[Dnsmasq-discuss] Feature request: --server=/*.in-addr.arpa/ overrides --bogus-priv.
Simon Kelley
simon at thekelleys.org.uk
Sat Jun 6 20:37:49 BST 2009
Andrew Rodland wrote:
> Subject line pretty much says it. I have config lines of the form
>
> server=/100.168.192.in-addr.arpa/192.168.100.2
>
> (for a VPN "split DNS" configuration), but if the bogus-priv option is enabled
> these queries are returned NXDOMAIN without forwarding to the upstream server.
> I've disabled bogus-priv as a workaround, but it's my feeling that an explicit
> forwarding server should override the general-purpose option. That way I can
> forward the zones that I know exist somewhere, while still getting the benefit
> of bogus-priv for completely spurious local IPs.
>
This is a fine suggestion, but there are are two reasons not to do it.
1) It's more difficult to implement than may be apparent, since the
bogus-priv logic happens as part of cache processing, and if that yields
an address, the forwarding logic which checks the server= lines never
gets run.
2) The current behaviour has been there for a long time, and there's a
chance that changing it will adversely affect existing installations.
I'd probably override both these objections and do it anyway, if there
wasn't a good workaround, but there is. Do this.
1) remove bogus-priv
2) add the lines
local=/.168.192.in-addr.arpa/
local=/.16.172.in-addr.arpa/
local=/.10.in-addr.arpa/
local=/.127.in-addr.arpa/
local=/.254.169.in-addr.arpa/
instead.
(Your server line will be used in preference to the 168.192 one, since
it's more specific.)
HTH
Simon.
More information about the Dnsmasq-discuss
mailing list