LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-21-2018, 04:02 PM   #1
vikingGoalie
LQ Newbie
 
Registered: Mar 2018
Posts: 15

Rep: Reputation: Disabled
Dnsmasq question


so what I'm trying to do is this.
I would like a series of url's to resolve to one address.

For example.

inst1.mysite.com
inst2.mysite.com
...
instN.mysite.com

to all resolve to the same IP address.
I accomplished this by using dnsmasq. I only want this on this workstation on my local network so I set the listen-address to 127.0.0.1

dnsmasq.conf
Quote:
listen-address=127.0.0.1
port=53
bind-interfaces
user=dnsmasq
group=dnsmasq
pid-file=/var/run/dnsmasq.pid
domain-needed
bogus-priv
no-hosts
dns-forward-max=150
cache-size=1000
no-negcache
neg-ttl=3600
resolv-file=/etc/resolv.dnsmasq
no-poll
address=/mysite.com/10.10.1.100
That works as expected. I can resolve *.mysite.com to 10.10.1.100.
I can also ping anything on the internet as in my resolv.dnsmasq file I put in my asus router's IP which handles getting the dns from IP provider and so on.

The problem is this.
When dnsmasq is up and going, the other internal computers on my workstation's subnet no longer resolve. Previously hitting 10.1.1.1 as my nameserver (in resolv.conf) they all resolved flawlessly. As a computer would come online and get it's dhcp address handed to it the router would handle all dns requests going through it for those machines.

But now I get this. In this example I first do a nslookup with dnsmasq off, then I turn it on and do a nslookup.
Quote:
bash-4.4$ nslookup rollo
Server: 10.1.1.1
Address: 10.1.1.1#53

Name: rollo
Address: 10.1.1.183

bash-4.4$ systemctl start dnsmasq
bash-4.4$ nslookup rollo
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
*** Can't find rollo: No answer
I'm on Fedora 28. I swear this all worked previously o Fedora 23.

My understanding is that having the 10.1.1.1 listed as an upstream dns serer that it should forward requests it doesn't know about to it, but it is not, but only for local workstations.
Things outside my local network seem to still work fine.
i.e.
Quote:
bash-4.4$ cat /etc/redhat-release
Fedora release 28 (Twenty Eight)
bash-4.4$ nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: google.com
Address: 172.217.7.142
Name: google.com
Address: 2607:f8b0:4004:805::200e

bash-4.4$ systemctl stop dnsmasq
bash-4.4$ nslookup google.com
Server: 10.1.1.1
Address: 10.1.1.1#53

Non-authoritative answer:
Name: google.com
Address: 172.217.7.142
Name: google.com
Address: 2607:f8b0:4004:805::200e
My network FU needs some help here So if someone can tell me what's up here I'd appreciate it.
 
Old 09-23-2018, 09:40 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
So if you only need those hosts to resolve on your own workstation, why not just put those names/addresses into your local /etc/hosts file, and not run any sort of DNS at all?
 
Old 09-23-2018, 01:27 PM   #3
vikingGoalie
LQ Newbie
 
Registered: Mar 2018
Posts: 15

Original Poster
Rep: Reputation: Disabled
because then I have to manage static IP's.
So first off I don't want to have static IP's unless I have to.
Secondly I can spin up vm's, be they websites, or cluster nodes that I'm noodlin with, and it's really handy to just do that and resolv the name, and to not worry about IP clashes.

It's just very odd to me that if, for example, I'm on the 10.1.1.* network on my workstation and that I can not dns resolve any other machine on 10.1.1.* with dnsmasq on, but yet I can resolve everything else. It's like dnsmasq is taking over for router and when the router is referred to for dns lookups that router only passes it upstream and doesn't do it's normal thing of resolving local machines.

not sure why, was hoping some one here might know.
 
Old 09-23-2018, 02:01 PM   #4
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.9.2009
Posts: 5,708

Rep: Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210
Code:
I would like a series of url's to resolve to one address.
Not sure exactly what you're trying to do, but resolving several urls to one IP address is usually done in the web server configuration, not by using DNS.

Not sure what I was thinking...Yes, you need to set up some kind of name to IP resolution in /etc/hosts or DNS...sorry.

