[Dnsmasq-discuss] split DNS, multiple --local entries and secondary DNS

Simon Kelley simon at thekelleys.org.uk
Thu May 24 16:57:42 BST 2007 

Martijn Brinkers (List) wrote:
> Hi,
> 
> Background:
> 
> A company has a split DNS ie. they have an internal DNS containing only
> records for private internal domains and an external DNS containing only
> public records. Normally you would have the internal DNS forward unknown
> requests to the external DNS but that's not possible in this situation.
> 
> Problem:
> 
> The problem is that our machine need to lookup internal private domains as
> well as external public domains. It seems this is not possible with the
> default Linux resolvers because when a DNS server reports a negative result
> the secondary DNS is never queried (which is normal). 
> The way we solved it is by using the following DNSMasq option:
> 
> -S, --local,
> --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source>[#<port>]]]
> 
> We can now specify that lookups for an internal domain should go to the
> internal DNS server and lookups for an external domain will go to the
> default external DNS servers.
> 
> This seems to fix the split DNS problem. We only have one problem left.
> There are two internal DNS servers. The primary and the secondary. When the
> primary internal DNS stops answering queries all internal requests should go
> to the secondary internal DNS server.
> 
> What we have tried is to add multiple 'local' options with the same domain
> but with a different <ipaddr> but this seems not to work. Only the first
> entry is used and if the lookup fails it does not try the secondary internal
> DNS server but falls back on the external DNS.
> 
> 
> Can someone help me to get this working? Or is this an impossible request?
> 

I just tested this, and it seems to be working as intended, the query 
gets sent to the first server, and if it times out and is retried, it 
gets sent to both.

  src/dnsmasq -p 10000 -q --server=/wibble/1.1.1.1 
--server=/wibble/2.2.2.2 -d
dnsmasq: started, version 2.40test7 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt no-ISC-leasefile no-DBus 
no-I18N TFTP
dnsmasq: using nameserver 2.2.2.2#53 for domain wibble
dnsmasq: using nameserver 1.1.1.1#53 for domain wibble
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 192.168.0.4#53
dnsmasq: using nameserver 2.2.2.2#53 for domain wibble
dnsmasq: using nameserver 1.1.1.1#53 for domain wibble
dnsmasq: read /etc/hosts - 8 addresses
dnsmasq: query[A] w.wibble from 127.0.0.1
dnsmasq: forwarded w.wibble to 1.1.1.1
dnsmasq: query[A] w.wibble from 127.0.0.1
dnsmasq: forwarded w.wibble to 2.2.2.2
dnsmasq: forwarded w.wibble to 1.1.1.1

HTH

Simon.

More information about the Dnsmasq-discuss mailing list