Using dnsmasq for accessing multiple nameservers assigned by DHCP

dnsmasqdomain-name-systemvpn

At my work desktop running openSUSE 11.4, I have a local network which gets its address, domain (work.site) and nameservers (10.100.1.1, 10.100.1.2) info through DHCP – which get written into /etc/resolv.conf

I get to access the internet using the work network, and these 2 nameservers end up returning the entries for any public domain name lookups on the internet.

I also have a private VPN that I end up connecting. The nameserver (10.111.1.1) and domain (private.site) are rarely bound to change for this network, but currently they're pushed by the openVPN client into networkmanager, and which also gets merged with the existing /etc/resolv.conf

My resolv.conf ultimately ends up looking like this:

search private.site work.site
nameserver 127.0.0.1
nameserver 10.111.1.1
nameserver 10.100.1.1

As you can see the 2nd nameserver from my work network was pushed out because of the max 3 entry limitations. It is fine still, but would be a problem if that nameserver goes down for maintenance or something.

So I found out that dnsmasq could help me here, and hence I setup dnsmasq just as a local DNS resolver without any DHCP support.

So right now this is my /etc/dnsmasq.conf:

resolv-file=/etc/resolv.conf
server=/private.site/10.111.1.1
server=/1.111.10.in-addr.arpa/10.111.1.1
listen-address=127.0.0.1
bind-interfaces
log-queries

I've made dnsmasq get the list of nameservers from /etc/resolv.conf since NetworkManager seems to be updating this list correctly (for a max of 3 nameservers). I'm able to resolve the host names in both the networks correctly.

So these are the questions I have:

Is there a way I can make either NetworkManager or dhclient write out the list of nameservers somewhere else which I can make dnsmasq use as resolv-file ?
How do I make dnsmasq use certain nameservers as the default for all queries ? Right now I notice that lookups for public domains on the internet are usually sent to both the nameservers – the one on work.site as well as private.site. It would be good if I can limit this only to work.site.

UPDATE:
These are the solutions I've found:
In /etc/sysconfig/network/config change the following:

NETCONFIG_DNS_FORWARDER="dnsmasq"
NETCONFIG_DNS_FORWARDER_FALLBACK="no"
NETCONFIG_DNS_STATIC_SEARCHLIST="work.site private.site"

In /etc/dnsmasq.conf add these lines:

resolv-file=/var/run/dnsmasq-forwarders.conf

I also had to modify my openVPN server.conf not to push nameservers for the clients, since I had already added a server rule in my dnsmasq.conf for that domain.

Best Answer

If you install resolvconf, NetworkManager will use it instead of writing /etc/resolv.conf directly. The DNS servers from NM can then be found in /var/run/resolvconf/interface/NetworkManager.

dnsmasq is sending all queries to 10.111.1.1 because it's listed in resolv.conf -- you probably want to remove it from resolv.conf so that it only gets used for the private.site domain. The nameservers in resolv.conf are essentially the defaults.

Related Solutions

DNSMasq – Setting Up DNSMasq for a Local Network

Refer to the DNSmasq documentation, especially the dnsmasq manpage and sample configuration file. The local keyword tells DNSmasq to perform those domain lookups with local data. This affects requests send to DNSmasq for foo.localnet and bar.localnet, for example. I don't think this is what you want.

# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
local=/localnet/

To force host/subdomain lookups to resolve to a specific address, you'd probably want to use the address keyword. The second example below should allow web1.devbox and web2.devbox and web73872.devbox to all resolve to the address specified.

# Add domains which you want to force to an IP address here.
# The example below send any host in doubleclick.net to a local
# webserver.
address=/doubleclick.net/127.0.0.1

# for your example
address=/devbox/192.168.3.99

I use DNSmasq at home to handle simple DNS stuff for my LAN; in that case, local and the associated domain and expand-hosts keywords are appropriate. The DNSmasq server is my primary nameserver, so all requests go through it; any nonlocal addresses are passed back to the ISP's nameserver. You might consider that configuration if possible.

Dnsmasq resolves local hostname to 127.0.0.1 all over the net

Normally, you would define your static hosts in /etc/hosts and enable hosts in your dnsmasq.conf file. dnsmasq allows you to specify an alternate name for this file.

If you want rtfm.lan to be addressed as 192.168.1.2 then add a line reading 192.168.1.2 rtfm.lan to /etc/hosts. Normally, your hosts file for dnsmasq should be portable to all your servers.

On rtfm.lan the IP stack will short-circuit the routing and not send traffic onto the network.

If you update your /etc/hosts file and signal dnsmasq with a HUP signal, the hosts file will be reread and changes applied.

EDIT: dnsmasq is not designed to serve up a dynamic host address for its own host. As noted it does serve up names from its lease file for DHCP clients.

If your host is an Internet gateway, it would normally serve a local static address. Serving up the Internet gateway address may cause routing and firewall issues.

You could configure your DHCP client to write a one line hosts file. The dnsmasq option addn-host can be used to get dnsmasq to read this file in addition to /etc/hosts. If the address is likely to change, then the DHCP client could rewrite the file and send dnsmasq a HUP signal on IP address change.

Best Answer

Related Solutions

DNSMasq – Setting Up DNSMasq for a Local Network

Dnsmasq resolves local hostname to 127.0.0.1 all over the net

Related Topic