[Dnsmasq-discuss] host in subnet LAN cannot resolve name in outer LAN

mjbmon mjbmon at swcp.com
Wed Jun 9 21:48:18 UTC 2021


Hello,

I am trying to build a subnet where dnsmasq is the DHCP/DNS server. 
This
seems like a very common case but I cannot find any information on 
solving
the problem. TL;DR the hosts in the subnet LAN cannot resolve hosts in 
the
outer LAN, although they can ping them by ip and of course also resolve
names in the internet at large.

The top level network is 192.168.46.0/24, consisting of a black box 
router
connected to the internet at large and connected to local hosts via 
WIFI.
Under this are three hosts (more, but these are the relevant ones). 
Newton
is a laptop running Linux Mint, home46 is a Raspberry Pi running 
Raspbian,
and home52 is another Rpi which is the head node for the subnet, which 
is
192.168.52.0/24. This subnet is implemented with ethernet.

Newton, home46, home52 all connect to the router via wifi. So far this
is a very standard home network and these hosts can ping each other 
using
names such as newton.local, home46.local, and home52.local. I know very 
well
that .local is a terrible choice for a TLD, but the router is in charge 
of
this. Changing out the router is a different topic for a different 
time.
I believe that this subnet uses mDNS to map between names and
ip addresses on the subnet.


    router
      |
  --------------------   (192.168.46.0/24, this is .local)
  |         |        |
newton   home46     |
                     | (wlan0)
                  home52
                     | (eth0)
                     |
           ----------------------   (192.168.46.0/24, this is .52.lan)
           |         |          |
         rpi0       rpi1       rpi2

home52 is the interesting host. It runs dnsmasq to provide DHCP and DNS
services to rpi0, rpi1, and rpi2 on the interface eth0. There are 
iptables
rules which route traffic between wlan0 and eth0 on home52.
Everything works and rpi0, rpi1, rpi2 can all ping each other by name
as well as hosts in the internet at large, e.g. www.google.com. 
rpi0,rpi1,rpi2
can also ping hosts newton and home46, but ONLY by ip address, not by
name. If I "ping newton.local" from rpi2 I get the following in the
dnsmasq log on home52, from systemctl status dnsmasq:

home52 dnsmasq[851]: query[SOA] local from 192.168.52.100
home52 dnsmasq[851]: forwarded local to 8.8.4.4
home52 dnsmasq[851]: forwarded local to 8.8.8.8
home52 dnsmasq[851]: forwarded local to 192.168.46.1

and of course all of this is wrong.

So how can I get dnsmasq to serve hosts in the subnet with names from
the outer net? Note: I want the hosts in the subnet to be zeroconf --
they must not know anything about the outer net. Suggestions about 
modifying
their /etc/hosts file are not useful and in any case the ip addresses
in the outer subnet are subject to change after rebooting, since they
are all provided by DHCP from the router.

------------------------

dnsmasq.conf:

  # Use interface eth0
  interface=eth0

  # Explicitly specify the address to listen on
  listen-address=192.168.52.1

  # Bind to the interface to make sure we aren't sending things 
elsewhere
  bind-interfaces

  # don't forward unqualified names (e.g. myserver)
  domain-needed

  # won't forward some non-routed addresses
  bogus-priv

  # won't forward requests for the intranet subdomain
  local=/52.lan/

  # append the domain (below) to all hosts
  domain=52.lan

  # Assign IP addresses between 192.168.52.50 and 192.168.52.150
  # with a 12 hour lease time
  dhcp-range=192.168.52.50,192.168.52.150,12h

  # Forward DNS requests to the local DNS and then Google DNS
  server=192.168.52.1
  server=8.8.8.8
  server=8.8.4.4

  # Use the /etc/ethers file to specify static mappings
  # read-ethers

  # log DNS queries, for debugging
  log-queries


-------------------

  /etc/hosts file

127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1 home52

192.168.52.1 home52.52.lan


-----------------

  commands to set up iptables
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT \
     -m state --state ESTABLISHED,RELATED











More information about the Dnsmasq-discuss mailing list