[Dnsmasq-discuss] stop hostnames from "leaking" between ip ranges

Christoffer Gurell christoffer.gurell at gmail.com
Mon Aug 10 13:11:49 BST 2015


I am trying to use one machine as a firewall for multiple 192.168.x.x
ip ranges that should not be aware of each other. I have the following
config:

domain-needed
server=8.8.8.8
expand-hosts
domain=apa # never used but needed for dhcp-fqdn to not give and error
dhcp-fqdn
domain=foo.com,192.168.100.0/24,local
domain=bar.com,192.168.101.0/24,local
localise-queries
dhcp-range=192.168.100.50,192.168.100.250,12h
dhcp-range=192.168.101.50,192.168.101.250,12h

This seems to work. I get two ip ranges on different ethernet devices.
clients get ip and can do dns lookups. client can also have the same
hostname as they will be added with the fqdn (foo.com or bar.com).

So far so good. The only issue I have is that hosts on one net can do
dns lookups with names on the other.
For example. host with name host1.foo.com with ip 192.168.100.100 can
do lookups and get ip/hostname of host1.bar.com or 192.168.101.100.

Is there any way i can prevent this? I need the ip ranges to be
isolated and not leak names between the different nets. I need it to
work as if I had two firewalls, one for each ip range running an
instance of dnsmasq on each.

 / Christoffer Gurell



More information about the Dnsmasq-discuss mailing list