Re: [Dnsmasq-discuss] domain per interface
On Wed March 19 2008 11:28:37 Simon Kelley wrote: I think that in ISC dhcpd/named, this could be done with a subnet declaration block with option domain-name wifi.example.net; inside it, and of course a corresponding dynamic zone declaration in named.conf. That's another avenue I don't want to pursue, because I want to keep dnsmasq for authoritative DNS. (I'm using named for recursion only, on port 35, with dnsmasq using server=127.0.0.1#35.) Simon, am I out of luck here? Yes. This has come up before. The problem is that no domain information is stored in the lease database: dnsmasq assumes that the domain is that given by --domain. To support multiple domains, the lease file format would need to change, which is a compatibility problem. Or maybe separate files, take the domain from the filename? Just a thought: /var/state/dnsmasq/$DOMAIN.leases ? I guess I could also do dhcp-script and nsupdate(8) to update a zone in named.conf. But even then, will the dnsmasq block it? If dnsmasq knows the answer, named is never consulted. What about this: server=/wifi.example.net/127.0.0.1#35 server=/3.168.192.in-addr.arpa/127.0.0.1#35 Will dnsmasq ignore the names it has served to DHCP clients? DHCP names take preference over server config, sorry. Before I saw this, I thought it was working fine. I can axfr the 3.168.192.in-addr.arpa. zone, which means dnsmasq consults named on port 35, but individual PTR queries are indeed intercepted by dnsmasq. The whole thing is incredibly silly (I was intoxicated when I got the idea, so I did it anyway), but it was a cute idea. I could switch to ISC if it was worth the trouble, but it isn't. Please file this under feature requests that should only be considered if they don't create too much complexity, because the whole point of using dnsmasq in the first place was for simplicity. :) -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: [Dnsmasq-discuss] domain per interface
If all else fails, you can run two instances of dnsmasq with two separate config files, each bound to a different interface. On Sat, Mar 15, 2008 at 2:49 PM, /dev/rob0 r...@gmx.co.uk wrote: I don't see how (if it is possible) to set a domain value per interface. I'm serving DHCP on a wired LAN and an insecure wireless segment. I want wired hosts to be $HOST.lan.example.net. and the wireless ones, $HOST.wifi.example.net. Am I missing something? Here's the deal: I want an extra layer of protection for my nfsd. The exports(5) file lists *.lan.example.net. for access to shares. The wireless hosts should not be allowed NFS. (Yes, it's firewalled also, but the more layers the better IMO. At least I rest better. :) ) Maybe this does it: http://tools.ietf.org/html/rfc2132#section-3.17 dnsmasq.conf : ... dhcp-range=wifi,192.168.3.127,192.168.3.192,255.255.255.0,12h dhcp-option=wifi,15,wifi.example.net ... (where 192.168.3.1 is the wireless interface IP address) -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] domain per interface
On Tue March 18 2008 18:42:44 richardvo...@gmail.com wrote: If all else fails, you can run two instances of dnsmasq with two separate config files, each bound to a different interface. Indeed, but that's something I would like to avoid. Here's what I have now: dnsmasq.conf : ... dhcp-range=wifi,192.168.3.127,192.168.3.192,255.255.255.0,12h dhcp-option=wifi,15,wifi.example.net ... (where 192.168.3.1 is the wireless interface IP address) But that only works for the domain pushed to clients, not for the domain used by dnsmasq for forward/reverse DNS names of clients. I get search wifi.example.net in their resolver files, but that's rather useless, since no names have .wifi.example.net. in them. I think that in ISC dhcpd/named, this could be done with a subnet declaration block with option domain-name wifi.example.net; inside it, and of course a corresponding dynamic zone declaration in named.conf. That's another avenue I don't want to pursue, because I want to keep dnsmasq for authoritative DNS. (I'm using named for recursion only, on port 35, with dnsmasq using server=127.0.0.1#35.) Simon, am I out of luck here? I guess I could also do dhcp-script and nsupdate(8) to update a zone in named.conf. But even then, will the dnsmasq block it? If dnsmasq knows the answer, named is never consulted. What about this: server=/wifi.example.net/127.0.0.1#35 server=/3.168.192.in-addr.arpa/127.0.0.1#35 Will dnsmasq ignore the names it has served to DHCP clients? -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: [Dnsmasq-discuss] domain per interface
/dev/rob0 wrote: On Tue March 18 2008 18:42:44 richardvo...@gmail.com wrote: If all else fails, you can run two instances of dnsmasq with two separate config files, each bound to a different interface. Indeed, but that's something I would like to avoid. Here's what I have now: dnsmasq.conf : ... dhcp-range=wifi,192.168.3.127,192.168.3.192,255.255.255.0,12h dhcp-option=wifi,15,wifi.example.net ... (where 192.168.3.1 is the wireless interface IP address) But that only works for the domain pushed to clients, not for the domain used by dnsmasq for forward/reverse DNS names of clients. I get search wifi.example.net in their resolver files, but that's rather useless, since no names have .wifi.example.net. in them. I think that in ISC dhcpd/named, this could be done with a subnet declaration block with option domain-name wifi.example.net; inside it, and of course a corresponding dynamic zone declaration in named.conf. That's another avenue I don't want to pursue, because I want to keep dnsmasq for authoritative DNS. (I'm using named for recursion only, on port 35, with dnsmasq using server=127.0.0.1#35.) Simon, am I out of luck here? Yes. This has come up before. The problem is that no domain information is stored in the lease database: dnsmasq assumes that the domain is that given by --domain. To support multiple domains, the lease file format would need to change, which is a compatibility problem. I guess I could also do dhcp-script and nsupdate(8) to update a zone in named.conf. But even then, will the dnsmasq block it? If dnsmasq knows the answer, named is never consulted. What about this: server=/wifi.example.net/127.0.0.1#35 server=/3.168.192.in-addr.arpa/127.0.0.1#35 Will dnsmasq ignore the names it has served to DHCP clients? DHCP names take preference over server config, sorry. Cheers, Simon.
