Re: [Dnsmasq-discuss] Minimal config: small # of A records, no upstream server
On 2020-07-03 12:39 AM, Geert Stappers wrote: On Thu, Jul 02, 2020 at 08:44:02PM -0700, Frank wrote: On Jul 2, 2020, at 7:18 PM, Johnny Utahh wrote: On 2020-07-02 12:57 PM, Geert Stappers wrote: On Thu, Jul 02, 2020 at 06:16:49AM -0500, Johnny Utahh wrote: On 2020-07-02 2:18 AM, Geert Stappers wrote: On Wed, Jul 01, 2020 at 10:06:36PM -0500, Johnny Utahh wrote: Hello, Do I need to make any edits/additions to the dnsmasq.conf below to support the following scenario? Ubuntu 20.04 dnsmasq 2.80 Details: I want to provide a _minimal_ DNS server. It *only* serves a few A records (from /etc/hosts). A key point: I want to make sure it does NOTHING else. No upstream-DNS-server/service connection. Any DNS requests sent to said server outside of the /etc/hosts A-record list will fail. Further: no DHCP, tftp, or any others. All of the other bells and whistles I do not know about: I want them disabled, too. Just plain old proper DNS records serving and associated error-condition handling. Additionally, the dnsmasq-based DNS server will bind/interface/respond-to only `eth8`. /etc/dnsmasq.conf: interface=eth8 no-dhcp-interface=eth8 That is indeed not enough for the desired use case. Thanks, quite good to know. What edits or additions (to the following `/etc/dnsmasq.conf` or any other file) are needed to serve this use case? Something that tells Dnsmasq to do non default things. server=127.0.0.1#13131 The idea is that dnsmasq does go searching for an upstream DNS. That it uses localhost port 13131. With nothing at 13131 should result in a "nothing here" and thus ending the DNS resolve attempt. If that truely gets back to the DNS client as "hostname not found" is unknown to me. In other words: Default behaviour of dnsmasq is to use the DNS available to the host. Original Poster doesn't want that, so should do something extra to prevent. But be aware that I never have travelled that road. Euh yes, I would like to hear how it went. I'm presuming the only issue here is preventing searches and potential "uplinks" with upstream DNS nameservers and that "disabling all other features" is addressed by the following settings: /etc/dnsmasq.conf: port=[myport] no-resolv no-poll interface=eth8 no-dhcp-interface=eth8 no-hosts addn-hosts=/etc/dnsmasq_a_records domain=[mydomain.tld] The idea is that dnsmasq does go searching for an upstream DNS. Okay, copy that, very helpful. It seems dnsmasq is currently determined to hunt for upstream namesevers and there's no elegant way to disable this... but I explore this point more-exhaustively with these points/comments: 1. I'm surprised there's no directive/setting to specifically prevent dnsmasq from searching for an upstream DNS. If so: why is my scenario (seemingly?) rare enough that such a feature (presumably?) was not needed? While this use case is not predominate, this does not seem like an uncommon use case, namely for "isolated VPNs." 2. Does `no-resolv` + `no-poll` effectively implement the feature described in #1? 3. I'm happy to implement `server=127.0.0.1#[unused_port_number]` to effectively provide the feature described in #1. However, I'm concerned about a couple, potential, derivative behaviors: 3.a. How certain are we that this "workaround" completely disables the upstream searching/connections? 3.b. Minor concern: does a continual attempt to connect with a non-served port (especially if it's a UDP request) effectively create some performance degradation over time (particularly if "reconnects" are attempted frequently)? 4. Are there truly, absolutely no other options to prevent upstream-nameserver searches? Does someone besides Geert have any direct experience with or hear of others trying this? 5. If I restrict the interface bindings to a VPN-only ethernet device (that is itself isolated from the public internet), does this help with this "upstream searching restriction"? no-resolv no-poll Assuming the man page is correct, those are the two options you want to prevent DNS from being forwarded. Don’t put a server statement in your config as Geert is suggesting. Acknowledge on that. In any case, I will test this approach and report back what I find. Looking forward to it. Does this (the "no upstream servers configured" log output) provide sufficient evidence for test success (for the above-mentioned use case)? syslog excerpt when running with the following .conf: dnsmasq[x]: warning: no upstream servers configured /etc/dnsmasq.conf: port=[myport] domain-needed bogus-priv no-resolv no-poll interface=[mydev] no-dhcp-interface=[mydev] bind-interfaces no-hosts addn-hosts=/etc/dnsmasq_records domain=[mydomain] Ubuntu 20.04 dnsmasq 2.80 -- // ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Minimal config: small # of A records, no upstream server
