[Dnsmasq-discuss] Subnet specifications for authoritative dns
simon at thekelleys.org.uk
Wed May 29 15:01:10 BST 2013
On 29/05/13 10:13, Toke Høiland-Jørgensen wrote:
> Simon Kelley<simon at thekelleys.org.uk>
>> In your case, to delegate 192.168.1.0-127 or 192.168.1.128-255 isn't
>> possible using this scheme. There is a workaround involving CNAMES,
>> but it's complicated for a simple-to-setup scheme, which is what
>> dnsmasq is trying to provide.
> Right, well basically what I'm trying to achieve is for dnsmasq to still
> provide the (reverse) DNS service for the whole /24 subnet internally,
> but to filter out the addresses in the upper /25 and not answer those in
> queries on the authoritative interface (and exclude them from zone
> transfer also). It's not critically important, it just irks me to
> provide random people on the guest network with global DNS entries in my
> namespace, even if it's only for RFC1918 addresses... :)
It may be possible to be a bit more subtle about this:
Forward queries are not a problem.
For reverse queries, it would be necessary to be authoritative for the
whole of (eg) 1.168.192.in-addr.arpa, but we could easily return
NXDOMAIN for addresses not in a (smaller) subnet.
That would solve the problem, I think.
More information about the Dnsmasq-discuss