Re: [Dnsmasq-discuss] dnsmasq forwarding unknown ip addresses queries

Wed, 05 Sep 2012 11:04:48 -0700 

On 09/05/2012 10:49 AM, Simon Kelley wrote:

On 04/09/12 19:41, Gene Czarcinski wrote:

On 09/04/2012 11:02 AM, Gene Czarcinski wrote:

OK, this is similar to my previous questions/issues involving dnsmasq
forwarding queries for unknown names for the "name domain" that it is
managing (even if that domain name is null).

Now the second part.  Whether an instance of dnsmasq is providing a
dhcp service or not, is there a way to specify what IP addresses
(e.g., 192.168.1.0/24) is should answer and, if dnsmasq does not find
that queried ip address in the specified range, then the query should
NOT be forwarded?

In looking at documentation (but not the code) and not doing any
testing yet, I wonder if the following would accomplish what I need:
       domain=virt,192.168.100.0/24

If that would do the trick, then is there a way to specify that IP
address range when the domain name is null (local=//)?


OK, I believe that I have come up with the answer to my questions.

Rather than using "--domain virt --local=/virt/", I need to use
something like:
       "--domain=virt,192.168.122.0/24,local" or
       "--domain virt --local=/virt/ --local=/122.168.192.in-addr.arpa/"

For the case of no domain name, I am not sure that
"domain=,192.168.122.0/24,local" would work but
      "--local=// --local=/122.168.192.in-addr.arpa/" should work.

Comments?


Spot on. Nothing to argue with there.

Simon.
OK, I have been looking at the code. As best that I can tell, the code which handle local only specification of a reverse lookup (PTR) query will only work reliably for class a (8 bit), class b (16 bit) and class c (24 bit) networks.
For example, if "--local=/0.168.192.in-addr.arpa/" is specified and the network is 192.168.0.0/20 then a query for ip addr "192.168.1.1" will not be NXDOMAINed because you do not have a netmask specified.
I do NOT consider "fixing" this to be a reasonable request. What dnsmasq is doing will handle most cases and where it does not then it is reasonable to expect an upstream dnsmasq to be configured with "bogus-priv". 

Gene

_______________________________________________
Dnsmasq-discuss mailing list
[email protected]
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to