[Dnsmasq-discuss] Having dnsmasq use non-default routing table
Matthias May
matthias.may at westermo.com
Sat Sep 23 13:02:44 UTC 2023
Hi Luigi
Nothing wrong with using bind and dnsmasq at the same time.
Are you using the same upstream servers?
Or are they different IPs?
In the ip rule from my previous mail, you can also specify a
destination, e.g.
# maym at Orpheus:~$ sudo ip rule add pref 100 iif lo proto 17 dport 53 to
8.8.8.8 lookup 100
# maym at Orpheus:~$ ip rule
# 0: from all lookup local
# 100: from all to 8.8.8.8 iif lo dport 53 lookup 100 proto 17
# 32766: from all lookup main
# 32767: from all lookup default
Regarding the @interface option of --server:
This only forces as source an interface/source-ip.
That doesn't specify what router to use.
You still need somewhere to specify what router should be used.
--> This is what the additional default gateway on table 100 would do.
If your source is bound via the --server parameter, you can match in the
routing rule on this:
In my setup my default gateway goes via wlan0.
# maym at Orpheus:~$ ip -br a
# lo UNKNOWN 127.0.0.1/8 ::1/128
# eth0 DOWN
# wlan0 UP 10.0.8.147/24
# gpd0 UNKNOWN 10.0.17.5/24
# maym at Orpheus:~$ ip r
# default via 10.0.8.1 dev wlan0 proto dhcp src 10.0.8.147 metric 600
# 10.0.17.0/24 dev gpd0 proto kernel scope link src 10.0.17.5 metric 50
I now want to force requests from dnsmasq to go via the gateway
10.0.17.1 reachable on gpd0
and all outgoing dns traffic originating from 10.0.17.5 should be sent
via this gateway.
# maym at Orpheus:~$ sudo ip route add default via 10.0.17.1 table 100
# maym at Orpheus:~$ ip route show table 100
# default via 10.0.17.1 dev gpd0
# maym at Orpheus:~$ sudo ip rule add pref 100 iif lo proto 17 dport 53
from 10.0.17.5 lookup 100
# maym at Orpheus:~$ ip rule
# 0: from all lookup local
# 100: from 10.0.17.5 iif lo dport 53 lookup 100 proto 17
# 32766: from all lookup main
# 32767: from all lookup default
With this setup: the @interface in the --server parameter forces the
requests to have a source of 10.0.17.5
and the routing rule and routing table 100 ensure that the frames go via
the gateway reachable on gpd0
BR
Matthias
On 23/09/2023 06:54, Luigi Baldoni wrote:
> Hi Matthias,
> unfortunately that won't do because I also have bind running on the same machine
> (please don't ask, long story).
> So, I was thinking, why couldn't I simply use e.g. server=8.8.8.8 at ppp1 as
> dnsmasq option?
> With that parameter set, I see the outgoing queries on ppp1 and the replies
> from the upstream server, but dnsmasq still times out.
>
> Am I misunderstanding the meaning of the @interface option?
>
> Regards
>
>> Sent: Saturday, September 23, 2023 at 12:31 AM
>> From: "Matthias May via Dnsmasq-discuss" <dnsmasq-discuss at lists.thekelleys.org.uk>
>>
>> Hi Luigi
>>
>> Strictly speaking this has nothing to do with dnsmasq, and is a question
>> of how to do policy-routing.
>> I assume you're using linux since you mention iptables.
>>
>> A good starting point for policy routing with linux is
>> https://urldefense.com/v3/__https://tldp.org/HOWTO/Adv-Routing-HOWTO/__;!!I9LPvj3b!EwyAIUNi6FdVtkbRccYjgEyzfpK75jrOEKBROoLanLDjvsuLj6eKEyQrnraUNwOsDWwN9xblaimXym-rdQ$
>> respectively https://urldefense.com/v3/__https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.simple.html__;!!I9LPvj3b!EwyAIUNi6FdVtkbRccYjgEyzfpK75jrOEKBROoLanLDjvsuLj6eKEyQrnraUNwOsDWwN9xblailAtySdtA$
>>
>> What i would do is to create a routing rule that redirects your frames
>> to a separate routing table.
>>
>> By the default the routing rules look like this:
>> # maym at Orpheus:~$ ip rule
>> # 0: from all lookup local
>> # 32766: from all lookup main
>> # 32767: from all lookup default
>>
>> You can create a new routing table (e.g table 100) that contains a
>> different default gateway.
>> # maym at Orpheus:~$ sudo ip route add default via 10.0.8.99 table 100
>> # maym at Orpheus:~$ ip route show table 100
>> # default via 10.0.8.99 dev wlan0
>>
>> Now create a routing rule that matches your traffic and calls the table 100:
>> # maym at Orpheus:~$ sudo ip rule add pref 100 iif lo proto 17 dport 53
>> lookup 100
>> # maym at Orpheus:~$ ip rule
>> # 0: from all lookup local
>> # 100: from all iif lo dport 53 lookup 100 proto 17
>> # 32766: from all lookup main
>> # 32767: from all lookup default
>>
>> Now all traffic originating:
>> from the device itself (iif lo)
>> with proto 17 (udp)
>> to the destination port 53 (dns)
>> will be directed to the routing table 100 which contains the default
>> gateway to the router you want to use.
>>
>> BR
>> Matthias
>>
>> On 22/09/2023 15:10, Luigi Baldoni wrote:
>>> Hello,
>>> after a few days of fruitless efforts, I thought of asking you all directly.
>>>
>>> I need dnsmasq to send its queries to the upstream server via a different
>>> route than everything else. I've tried adding the @interface parameter to
>>> the --server option but I don't think I quite understand how it's supposed
>>> to work.
>>> Then I've attempted to mark the packets originating from the dnsmasq process
>>> via the iptables owner module, also with little success.
>>>
>>> Before I proceed any further with these experiments, I would like to know
>>> whether I'm missing something, or if someone has found a different way to
>>> do this.
>>>
>>> Thanks
>>>
>>>
>>> _______________________________________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>> https://urldefense.com/v3/__https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss__;!!I9LPvj3b!B5ufkCPULSxnt3FjUe0ZvdgQYisVtbnoP_jvcsm9droDBts9Pe8Dsw2EuLsUBxoFy5MKDHvMZKv7X1_ueQ$
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> https://urldefense.com/v3/__https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss__;!!I9LPvj3b!EwyAIUNi6FdVtkbRccYjgEyzfpK75jrOEKBROoLanLDjvsuLj6eKEyQrnraUNwOsDWwN9xblainfLeV7OQ$
>>
More information about the Dnsmasq-discuss
mailing list