[Dnsmasq-discuss] stop-dns-rebind Issue

dnsmasq at rkmorris.us dnsmasq at rkmorris.us
Wed Sep 1 01:44:02 BST 2010 


 *      1024x768 
 * 
 *    Clean          false  false  false    EN-US  X-NONE  X-NONE                              MicrosoftInternetExplorer4        
   
                                                                                                                                                                                                                                                                                                               /* Style Definitions */  table.MsoNormalTable	{mso-style-name:"Table Normal";	mso-tstyle-rowband-size:0;	mso-tstyle-colband-size:0;	mso-style-noshow:yes;	mso-style-priority:99;	mso-style-qformat:yes;	mso-style-parent:"";	mso-padding-alt:0in 5.4pt 0in 5.4pt;	mso-para-margin:0in;	mso-para-margin-bottom:.0001pt;	mso-pagination:widow-orphan;	font-size:10.0pt;	font-family:"Times New Roman","serif";}     Hi,
 
A bit more info on this – hope this helps!
 
I updated to the latest DD-WRT version, and went in and manually changeddnsmasq.conf (actually, /tmp/dnsmasq.conf) – removing the line that says stop-dns-rebind, and then restarted dnsmasq.This did fix the issue below, so this is in fact the problem. So the realquestion is – how do I put this back in place, but still allow DNS nameresolution (to local IP addresses) for my “upper” domain lanA?
 
FYI – item 4) below happens with the older version of dnsmasq as well, so this isn’t tied specifically to thisissue.
 
Thanks!
 
… Russell
 
 
 
From: dnsmasq at rkmorris.us [mailto:dnsmasq at rkmorris.us] 
Sent: Monday, August 30, 2010 10:38 AM
To: Simon Kelley
Cc: dnsmasq-discuss at lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] stop-dns-rebind Issue
 
Youbet - let me try to provide the details ... but of course yell if you stillneed more! Also, let me know what you want me to try, and I'll let you know theresults.
 
OK,first a bit of a diagram (to try to be clear with naming, even if some thingsnot are exactly right ... i.e. I call the one box the cable modem (CM) todistinguish, but it's actually a CM + router),
 
Internet  <-->   [WAN - Cable Modem (CM) - LAN]   <-- Domain =lanA -->   [WAN - Router w/dnsmasq - LAN]   <-- Domain = lanB-->   PC
 
Hopefullythis diagram make sense! BTW, the subnets are lanA = 192.168.1.1/24, and lanB =192.168.2.1/24
 
Withthe "older" version of dnsmasq (i.e. before stop-dns-rebind) here iswhat happens,
1)nslookup localmachine -> dnsmasq appends .lanB, and returns the IP addresscorrectly (for an item on the lanB subnet)
2)nslookup machine.lanA -> dnsmasq does the lookup from 192.168.1.1 (first DNSserver entry, as I have strict-order turned on). The answer is correct.
3)nslookup internet address -> dnsmasq returns the correct answer
 
Now,with the newer version of dnsmasq (with stop-dns-rebind on), here is theresult,
1)nslookup localmachine -> dnsmasq appends .lanB, and returns the IP addresscorrectly (for an item on the lanB subnet)
2)nslookup machine.lanA -> dnsmasq complains about no records (rebind isblocked, as expected). Sorry, I don't have the exact response, as I'm not at PCright now ... :-)..
3)nslookup internet address -> dnsmasq fails, does not reply with an IPaddress
4)nslookup machine.lanA 192.168.1.1 -> dnsmasq responds with the right address(as it gets it from 192.168.1.1, forced by me), but says the name ismachine.lanA.lanB (i.e. it seems to append a lanB on).
 
 
Tobe honest, all I am after is for dnsmasq to query 192.168.1.1 (the first DNSserver in the list) for requests for the domain lanA (and only this domain),and in this case allow private IP address responses. Make sense?
 
BTW,above when I say that "dnsmasq responds" I really mean what I get onthe command prompt from Windows. Just to avoid any extra confusion ... :-).
 
Hereare a couple things I have tried also, but they didn't seem to work either(though it could have been me messing this up, so don't take this as forsure!),
-server=/lanA/192.168.1.1
-rebind-domain-ok=lanA
 
Thanksin advance for your help!
 
...Russell
 
 


On Mon, Aug 30, 2010 04:43  AM,Simon Kelley <simon at thekelleys.org.uk> wrote:
dnsmasq at rkmorris.uswrote:
> 
> Hi,
> 
> 
> 
> I recently tried updating my DD-WRT based router (which uses
> dnsmasq), and unfortunately I ran into quite a few problems. It
> seems to be related to a recent change that forces stop-dns-rebind.
> This is a good idea, but I need a workaround for my local machines … J.
> 
> 
> 
> I have a bit of a strange setup – it’s a long story, but suffice to
> say that this is how I need things configured. I have a cable
> modem/router, with a domain inside that (call it lanA). Then I have
> another router (with its WAN port connected to the cable
> modem/router, so WAN domain is lanA), which has client machines
> hanging off it (call this domain lanB).
> 
> 
> 
> My issue is that I cannot get names to resolve for lanA when I am in
> lanB, due to stop-dns-rebind (i.e. it used to work just fine). I’m
> trying to figure out how to get this to work, but haven’t had any
> luck. I have tried using the server=/lanA/192.168.1.1 and also
> rebind-domain-ok=/lanA/, but neither seem to work (and they actually
> break my internet DNS from lanB als
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20100831/4d725486/attachment-0001.htm

More information about the Dnsmasq-discuss mailing list