[Dnsmasq-discuss] Suggestion/Feature Request: Disable only DNS on an interface

Ryan Zev Solomon ryzenold at gmail.com
Wed Apr 13 10:28:08 BST 2016 

On 13/04/2016 08:19, Albert ARIBAUD wrote:
 > Hi Ryan,
 >
 > Le Tue, 12 Apr 2016 22:41:45 +0200
 > Ryan Zev Solomon <ryzenold at gmail.com> a écrit:
 >
 >> Good day,
 >>
 >> I think it would be useful to disable serving DNS queries on an
 >> interface on which TFTP, and DHCP are still provided. My use case:
 >> - TFTP and DHCP are provided by Dnsmasq.
 >> - Unbound is used as the DNS recursive resolver/cache.
 >> - Dnsmasq is used as a stub resolver for the addresses handed out via
 >> DHCP.
 >>
 >> Currently this can be partially achieved by moving Dnsmasq to a
 >> different port, and blocking that port.
 >
 > What do you mean exactly by "stub resolver"? Apparently you want
 > unbound to manage the local zone, so dnsmasq won't have any name
 > serving to do at all.
 >
 > If so, then completely disabling DNS is possible with '-p 0' as per the
 > man page.
Thanks, but I do want dnsmasq to handle the local zone, as this ties in 
with DHCP. Unbound sends any queries for the local domain to dnsmasq, 
but handles all other queries itself. Stub resolver is likely not the 
correct terminology, apologies for the confusion.
Unbound's behaviour in this case is configured to act much like 
dnsmasq's server=/domain/nameserver configuration directive.
 >
 > Of course this will implicitly turn off dnsmasq's capability to fill in
 > its local DNS records with names from DHCP leases, but I supect you do
 > not use this feature since you want the local zone managed by unbound,
 > not dnsmasq.
I do want dnsmasq to handle the local names from DHCP leases, the local 
zone is not managed by unbound. (Unbound has various zone types, and can 
be used to add in records which the upstream nameserver does not have.)

In short:
- Unbound is used as a DNS cache, and recursive resolver.
- dnsmasq is the pseudo authoritative server for the local domain.
- Unbound sends queries for the local domain to dnsmasq, this allows 
names from DHCP leases to be served.

I do not want to disable dnsmasq's DNS completely, merely on an 
interface where dnsmasq continues to provide DHCP, and TFTP.

Please let me know if my explanation is unclear.
 >
 > Amicalement,

More information about the Dnsmasq-discuss mailing list