[Dnsmasq-discuss] stop-dns-rebind Issue
dnsmasq at rkmorris.us
dnsmasq at rkmorris.us
Mon Aug 30 16:38:29 BST 2010
You bet - let me try to provide the details ... but of course yell if you still need more! Also, let me know what you want me to try, and I'll let you know the results.
OK, first a bit of a diagram (to try to be clear with naming, even if some things not are exactly right ... i.e. I call the one box the cable modem (CM) to distinguish, but it's actually a CM + router),
Internet <--> [WAN - Cable Modem (CM) - LAN] <-- Domain = lanA --> [WAN - Router w/dnsmasq - LAN] <-- Domain = lanB --> PC
Hopefully this diagram make sense! BTW, the subnets are lanA = 192.168.1.1/24, and lanB = 192.168.2.1/24
With the "older" version of dnsmasq (i.e. before stop-dns-rebind) here is what happens,1) nslookup localmachine -> dnsmasq appends .lanB, and returns the IP address correctly (for an item on the lanB subnet)2) nslookup machine.lanA -> dnsmasq does the lookup from 192.168.1.1 (first DNS server entry, as I have strict-order turned on). The answer is correct.3) nslookup internet address -> dnsmasq returns the correct answer
Now, with the newer version of dnsmasq (with stop-dns-rebind on), here is the result,1) nslookup localmachine -> dnsmasq appends .lanB, and returns the IP address correctly (for an item on the lanB subnet)2) nslookup machine.lanA -> dnsmasq complains about no records (rebind is blocked, as expected). Sorry, I don't have the exact response, as I'm not at PC right now ... :-)..3) nslookup internet address -> dnsmasq fails, does not reply with an IP address4) nslookup machine.lanA 192.168.1.1 -> dnsmasq responds with the right address (as it gets it from 192.168.1.1, forced by me), but says the name is machine.lanA.lanB (i.e. it seems to append a lanB on).
To be honest, all I am after is for dnsmasq to query 192.168.1.1 (the first DNS server in the list) for requests for the domain lanA (and only this domain), and in this case allow private IP address responses. Make sense?
BTW, above when I say that "dnsmasq responds" I really mean what I get on the command prompt from Windows. Just to avoid any extra confusion ... :-).
Here are a couple things I have tried also, but they didn't seem to work either (though it could have been me messing this up, so don't take this as for sure!),- server=/lanA/192.168.1.1- rebind-domain-ok=lanA
Thanks in advance for your help!
On Mon, Aug 30, 2010 04:43 AM, Simon Kelley <simon at thekelleys.org.uk> wrote:
> dnsmasq at rkmorris.us wrote:
> > Hi,
> > I recently tried updating my DD-WRT based router (which uses
> > dnsmasq), and unfortunately I ran into quite a few problems. It
> > seems to be related to a recent change that forces stop-dns-rebind.
> > This is a good idea, but I need a workaround for my local machines … J.
> > I have a bit of a strange setup – it’s a long story, but suffice to
> > say that this is how I need things configured. I have a cable
> > modem/router, with a domain inside that (call it lanA). Then I have
> > another router (with its WAN port connected to the cable
> > modem/router, so WAN domain is lanA), which has client machines
> > hanging off it (call this domain lanB).
> > My issue is that I cannot get names to resolve for lanA when I am in
> > lanB, due to stop-dns-rebind (i.e. it used to work just fine). I’m
> > trying to figure out how to get this to work, but haven’t had any
> > luck. I have tried using the server=/lanA/192.168.1.1 and also
> > rebind-domain-ok=/lanA/, but neither seem to work (and they actually
> > break my internet DNS from lanB also … L). I also find that .lanB is
> > getting added to nslookup requests in lanA (i.e. xxxx.lanA.lanB),
> > but this could be due to also having expand-hosts included?
> This smells like exactly the sort of problem that should be solved by
> -rebind-domain-ok, but your description of the current situation isn't
> too clear. Could you give us some more details, eg. does dnsmasq run on
> one or both of the routers, what are the IP address ranges, what queries
> fail and in what way.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dnsmasq-discuss