On Thu, Jul 02, 2020 at 08:44:02PM -0700, Frank wrote: > On Jul 2, 2020, at 7:18 PM, Johnny Utahh > wrote: > > On 2020-07-02 12:57 PM, Geert Stappers wrote: > >> On Thu, Jul 02, 2020 at 06:16:49AM -0500, Johnny Utahh wrote: > >>> On 2020-07-02 2:18 AM, Geert Stappers wrote: > On Wed, Jul 01, 2020 at 10:06:36PM -0500, Johnny Utahh wrote: > > Hello, > > > > Do I need to make any edits/additions to the dnsmasq.conf below to > > support > > the following scenario? > > > > Ubuntu 20.04 > > dnsmasq 2.80 > > > > Details: > > > > I want to provide a _minimal_ DNS server. It *only* serves a few A > > records > > (from /etc/hosts). > > > > A key point: I want to make sure it does NOTHING else. No > > upstream-DNS-server/service connection. Any DNS requests sent to said > > server > > outside of the /etc/hosts A-record list will fail. Further: no DHCP, > > tftp, > > or any others. All of the other bells and whistles I do not know about: > > I > > want them disabled, too. Just plain old proper DNS records serving and > > associated error-condition handling. > > > > Additionally, the dnsmasq-based DNS server will > > bind/interface/respond-to > > only `eth8`. > > > > > > /etc/dnsmasq.conf: > > interface=eth8 > > no-dhcp-interface=eth8 > > > That is indeed not enough for the desired use case. > > >>> Thanks, quite good to know. What edits or additions (to the following > >>> `/etc/dnsmasq.conf` or any other file) are needed to serve this use case? > >> Something that tells Dnsmasq to do non default things. > >> > >> server=127.0.0.1#13131 > >> > >> The idea is that dnsmasq does go searching for an upstream DNS. That it > >> uses localhost port 13131. With nothing at 13131 should result in > >> a "nothing here" and thus ending the DNS resolve attempt. If that truely > >> gets back to the DNS client as "hostname not found" is unknown to me. > >> > >> In other words: Default behaviour of dnsmasq is to use the DNS available > >> to the host. Original Poster doesn't want that, so should do something > >> extra to prevent. But be aware that I never have travelled that road. > >> Euh yes, I would like to hear how it went. > > > > I'm presuming the only issue here is preventing searches and potential > > "uplinks" with upstream DNS nameservers and that "disabling all > > other features" is addressed by the following settings: > > > > /etc/dnsmasq.conf: > > port=[myport] > > no-resolv > > no-poll > > interface=eth8 > > no-dhcp-interface=eth8 > > no-hosts > > addn-hosts=/etc/dnsmasq_a_records > > domain=[mydomain.tld] > > > >> The idea is that dnsmasq does go searching for an upstream DNS. > > > > Okay, copy that, very helpful. It seems dnsmasq is currently > > determined to hunt for upstream namesevers and there's no elegant > > way to disable this... but I explore this point more-exhaustively > > with these points/comments: > > > > 1. I'm surprised there's no directive/setting to specifically prevent > > dnsmasq from searching for an upstream DNS. If so: why is my scenario > > (seemingly?) rare enough that such a feature (presumably?) was > > not needed? While this use case is not predominate, this does not > > seem like an uncommon use case, namely for "isolated VPNs." > > > > 2. Does `no-resolv` + `no-poll` effectively implement the feature > > described in #1? > > > > 3. I'm happy to implement `server=127.0.0.1#[unused_port_number]` > > to effectively provide the feature described in #1. However, I'm > > concerned about a couple, potential, derivative behaviors: > > > > 3.a. How certain are we that this "workaround" completely disables > > the upstream searching/connections? > > > > 