<br><br><div class="gmail_quote">On Wed, Dec 29, 2010 at 12:44 PM, Jean-Pierre van Melis <span dir="ltr"><<a href="mailto:fraterdnsmasq@hetemail.com">fraterdnsmasq@hetemail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><font style="font-family:tahoma,arial,helvetica,sans-serif;font-size:12pt">
<div><div class="im">
<div>> It isn't dnsmasq performing the second query, it's your OS
resolver service. Check your /etc/resolv.conf configuration, remove
any "search-suffix" or similar directive that might be in there.
Also note that this is a per-client setting, it can't be centrally
controlled with dnsmasq.</div>
<div> </div>
</div><div>I checked /etc/resolv.conf on the router that's also running
dnsmasq.</div>
<div>It had 2 entries of "search <a href="http://mirmana.com" target="_blank">mirmana.com</a>".</div>
<div>I deleted them both. Now it resolved it fine, giving an NXDOMAIN as an
answer.</div>
<div> </div>
<div>My linux clients didn't have that entry, but after deleting 'domain
<a href="http://mirmana.com" target="_blank">mirmana.com</a>' it stopped adding the domain to the query. I now need to find
out how that entry got in there (the linux client I mean).</div>
<div>I'm afraid it was through DHCP.</div></div></font></div></blockquote><div><br></div><div>It is only indirectly through DHCP. DHCP is supplying the clients with a domain name, it then depends on client configuration whether than name is used as a search suffix.</div>
<div><br></div><div>Windows boxen have a setting "For resolution of unqualified names: Append primary and connection-specific DNS suffixes".</div><div><br></div><div>Linux clients will have something similar, but I'm not familiar with exactly where it is, it probably depends on whether you're using udhcpc, dhcpclient, or some other dhcp client package.</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><font style="font-family:tahoma,arial,helvetica,sans-serif;font-size:12pt"><div>
<div><br>
</div>
</div>
</font></div>
<blockquote style="padding-right:0px;padding-left:5px;margin-left:5px;border-left:2px solid rgb(0, 0, 0);margin-right:0px"><div class="im"> -----Original
Message-----<br>
From: "<a href="mailto:richardvoigt@gmail.com" target="_blank">richardvoigt@gmail.com</a>" <<a href="mailto:richardvoigt@gmail.com" target="_blank">richardvoigt@gmail.com</a>><br>
To: Jean-Pierre van Melis <<a href="mailto:fraterdnsmasq@hetemail.com" target="_blank">fraterdnsmasq@hetemail.com</a>><br></div><div class="im">
Cc: "<a href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">dnsmasq-discuss@lists.thekelleys.org.uk</a>"
<<a href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">dnsmasq-discuss@lists.thekelleys.org.uk</a>><br>
Date: Wed, 29 Dec 2010 08:27:00 -0600<br>
Subject: Re: [Dnsmasq-discuss] expand-hosts<br>
<br>
<br>
<br>
</div><div><div></div><div class="h5"><div class="gmail_quote">On Tue, Dec 28, 2010 at 5:18 PM, Jean-Pierre van
Melis <span dir="ltr"><<a href="mailto:fraterdnsmasq@hetemail.com" target="_blank">
fraterdnsmasq@hetemail.com</a>></span> wrote:<br>
<blockquote style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex" class="gmail_quote">
<div><font style="font-family:tahoma,arial,helvetica,sans-serif;font-size:12pt">
<div><span style="font-size:10pt">Hi Richard,<br>
</span></div>
<div><span style="font-size:10pt"><br>
</span></div>
<div><span style="font-size:10pt">I own the the domain <a href="http://mirmana.com" target="_blank">mirmana.com</a> which points with most of its
records including a wildcard to my private DSL-connection on which I have
a DD-WRT router.<br>
</span></div>
<div><span style="font-size:10pt"><br>
</span></div>
<div><span style="font-size:10pt">DD-WRT is running DNSMasq for its DHCP
& DNS.<br>
</span></div>
<div><span style="font-size:10pt">I have set my local domain also to <a href="http://mirmana.com" target="_blank">mirmana.com</a>.<br>
</span></div>
<div><span style="font-size:10pt">I know this should really be
mirmana.local, but I'm doing this so my portable devices will access the
LAN-side of the services when they are used local and will get forwarded by
the router when they access these same services from WAN.<br>
</span></div>
<div><span style="font-size:10pt">This is the config generated by DD-WRT
