[Dnsmasq-discuss] Unable to connect by hostname for local machines

/dev/rob0 rob0 at gmx.co.uk
Tue Oct 23 16:04:13 BST 2012


On Tue, Oct 23, 2012 at 06:49:19AM -0600, dnsmasq at ailsby.net wrote:
> On 12-10-22 10:32 PM, /dev/rob0 wrote:
> >On Mon, Oct 22, 2012 at 09:24:34PM -0600, dnsmasq at ailsby.net wrote:
> >>I am trying to setup dnsmasq so that I can use the OpenDNS 
> >>servers for my younger children, and then have all other devices 
> >>use a different dns server (Google's).
> >>
snip
> >>Any ideas on what I need to do so that the devices in the ip 
> >>range 192.168.1.10 to 192.168.1.99 can use hostnames to connect 
> >>to each other?  Is there any other information that is needed to 
> >>understand this issue?
> >Probably what you want to do is to use a different upstream server 
> >for the big people and little people machines. And I know of no 
> >trivial way to do that in a single instance of dnsmasq. It might 
> >require two instances (one of them being DNS-only.) And I'm not 
> >sure that would be easy, either.
> >
> >This could be done with BIND named using views (and there too,
> >you would benefit from the above CIDR suggestion.) But then you 
> >wouldn't have the ease of setup of dynamic DNS that dnsmasq 
> >offers.
> Thanks for the clear response.  I will have to see if there is
> some other way to get to my desired end point.

Hmmm. Maybe.

What about dnsmasq on port 1035 instead of 53? This gives the best of 
both worlds, mostly. What you lose is the ability to easily override 
any given name in the global DNS by putting it in your hosts(5) file. 
But you do have dnsmasq as DHCP server and as authoritative NS for 
your internal hostnames, plus having your DHCP dynamic pool hosts 
using OpenDNS. (There's no benefit in using Google forwarders over 
recursion, so the example below uses a hints zone in the default 
view.)

This is untested and made with minimal reference to the BIND 9 ARM 
and the dnsmasq(8) manual, so caveat emptor, and comments, additions 
and corrections are appreciated.


named.conf(5):

acl "dhcp" { 192.168.1.128/26; }; # .128-.191
# not really using these but define them anyway
acl "statics" { 192.168.1.64/27; }; # .64-.95
acl "lan" { 192.168.1.0/24; }; # .0-.255

# options section omitted; mostly defaults will do, but you will
# typically want to set a path which is used for any "file"
# arguments without absolute paths, such as a zone file or hints
# file. Remember if you want to serve any zones, even "localhost",
# to declare that zone in both views.

# matches DHCP clients
view "dhcp" {
    match-clients { dhcp; };
    zone "ailsby.lan" IN {
        type forward;
	# for named running on the router
        forwarders { 127.0.0.1 port 1035 };
	# for named running on an internal host
        #forwarders { 192.168.1.1 port 1035 };
    };
    zone "." IN {
        type forward;
        forwarders { open.dns.hosts.here; };
    };
};

# matches anything else
view "default" {
    match-clients { any; };
    zone "ailsby.lan" IN {
        type forward;
	# for named running on the router
        forwarders { 127.0.0.1 port 1035 };
	# for named running on an internal host
        #forwarders { 192.168.1.1 port 1035 };
    };
    zone "." IN {
        type hint;
        file "/path/to/root.hints";
    };
};

dnsmasq config includes your static hosts and:

port 1035
no-resolv # we should never be asked names we don't know
domain=ailsby.lan
dhcp-range=192.168.1.128,192.168.1.191
# use this if named is running on the router
dhcp-option=option:dns-server,0.0.0.0
# use this if named is running on an internal server
#dhcp-option=option:dns-server,192.168.1.65


This is actually the opposite of my own home config, where named 
listens on 1035 and dnsmasq on 53, but I don't need multiple views.

Simon, I know you want to keep dnsmasq simple, but have you 
considered implementing views? Probably not feasible, I guess. 
Aforementioned DNS overrides, which are so easy in dnsmasq, would 
require a zone with two declarations in the above scheme. (That zone 
could be the same as "ailsby.lan", forwarding to dnsmasq, but it 
quickly gets difficult to manage in any case.)
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:



More information about the Dnsmasq-discuss mailing list