[Dnsmasq-discuss] can an authoritative dnsmasq forward queries as well?
Harald Dunkel
harald.dunkel at aixigo.de
Sat Mar 21 07:59:54 GMT 2015
Hi Simon,
On 03/20/15 21:38, Simon Kelley wrote:
> The trick here it to understand that dnsmasq works in two different
> modes, depending on where queries come from (or actually where they're
> sent to).
>
> auth-server=hosting.example.com,10.10.111.11
>
> means that queries sent to 10.10.111.11 will be regarded as
> authoritative queries, and only answers for *.example.com will be
> answered, and not recursive queries. (hence the warning you see.)
>
Ah, it depends upon the destination address. Probably I missed
this detail in the man page. That was very helpful hint.
Question:
Wouldn't it be more secure (and intuitive) to look at the source
address to distinguish between "good" and "bad" queries to allow
or deny recursive access? You don't let strangers into your house,
regardless whether they knock on the front or garden door.
Just a suggestion, of course.
Thanx very much
Harri
More information about the Dnsmasq-discuss
mailing list