3.b. Minor concern: does a continual attempt to connect with a > > non-served port (especially if it's a UDP request) effectively create > > some performance degradation over time (particularly if "reconnects" > > are attempted frequently)? > > > > 4. Are there truly, absolutely no other options to prevent > > upstream-nameserver searches? Does someone besides Geert have any > > direct experience with or hear of others trying this? > > > > 5. If I restrict the interface bindings to a VPN-only ethernet device > > (that is itself isolated from the public internet), does this help > > with this "upstream searching restriction"? > > > > no-resolv > no-poll > > Assuming the man page is correct, those are the two options you want > to prevent DNS from being forwarded. Don’t put a server statement > in your config as Geert is suggesting. Acknowledge on that. > > In any case, I will test this approach and report back what I find. Looking forward to it. Regards Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekel
Re: [Dnsmasq-discuss] Minimal config: small # of A records, no upstream server
no-resolv no-poll Assuming the man page is correct, those are the two options you want to prevent DNS from being forwarded. Don’t put a server statement in your config as Geert is suggesting. Frank > On Jul 2, 2020, at 7:18 PM, Johnny Utahh > wrote: > > On 2020-07-02 12:57 PM, Geert Stappers wrote: >> On Thu, Jul 02, 2020 at 06:16:49AM -0500, Johnny Utahh wrote: >>> On 2020-07-02 2:18 AM, Geert Stappers wrote: On Wed, Jul 01, 2020 at 10:06:36PM -0500, Johnny Utahh wrote: > Hello, > > Do I need to make any edits/additions to the dnsmasq.conf below to support > the following scenario? > > Ubuntu 20.04 > dnsmasq 2.80 > > Details: > > I want to provide a _minimal_ DNS server. It *only* serves a few A records > (from /etc/hosts). > > A key point: I want to make sure it does NOTHING else. No > upstream-DNS-server/service connection. Any DNS requests sent to said > server > outside of the /etc/hosts A-record list will fail. Further: no DHCP, tftp, > or any others. All of the other bells and whistles I do not know about: I > want them disabled, too. Just plain old proper DNS records serving and > associated error-condition handling. > > Additionally, the dnsmasq-based DNS server will bind/interface/respond-to > only `eth8`. > > > /etc/dnsmasq.conf: > interface=eth8 > no-dhcp-interface=eth8 > That is indeed not enough for the desired use case. >>> Thanks, quite good to know. What edits or additions (to the following >>> `/etc/dnsmasq.conf` or any other file) are needed to serve this use case? >> Something that tells Dnsmasq to do non default things. >> >> server=127.0.0.1#13131 >> >> The idea is that dnsmasq does go searching for an upstream DNS. That it >> uses localhost port 13131. With nothing at 13131 should result in >> a "nothing here" and thus ending the DNS resolve attempt. If that truely >> gets back to the DNS client as "hostname not found" is unknown to me. >> >> In other words: Default behaviour of dnsmasq is to use the DNS available >> to the host. Original Poster doesn't want that, so should do something >> extra to prevent. But be aware that I never have travelled that road. >> Euh yes, I would like to hear how it went. > > I'm presuming the only issue here is preventing searches and potential > "uplinks" with upstream DNS nameservers and that "disabling all other > features" is addressed by the following settings: > > /etc/dnsmasq.conf: > port=[myport] > no-resolv > no-poll > interface=eth8 > no-dhcp-interface=eth8 > no-hosts > addn-hosts=/etc/dnsmasq_a_records > domain=[mydomain.tld] > >> The idea is that dnsmasq does go searching for an upstream DNS. > > Okay, copy that, very helpful. It seems dnsmasq is currently determined to > hunt for upstream namesevers and there's no elegant way to disable this... > but I explore this point more-exhaustively with these points/comments: > > 1. I'm surprised there's no directive/setting to specifically prevent dnsmasq > from searching for an upstream DNS. If so: why is my scenario (seemingly?) > rare enough that such a feature (presumably?) was not needed? While this use > case is not predominate, this does not seem like an