[Dnsmasq-discuss] server-side dynamic resolving
John Hallam
dns at j.hallam.dk
Mon Aug 13 18:10:58 BST 2012
On Mon, Aug 13, 2012 at 05:17:49PM +0200, Chris Wilson wrote:
> Running a real DNS server and dnsmasq on the same host might be
> tricky. You might need to add an IP alias on the server and bind
> bind to that alias, and dnsmasq's DNS server to the main IP address.
I routinely run 2-3 DNS servers (tinydns) and 2 caches (dnscache and
dnsmasq) on my main server machines*, without problems. The trick is
to set up a space of addresses on the lo interface that the different
servers can use.
For example, allocate 127.0.53.1 .. 127.0.53.n to any authoritative
DNS servers you need to run; 127.0.53.254 for dnscache and
127.0.53.253 for dnsmasq DNS service, and all works as you'd hope,
assuming that you point the caches at the correct servers.
(Note: this only works for traffic internal to the box. If you
need external traffic too, then at least some of these addresses must
be "real" in the sense of not-loopback -- because the kernel silently
discards addresses outside 127.0.0.0/8 on the lo interface and such
addresses are not routable and not NAT-able either.)
Cheers,
John
* If you are wondering, why two caches, the reason is that dnsmasq
allows me to redirect troublemaker domains to the black hole easily,
while dnscache is a somewhat-paranoid full recursive caching
resolver. (The dnsmasq has to forward queries to the dnscache; the
reverse doesn't work straightforwardly.)
More information about the Dnsmasq-discuss
mailing list