[Dnsmasq-discuss] Restrict DNS reply to specific clients
Guy Wijnants
Guy.Wijnants at Imtech-Telecom.Be
Wed Feb 3 09:30:02 GMT 2016
Hi all,
I have a DNS server that is master for some public domains. We also have
clients that use the DNS server as their lookup server.
For security issues we use dnsmasq to redirect some sites to a webpage
that indicates that the site is not accepted.
I have setted the dnsmasq before the named service. But this means that
all internet clients can use our DNS server to query requests which is
not good. I want to restrict the possible query requests to only our
client networks.
I had a filter setted up under the named service:
allow-recursion { localhost; x.x.x.x/24; y.y.y.y/24; };
Dnsmasq uses the port 53 and if no match is made on the blocked list he
forwards it to himself on port 5353 where the named.service runs. The
named service sees the request as coming from localhost and does the
recursion.
I am sorry if this is unclear, I am not so familiar with dns or dnsmasq.
If its not clear please says so and I will try to be more detailed.
Version of dnsmasq: dnsmasq-2.65-6.fc17.x86_64
Thanks all in advance
Best Regards,
Guy Wijnants
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160203/27a36416/attachment.html>
More information about the Dnsmasq-discuss
mailing list