[Dnsmasq-discuss] DNS - preventing escalation to external

Tue Dec 4 21:44:51 GMT 2012

I run a domain, which I'll call Z.com.  There are two offices (atl.Z.com, tam.Z.com).  There is also a www.Z.com<http://www.Z.com> hosted outside these networks, and the Hosting Provider provides an alias to that, known simply as "Z.com."  All pretty simple.

Since each office is independent, I have kept a simple DNSMASQ configuration, which you can see below.  (There were attempts to set up atl.Z.com and tam.Z.com in each office's DNSMASQ configuration, but these were met with difficulties now forgotten.  I think the difficulty was an issue with web server not coming up.  If it's important to resolution, I will pursue again and report the issues, but let's get to the heart of the topic.)

Everything works OK until an incorrect hostname (or the name of a host that happens to be down) is referenced in either office.  For example, if I type "ssh myhostess" and there is no "myhostess" on the current network, then the name is magically resolved to the www.Z.com<http://www.Z.com> address, and I get the password prompt from there.  Not what I'd want; I'd prefer the lookup to fail - which would then fail the ssh command - but I don't see a way to make that happen.

Is there something I can do in this configuration to cause, for example, lists.thekelleys.org.uk to be resolved externally, but to keep the Z.com stuff between the walls?  And would this in fact be squared away by pursuing the atl.Z.com (etc.) concept?  (I fear that would not resolve this.)  I could remove the alias to simply Z.com, and that might do it, but I'd prefer not to do that, and anyway I'm not sure why it would fix this.

I have the following DNS configuration in each office.  The dhcp-boot is not used at present, so may not be quite up to snuff.

domain-needed

bogus-priv

expand-hosts

domain=Z.com

dhcp-range=192.168.158.10,192.168.158.109,7d

dhcp-host=88:87:17:12:69:4d,canon-8120

dhcp-host=00:23:8b:8a:ad:70,aspire

dhcp-host=00:26:F2:DB:95:0C,stora-0

dhcp-host=C0:3F:0E:BC:43:B9,stora-2

dhcp-host=e0:91:f5:7c:7c:56,stora-3

dhcp-option=option:router,192.168.158.1

dhcp-boot=pxelinux.0

dhcp-boot=aspire-lucid/pxelinux.0

dhcp-match=set:gpxe,175 # gPXE sends a 175 option.

enable-tftp

tftp-root=/home/tftpd

<BR>_____________________________________________________________
<FONT size=2><BR>
DTCC DISCLAIMER: This email and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you have received this email
in error, please notify us immediately and delete the email and any
attachments from your system. The recipient should check this email
and any attachments for the presence of viruses.  The company
accepts no liability for any damage caused by any virus transmitted
by this email.</FONT>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20121204/f65efa3e/attachment.html>