[Dnsmasq-discuss] Using resolv.conf search vs. dnsmasq --server

Paul Smith psmith at gnu.org
Sun Dec 26 20:31:46 GMT 2010


Hi all.  Recently I've been banging my head against issues surrounding
resolv.conf management when connecting to two (or more) VPNs with
private DNS servers.  What a nightmare!!  I'm thinking about some kind
of solution/proposal but in the meantime I have a question.

One way to go about this is to combine all the various contents of the
private resolv.conf files into one and add in all the different search
domains and nameservers.  For example, if I have a standard nameserver
of 1.1.1.1 with domain localnet, and one VPN with nameserver 2.2.2.2 and
domain vpn2.com and another VPN with nameserver 3.3.3.3 and domain
vpn3.com, then you'd get a resolv.conf file like:

	search vpn3.com vpn2.com localnet
	nameserver 1.1.1.1
	nameserver 2.2.2.2
	nameserver 3.3.3.3

Of course the order depends on which interface came up first.  However,
when I do this sometimes I can't resolve hosts in the latter VPNs (but
sometimes it works).  Is it because some DNS servers are returning some
kind of authoritative "no" and dnsmasq is quitting?  I'm not intimately
familiar with all the details of DNS.  If I configured this via dnsmasq
(so the above would be dnsmasq's resolv-file and /etc/resolv.conf used
nameserver 127.0.0.1) and added the "--all-servers" flag, would it work
better?

My other option would be to add just the searchpaths to resolv.conf and
use dnsmasq as a proxy DNS server, with --server options (or config
file), so that resolv.conf contained:

	search vpn3.com vpn2.com localnet
	nameserver 127.0.0.1

and the dnsmasq config said:

	server=/vpn2.com/2.2.2.2
	server=/vpn3.com/3.3.3.3
	resolv-file=/var/run/dnsmasq/resolv.conf

and /var/run/dnsmasq/resolv.conf would contain:

	nameserver 1.1.1.1

to catch all the default resolutions.

I can see why this works well for FQDNs since it can match and go
directly to the correct nameserver.  But it even works better for
unqualified hostnames: can you explain dnsmasq's behavior here?  Given
the above setup, how does dnsmasq go about trying to resolve a hostname
"foobar"?

-- 
-------------------------------------------------------------------------------
 Paul D. Smith <psmith at gnu.org>          Find some GNU make tips at:
 http://www.gnu.org                      http://make.mad-scientist.net
 "Please remain calm...I may be mad, but I am a professional." --Mad Scientist




More information about the Dnsmasq-discuss mailing list