[Dnsmasq-discuss] Mutliple Subnets - Different Servers - Chaining Dnsmasqs

Lord Devi lorddevi at gmail.com
Sun Jul 11 01:18:31 BST 2010


I have a fairly simple home network, to which I have recently added a second
subnet to for my virtual machines. While my primary DNS/DHCP server is a
Dnsmasq instance running on my DD-WRT router, my second subnet is hosted
from a machine inside the Lan. On that machine I run multiple virtual
machines, and desire to serve DHCP and DNS information to them from a second
Dnsmasq instance running on the first virtual machine. However I've managed
to confuse myself greatly on this subject going through the Dnsmasq
archives. So I will simply try to state my intentions and current
configuration as clearly as possible, and hope someone can clarify some
things for me.

My current network resembles the following:

Subnet A:
Network Range: **
*Gateway 1A*: ** (This is my DD-WRT router which
provides internet access)
Gateway Interfaces:
*br0*: **
*vlan1*: **
DNS / DHCP (Dnsmasq): ** (Both served from the above DD-WRT
LAN Domain: tec.lan
Example *Host 1A*: *perpetrator.tec.lan -*
Example *Host 2A*: *rapine.tec.lan -*

Subnet B:
Network Range: **
*Gateway 1B*: ** (This is my internal machine which
hosts my virtual machines)
Gateway Interfaces:
*eth0*: **
*eth1*: *
*DNS / DHCP (Dnsmasq): ** (This is the very first virtual machine
hosted on Gateway 1B)
LAN Domain: tec.lan
Example *Host 1B*: *ubuntu-01.tec.lan -*
Example *Host 2B*: *ubuntu-02.tec.lan -

First off I have to say that working with multiple subnets in such a manner
is a new task for me, and I may indeed be going about things improperly in
relation to Dnsmasq here. But what I have been trying to do up until now is
have client machines on Subnet B use as their DHCP and DNS
server, and have it so when they need DNS information for either Subnet A,
OR the Internet itself, they would then pass queries on to the Dnsmasq
server on In effect, sort of chaining requests.. I have
attempted things like manually adding both and to
/etc/resolv.conf on guest machines hosted on Subnet B, but have had mixed
results with that.For instance if I list FIRST in
/etc/resolv.conf on those machines they can get DNS queries for
ubuntu-01.tec.lan just fine say, but when I ask them about rapine.tec.lan or
google.ca, they do not get resolved. (I had thought that if a domain to be
resolved was not found on the first nameserver inside resolv.conf, they
would then ask the second in the list and THEN get the results needed. But
it does not appear to work this way.)

So then I thought maybe, clients on Subnet A could be configured to ask ONLY for DNS information, and then the Dnsmasq server on
would then itself know to ask for DNS information for which it
itself did not know about. So to that end, I appended the following line to
my dnsmasq.conf file on


This seems to allow machines on Subnet B to be able to contact
rapine.tec.lan and google.ca just fine. However when I tried to add:


to Gateway 1A: to try to get my Dnsmasq on to ask
about machines on the subnet, all my Subnet A client machines
then started to have problems and delays when trying to resolv information
for the Internet. So obviously I was doing something wrong.. At this point I
am kind of stuck. I fear I have confused myself greatly and am having great
difficulties figuring this one out.

Even if there is an option I can add to my Dnsmasq server on Gateway 1A to
achieve my ends, I would still be left with a sense of unease that I may not
be doing things correctly in the first place. If someone could both help me
configure this so that machines on both Subnet A and B can resolv each other
fine, AND help instruct me a bit on the "best practises" of such a
configuration I would  be very appreciative!!

Following I have pasted the contents of my relevant dnsmasq.conf files to
demonstrate further what it is I am CURRENTLY doing.

Subnet A's relevant dnsmasq.conf on


Subnet B's relevant dnsmasq.conf on


(An example of the sort of things I am uncertain about, is how you might
notice I have "dhcp-authoritative" set on both of my Dnsmasq servers. I have
a feeling this is wrong, and even IF I was getting the network DNS
resolutions I am looking for, am not sure if that is correct.)

Please help unconfuse me!!

Best regards,
  Casey Quibell.

p.s. If there is any further information I can provide to help in diagnosing
my issue, please ask!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20100710/3967418e/attachment.htm 

More information about the Dnsmasq-discuss mailing list