[Dnsmasq-discuss] Mutliple Subnets - Different Servers - Chaining Dnsmasqs

Sergei Zhirikov sfzhi at yahoo.com
Sun Jul 11 14:59:41 BST 2010


On 2010-07-11 02:18, Lord Devi wrote:
> Hello.
>
> I have a fairly simple home network, to which I have recently added a
> second subnet to for my virtual machines. While my primary DNS/DHCP
> server is a Dnsmasq instance running on my DD-WRT router, my second
> subnet is hosted from a machine inside the Lan. On that machine I run
> multiple virtual machines, and desire to serve DHCP and DNS information
> to them from a second Dnsmasq instance running on the first virtual
> machine. However I've managed to confuse myself greatly on this subject
> going through the Dnsmasq archives. So I will simply try to state my
> intentions and current configuration as clearly as possible, and hope
> someone can clarify some things for me.
>
> My current network resembles the following:
>
> Subnet A:
> Network Range: *192.168.1.0/24 <http://192.168.1.0/24>*
> /Gateway 1A/: *192.168.1.1/255.255.255.0
> <http://192.168.1.1/255.255.255.0>* (This is my DD-WRT router which
> provides internet access)
> Gateway Interfaces:
> /br0/: *192.168.1.1/255.255.255.0 <http://192.168.1.1/255.255.255.0>*
> /vlan1/: *70.76.84.224/255.255.252.0 <http://70.76.84.224/255.255.252.0>*
> DNS / DHCP (Dnsmasq): *192.168.1.1* (Both served from the above DD-WRT
> router)
> LAN Domain: tec.lan
> Example /Host 1A/: *perpetrator.tec.lan - 192.168.1.10/255.255.255.0
> <http://192.168.1.10/255.255.255.0>*
> Example /Host 2A/: *rapine.tec.lan - 192.168.1.12/255.255.255.0
> <http://192.168.1.12/255.255.255.0>*
>
> Subnet B:
> Network Range: *192.168.2.0/24 <http://192.168.2.0/24>*
> /Gateway 1B/: *192.168.2.1/255.255.255.0
> <http://192.168.2.1/255.255.255.0>* (This is my internal machine which
> hosts my virtual machines)
> Gateway Interfaces:
> /eth0/: *192.168.1.11/255.255.255.0 <http://192.168.1.11/255.255.255.0>*
> /eth1/: *192.168.2.1/255.255.255.0 <http://192.168.2.1/255.255.255.0>
> *DNS / DHCP (Dnsmasq): *192.168.2.2* (This is the very first virtual
> machine hosted on Gateway 1B)
> LAN Domain: tec.lan
> Example /Host 1B/: *ubuntu-01.tec.lan - 192.168.2.10/255.255.255.0
> <http://192.168.2.10/255.255.255.0>*
> Example /Host 2B/: *ubuntu-02.tec.lan - 192.168.2.11/255.255.255.0
> <http://192.168.2.11/255.255.255.0>
> *
>
> First off I have to say that working with multiple subnets in such a
> manner is a new task for me, and I may indeed be going about things
> improperly in relation to Dnsmasq here. But what I have been trying to
> do up until now is have client machines on Subnet B use 192.168.2.2 as
> their DHCP and DNS server, and have it so when they need DNS information
> for either Subnet A, OR the Internet itself, they would then pass
> queries on to the Dnsmasq server on 192.168.1.1. In effect, sort of
> chaining requests.. I have attempted things like manually adding both
> 192.168.1.1 and 192.168.2.2 to /etc/resolv.conf on guest machines hosted
> on Subnet B, but have had mixed results with that.For instance if I list
> 192.168.2.2 FIRST in /etc/resolv.conf on those machines they can get DNS
> queries for ubuntu-01.tec.lan just fine say, but when I ask them about
> rapine.tec.lan or google.ca <http://google.ca>, they do not get
> resolved. (I had thought that if a domain to be resolved was not found
> on the first nameserver inside resolv.conf, they would then ask the
> second in the list and THEN get the results needed. But it does not
> appear to work this way.)
>
> So then I thought maybe, clients on Subnet A could be configured to ask
> ONLY 192.168.2.2 for DNS information, and then the Dnsmasq server on
> 192.168.2.2 would then itself know to ask 192.168.1.1 for DNS
> information for which it itself did not know about. So to that end, I
> appended the following line to my dnsmasq.conf file on 192.168.2.2
> <http://192.168.2.2>:
>
> server=192.168.1.1
>
> This seems to allow machines on Subnet B to be able to contact
> rapine.tec.lan and google.ca <http://google.ca> just fine. However when
> I tried to add:
>
> server=192.168.2.2
>
> to Gateway 1A: to try to get my Dnsmasq on 192.168.1.0/24
> <http://192.168.1.0/24> to ask 192.168.2.2 about machines on the
> 192.168.2.0/24 <http://192.168.2.0/24> subnet, all my Subnet A client
> machines then started to have problems and delays when trying to resolv
> information for the Internet. So obviously I was doing something wrong..
> At this point I am kind of stuck. I fear I have confused myself greatly
> and am having great difficulties figuring this one out.
>
> Even if there is an option I can add to my Dnsmasq server on Gateway 1A
> to achieve my ends, I would still be left with a sense of unease that I
> may not be doing things correctly in the first place. If someone could
> both help me configure this so that machines on both Subnet A and B can
> resolv each other fine, AND help instruct me a bit on the "best
> practises" of such a configuration I would  be very appreciative!!
>
> Following I have pasted the contents of my relevant dnsmasq.conf files
> to demonstrate further what it is I am CURRENTLY doing.
>
> Subnet A's relevant dnsmasq.conf on 192.168.1.1 <http://192.168.1.1>:
>
> interface=br0
> resolv-file=/tmp/resolv.dnsmasq
> domain=tec.lan
> dhcp-leasefile=/tmp/dnsmasq.leases
> dhcp-lease-max=54
> dhcp-option=lan,3,192.168.1.1
> dhcp-authoritative
> dhcp-range=lan,192.168.1.100,192.168.1.149,255.255.255.0,1440m
>
>
> Subnet B's relevant dnsmasq.conf on 192.168.2.2 <http://192.168.2.2>:
>
> interface=eth0
> domain=tec.lan
> dhcp-leasefile=/tmp/dnsmasq.leases
> dhcp-lease-max=54
> dhcp-option=option:router,192.168.2.1
> dhcp-authoritative
> dhcp-range=lan,192.168.2.100,192.168.2.149,255.255.255.0,1440m
> server=192.168.1.1
> expand-hosts
>
>
> (An example of the sort of things I am uncertain about, is how you might
> notice I have "dhcp-authoritative" set on both of my Dnsmasq servers. I
> have a feeling this is wrong, and even IF I was getting the network DNS
> resolutions I am looking for, am not sure if that is correct.)
>
> Please help unconfuse me!!
>
> Best regards,
>    Casey Quibell.
>
> p.s. If there is any further information I can provide to help in
> diagnosing my issue, please ask!
>

If I were you I would not run dnsmasq on Gateway 1B at all. I would use a DHCP relay instead to forward DHCP requests from subnet B to dnsmasq running on the gateway 1A. That way there would be only one DNS server for both networks without configuration trickery necessary.




More information about the Dnsmasq-discuss mailing list