DNSMasq swallows local A-entries

dnsmasqdomain-name-system

When I query the ISP's DNS server for foo.example.com, it comes back with something like this:

;; ANSWER SECTION:
foo.example.com. 159 IN A       192.168.40.20

(note that the IP address is a local one)

When I do the same over DNSMasq, the response is empty; the A record is missing. It works fine for every other address I've tried.

What is this, a mis-configuration of DNSMasq, a bug, or expected behaviour?

Best Answer

You probably have dnsmasq's rebind protection enabled with this option:

   --stop-dns-rebind
          Reject (and log) addresses from upstream nameservers  which  are
          in  the private IP ranges. This blocks an attack where a browser
          behind a firewall  is  used  to  probe  machines  on  the  local
          network.

You can disable this entirely by removing this option, or you can whitelist certain domains using this option:

--rebind-domain-ok=example.com

Best Answer

Related Solutions

Ubuntu – OpenVPN: Not all DNS entries get pushed to clients from server. (dnsmasq)

DNSMasq is slower than the ISP at returning cached DNS entries.

Related Topic