[Dnsmasq-discuss] reply /etc/hosts entry matching to interface

Simon Kelley simon at thekelleys.org.uk
Thu Apr 6 17:39:43 BST 2006 

Joerg Habenicht wrote:
> Hello all,
> 
> isn't the option "localise-queries" used to return the matching address only?
> 
> 
> At home I got a gateway with 3 interfaces ppp0, eth0, eth1
> with 192.168.2.0/24 on eth0
>   and 192.168.1.0/24 on eth1
> with dnsmasq serving the DNS requests and listening on eth0 and eth1
> (and lo)
> 
> 
> The /etc/hosts looks like this:
> # intern net:
> 192.168.2.1     minime.mydomain.lan        minime
> ...
> # DMZ net:
> 192.168.1.1     minime.mydomain.lan        minime
> 192.168.1.2     jarrel.mydomain.lan        jarrel
> ...
> 
> 
> so if I do a "host" call on jarrel I get:
> $ host minime
> minime.mydomain.lan has address 192.168.2.1
> 
> but I would like to get address 192.168.1.1 as an answer from dnsmasq
> since returning 192.168.2.1 makes sshd nervous on jarrel.
> 
> Apr  6 13:10:57 jarrel sshd[6536]: Address 192.168.1.1 maps to 
> minime.mydomain.lan, but this does not map back to the address - POSSIBLE 
> BREAKIN ATTEMPT!
> 
> 

Look at the DNS configuration of jarrel: dnsmasq does the filtering 
based on the destination that the DNS request was sent to, _not_ the 
interface is was received on, so if you have the nameserver address in 
/etc/resolv.conf on jarrel set as 192.168.2.1 then dnsmasq will return 
the address on the 192.168.2.x network.

Example: my router box is called "central" and has addresses 192.168.0.4 
and 192.168.1.1. Both of those are in /etc/hosts.
It's possible to access central from a machine on the 192.168.1.1 
network using either of these addresses (thanks to a default route) but 
the DNS answers are different depending on which address the query is 
sent to. localise-queries is on.

srk at vaio:~$ host central 192.168.0.4
Using domain server:
Name: 192.168.0.4
Address: 192.168.0.4#53
Aliases:

central has address 192.168.0.4

srk at vaio:~$ host central 192.168.1.1
Using domain server:
Name: 192.168.1.1
Address: 192.168.1.1#53
Aliases:

central has address 192.168.1.1

The justification for doing it this way is that it makes the results 
consistent, and not dependent on routing changes in more complex networks.

HTH


Simon.

More information about the Dnsmasq-discuss mailing list