[Dnsmasq-discuss] local=/lan/127.0.0.1 behavior

Simon Kelley simon at thekelleys.org.uk
Tue May 1 19:57:46 BST 2007 

David Ehrmann wrote:
> If I sent this already, I apologize.  I checked, but couldn't find it in 
> the archive.  I had a little trouble signing up for the mailing list. 
> Anyway...
> 
> I have two networks that are connected via a vpn tunnel.  I wanted both
> of them to be able to look up hosts in each other, so I played around
> with the dnsmasq config file, and this seemed to work:
> 
> domain-needed
> bogus-priv
> filterwin2k
> localise-queries
> 
> local=/lan/127.0.0.1
> local=/lan/10.16.1.1
> 
> domain=lan
> 
> expand-hosts
> 
> dhcp-leasefile=/tmp/dhcpd.leases
> 
> (on the other host, the 10.16.1.1 line has a different IP)
> 
> First, why does the 127.0.0.1 work?  I think I tried without that, and
> names on the other end didn't resolve.  That, and should it cause an
> infinite loop, since dnsmasq is already my nameserver?

dnsmasq has code to detect when it's being asked to use itself as a 
server and reject the server. This is mainly useful when people take a 
shortcut and put 127.0.0.1 as the first nameserver in /etc/resolv.conf 
so that everything else uses dnsmasq, and the real servers further down 
which get used by dnsmasq.

I'm not quite sure what you're trying to do with the local= lines: local 
is equivalent to address=, so that you'll be resolving everything in the 
.lan domain to 127.0.0.1 or 10.16.1.1. It's not defined which one when 
both match, so it's not particulary useful to have two.


> Why does it mostly work without the // entry?  My guess is that since
> isc-dhcpd is set to tell hosts they're in .lan, they append it
> automatically when pinging.
> Is the order of the local statements the order servers are queried?  I
> certainly want to query the local network's server first, especially if
> the tunnel is down.
> 
> One host without a dhcp lease can't ping foo, it has to ping foo.lan.
> Would local=//127.0.0.1 and local=//10.16.1.1 entries fix that?
> 
> Thanks-
> 

The best way to do this is to have two domains, and redirect queries using

server=/domain1/<address of server on net1>

for net2

and

server=/domain2/<address of server on net2>

for net 1

You can use the search parameter in /etc/resolv.conf to make the 
resolver try names on both domains if you don't want them to be visible.

HTH

Simon.

More information about the Dnsmasq-discuss mailing list