[TriLUG] dnsmasq and VPN

Kevin Otte nivex at nivex.net
Wed Aug 1 11:08:49 EDT 2012


I believe you are correct. You cannot have your cake and eat it too. 
This is just the hierarchical nature of DNS.

That's not to say it wasn't an interesting question. I poured over the 
dnsmasq man page looking for some combination of exceptions, but I kept 
running into that hierarchy issue.

There *is*, however, a way to exempt individual hosts within the domain. 
A slight variation on Joseph's suggestion later in the thread: create a 
record like "router.home.example.com" and exempt it with:

--server=/router.home.example.com/#

I ran into similar problems where I used to have "home.nivex.net" as a 
CNAME to a DynDNS host, but I wanted to start putting hosts in that 
domain for use with IPv6. Top level of domain and CNAME obviously aren't 
going to mix too well, so I created "v4.home.nivex.net" to fulfill the 
same role. Did have to change a bunch of VPN endpoints, but the result 
was worthwhile in my opinion.

Happy hacking!

-- Kevin

On 07/31/2012 10:49 AM, Alan Porter wrote:
>
> When I am away from home, I use openvpn to connect to my home router. I
> can set up dnsmasq on my local machine to send DNS queries to my home
> router for all home addresses using this line:
>
> server=/home.example.com/172.31.1.1
>
> Meaning "send all requests for *.home.example.com" to 172.31.1.1 for
> resolution.
>
> It works great... except I would like it to EXCLUDE "home.example.com"
> itself from that rule. That's the router itself, and I want to resolve
> its address using its normal resolvers, and not by tunneling through the
> VPN to ask for its internal address.
>
> If my router's address were fixed, I could add a line like
> "address=/home.example.com/98.97.96.95" to the config file and that
> would work. But my IP is not static... it's dynamic. I have tried
> "ptr-record=home.example.com,example.dyndns.org" to tell dnsmasq to go
> look up the dyndns record for my home. But that does not seem to work.
>
> I can't seem to have my cake and eat it, too. Does someone know the
> magic dnsmasq-fu to make it resolve that one address using its other
> resolvers, but everything WITHIN that domain using my home router?
>




More information about the TriLUG mailing list