Hi Elias, I have the following in my configuration:
no-daemon no-resolv no-poll server=/*ntp.axsguard.com/8.8.8.8 server=8.8.8.8 server=/gitlab.com/# address=/#/0.0.0.0 When dnsmasq starts up, it leaves some information in the log file about DNS configuration (the first thirty). dnsmasq: using nameserver 8.8.8.8#53 for domain *ntp.axsguard.com dnsmasq: using nameserver 8.8.8.8#53 dnsmasq: using standard nameservers for gitlab.com dnsmasq: cleared cache It thus says that '#' was interpreted for gitlab.com as using the standard name servers. Meaning any of the explicitely configured, or by DBus/UBus or found in resolv.conf (not the latter since it is disabled by no-resolv config option). NOTE that address rewriting will only work for A-queries (or AAAA). NOTE2 the order of configuration options actually does not matter. Internally dnsmasq will order the addresses/domains/servers in a certain way - most specific to least specific, and search from left to right. >From the tests I run, this seems to do exactly what you want... $ host 'google.com' 192.168.10.113 | grep '^google' google.com has address 0.0.0.0 google.com mail is handled by 10 smtp.google.com. $ host 'www.google.com' 192.168.10.113 | grep '^www.google' www.google.com has address 0.0.0.0 $ host 'www.thekelleys.org.uk' 192.168.10.113 | grep '^www.' www.thekelleys.org.uk has address 0.0.0.0 www.thekelleys.org.uk is an alias for thekelleys.org.uk. www.thekelleys.org.uk is an alias for thekelleys.org.uk. => all return 0.0.0.0 for the 'A' record query $ host 'gitlab.com' 192.168.10.113 | grep '^gitlab' gitlab.com has address 172.65.251.78 gitlab.com mail is handled by 1 aspmx.l.google.com. gitlab.com mail is handled by 10 alt3.aspmx.l.google.com. gitlab.com mail is handled by 10 alt4.aspmx.l.google.com. gitlab.com mail is handled by 5 alt1.aspmx.l.google.com. gitlab.com mail is handled by 5 alt2.aspmx.l.google.com. $ host 'www.gitlab.com' 192.168.10.113 | grep '^www.gitlab' www.gitlab.com is an alias for b7af390f3e4742b89839094147d38a88.pacloudflare.com. => gitlab.com or any sub-domain thereof is sent upstream and resolved normally. Beware though, as www.gitlab.com is actually an alias for something in cloudflare.com (not gitlab.com), but again dnsmasq does the right thing. Ensure to test after cache clear/restart dnsmasq: $ host 'b7af390f3e4742b89839094147d38a88.pacloudflare.com' 192.168.10.113 | grep 'has address' b7af390f3e4742b89839094147d38a88.pacloudflare.com has address 0.0.0.0 $ host 'www.gitlab.com' 192.168.10.113 | grep 'has address' b7af390f3e4742b89839094147d38a88.pacloudflare.com has address 172.65.251.78 $ host 'b7af390f3e4742b89839094147d38a88.pacloudflare.com' 192.168.10.113 | grep 'has address' b7af390f3e4742b89839094147d38a88.pacloudflare.com has address 172.65.251.78 => Initially a request to something cloudflare resolves 0.0.0.0, later www.gitlab.com is requested which is an alias for the previous, and you want it resolved upstream, afterwards the previous is cached as the upstream result. Regards, Tijs On dinsdag 26 maart 2024 23:58:11 CEST Elias LA via Dnsmasq-discuss wrote: > In my dnsmasq.conf file, I have a blanket block rule to block everything: > > no-resolv > server=8.8.8.8 > > address=/#/0.0.0.0 > > Before this rule, I would like to allow exceptions, say for example > gitlab.com. The problem I am having is that this rule: > > server=/gitlab.com/# > > Does not work, and I have to use instead: > > server=/gitlab.com/8.8.8.8 > > So why is not the '#' translating into the default server 8.8.8.8? > > Thanks, > Elias.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
