, though, and I apologize if it's just because of a lack of understanding of DNS.<div>
<br></div><div>Prior to setting up Dnsmasq, I had DHCP enabled on my router, set up to forward DNS to OpenDNS. Now, I'm using Dnsmasq DHCP on an OS X 10.5 machine, with some /etc/hosts entries, and the OpenDNS servers in /etc/resolv.conf</div>
<div><br></div><div>I also have a Windows machine that occasionally VPNs into a company network. Before Dnsmasq, Windows gave priority to the VPN DNS; now it does not. So <a href="http://server.company.com" target="_blank">server.company.com</a> used to resolve to the correct internal address. Now, it resolves to the OpenDNS wildcard address.</div>
<div><br></div><div>I tried two things to fix this:</div><div><br></div><div>1. Adding a server entry for <a href="http://company.com" target="_blank">company.com</a> in dnsmasq.conf</div><div>2. Adding a bogus-nxdomain entry for OpenDNS in dnsmasq.conf</div>
<div><br></div><div>The problem with #1 is that there are machines in the <a href="http://company.com" target="_blank">company.com</a> domain with public addresses. For example, <a href="http://www.company.com" target="_blank">www.company.com</a> does not have an entry in internal DNS. Also, <a href="http://vpn.company.com" target="_blank">vpn.company.com</a> no longer resolves, since I'm not actually VPNed in when it needs to be resolved.</div>
<div><br></div><div>Solution #2 again almost works. Without the bogus success from OpenDNS, Windows properly falls back to the VPN DNS. The problem is that, due to security restrictions, I need to connect to some machines on their internal address to perform certain tasks. But OpenDNS legitimately resolves those names to their public address.</div>
<div><br></div><div>I'm sure I can work around this easily enough with a little extra work. But at this point I'm curious why the behavior changed in the first place. What is different about Dnsmasq that would cause Windows to change where it checks first?</div>