[Dnsmasq-discuss] Multiple DNS Masqs used without upstream access
Simon Kelley
simon at thekelleys.org.uk
Mon Jun 20 22:26:57 BST 2011
On 20/06/11 22:05, Joshua Lamorie wrote:
> Gidday there,
>
> Is it possible to tell dnsmasq to drop every request (or reply NXDOMAIN
> or SERVFAIL or whatever) except for the requests it knows about plus the
> requests it knows that a 'peer' dnsmasq knows about?
>
> I have a couple of test networks (A.foo.com and B.foo.com) that are
> isolated from the rest of the interweb. They are also separated from
> each other by a link emulator that provides variable levels of
> connectivity.
>
> Each LAN has a single dnsmasq instance and so far is quite capable to
> perform DHCP tasks for the LAN and provide name resolution to the local
> LAN as well as forwarding (and receiving) requests to the other LAN.
> For example, client.A.foo.com requests www.B.foo.com from dns.A.foo.com
> and successfully receives the address.
>
> However, these LANs have some stock ubuntu and fedora boxen that are
> constantly trying to find various things such as pool.ntp.org,
> fedora.org, evil-lair.shuttleworth.canonical.com, etc.
>
> When my dnsmasq servers receive these requests they seem to bounce back
> and forth and cause a lot of traffic and funny delays. I've looked
> around the mailing list, FAQ and manual and I can't find any explicit
> switch similar to
>
> --drop-every-request-I-dont-know-about-and-dont-forward-it-neither
>
> Thanks in advance
>
> Joshua
>
>
--no-resolv
--server/A.foo.com/<ip of A.foo.com>
should do it. (and the mirror image for B, of course) The trick is to
stop dnsmasq from finding upstream servers in /etc/resolv.conf.
HTH
Simon.
More information about the Dnsmasq-discuss
mailing list