[Dnsmasq-discuss] problem with dnsmasq to use only dns proxy server

Mathias Kresin openwrt at kresin.me
Thu Oct 23 11:01:48 BST 2014


Hi Junyoung,

Am 21.10.2014 um 03:15 schrieb Junyoung Park <killers2989 at gmail.com>:

> Hi.
>
> I want to use dnsmasq only dns proxy server.
Even after reading your mail over and over again, I'm sure your mail
doesn't contain any information about what you are trying to achieve.

I can only guess that you are trying to redirect all dns traffic to a
local dnsmasq instance.

Why don't you set your local dnsmasq as the default nameserver on your clients?

>
> See below my configuration and iptables redirect rule.
> -----------------------------------------------------------------------------------------------
> resolv-file=/etc/resolv.conf.old (empty)
Why don't you use dnsmasq on the server that runs dnsmasq? I would
suspect at least a line "nameserver 127.0.0.1" in your resolv.conf.

> bogus-priv
> domain-needed
> user=root
> group=root
dnsmasq runs great as unprivileged user. Why do you need to run dnsmasq as root?

> no-hosts
> keep-in-foreground
> localise-queries
> bind-interfaces
> log-facility=/var/log/dnsmasq.log
> log-queries
> address=/ftp.test.zone/124.124.124.2
> address=/www.example.com/124.124.124.1
> address=/www.test.zone/124.124.124.3
> server=127.0.0.1
This one looks fishy to me.

According to the dnsmasq man page, the server option specifies the IP
address of upstream dns servers. Which means in your case, that all
queries that couldn't be resolved by dnsmasq gets forwarded to the
same dnsmasq. Sounds like a loop.

> interface=eth1
> port=53
> -----------------------------------------------------------------------------------------------
> iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 53
Before you start to redirect any dns traffic, make sure that dnsmasq
can resolve external domains!

>
> if my server known addresses, it can responses to clients.
>
> but, to about unknown addressess... server can't forwarded original
> clients destination nameserver.
>
> how can i configure it? have any options? or my configuration is missed?

2014-10-21 3:15 GMT+02:00 Junyoung Park <killers2989 at gmail.com>:
> Hi.
>
> I want to use dnsmasq only dns proxy server.
>
> See below my configuration and iptables redirect rule.
> -----------------------------------------------------------------------------------------------
> resolv-file=/etc/resolv.conf.old (empty)
> bogus-priv
> domain-needed
> user=root
> group=root
> no-hosts
> keep-in-foreground
> localise-queries
> bind-interfaces
> log-facility=/var/log/dnsmasq.log
> log-queries
> address=/ftp.test.zone/124.124.124.2
> address=/www.example.com/124.124.124.1
> address=/www.test.zone/124.124.124.3
> server=127.0.0.1
> interface=eth1
> port=53
> -----------------------------------------------------------------------------------------------
> iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 53
>
> if my server known addresses, it can responses to clients.
>
> but, to about unknown addressess... server can't forwarded original
> clients destination nameserver.
>
> how can i configure it? have any options? or my configuration is missed?
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



More information about the Dnsmasq-discuss mailing list