[Dnsmasq-discuss] expand-hosts
Jean-Pierre van Melis
fraterdnsmasq at hetemail.com
Tue Dec 28 23:18:40 GMT 2010
Hi Richard,
I own the the domain mirmana.com which
points with most of its records including a wildcard to my private
DSL-connection on which I have a DD-WRT router.
DD-WRT is running DNSMasq for its DHCP
& DNS.
I have set my local domain also to
mirmana.com.
I know this should really be
mirmana.local, but I'm doing this so my portable devices will access the
LAN-side of the services when they are used local and will get forwarded by
the router when they access these same services from WAN.
This is the config generated by DD-WRT
according to its webif:
:~# cat /tmp/dnsmasq.conf
interface=br0
resolv-file=/tmp/resolv.dnsmasq
all-servers
domain=mirmana.com
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=21
dhcp-option=lan,3,192.168.10.1
dhcp-option=44,192.168.10.120
dhcp-authoritative
dhcp-range=lan,192.168.10.248,192.168.10.254,255.255.255.0,1440m
dhcp-host=00:13:D3:08:CC:81,win32,192.168.10.120,144m
.
.
ptr-record=254.0.191.85.in-addr.arpa,cj1616-gateway.mirmana.com
addn-hosts=/opt/etc/pixelserv/blacks
dhcp-option=option:ntp-server,194.171.167.130,81.171.44.131,87.251.35.240,213.239.154.12,131.211.84.189
This is what happens when I resolve
www.google.com and when I resolve the non-existing wwww-google.com
# host www.google.com
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 74.125.77.104
www.l.google.com has address 74.125.77.99
www.l.google.com has address 74.125.77.147
root at WAN:~# host wwww.google.com
wwww.google.com.mirmana.com is an alias for jpmarion.dyndns.org.
jpmarion.dyndns.org has address 85.191.0.241
I'm afraid I will now get a lecture
about wildcards I should not be using or WAN-domains that are used on a LAN,
but the point is really that I never asked for a 2nd query. There's even an
option called 'expand-hosts', but I that's not turned on.
If a foreign DNS-server is a bit slow,
my DNSMasq suddenly decides to return my WAN-IP.
I don't want this!
I want it to just query the record I
asked it to and just give NXDOMAIN if it can't deliver.
I understand the default behaviour can't
suddenly be changed, so an optional variable called 'expand-never' could be
given to achieve this.
Cheers all
-----Original
Message-----
From: "richardvoigt at gmail.com" <richardvoigt at gmail.com>
To: Jean-Pierre van Melis <fraterdnsmasq at hetemail.com>
Cc: dnsmasq-discuss at lists.thekelleys.org.uk
Date: Tue, 28 Dec 2010 13:34:15 -0600
Subject: Re: [Dnsmasq-discuss] expand-hosts
Maybe Simon can figure out what you're saying, but I can't. If you
included some specific examples it would make your situation much easier to
understand.
e.g. (and if your situation doesn't substantially match this made-up
example, go and re-read the description of the expand-hosts option)
<<<Begin made-up example>>>
/etc/hosts has an entry for the unqualified name xyzzy:
aaa.bbb.ccc.71 xyzzy
/etc/resolv.conf points to localhost first, then my ISP
server 127.0.0.1
server aaa.bbb.ccc.ddd
nslookup xyzzy works:
> nslookup xyzzy
Authoritative response from 127.0.0.1 [http://127.0.0.1/]:
aaa.bbb.ccc.71 (A record)
nslookup xyzzy.domain.com [http://xyzzy.domain.com/] also
succeeds, but I think it shouldn't with expand-hosts turned off:
> nslookup xyzzy.domain.com [http://xyzzy.domain.com/]
Authoritative response from 127.0.0.1 [http://127.0.0.1/]: aaa.bbb.ccc.71 (A
record)
I want this to return NXDOMAIN instead. How can I configure
dnsmasq to do that?
<<<End made-up example>>>
On Tue, Dec 28, 2010 at 12:34 AM, Jean-Pierre van
Melis <fraterdnsmasq at hetemail.com [mailto:fraterdnsmasq at hetemail.com]>
wrote:
I am having trouble with the feature expand-hosts.
The dnsmasq running on my router has no 'expand-hosts' in its
dnsmasq.conf and it still expands hosts for domains that are unable to
resolve.
It is especially troublesome in my setup as I also have wildcard set on
my <domain> so these requests will be redirected to my WAN IP
address.
On my router I have a pound reverse proxy running which then gets
traffic which it shouldn't receive.
Why is dnsmasq expanding the host?
It seems it does it always when I set <domain=domain.com
[http://domain.com/]>. Is this true?
If so, why is there a separate setting for expand-hosts?
I understand the need for such a feature, but I don't understand why it
also expands on hosts that don't contain a dot.
Is it possible to have a switch so I can better control its
behavior?
Cheers all...
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
[mailto:Dnsmasq-discuss at lists.thekelleys.org.uk]
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20101229/55a22edd/attachment-0001.htm
More information about the Dnsmasq-discuss
mailing list