[Dnsmasq-discuss] host in subnet LAN cannot resolve name in outer LAN
mjbmon at swcp.com
Wed Jun 9 21:48:18 UTC 2021
I am trying to build a subnet where dnsmasq is the DHCP/DNS server.
seems like a very common case but I cannot find any information on
the problem. TL;DR the hosts in the subnet LAN cannot resolve hosts in
outer LAN, although they can ping them by ip and of course also resolve
names in the internet at large.
The top level network is 192.168.46.0/24, consisting of a black box
connected to the internet at large and connected to local hosts via
Under this are three hosts (more, but these are the relevant ones).
is a laptop running Linux Mint, home46 is a Raspberry Pi running
and home52 is another Rpi which is the head node for the subnet, which
192.168.52.0/24. This subnet is implemented with ethernet.
Newton, home46, home52 all connect to the router via wifi. So far this
is a very standard home network and these hosts can ping each other
names such as newton.local, home46.local, and home52.local. I know very
that .local is a terrible choice for a TLD, but the router is in charge
this. Changing out the router is a different topic for a different
I believe that this subnet uses mDNS to map between names and
ip addresses on the subnet.
-------------------- (192.168.46.0/24, this is .local)
| | |
newton home46 |
---------------------- (192.168.46.0/24, this is .52.lan)
| | |
rpi0 rpi1 rpi2
home52 is the interesting host. It runs dnsmasq to provide DHCP and DNS
services to rpi0, rpi1, and rpi2 on the interface eth0. There are
rules which route traffic between wlan0 and eth0 on home52.
Everything works and rpi0, rpi1, rpi2 can all ping each other by name
as well as hosts in the internet at large, e.g. www.google.com.
can also ping hosts newton and home46, but ONLY by ip address, not by
name. If I "ping newton.local" from rpi2 I get the following in the
dnsmasq log on home52, from systemctl status dnsmasq:
home52 dnsmasq: query[SOA] local from 192.168.52.100
home52 dnsmasq: forwarded local to 126.96.36.199
home52 dnsmasq: forwarded local to 188.8.131.52
home52 dnsmasq: forwarded local to 192.168.46.1
and of course all of this is wrong.
So how can I get dnsmasq to serve hosts in the subnet with names from
the outer net? Note: I want the hosts in the subnet to be zeroconf --
they must not know anything about the outer net. Suggestions about
their /etc/hosts file are not useful and in any case the ip addresses
in the outer subnet are subject to change after rebooting, since they
are all provided by DHCP from the router.
# Use interface eth0
# Explicitly specify the address to listen on
# Bind to the interface to make sure we aren't sending things
# don't forward unqualified names (e.g. myserver)
# won't forward some non-routed addresses
# won't forward requests for the intranet subdomain
# append the domain (below) to all hosts
# Assign IP addresses between 192.168.52.50 and 192.168.52.150
# with a 12 hour lease time
# Forward DNS requests to the local DNS and then Google DNS
# Use the /etc/ethers file to specify static mappings
# log DNS queries, for debugging
::1 localhost ip6-localhost ip6-loopback
commands to set up iptables
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT \
-m state --state ESTABLISHED,RELATED
More information about the Dnsmasq-discuss