Thanks for the reply. To clarify, would the no-resolv option prevent the server running dnsmasq from referencing its own /etc/resolv.conf, or would that also effect the behavior of clients? I don' think it's possible the rogue DHCP server provided any of our other servers wtih a DHCP lease-- none of our servers with dnsmasq have the isc-dhcp-client package installed, and the Windows server was set up on a separate VLAN from any of our servers. Would there be another way that the unauthorized DHCP/DNS server could have answered queries for our domain? Thanks again,
Ben Cundiff Associate Sysadmin X-ES Inc. bcund...@xes-inc.com ----- Original Message ----- From: "Simon Kelley" <si...@thekelleys.org.uk> To: dnsmasq-disc...@thekelleys.org.uk Sent: Wednesday, July 30, 2014 4:30:15 PM Subject: Re: [Dnsmasq-discuss] Locking Down DNS Queries to Correct Servers Your config doesn't include no-resolv so dnsmasq will be reading /etc/resolv.conf looking for servers there, as well as the ones you've defined. If a DHCP client on the machine got a DHCP lease from the rogue server, it could have put the DNS server address from that DHCP lease in /etc/resolv.conf That would get queries NOT in *.example.com sent to the rogue server. Cheers, Simon. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss