[Dnsmasq-discuss] It's possible to prevent names from DHCP being resolved whilst keeping then on the leases

Simon Kelley simon at thekelleys.org.uk
Mon Feb 24 12:15:59 UTC 2014


On 24/02/14 12:05, klondike wrote:
> El 24/02/14 12:58, Simon Kelley escribió:
>> On 23/02/14 00:35, klondike wrote:
>>> Hi guys,
>>>
>>> This is yet another dnsmasq question, involving the Gothemburg Hackerspace.
>>>
>>> After getting localised queries to work (thanks a lot for the hint) I'm
>>> trying to get networks reosanably isolated whilst still using (if
>>> possible) the same daemon.
>>>
>>> In general cross network traffic can be easily filtered using iptables
>>> rules on the router, but the problem I have is with name leakage. Using
>>> dhcp-fqdn I can prevent computers with the same name from clashing by
>>> assigning internal domains to each network, by forcing the domain-name
>>> option I managed to get the computers to query only for the public
>>> network and finally by disabling the expand-hostnames option I prevented
>>> the private domains from being disclosed whilst (thanks to the previous
>>> change) getting requests for hostnames to still work (mostly, android
>>> refuses to make them work, but other systems seem to work fine).
>>>
>>> I know I can use dhcp-ignore-names to do exactly that but then the
>>> hostname is not added to the lease file which is problematic as it is
>>> very helpful to debug network issues (and to try to contact users if
>>> they missbehave in some cases).
>>>
>>> So well, here is what I'm looking for: is there a way to keep the names
>>> of the leases but prevent the DNS server from resolving them?
>> Run two instances of dnsmasq. One to do DHCP but not DNS (--port=0) and
>> one to do DNS but not DHCP.
>>
>> I've probably missing something, but I think that would work.
> Wouldn't instead be possible to mark the ranges that shouldn't be solved
> with a parameter called "nodns" or "staticdns" or something like that?
> 
> I'm quite sure I can get some patch doing that written if you point me
> in the right direction.

It's not clear to me that it would be generally useful.

The place to start is lease_update_dns() in src/lease.c. That removes
all DHCP-derived names from the DNS by calling cache_unhash_dhcp() then
loops through all the DHCP leases, adding the relevant DNS entries for
each one.


Cheers,

Simon.

> 
> 
> 
> 
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss




More information about the Dnsmasq-discuss mailing list