[Dnsmasq-discuss] expand-hosts
Jean-Pierre van Melis
fraterdnsmasq at hetemail.com
Wed Dec 29 18:44:13 GMT 2010
> It isn't dnsmasq performing the second query, it's your OS resolver
service. Check your /etc/resolv.conf configuration, remove any
"search-suffix" or similar directive that might be in there. Also note
that this is a per-client setting, it can't be centrally controlled with
dnsmasq.
I checked /etc/resolv.conf on the router that's also running dnsmasq.
It had 2 entries of "search mirmana.com".
I deleted them both. Now it resolved it fine, giving an NXDOMAIN as an
answer.
My linux clients didn't have that entry, but after deleting 'domain
mirmana.com' it stopped adding the domain to the query. I now need to find
out how that entry got in there (the linux client I mean).
I'm afraid it was through DHCP.
-----Original Message-----
From: "richardvoigt at gmail.com" <richardvoigt at gmail.com>
To: Jean-Pierre van Melis <fraterdnsmasq at hetemail.com>
Cc: "dnsmasq-discuss at lists.thekelleys.org.uk"
<dnsmasq-discuss at lists.thekelleys.org.uk>
Date: Wed, 29 Dec 2010 08:27:00 -0600
Subject: Re: [Dnsmasq-discuss] expand-hosts
On Tue, Dec 28, 2010 at 5:18 PM, Jean-Pierre van Melis
<fraterdnsmasq at hetemail.com [mailto:fraterdnsmasq at hetemail.com]> wrote:
Hi Richard,
I own the the domain mirmana.com [http://mirmana.com/] which
points with most of its records including a wildcard to my private
DSL-connection on which I have a DD-WRT router.
DD-WRT is running DNSMasq for its DHCP
& DNS.
I have set my local domain also to
mirmana.com [http://mirmana.com/].
I know this should really be
mirmana.local, but I'm doing this so my portable devices will access the
LAN-side of the services when they are used local and will get forwarded by
the router when they access these same services from WAN.
This is the config generated by DD-WRT
according to its webif:
:~# cat /tmp/dnsmasq.conf
interface=br0
resolv-file=/tmp/resolv.dnsmasq
all-servers
domain=mirmana.com [http://mirmana.com/]
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=21
dhcp-option=lan,3,192.168.10.1
dhcp-option=44,192.168.10.120
dhcp-authoritative
dhcp-range=lan,192.168.10.248,192.168.10.254,255.255.255.0,1440m
dhcp-host=00:13:D3:08:CC:81,win32,192.168.10.120,144m
.
.
ptr-record=254.0.191.85.in-addr.arpa,cj1616-gateway.mirmana.com
[http://cj1616-gateway.mirmana.com/]
addn-hosts=/opt/etc/pixelserv/blacks
dhcp-option=option:ntp-server,194.171.167.130,81.171.44.131,87.251.35.240,213.239.154.12,131.211.84.189
This is what happens when I resolve
www.google.com [http://www.google.com/] and when I resolve the non-existing
wwww-google.com [http://wwww-google.com/]
# host www.google.com [http://www.google.com/]
www.google.com [http://www.google.com/] is an alias for www.l.google.com
[http://www.l.google.com/].
www.l.google.com [http://www.l.google.com/] has address 74.125.77.104
www.l.google.com [http://www.l.google.com/] has address 74.125.77.99
www.l.google.com [http://www.l.google.com/] has address 74.125.77.147
root at WAN:~# host wwww.google.com [http://wwww.google.com/]
wwww.google.com.mirmana.com [http://wwww.google.com.mirmana.com/] is an
alias for jpmarion.dyndns.org [http://jpmarion.dyndns.org/].
jpmarion.dyndns.org [http://jpmarion.dyndns.org/] has address 85.191.0.241
I'm afraid I will now get a lecture
about wildcards I should not be using or WAN-domains that are used on a LAN,
but the point is really that I never asked for a 2nd query. There's even an
option called 'expand-hosts', but I that's not turned on.
If a foreign DNS-server is a bit slow,
my DNSMasq suddenly decides to return my WAN-IP.
I don't want this!
I want it to just query the record I
asked it to and just give NXDOMAIN if it can't deliver.
It isn't dnsmasq performing the second query, it's your OS resolver service.
Check your /etc/resolv.conf configuration, remove any "search-suffix" or
similar directive that might be in there. Also note that this is a
per-client setting, it can't be centrally controlled with dnsmasq.
I understand the default behaviour can't
suddenly be changed, so an optional variable called 'expand-never' could be
given to achieve this.
Cheers all
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20101229/30d11b82/attachment.htm
More information about the Dnsmasq-discuss
mailing list