Am 26.08.2011 10:44, schrieb Jérémie SYLVAND: > Hello, > > We are trying to move from dhcpd + bind to dnsmasq for our small company. > On the test server, the dhcp provided by dnsmasq works properly, as the > internal dns who works better than we want : it's possible to ping the > machine's name given in the dnsmasq.conf, but also the machine's name > written on the machine (who is different), very good ! > But I'm having an issue with the forwarding to external DNS. My DNS > can't resolve a request like google.com <http://google.com> so it must > send it to a DNS upstream, like the DNS of my Internet Servcie Provider/. > /What I have understood is dnsmasq read the file resolv.conf (or the > file we have provided) to know DNS upstream, but it doesn't work for me. > > Here is options I have provided in my dnmasq.conf file (without all > comments): > > bogus-priv > expand-hosts > resolv-file=/etc/resolv.conf > all-servers > domain=city.domain.com <http://city.domain.com> > interface=eth0 > dhcp-range=eth0,192.168.0.180,192.168.0.200,12h ... > log-queries > log-dhcp > > In the file resolv.conf: > > search city.domain.com <http://city.domain.com> > nameserver 127.0.0.1 > nameserver <ISP 1 IP address1> > nameserver <ISP 1 IP address2> > nameserver <ISP 2 IP address1> > nameserver <ISP 2 IP address2> > > I don't understand why it doesn't work, probably because I don't have > understood the real functioning of dnsmasq... > Can you help me ?
Jérémie, the "nameserver 127.0.0.1" is a problem here, because dnsmasq effectively forwards to itself. I propose the following: 1. modify your dnsmasq.conf: Add lines similar to these, replacing the IP addresses by the actual ISPs' DNS resolver addresses: no-resolv server 10.0.11.11 server 10.0.11.12 server 172.16.0.111 server 172.16.0.112 Note that there must not be a server 127.0.0.1 line! 2. modify your /etc/resolv.conf to read only: search city.example.com nameserver 127.0.0.1 3. kill and restart dnsmasq 4. if it does not work, try if adding "bind-interfaces" and restarting dnsmasq helps. It may make things better or worse for you. If nothing works, please show dnsmasq logs -- you've already set log-queries.