[Dnsmasq-discuss] Setting the "domain" value depending on the subnet?
Jamie Begin
jjbegin at rightbrainnetworks.com
Wed Jun 22 16:47:25 BST 2011
Ahh... Ok. I was running dnsmasq v2.45 from the CentOS yum repositories and
this config bombed out. I replaced it with the latest version that I
compiled from source (v2.57) and this option is working now. Thanks!
On Tue, Jun 21, 2011 at 11:03 PM, richardvoigt at gmail.com <
richardvoigt at gmail.com> wrote:
> The man page says you can configure a domain suffix for each range:
>
> -s, --domain=<domain>[,<address range>[,local]]
> Specifies DNS domains for the DHCP server. Domains may be be given
> unconditionally (without the IP range) or for limited IP ranges. This
> has two effects; firstly it causes the DHCP server to return the
> domain to any hosts which request it, and secondly it sets the domain
> which it is legal for DHCP-configured hosts to claim. The intention is
> to constrain hostnames so that an untrusted host on the LAN cannot
> advertise its name via dhcp as e.g. "microsoft.com" and capture
> traffic not meant for it. If no domain suffix is specified, then any
> DHCP hostname with a domain part (ie with a period) will be disallowed
> and logged. If suffix is specified, then hostnames with a domain part
> are allowed, provided the domain part matches the suffix. In addition,
> when a suffix is set then hostnames without a domain part have the
> suffix added as an optional domain part. Eg on my network I can set
> --domain=thekelleys.org.uk and have a machine whose DHCP hostname is
> "laptop". The IP address for that machine is available from dnsmasq
> both as "laptop" and "laptop.thekelleys.org.uk". If the domain is
> given as "#" then the domain is read from the first "search" directive
> in /etc/resolv.conf (or equivalent).
> The address range can be of the form <ip address>,<ip address> or <ip
> address>/<netmask> or just a single <ip address>. See --dhcp-fqdn
> which can change the behaviour of dnsmasq with domains.
>
> If the address range is given as ip-address/network-size, then a
> additional flag "local" may be supplied which has the effect of adding
> --local declarations for forward and reverse DNS queries. Eg.
> --domain=thekelleys.org.uk,192.168.0.0/24,local is identical to
> --domain=thekelleys.org.uk,192.168.0.0/24 --local=/thekelleys.org.uk/
> --local=/0.168.192.in-addr.arpa/<http://thekelleys.org.uk/%0A--local=/0.168.192.in-addr.arpa/>The network size must be 8, 16 or 24
> for this to be legal.
>
> On Tue, Jun 21, 2011 at 7:36 PM, Jamie Begin
> <jjbegin at rightbrainnetworks.com> wrote:
> > I apologize if this is a frequent question, but I couldn't find any
> decent
> > keywords to search with ("domain" is too broad).
> >
> > I have something similar to this in my config:
> > interface=vlan191,lan
> > interface=vlan192,wifi
> > dhcp-range=lan,192.168.1.200,192.168.1.250,12h
> > dhcp-range=wifi,192.168.2.200,192.168.2.220,12h
> >
> > I'd like to be able to set something like this:
> > domain=lan,lan.mycompany.com
> > domain=wifi,wifi.mycompany.com
> >
> > However, it doesn't appear that I can have more than one "domain"
> directive
> > in the config, since I get the following error: "dnsmasq: illegal
> repeated
> > keyword at line 128 of /etc/dnsmasq.conf" Is there a workaround?
> >
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20110622/c115fa3c/attachment.htm
More information about the Dnsmasq-discuss
mailing list