uncommon use case, namely > for "isolated VPNs." > > 2. Does `no-resolv` + `no-poll` effectively implement the feature described > in #1? > > 3. I'm happy to implement `server=127.0.0.1#[unused_port_number]` to > effectively provide the feature described in #1. However, I'm concerned about > a couple, potential, derivative behaviors: > > 3.a. How certain are we that this "workaround" completely disables the > upstream searching/connections? > > 3.b. Minor concern: does a continual attempt to connect with a non-served > port (especially if it's a UDP request) effectively create some performance > degradation over time (particularly if "reconnects" are attempted frequently)? > > 4. Are there truly, absolutely no other options to prevent > upstream-nameserver searches? Does someone besides Geert have any direct > experience with or hear of others trying this? > > 5. If I restrict the interface bindings to a VPN-only ethernet device (that > is itself isolated from the public internet), does this help with this > "upstream searching restriction"? > > > In any case, I will test this approach and report back what I find. > > ~Johnny > environment: > Ubuntu 20.04 > dnsmasq 2.80 > -- > > -- > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Minimal config: small # of A records, no upstream server
On 2020-07-02 12:57 PM, Geert Stappers wrote: On Thu, Jul 02, 2020 at 06:16:49AM -0500, Johnny Utahh wrote: On 2020-07-02 2:18 AM, Geert Stappers wrote: On Wed, Jul 01, 2020 at 10:06:36PM -0500, Johnny Utahh wrote: Hello, Do I need to make any edits/additions to the dnsmasq.conf below to support the following scenario? Ubuntu 20.04 dnsmasq 2.80 Details: I want to provide a _minimal_ DNS server. It *only* serves a few A records (from /etc/hosts). A key point: I want to make sure it does NOTHING else. No upstream-DNS-server/service connection. Any DNS requests sent to said server outside of the /etc/hosts A-record list will fail. Further: no DHCP, tftp, or any others. All of the other bells and whistles I do not know about: I want them disabled, too. Just plain old proper DNS records serving and associated error-condition handling. Additionally, the dnsmasq-based DNS server will bind/interface/respond-to only `eth8`. /etc/dnsmasq.conf: interface=eth8 no-dhcp-interface=eth8 That is indeed not enough for the desired use case. Thanks, quite good to know. What edits or additions (to the following `/etc/dnsmasq.conf` or any other file) are needed to serve this use case? Something that tells Dnsmasq to do non default things. server=127.0.0.1#13131 The idea is that dnsmasq does go searching for an upstream DNS. That it uses localhost port 13131. With nothing at 13131 should result in a "nothing here" and thus ending the DNS resolve attempt. If that truely gets back to the DNS client as "hostname not found" is unknown to me. In other words: Default behaviour of dnsmasq is to use the DNS available to the host. Original Poster doesn't want that, so should do something extra to prevent. But be aware that I never have travelled that road. Euh yes, I would like to hear how it went. I'm presuming the only issue here is preventing searches and potential "uplinks" with upstream DNS nameservers and that "disabling all other features" is addressed by the following settings: /etc/dnsmasq.conf: port=[myport] no-resolv no-poll interface=eth8 no-dhcp-interface=eth8 no-hosts addn-hosts=/etc/dnsmasq_a_records domain=[mydomain.tld] The idea is that dnsmasq does go searching for an upstream DNS. Okay, copy that, very helpful. It seems dnsmasq is currently determined to hunt for upstream namesevers and there's no elegant way to disable this... but I explore this point more-exhaustively with these points/comments: 1. I'm surprised there's no directive/setting to specifically prevent dnsmasq from searching for an upstream DNS. If so: why is my scenario (seemingly?) rare enough that such a feature (presumably?) was not needed? While this use case is not predominate, this does not seem like an uncommon use case, namely for "isolated VPNs." 2. Does `no-resolv` + `no-poll` effectively implement the feature described in #1? 