Reputation: 11
How to route only local addresses using dnsmasq
I'm trying to have the dnsmasq of a server only listen to and respond to queries within a local network using their private IP addresses. All of the hosts needed are already on the /etc/host file, so all I need to do is configure the dnsmasq.conf file so that it only responds to local-only domains.
While researching, I've only found documents for "How to create a DNS/DHCP server using dnsmasq" but not much on routing to only certain IP addresses.
I've tried the instructions from this link: https://www.linux.com/training-tutorials/dnsmasq-easy-lan-name-services/ and it put dnsmasq in a failed state.
When I used listen-address=[private ip] in the dnsmasq.conf file, I did nslookup for the servers that are supposed to be on the private network but it been showing the public ip for the server and address.
Upvotes: 1
Views: 7191
Answers (1)
Reputation: 1578
You should consult the official dnsmasq man page. In particular the local-service and localise-queries options:
--local-serviceAccept DNS queries only from hosts whose address is on a local subnet, ie a subnet for which an interface exists on the server. This option only has effect if there are no
--interface,--except-interface,--listen-addressor--auth-serveroptions. It is in tended to be set as a default on installation, to allow unconfigured installations to be useful but also safe from being used for DNS amplification attacks.
-y,--localise-queriesReturn answers to DNS queries from
/etc/hostsand--interface-namewhich depend on the interface over which the query was received. If a name has more than one address associated with it, and at least one of those addresses is on the same subnet as the interface to which the query was sent, then return only the address(es) on that subnet. This allows for a server to have multiple addresses in/etc/hostscorresponding to each of its interfaces, and hosts will get the correct address based on which network they are attached to. Currently this facility is limited to IPv4.
The first option local-service addresses your first concern, so that dnsmasq will only answer queries from hosts on the same subnet. The second option localise-queries will return answers with IP addresses from the same subnet if there are multiple IP addresses for a given name known to dnsmasq.
Upvotes: 1
Related Questions
- dnsmasq tags and conditional dns server
- dnsmasq, serve different ip addresses based on interface used
- dnsmasq - forwarding local dns queries
- Make dnsmasq NOT server the local server?
- wildcard paths in dnsmasq?
- dnsmasq - resolve all domains, including path, to the same address
- How to specify two or more gateways in dnsmasq
- dnsmasq only working on local machine
- How to configure DNSmasq to resolve an address always giving the current public ip on a specific network
- dnsmasq & multiple addresses