according to its webif:<br>
</span></div>
<div style="margin-left:40px"><span style="font-size:10pt"><br>
<span style="font-family:Courier New"> :~# cat /tmp/dnsmasq.conf<br>
interface=br0<br>
resolv-file=/tmp/resolv.dnsmasq<br>
all-servers<br>
domain=<a href="http://mirmana.com" target="_blank">mirmana.com</a><br>
dhcp-leasefile=/tmp/dnsmasq.leases<br>
dhcp-lease-max=21<br>
dhcp-option=lan,3,192.168.10.1<br>
dhcp-option=44,192.168.10.120<br>
dhcp-authoritative<br>
dhcp-range=lan,192.168.10.248,192.168.10.254,255.255.255.0,1440m<br>
dhcp-host=00:13:D3:08:CC:81,win32,192.168.10.120,144m<br>
.</span></span></div>
<div style="margin-left:40px"><span style="font-size:10pt"><span style="font-family:Courier New">.<br>
</span></span></div>
<div style="margin-left:40px"><span style="font-size:10pt"><span style="font-family:Courier New"> ptr-record=254.0.191.85.in-addr.arpa,<a href="http://cj1616-gateway.mirmana.com" target="_blank">
cj1616-gateway.mirmana.com</a><br>
addn-hosts=/opt/etc/pixelserv/blacks<br>
dhcp-option=option:ntp-server,194.171.167.130,81.171.44.131,87.251.35.240,213.239.154.12,131.211.84.189</span>
<br>
</span></div>
</font></div>
<div><span style="font-size:10pt"><br>
</span></div>
<div><span style="font-size:10pt">This is what happens when I resolve <a href="http://www.google.com" target="_blank">www.google.com</a> and when I
resolve the non-existing <a href="http://wwww-google.com" target="_blank">
wwww-google.com</a><br>
</span></div>
<div><span style="font-size:10pt"><br>
</span></div>
<div style="margin-left:40px"><span style="font-size:10pt"><span style="font-family:Courier New"># host <a href="http://www.google.com" target="_blank">www.google.com</a><br>
<a href="http://www.google.com" target="_blank">www.google.com</a> is an
alias for <a href="http://www.l.google.com" target="_blank">
www.l.google.com</a>.<br>
<a href="http://www.l.google.com" target="_blank">www.l.google.com</a> has
address 74.125.77.104<br>
<a href="http://www.l.google.com" target="_blank">www.l.google.com</a> has
address 74.125.77.99<br>
<a href="http://www.l.google.com" target="_blank">www.l.google.com</a> has
address 74.125.77.147<br>
root@WAN:~# host <a href="http://wwww.google.com" target="_blank">
wwww.google.com</a><br>
<a href="http://wwww.google.com.mirmana.com" target="_blank">
wwww.google.com.mirmana.com</a> is an alias for <a href="http://jpmarion.dyndns.org" target="_blank">jpmarion.dyndns.org</a>.<br>
<a href="http://jpmarion.dyndns.org" target="_blank">jpmarion.dyndns.org</a>
has address 85.191.0.241<br>
</span><br>
</span></div>
<div><span style="font-size:10pt">I'm afraid I will now get a lecture
about wildcards I should not be using or WAN-domains that are used on a LAN,
but the point is really that I never asked for a 2nd query. There's even
an option called 'expand-hosts', but I that's not turned on.<br>
</span></div>
<div><span style="font-size:10pt">If a foreign DNS-server is a bit slow,
my DNSMasq suddenly decides to return my WAN-IP.<br>
</span></div>
<div><span style="font-size:10pt">I don't want this!<br>
</span></div>
<div><span style="font-size:10pt"><br>
</span></div>
<div><span style="font-size:10pt">I want it to just query the record I
asked it to and just give NXDOMAIN if it can't deliver.<br>
</span></div>
</blockquote>
<div> </div>
<div>It isn't dnsmasq performing the second query, it's your OS resolver
service. Check your /etc/resolv.conf configuration, remove any
"search-suffix" or similar directive that might be in there.
Also note that this is a per-client setting, it can't be centrally
controlled with dnsmasq.</div>
<div> </div>
<blockquote style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex" class="gmail_quote">
<div><span style="font-size:10pt"> </span></div>
<div><span style="font-size:10pt"><br>
</span></div>
<div><span style="font-size:10pt">I understand the default behaviour can't
suddenly be changed, so an optional variable called 'expand-never' could
be given to achieve this.<br>
</span></div>
<div><span style="font-size:10pt"><br>
</span></div>
<div><span style="font-size:10pt">Cheers all<br>
</span></div>
<div>
<div> </div>
<div>
<div> </div>
</div>
</div>
</blockquote>
<div> </div>
</div>
</div></div></blockquote>
</blockquote></div><br>