[Dnsmasq-discuss] host in subnet LAN cannot resolve name in outer LAN

Geert Stappers stappers at stappers.nl
Fri Jun 25 21:31:26 UTC 2021


On Wed, Jun 16, 2021 at 12:17:33AM +0200, Petr Menšík wrote:
> On 6/9/21 11:48 PM, mjbmon wrote:
> > Hello,
> >
> > I am trying to build a subnet where dnsmasq is the DHCP/DNS server. This
> > seems like a very common case but I cannot find any information on solving
> > the problem. TL;DR the hosts in the subnet LAN cannot resolve hosts in the
> > outer LAN, although they can ping them by ip and of course also resolve
> > names in the internet at large.
> >
> > The top level network is 192.168.46.0/24, consisting of a black box router
> > connected to the internet at large and connected to local hosts via WIFI.
> > Under this are three hosts (more, but these are the relevant ones).  Newton
> > is a laptop running Linux Mint, home46 is a Raspberry Pi running Raspbian,
> > and home52 is another Rpi which is the head node for the subnet, which is
> > 192.168.52.0/24. This subnet is implemented with ethernet.
> >
> > Newton, home46, home52 all connect to the router via wifi. So far this
> > is a very standard home network and these hosts can ping each other using
> > names such as newton.local, home46.local, and home52.local. I know very well
> > that .local is a terrible choice for a TLD, but the router is in charge of
> > this. Changing out the router is a different topic for a different time.
> > I believe that this subnet uses mDNS to map between names and
> > ip addresses on the subnet.
> >
> >
> >    router
> >      |
> >  --------------------   (192.168.46.0/24, this is .local)
> >  |         |        |
> > newton   home46     |
> >                     | (wlan0)
> >                  home52
> >                     | (eth0)
> >                     |
> >           ----------------------   (192.168.46.0/24, this is .52.lan)
> >           |         |          |
> >         rpi0       rpi1       rpi2
> >
> > home52 is the interesting host. It runs dnsmasq to provide DHCP and DNS
> > services to rpi0, rpi1, and rpi2 on the interface eth0. There are iptables
> > rules which route traffic between wlan0 and eth0 on home52.
> > Everything works and rpi0, rpi1, rpi2 can all ping each other by name
> > as well as hosts in the internet at large, e.g. www.google.com.  rpi0,rpi1,rpi2
> > can also ping hosts newton and home46, but ONLY by ip address, not by
> > name. If I "ping newton.local" from rpi2 I get the following in the
> > dnsmasq log on home52, from systemctl status dnsmasq:
> >
> > home52 dnsmasq[851]: query[SOA] local from 192.168.52.100
> > home52 dnsmasq[851]: forwarded local to 8.8.4.4
> > home52 dnsmasq[851]: forwarded local to 8.8.8.8
> > home52 dnsmasq[851]: forwarded local to 192.168.46.1
> >
> > and of course all of this is wrong.
> >
> > So how can I get dnsmasq to serve hosts in the subnet with names from
> > the outer net? Note: I want the hosts in the subnet to be zeroconf --
> > they must not know anything about the outer net. Suggestions about modifying
> > their /etc/hosts file are not useful and in any case the ip addresses
> > in the outer subnet are subject to change after rebooting, since they
> > are all provided by DHCP from the router.
> >
> > ------------------------
> >
> > dnsmasq.conf:
> >
> >  # Use interface eth0
> >  interface=eth0
> >
> >  # Explicitly specify the address to listen on
> >  listen-address=192.168.52.1
> >
> >  # Bind to the interface to make sure we aren't sending things elsewhere
> >  bind-interfaces
> >
> >  # don't forward unqualified names (e.g. myserver)
> >  domain-needed
> >
> >  # won't forward some non-routed addresses
> >  bogus-priv
> >
> >  # won't forward requests for the intranet subdomain
> >  local=/52.lan/
> >
> >  # append the domain (below) to all hosts
> >  domain=52.lan
> >
> >  # Assign IP addresses between 192.168.52.50 and 192.168.52.150
> >  # with a 12 hour lease time
> >  dhcp-range=192.168.52.50,192.168.52.150,12h
> >
> >  # Forward DNS requests to the local DNS and then Google DNS
> >  server=192.168.52.1
> >  server=8.8.8.8
> >  server=8.8.4.4
> >
> >  # Use the /etc/ethers file to specify static mappings
> >  # read-ethers
> >
> >  # log DNS queries, for debugging
> >  log-queries
> >
> >
> > -------------------
> >
> >  /etc/hosts file
> >
> > 127.0.0.1       localhost
> > ::1             localhost ip6-localhost ip6-loopback
> > ff02::1         ip6-allnodes
> > ff02::2         ip6-allrouters
> >
> > 127.0.1.1 home52
> >
> > 192.168.52.1 home52.52.lan
> >
> >
> > -----------------
> >
> >  commands to set up iptables
> > sysctl -w net.ipv4.ip_forward=1
> > iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
> > iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
> > iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT \
> >     -m state --state ESTABLISHED,RELATED
> >
> Hi,
> 
> interesting problem. If you want to be able to resolve mDNS .local on
> network 46, I doubt that can be archieved using dnsmasq directly.
> 
> .local domain is for multicast resolution on local network. That means
> rpi machines are on different local network than newton. local domain
> should not be used for unicast DNS, because it would clash. The result
> would be inconsistent.
> 
> Have you tried main router, whether it can serve names of dhcp clients?
> Many routers use dnsmasq inside, they might be able to resolve newton
> 
> I think you might be able to misuse systemd-resolved on home52 to
> provide resolution for mdns. Enable MDNS for wlan0 interface in
> resolved.conf.
> 
> Then add to dnsmasq.conf:
> 
> server=/local/127.0.0.53
> 
> Because systemd-resolved talks DNS even to names on different protocol,
> it might be able to resolve. I would consider it a wrong hack. Instead,
> try to offer some domain from router. For example 46.lan on router,
> 52.lan on home52. If router has also dnsmasq, it might work. Add to
> dnsmasq.conf:
> 
> # update with actual router IP.
> server=/46.lan/192.168.46.1
> 
> but that would work only when router also maintains names. I think
> ubiquity and routerboards can do that. This way would be more reliable,
> than any hacks reusing local domain.


Thing I'm missing in the discussion is that "DNS" has hierarchy.
"top level domains", "root DNServers" and "glue records".

The first posting lacks it completely, the follow-up-posting has
> server=/46.lan/192.168.46.1
which is close to "Real DNS", one DNServer "knows" where to find
the next DNServer.



And  mDNS  is **single** LAN thing.
Original poster has multiple  LANs.


 
> Hope that helps,

+1

 
> Petr

Groeten
Geert Stappers
ADA coin wallet DdzFFzCqrhsmqj9cvCvEcpq7D97cqSVmKKB8wEAzyAxYP76PwhFZBi1qyz9e38heFdQ2twPhmaWusS2XogsBgz5Mx7DYxtN4W9TnPEPW
-- 
Silence is hard to parse



More information about the Dnsmasq-discuss mailing list