[Dnsmasq-discuss] force all queries to tcp?

Brent Langston brentley at brentley.net
Thu Jun 12 17:51:19 BST 2008


The Situation:

- Our IT policy is to eliminate all UDP traffic, except for traffic going to
specific DNS servers.
- I have a private DNS zone (*.mylab.internal).
- I'm hosting dns records for my private zone using dnsmasq.
- All of the people that access the lab are running Linux notebooks and have
dnsmasq installed.

The Idea:

Configure dnsmasq on the notebooks with something like:
server=/mylab.internal/192.168.0.200 so that all queries for
*.mylab.internal go to the dns server I'm running, and any other dns queries
go to the standard corporate dns servers.

The Problem:

dnsmasq performs the queries using UDP traffic.  Since UDP traffic is
blocked, the queries time out.  As a test, I can run these two commands:

dig @192.168.0.200 server.mylab.internal (results in a timeout)
dig +tcp @192.168.0.200 server.mylab.internal (immediate response received)

Sooo........  How can I configure the notebook instances of dnsmasq to
always send queries to the tcp port, rather than the default udp ports?

Any ideas?
-- 
--------
Brent
--------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20080612/7b7db903/attachment.htm


More information about the Dnsmasq-discuss mailing list