[Dnsmasq-discuss] dnsmasq and samba internal dns server on the same machine

Albert ARIBAUD albert.aribaud at free.fr
Sun Apr 24 18:55:00 BST 2016 

Hi Yann,

Le Sun, 24 Apr 2016 18:42:40 +0200
Yann Lehmann <aristide at free-it.ch> a écrit:

> Hi
> 
> I am trying to setup a computer to act as an active directory
> controller with samba (which brings an internal DNS server), but I
> also need it to work as a dhcp server.
> 
> I have found how to set up the machine to have samba respond to dns 
> requests for the records it knows and forward queries for external 
> addresses to dnsmasq.
> 
> According to this [1], I have set up a 'lo:0' loopback interface with 
> address '127.0.0.5'.
> 
> dnsmasq is only listening on this address ('listen-address=127.0.0.5' 
> and 'bind-interfaces' are both set in '/etc/dnsmasq.conf').
> 
> samba is restricted to listen on 'eth0' and 'lo' only.
> 
> This seems to work fine for dns queries.
> 
> A dig query from the host itself for an address known by samba's 
> internal dns server (for example '_kerberos._tcp.mydomain') gets 
> answered by the "server" '127.0.0.1#53(127.0.0.1)' and nothing gets 
> logged by dnsmasq.
> 
> A query for an address unknown by samba's dns server gets forwarded
> to dnsmasq, which itself forwards it to my ISP's dns servers
> (according to the log of dnsmasq).
> 
> Unfortunately, dnsmasq doesn't respond to dhcp-requests.
> 
> Is there a way to enable only dns-requests on the 'lo:0' interface
> and only dhcp-requests on the 'eth0' interface ?

There is a way to disable DHCP on a given interface: option -2 aka
--no-dhcp-interface will allow you to do that.

I don't know of a way to disable DNS on a specific interface. There is
a way to disable it globally (-p aka --port, set port to 0 to disable).

But -p can also be used to make dnsmasq respond on a nonstandard DNS
port (again, globally IIUC). Therefore, you set dnsmasq to run on e.g.
port 553, and have samba use that port for its upstream queries to
dnsmasq.

But then... you don't need two loopback interfaces any more: you can
run both services on lo, since they won't be serving the same port any
more.

> Thanks and regards
> Yann

NP, HTH.

Amicalement,
-- 
Albert.

More information about the Dnsmasq-discuss mailing list