[Dnsmasq-discuss] DNSMasq as secondary server

Wed Dec 13 23:46:37 UTC 2023

I would suggest using some prefix for internal names anyway. I tend to 
use something like in.example.net for internal (private) networks, where 
example.net contains only public records. Such config can work with 
DNSSEC for example and makes it easier to debug what is defined on which 
network.

I think dnsmasq acting as local server should override all names defined 
locally, so it should work like you have described. Even for dynamically 
connected hosts using DHCP. If it defines names in dnsmasq, it answers 
instead of forwarding. Just ensure you define local=/somedomain.com/ to 
prevent forwarding queries to your zone, which is not defined inside 
your zone. auth-zone=somedomain.com should also work. That forwards all 
names undefined names, except it generates NXDOMAIN responses for names 
in the domain it does not define.

Hope that helps. Your description is kind of hard to understand, more 
detailed examples might help. Of course what you have tried already and 
what works and what does not would help much more.

Cheers,
Petr

On 12/13/23 17:28, Michel DIEMER via Dnsmasq-discuss wrote:
> ‌
> ‌
> ‌
> ‌Dear dnsmasq user,
>
> I have a domain let's claim that it is somedomain.com
>
> I own that domain and it is officially registred and the name servers 
> for that domain are on the Internet.
>
> There is a physical server with two network interfaces, one connected 
> to the Internet and one connected to the local network.
>
> dnsmasq is running on that server.
>
> My ISP does not support IPv6. IPv6 is not disabled but not properly 
> configured. IPv4 is configured.
>
>
> The web ports (80 and 443) are redirected to the web server of the 
> local network. Only the server with dnsmasq and the web server are 
> accessible from the Internet. Other computers are not and should not.
>
> So when I type "https://somedomain.com" from any web browser, from the 
> local network or from the Internet, the website is loaded from the 
> internet server on the local network.
>
>
> Now I have several computers on the local network and dnsmasq is 
> configured for the domain "somedomain.com".
>
>
> The domain of the localnetwork is "somedomain.com".
>
> Now when I ping a computer on the Interneet from the local network it 
> is working fine, using some publc DNS.
>
>
> The problem is when I want to "ping somecomputer.somedimain.com".
>
> If "somecomputer" is on the lan I want dnsmasq to give the private, 
> local IP address.
>
> If "somecomputer" is not on the lan, dnsmasq may use the public name 
> server as anyone who is on the Internet.
>
>
> "ping computer1.somedomain.com" -> local IP address, fine
>
> "ping computer2.somedomain.com" -> tries to find computer2 on the WAN 
> using the public IPv4 address. Not working. dnsmasq should find computer2.
>
> "ping somedomain.com" -> should return either the public Internet IP 
> address of the domain or the local IP address of the local dns server. 
> Works fine from Internet but not from the internal network.
>
> "ping google.fr" -> works find, using public DNS
>
>
> If it is not supposed to work I will replace dnsmasq setting from 
> domain=somedomain.com to domain=lan.somedomain.com or 
> domain=somedomain.lan. Except the web server, other computers on the 
> local network are not supposed to be visible from the Internet.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

-- 
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20231214/4c19b456/attachment-0001.htm>