[Dnsmasq-discuss] Restrict DNS reply to specific clients
Albert ARIBAUD
albert.aribaud at free.fr
Wed Feb 3 10:51:52 GMT 2016
Hi Guy,
Le Wed, 3 Feb 2016 10:30:02 +0100
"Guy Wijnants" <Guy.Wijnants at Imtech-Telecom.Be> a écrit:
> Hi all,
>
> I have a DNS server that is master for some public domains. We also
> have clients that use the DNS server as their lookup server.
> For security issues we use dnsmasq to redirect some sites to a webpage
> that indicates that the site is not accepted.
> I have setted the dnsmasq before the named service. But this means
> that all internet clients can use our DNS server to query requests
> which is not good. I want to restrict the possible query requests to
> only our client networks.
> I had a filter setted up under the named service:
> allow-recursion { localhost; x.x.x.x/24; y.y.y.y/24; };
> Dnsmasq uses the port 53 and if no match is made on the blocked list
> he forwards it to himself on port 5353 where the named.service runs.
> The named service sees the request as coming from localhost and does
> the recursion.
> I am sorry if this is unclear, I am not so familiar with dns or
> dnsmasq. If its not clear please says so and I will try to be more
> detailed. Version of dnsmasq: dnsmasq-2.65-6.fc17.x86_64
> Thanks all in advance
I am not sure I understand either your need or the actual situation,
but I gather the issue is "some requests are servers which should not
have".
Can you provide detailed scenarios, both for use case which work as you
intend and for use cases which do not work as you intend? For each
scenario, please describe where the request originates, which server it
passes through, and (for failure scenarios) whether it should not have.
> Best Regards,
>
> Guy Wijnants
Amicalement,
--
Albert.
More information about the Dnsmasq-discuss
mailing list