-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 21/12/14 11:01, Malte Forkel wrote: > Hello, > > I'm trying to convince two instances of dnsmasq to cooperate while > their LANs are connected by a bridged OpenVPN connection. Both LANs > use the same domain name and subnet. DHCP traffic through the VPN > tunnel is blocked by ebtables rules. I'm using dnsmasq 2.71 on the > OpenVPN client side and dnsmasq 2.62 on the server side > > I have two questions regarding the configuration of dnsmasq on the > client side (at the moment :)). > > With server=/<local-domain>/<server-side-server-ip> and the VPN up, > the client-side instance uses the server-side instance for lookups. > But if I put the above line into a file and use > servers-file=<temp-file> lookups don't work. The advantage of the > second approach should be that on a VPN status change I could > adjust the file's contents and have dnsmasq reread it with SIGHUP. After the SIGHUP, dnsmasq will log the complete set of upstream servers and the domains they'll be used for, so looking in the log is the first think to do for clue about what's happening (or isn't happening) here. > > With server=/<local-domain>/<server-side-server-ip> and the VPN up, > lookups only work for fully-qualified names. So I tried > server=//<server-side-server-ip> but then lookups do not work at > all. I was hoping the eventually put both variants into the file > mentioned in my first question. Add --log-queries to your dnsmasq configuration and look (again) in the logs. You should see exactly what queries are arriving at dnsmasq and what it's doing with them. > > In case it should matter: None of the servers is configured to be > authoritative and rebind protection on the client side is > configured with stop-dns-rebind rebind-localhost-ok > rebind-domain-ok=<local-domain> > > Thanks for your help, Malte > > Cheers, Simon. > _______________________________________________ Dnsmasq-discuss > mailing list Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUlwKNAAoJEBXN2mrhkTWi7wYQAKoQ+qnuqJPfQFodCisKHmN8 bTGUflPYmK8MiJRhKbxo31lZu+qVEaS2Tp2N71KP3DV33itJ2YZlDkAUO8/DLIsT qC7XYV6KEcu8TPReFsfJP3yn5eguZxVF6dTx4TtT+Bf5iqYCFnjhPWd3aEc8y8V6 keW3O+kXgIa4Z5R2IVxQ2cuSqo+R1h33zQhLWIbV6BaH5BnnCrEkt24DS/Bx8KGU fwyQFZjcRlRP403W66pkGdoCkJikco/DM+ouilia1nMijwchFTNeqSAIx/fNJwpT vuty4RAwt/q2CG62G7M/RMDrRNI80tfAjPX3EXo73eAXyCIUoL4hFzg8rry6DZWP uyaD5dwRU1jR4q7s1pyeeghGDLH5Zn1yy5iiblUk5h0a0EE5LIXprmoiJqs75fip /2FHshXd1gjTI0Kck08SAZeuXLKuzeFyx6BqOGuJ6sjC1NzOKHJXNJUfFnzXTgHH KNhKKXRhV/V24bPhsYeVROdnu9jW92vvsJpkZbZMTq0V0cXwppzZMFONw9Qmixjv HCT87HPydcO1LHUAJ+QPR4+CgQ0UP5+Xi0YaCK9UgaQutiBei7XNtbqkegUEOILD Lf1xHhvQQ7Yvrrmnf5WnVHKx4UQz6nvWH7bWm5gI5nqjNk/hrqZ+5gXtSrHvTpkN JeH6Vz6dzeF3JdwZX6mh =HrcR -----END PGP SIGNATURE----- _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss