Re: [Dnsmasq-discuss] domain per interface
If all else fails, you can run two instances of dnsmasq with two separate config files, each bound to a different interface. On Sat, Mar 15, 2008 at 2:49 PM, /dev/rob0 r...@gmx.co.uk wrote: I don't see how (if it is possible) to set a domain value per interface. I'm serving DHCP on a wired LAN and an insecure wireless segment. I want wired hosts to be $HOST.lan.example.net. and the wireless ones, $HOST.wifi.example.net. Am I missing something? Here's the deal: I want an extra layer of protection for my nfsd. The exports(5) file lists *.lan.example.net. for access to shares. The wireless hosts should not be allowed NFS. (Yes, it's firewalled also, but the more layers the better IMO. At least I rest better. :) ) Maybe this does it: http://tools.ietf.org/html/rfc2132#section-3.17 dnsmasq.conf : ... dhcp-range=wifi,192.168.3.127,192.168.3.192,255.255.255.0,12h dhcp-option=wifi,15,wifi.example.net ... (where 192.168.3.1 is the wireless interface IP address) -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dnsmasq listening on 0.0.0.0
DHCP that always binds the wildcard - doing otherwise _may_ be possible, but be prepared for much testing and strange behaviour. For instance, you need to be able to receive packets whose destination address in 255.255.255.255. But the DHCP socket is (or can be with a config file setting) bound to a particular interface, even if not a particular IP, correct? Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] domain per interface
On Tue March 18 2008 18:42:44 richardvo...@gmail.com wrote: If all else fails, you can run two instances of dnsmasq with two separate config files, each bound to a different interface. Indeed, but that's something I would like to avoid. Here's what I have now: dnsmasq.conf : ... dhcp-range=wifi,192.168.3.127,192.168.3.192,255.255.255.0,12h dhcp-option=wifi,15,wifi.example.net ... (where 192.168.3.1 is the wireless interface IP address) But that only works for the domain pushed to clients, not for the domain used by dnsmasq for forward/reverse DNS names of clients. I get search wifi.example.net in their resolver files, but that's rather useless, since no names have .wifi.example.net. in them. I think that in ISC dhcpd/named, this could be done with a subnet declaration block with option domain-name wifi.example.net; inside it, and of course a corresponding dynamic zone declaration in named.conf. That's another avenue I don't want to pursue, because I want to keep dnsmasq for authoritative DNS. (I'm using named for recursion only, on port 35, with dnsmasq using server=127.0.0.1#35.) Simon, am I out of luck here? I guess I could also do dhcp-script and nsupdate(8) to update a zone in named.conf. But even then, will the dnsmasq block it? If dnsmasq knows the answer, named is never consulted. What about this: server=/wifi.example.net/127.0.0.1#35 server=/3.168.192.in-addr.arpa/127.0.0.1#35 Will dnsmasq ignore the names it has served to DHCP clients? -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
[Dnsmasq-discuss] DHCPv6 support ?
Hi! Does dnsmasq support DHCPv6 ? That is, can it tell IPv6 hosts what gateway and dns server to use ? (I believe that is needed for IPv6 netwrok to function, without manually setting this on each host; I am new to IPv6) Regards, David
Re: [Dnsmasq-discuss] domain per interface
/dev/rob0 wrote: On Tue March 18 2008 18:42:44 richardvo...@gmail.com wrote: If all else fails, you can run two instances of dnsmasq with two separate config files, each bound to a different interface. Indeed, but that's something I would like to avoid. Here's what I have now: dnsmasq.conf : ... dhcp-range=wifi,192.168.3.127,192.168.3.192,255.255.255.0,12h dhcp-option=wifi,15,wifi.example.net ... (where 192.168.3.1 is the wireless interface IP address) But that only works for the domain pushed to clients, not for the domain used by dnsmasq for forward/reverse DNS names of clients. I get search wifi.example.net in their resolver files, but that's rather useless, since no names have .wifi.example.net. in them. I think that in ISC dhcpd/named, this could be done with a subnet declaration block with option domain-name wifi.example.net; inside it, and of course a corresponding dynamic zone declaration in named.conf. That's another avenue I don't want to pursue, because I want to keep dnsmasq for authoritative DNS. (I'm using named for recursion only, on port 35, with dnsmasq using server=127.0.0.1#35.) Simon, am I out of luck here? Yes. This has come up before. The problem is that no domain information is stored in the lease database: dnsmasq assumes that the domain is that given by --domain. To support multiple domains, the lease file format would need to change, which is a compatibility problem. I guess I could also do dhcp-script and nsupdate(8) to update a zone in named.conf. But even then, will the dnsmasq block it? If dnsmasq knows the answer, named is never consulted. What about this: server=/wifi.example.net/127.0.0.1#35 server=/3.168.192.in-addr.arpa/127.0.0.1#35 Will dnsmasq ignore the names it has served to DHCP clients? DHCP names take preference over server config, sorry. Cheers, Simon.
Re: [Dnsmasq-discuss] DHCPv6 support ?
xerces8 wrote: Hi! Does dnsmasq support DHCPv6 ? No. It supports DNS over IPv6, but not DHCPv6 Cheers, Simon.