Re: [Dnsmasq-discuss] DNSMasq as secondary server
I would suggest using some prefix for internal names anyway. I tend to use something like in.example.net for internal (private) networks, where example.net contains only public records. Such config can work with DNSSEC for example and makes it easier to debug what is defined on which network. I think dnsmasq acting as local server should override all names defined locally, so it should work like you have described. Even for dynamically connected hosts using DHCP. If it defines names in dnsmasq, it answers instead of forwarding. Just ensure you define local=/somedomain.com/ to prevent forwarding queries to your zone, which is not defined inside your zone. auth-zone=somedomain.com should also work. That forwards all names undefined names, except it generates NXDOMAIN responses for names in the domain it does not define. Hope that helps. Your description is kind of hard to understand, more detailed examples might help. Of course what you have tried already and what works and what does not would help much more. Cheers, Petr On 12/13/23 17:28, Michel DIEMER via Dnsmasq-discuss wrote: Dear dnsmasq user, I have a domain let's claim that it is somedomain.com I own that domain and it is officially registred and the name servers for that domain are on the Internet. There is a physical server with two network interfaces, one connected to the Internet and one connected to the local network. dnsmasq is running on that server. My ISP does not support IPv6. IPv6 is not disabled but not properly configured. IPv4 is configured. The web ports (80 and 443) are redirected to the web server of the local network. Only the server with dnsmasq and the web server are accessible from the Internet. Other computers are not and should not. So when I type "https://somedomain.com"; from any web browser, from the local network or from the Internet, the website is loaded from the internet server on the local network. Now I have several computers on the local network and dnsmasq is configured for the domain "somedomain.com". The domain of the localnetwork is "somedomain.com". Now when I ping a computer on the Interneet from the local network it is working fine, using some publc DNS. The problem is when I want to "ping somecomputer.somedimain.com". If "somecomputer" is on the lan I want dnsmasq to give the private, local IP address. If "somecomputer" is not on the lan, dnsmasq may use the public name server as anyone who is on the Internet. "ping computer1.somedomain.com" -> local IP address, fine "ping computer2.somedomain.com" -> tries to find computer2 on the WAN using the public IPv4 address. Not working. dnsmasq should find computer2. "ping somedomain.com" -> should return either the public Internet IP address of the domain or the local IP address of the local dns server. Works fine from Internet but not from the internal network. "ping google.fr" -> works find, using public DNS If it is not supposed to work I will replace dnsmasq setting from domain=somedomain.com to domain=lan.somedomain.com or domain=somedomain.lan. Except the web server, other computers on the local network are not supposed to be visible from the Internet. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss -- Petr Menšík Software Engineer, RHEL Red Hat,https://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNSMasq as secondary server
Probably helpful if you provided your configuration. From: Dnsmasq-discuss on behalf of Michel DIEMER via Dnsmasq-discuss Sent: Wednesday, December 13, 2023 11:28:03 AM To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: [Dnsmasq-discuss] DNSMasq as secondary server Dear dnsmasq user, I have a domain let's claim that it is somedomain.com I own that domain and it is officially registred and the name servers for that domain are on the Internet. There is a physical server with two network interfaces, one connected to the Internet and one connected to the local network. dnsmasq is running on that server. My ISP does not support IPv6. IPv6 is not disabled but not properly configured. IPv4 is configured. The web ports (80 and 443) are redirected to the web server of the local network. Only the server with dnsmasq and the web server are accessible from the Internet. Other computers are not and should not. So when I type "https://somedomain.com"; from any web browser, from the local network or from the Internet, the website is loaded from the internet server on the local network. Now I have several computers on the local network and dnsmasq is configured for the domain "somedomain.com". The domain of the localnetwork is "somedomain.com". Now when I ping a computer on the Interneet from the local network it is working fine, using some publc DNS. The problem is when I want to "ping somecomputer.somedimain.com". If "somecomputer" is on the lan I want dnsmasq to give the private, local IP address. If "somecomputer" is not on the lan, dnsmasq may use the public name server as anyone who is on the Internet. "ping computer1.somedomain.com" -> local IP address, fine "ping computer2.somedomain.com" -> tries to find computer2 on the WAN using the public IPv4 address. Not working. dnsmasq should find computer2. "ping somedomain.com" -> should return either the public Internet IP address of the domain or the local IP address of the local dns server. Works fine from Internet but not from the internal network. "ping google.fr" -> works find, using public DNS If it is not supposed to work I will replace dnsmasq setting from domain=somedomain.com to domain=lan.somedomain.com or domain=somedomain.lan. Except the web server, other computers on the local network are not supposed to be visible from the Internet. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] DNSMasq as secondary server
Dear dnsmasq user, I have a domain let's claim that it is somedomain.com I own that domain and it is officially registred and the name servers for that domain are on the Internet. There is a physical server with two network interfaces, one connected to the Internet and one connected to the local network. dnsmasq is running on that server. My ISP does not support IPv6. IPv6 is not disabled but not properly configured. IPv4 is configured. The web ports (80 and 443) are redirected to the web server of the local network. Only the server with dnsmasq and the web server are accessible from the Internet. Other computers are not and should not. So when I type "https://somedomain.com"; from any web browser, from the local network or from the Internet, the website is loaded from the internet server on the local network. Now I have several computers on the local network and dnsmasq is configured for the domain "somedomain.com". The domain of the localnetwork is "somedomain.com". Now when I ping a computer on the Interneet from the local network it is working fine, using some publc DNS. The problem is when I want to "ping somecomputer.somedimain.com". If "somecomputer" is on the lan I want dnsmasq to give the private, local IP address. If "somecomputer" is not on the lan, dnsmasq may use the public name server as anyone who is on the Internet. "ping computer1.somedomain.com" -> local IP address, fine "ping computer2.somedomain.com" -> tries to find computer2 on the WAN using the public IPv4 address. Not working. dnsmasq should find computer2. "ping somedomain.com" -> should return either the public Internet IP address of the domain or the local IP address of the local dns server. Works fine from Internet but not from the internal network. "ping google.fr" -> works find, using public DNS If it is not supposed to work I will replace dnsmasq setting from domain=somedomain.com to domain=lan.somedomain.com or domain=somedomain.lan. Except the web server, other computers on the local network are not supposed to be visible from the Internet. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
