[Dnsmasq-discuss] uh, domain concats unwanted...

Paul Chambers bod at bod.org
Thu May 1 18:53:31 BST 2008 

As an aside, if you're using OpenDNS upstream, for lookups that fail 
it'll respond with the IP address of an OpenDNS server (rather than 
NXDOMAIN), which will redirect you to guide.opendns.com. You'll need to 
use 'bogus-nxdomain=' lines in your dnsmasq configuration for the IP 
addresses of those 'special' servers if you want lookups to fail if the 
domain is not found. Specifically, add 'bogus-nxdomain=208.67.219.132' 
to dnsmasq.conf and restart dnsmasq. Note that this IP address has 
changed at least once since I started using OpenDNS.

Doesn't explain why your resolver is looking for 
view.atdmt.com.nnnnnn.com in the first place, but does explain why 
you're getting an answer. I think the resolver re-attempts a lookup that 
fails by appending the domain to the original lookup, IIRC. Try adding a 
'domain something.bogus' line to your resolv.conf and see if you get 
'view.atdmt.com.something.bogus' instead.

Paul

p.s. By the way, you do know that OpenDNS offers domain blacklisting by 
category automatically? just have to create an account and turn it on.

/dev/rob0 wrote:
> On Thu May 1 2008 10:34:05 AJ Weber wrote:
>   
>> OK, I'm looking thru my dnsmasq.conf, but can't justify why this is
>> happening...nor how it's eventually coming-up with a valid IP
>> address.
>>     
>
> Valid
>> However, it didn't block an advert site on my first test, and so I
>> did a nslookup from my laptop...this was the output...
>>     
> Just Say No to nslookup. dig(1) is the preferred tool
>> Server:   broh.nnnnnn.com
>> Address:  192.168.1.128
>>
>> Non-authoritative answer:
>> Name:    view.atdmt.com.nnnnnn.com
>> Address:  208.67.217.132
>>     
> 132.217.67.208.in-addr.arpa. 86400 IN   PTR     hit-nxdomain.opendns.com.
>   
>> The "nnnnnn.com" is set in my "domain=" option in my config. 
>> However, as I read it, it should only be used to decorate simple
>> names from the hosts-file.  Why is it being appended to FQDNs? 
>>     
>
> Maybe broken or misconfigured system resolver? See, dig(1) will only
> use DNS, and only with the name it is given (exception, see +search.)
>   
>> Furthermore, how the heck did that name then resolve from the
>> upstream DNS server???
>>     
>
> Um, maybe a broken upstream nameserver? [1
<snip>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20080501/c58b9633/attachment.htm

More information about the Dnsmasq-discuss mailing list