I would suggest using some prefix for internal names anyway. I tend to
use something like in.example.net for internal (private) networks, where
example.net contains only public records. Such config can work with
DNSSEC for example and makes it easier to debug what is defined on which
network.
I think dnsmasq acting as local server should override all names defined
locally, so it should work like you have described. Even for dynamically
connected hosts using DHCP. If it defines names in dnsmasq, it answers
instead of forwarding. Just ensure you define local=/somedomain.com/ to
prevent forwarding queries to your zone, which is not defined inside
your zone. auth-zone=somedomain.com should also work. That forwards all
names undefined names, except it generates NXDOMAIN responses for names
in the domain it does not define.
Hope that helps. Your description is kind of hard to understand, more
detailed examples might help. Of course what you have tried already and
what works and what does not would help much more.
Cheers,
Petr
On 12/13/23 17:28, Michel DIEMER via Dnsmasq-discuss wrote:
Dear dnsmasq user,
I have a domain let's claim that it is somedomain.com
I own that domain and it is officially registred and the name servers
for that domain are on the Internet.
There is a physical server with two network interfaces, one connected
to the Internet and one connected to the local network.
dnsmasq is running on that server.
My ISP does not support IPv6. IPv6 is not disabled but not properly
configured. IPv4 is configured.
The web ports (80 and 443) are redirected to the web server of the
local network. Only the server with dnsmasq and the web server are
accessible from the Internet. Other computers are not and should not.
So when I type "https://somedomain.com"; from any web browser, from the
local network or from the Internet, the website is loaded from the
internet server on the local network.
Now I have several computers on the local network and dnsmasq is
configured for the domain "somedomain.com".
The domain of the localnetwork is "somedomain.com".
Now when I ping a computer on the Interneet from the local network it
is working fine, using some publc DNS.
The problem is when I want to "ping somecomputer.somedimain.com".
If "somecomputer" is on the lan I want dnsmasq to give the private,
local IP address.
If "somecomputer" is not on the lan, dnsmasq may use the public name
server as anyone who is on the Internet.
"ping computer1.somedomain.com" -> local IP address, fine
"ping computer2.somedomain.com" -> tries to find computer2 on the WAN
using the public IPv4 address. Not working. dnsmasq should find computer2.
"ping somedomain.com" -> should return either the public Internet IP
address of the domain or the local IP address of the local dns server.
Works fine from Internet but not from the internal network.
"ping google.fr" -> works find, using public DNS
If it is not supposed to work I will replace dnsmasq setting from
domain=somedomain.com to domain=lan.somedomain.com or
domain=somedomain.lan. Except the web server, other computers on the
local network are not supposed to be visible from the Internet.
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
