[Dnsmasq-discuss] Return multiple address in specific order for multihomed hosts

John Hanks griznog at gmail.com
Mon Jan 28 20:43:35 GMT 2019 

Hi,

I use DNSmasq to provide DNSH/DHCP to multiple subnets and have many with
hosts which are multihomed in several of these subnets. The dnsmasq servers
themselves have an interface in all subnets.  If a client looks up a
hostname for a host not in its primary subnet, it gets a list of all
addresses for that host in a random order. Is it possible instead to
specify an address/subnet as the "best" one for a multihomed host? So that
instead of getting all addresses when the host is not in the client subnet
it could be limited to a single address/subnet? In my case this would be
the external facing one for which I know there is an allowed network path
to reach.

As an example, I have two clusters managed this way, they are not allowed
to speak to each other over the private internal trusted cluster network
but can by traversing the external facing firewalls for each. If I look up
my login nodes on cluster A from a node in cluster A I correctly get the
internal private cluster addresses:

[griznog at smsx10srw-srcf-d15-36 ~]$ host login
login.clusterA has address 10.1.1.6
login.clusterA has address 10.1.1.8
login.clusterA has address 10.1.1.7
login.clusterA has address 10.1.1.9

But if I look up login nodes for A from cluster B which has no access to
Cluster A private subnet I get

[griznog at smsx11qph-srcf-f5-09 ~]$ host login.clusterA
login.clusterA has address 10.1.1.7
login.clusterA has address 14.14.14.56
login.clusterA has address 14.14.14.59
login.clusterA has address 10.1.1.8
login.clusterA has address 10.1.1.9
login.clusterA has address 14.14.14.57
login.clusterA has address 10.1.1.6
login.clusterA has address 14.14.14.58


What I'd like to be able to do is make that return only the external facing
addresses, e.g.,

login.clusterA has address 14.14.14.56
login.clusterA has address 14.14.14.57
login.clusterA has address 14.14.14.58
login.clusterA has address 14.14.14.59

All hosts use the dnsmasq interface in their respective private subnets to
do name lookups. I think what I want to be able to do is somehow "rank" a
subnet so that if a request comes in for an address and there isn't an
answer in the available subnet only the first and highest ranked subnet
will get returned. Is this (or another method of handling this) possible?

Best,

griznog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20190128/54f8e9f8/attachment.html>

More information about the Dnsmasq-discuss mailing list