3. I'm happy to implement `server=127.0.0.1#[unused_port_number]` to effectively provide the feature described in #1. However, I'm concerned about a couple, potential, derivative behaviors: 3.a. How certain are we that this "workaround" completely disables the upstream searching/connections? 3.b. Minor concern: does a continual attempt to connect with a non-served port (especially if it's a UDP request) effectively create some performance degradation over time (particularly if "reconnects" are attempted frequently)? 4. Are there truly, absolutely no other options to prevent upstream-nameserver searches? Does someone besides Geert have any direct experience with or hear of others trying this? 5. If I restrict the interface bindings to a VPN-only ethernet device (that is itself isolated from the public internet), does this help with this "upstream searching restriction"? In any case, I will test this approach and report back what I find. ~Johnny /environment: Ubuntu 20.04 //dnsmasq 2.80/ -- // -- // ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Minimal config: small # of A records, no upstream server
On Thu, Jul 02, 2020 at 06:16:49AM -0500, Johnny Utahh wrote: > On 2020-07-02 2:18 AM, Geert Stappers wrote: > > On Wed, Jul 01, 2020 at 10:06:36PM -0500, Johnny Utahh wrote: > > > Hello, > > > > > > Do I need to make any edits/additions to the dnsmasq.conf below to support > > > the following scenario? > > > > > > Ubuntu 20.04 > > > dnsmasq 2.80 > > > > > > Details: > > > > > > I want to provide a _minimal_ DNS server. It *only* serves a few A records > > > (from /etc/hosts). > > > > > > A key point: I want to make sure it does NOTHING else. No > > > upstream-DNS-server/service connection. Any DNS requests sent to said > > > server > > > outside of the /etc/hosts A-record list will fail. Further: no DHCP, tftp, > > > or any others. All of the other bells and whistles I do not know about: I > > > want them disabled, too. Just plain old proper DNS records serving and > > > associated error-condition handling. > > > > > > Additionally, the dnsmasq-based DNS server will bind/interface/respond-to > > > only `eth8`. > > > > > > > > > /etc/dnsmasq.conf: > > > interface=eth8 > > > no-dhcp-interface=eth8 > > > > > That is indeed not enough for the desired use case. > > > > Thanks, quite good to know. What edits or additions (to the following > `/etc/dnsmasq.conf` or any other file) are needed to serve this use case? Something that tells Dnsmasq to do non default things. server=127.0.0.1#13131 The idea is that dnsmasq does go searching for an upstream DNS. That it uses localhost port 13131. With nothing at 13131 should result in a "nothing here" and thus ending the DNS resolve attempt. If that truely gets back to the DNS client as "hostname not found" is unknown to me. In other words: Default behaviour of dnsmasq is to use the DNS available to the host. Original Poster doesn't want that, so should do something extra to prevent. But be aware that I never have travelled that road. Euh yes, I would like to hear how it went. > > Regards > > Geert Stappers > > While testing a new community member. New members are welcome. It is a duty of the whole community to let them blend in. Regards Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Minimal config: small # of A records, no upstream server
Does the following serve the use case (mentioned below)? I've updated my .conf, results below. I'm now intending records be read from `/etc/dnsmasq_a_records` and _not_ `/etc/hosts`. /etc/dnsmasq.conf: port=[myport] no-resolv no-poll interface=eth8 no-dhcp-interface=eth8 no-hosts addn-hosts=/etc/dnsmasq_a_records domain=[mydomain.tld] On 2020-07-02 6:16 AM, Johnny Utahh wrote: On 2020-07-02 2:18 AM CDT, Geert Stappers wrote: That is indeed not enough for the desired use case. Thanks, quite good to know. What edits or additions (to the following `/etc/dnsmasq.conf` or any other file) are needed to serve this use case? /etc/dnsmasq.conf: interface=eth8 no-dhcp-interface=eth8 On 2020-07-02 2:18 AM, Geert Stappers wrote: On Wed, Jul 01, 2020 at 10:06:36PM -0500, Johnny Utahh wrote: Hello, Do I need to make any edits/additions to the dnsmasq.conf below to support the following scenario? Ubuntu 20.04 dnsmasq 2.80 Details: I want to provide a _minimal_ DNS server. It *only* serves a few A records (from /etc/hosts). A key point: I want to make sure it does NOTHING else. No upstream-DNS-server/service connection. Any DNS requests sent to said server outside of the /etc/hosts A-record list will fail. Further: no DHCP, tftp, or any others. All of the other bells and whistles I do not know about: I want them disabled, too. Just plain old proper DNS records serving and associated error-condition handling. Additionally, the dnsmasq-based DNS server will bind/interface/respond-to only `eth8`. /etc/dnsmasq.conf: interface=eth8 no-dhcp-interface=eth8 That is indeed not enough for the desired use case. Regards Geert Stappers While testing a new community member. -- // ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -- // ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Minimal config: small # of A records, no upstream server
On 2020-07-02 2:18 AM CDT, Geert Stappers wrote: That is indeed not enough for the desired use case. Thanks, quite good to know. What edits or additions (to the following `/etc/dnsmasq.conf` or any other file) are needed to serve this use case? /etc/dnsmasq.conf: interface=eth8 no-dhcp-interface=eth8 On 2020-07-02 2:18 AM, Geert Stappers wrote: On Wed, Jul 01, 2020 at 10:06:36PM -0500, Johnny Utahh wrote: Hello, Do I need to make any edits/additions to the dnsmasq.conf below to support the following scenario? Ubuntu 20.04 dnsmasq 2.80 Details: I want to provide a _minimal_ DNS server. It *only* serves a few A records (from /etc/hosts). A key point: I want to make sure it does NOTHING else. No upstream-DNS-server/service connection. Any DNS requests sent to said server outside of the /etc/hosts A-record list will fail. Further: no DHCP, tftp, or any others. All of the other bells and whistles I do not know about: I want them disabled, too. Just plain old proper DNS records serving and associated error-condition handling. Additionally, the dnsmasq-based DNS server will bind/interface/respond-to only `eth8`. /etc/dnsmasq.conf: interface=eth8 no-dhcp-interface=eth8 That is indeed not enough for the desired use case. Regards Geert Stappers While testing a new community member. -- // ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Minimal config: small # of A records, no upstream server
On Wed, Jul 01, 2020 at 10:06:36PM -0500, Johnny Utahh wrote: > Hello, > > Do I need to make any edits/additions to the dnsmasq.conf below to support > the following scenario? > > Ubuntu 20.04 > dnsmasq 2.80 > > Details: > > I want to provide a _minimal_ DNS server. It *only* serves a few A records > (from /etc/hosts). > > A key point: I want to make sure it does NOTHING else. No > upstream-DNS-server/service connection. Any DNS requests sent to said server > outside of the /etc/hosts A-record list will fail. Further: no DHCP, tftp, > or any others. All of the other bells and whistles I do not know about: I > want them disabled, too. Just plain old proper DNS records serving and > associated error-condition handling. > > Additionally, the dnsmasq-based DNS server will bind/interface/respond-to > only `eth8`. > > >/etc/dnsmasq.conf: >interface=eth8 >no-dhcp-interface=eth8 > That is indeed not enough for the desired use case. Regards Geert Stappers While testing a new community member. -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Minimal config: small # of A records, no upstream server
Hello, Do I need to make any edits/additions to the dnsmasq.conf below to support the following scenario? Ubuntu 20.04 dnsmasq 2.80 Details: I want to provide a _minimal_ DNS server. It *only* serves a few A records (from /etc/hosts). A key point: I want to make sure it does NOTHING else. No upstream-DNS-server/service connection. Any DNS requests sent to said server outside of the /etc/hosts A-record list will fail. Further: no DHCP, tftp, or any others. All of the other bells and whistles I do not know about: I want them disabled, too. Just plain old proper DNS records serving and associated error-condition handling. Additionally, the dnsmasq-based DNS server will bind/interface/respond-to only `eth8`. /etc/dnsmasq.conf: interface=eth8 no-dhcp-interface=eth8 ~Johnny -- // ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss