[Dnsmasq-discuss] Subnet specifications for authoritative dns

Simon Kelley simon at thekelleys.org.uk
Wed May 29 15:01:10 BST 2013

On 29/05/13 10:13, Toke Høiland-Jørgensen wrote:
> Simon Kelley<simon at thekelleys.org.uk>
> writes:
>> In your case, to delegate or isn't
>> possible using this scheme. There is a workaround involving CNAMES,
>> but it's complicated for a simple-to-setup scheme, which is what
>> dnsmasq is trying to provide.
> Right, well basically what I'm trying to achieve is for dnsmasq to still
> provide the (reverse) DNS service for the whole /24 subnet internally,
> but to filter out the addresses in the upper /25 and not answer those in
> queries on the authoritative interface (and exclude them from zone
> transfer also). It's not critically important, it just irks me to
> provide random people on the guest network with global DNS entries in my
> namespace, even if it's only for RFC1918 addresses... :)
> -Toke

It may be possible to be a bit more subtle about this:

Forward queries are not a problem.

For reverse queries, it would be necessary to be authoritative for  the 
whole of (eg) 1.168.192.in-addr.arpa, but we could easily return 
NXDOMAIN for addresses not in a (smaller) subnet.

That would solve the problem, I think.



More information about the Dnsmasq-discuss mailing list