Last edited by scasey; 09-23-2018 at 02:03 PM.
 
Old 09-23-2018, 02:13 PM   #5
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by vikingGoalie View Post
because then I have to manage static IP's. So first off I don't want to have static IP's unless I have to. Secondly I can spin up vm's, be they websites, or cluster nodes that I'm noodlin with, and it's really handy to just do that and resolv the name, and to not worry about IP clashes.

It's just very odd to me that if, for example, I'm on the 10.1.1.* network on my workstation and that I can not dns resolve any other machine on 10.1.1.* with dnsmasq on, but yet I can resolve everything else. It's like dnsmasq is taking over for router and when the router is referred to for dns lookups that router only passes it upstream and doesn't do it's normal thing of resolving local machines.
Understand what you're saying, but seems to me like you're doing the same thing in either case.

You'd have to edit things in dnsmasq to reflect any changes...just like you would have to edit /etc/hosts. So you're still editing files to reflect changes that only affect one workstation. Not saving a whole lot of effort, unless multiple machines are accessing DNS on that box, which it sounds like you don't want.

You may want to try:
Code:
listen-address=127.0.0.1
interface=lo
bind-interfaces
...in that order, to see if specifying the loopback device by name makes a difference.
 
Old 09-23-2018, 08:00 PM   #6
vikingGoalie
LQ Newbie
 
Registered: Mar 2018
Posts: 15

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by TB0ne View Post
Understand what you're saying, but seems to me like you're doing the same thing in either case.

You'd have to edit things in dnsmasq to reflect any changes...just like you would have to edit /etc/hosts. So you're still editing files to reflect changes that only affect one workstation. Not saving a whole lot of effort, unless multiple machines are accessing DNS on that box, which it sounds like you don't want.

You may want to try:
Code:
listen-address=127.0.0.1
interface=lo
bind-interfaces
...in that order, to see if specifying the loopback device by name makes a difference.
So to the later part, didn't make a difference putting the interface line in.
To the former part. To an extent yes you are correct i Have to manage "some" static IP's. The difference is this.
I have an application that I'm working on, where the base url is "mysite.com" (that's not it but works for this reference).
It is a multi-tenant application, and the way the different tenants come in is by putting in their tenant in the url. i.e. "tenant1.mysite.com"
That hits the application it parses out the tenant1 to know who it is and enforce the multi-tenancy rules around that.

So. That means I have a complete variable number of tenants that can grow quite a bit. DNSmasq saves the day here for my development enviro as I can dynamically spin up sites/tenants and it just wildcard's all the *.mysite.com to the same IP.
The pain is, things like, say, my printer which is wireless and totally dynamic could change it's IP and I wouldn't resolve to it anymore. Or my nas backup. (if i had those as host entries) My kids have a few computers on this and I haven't segmented out the network really, my wife uses the home network for her work as well. My experience is static IP's should be used with caution.

So while it's pretty easy for me to manage a handful of static IP's for VM's that I run my application off of using dnsmasq.conf. It would be a pain to static out everything else, I certainly *can* go into my router and bind every last device that I care about to static IP's and segment off that range from dhcp. But that's not a good way to go.
It's just damn odd to me that dnsmasq is working flawlessly except for machines on the same subnet. There seems like there shoudl be a configuration setting to get around this or I did something wrong. I'll keep diggin. tx
 
Old 09-24-2018, 07:14 AM   #7
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by vikingGoalie View Post
So to the later part, didn't make a difference putting the interface line in.
Then you're right; there is something VERY odd going on, because that should have bound dnsmasq to lo (a note: did you verify that you had 'lo', and not 'lo0'?), which doesn't exist outside your system.

You could also try to totally block the DNS port 53:
Code:
 /sbin/iptables -A INPUT -p tcp --destination-port 53 -j DROP
..so any incoming requests on port 53 get dropped.
Quote:
To the former part. To an extent yes you are correct i Have to manage "some" static IP's. The difference is this. I have an application that I'm working on, where the base url is "mysite.com" (that's not it but works for this reference). It is a multi-tenant application, and the way the different tenants come in is by putting in their tenant in the url. i.e. "tenant1.mysite.com" That hits the application it parses out the tenant1 to know who it is and enforce the multi-tenancy rules around that.

So. That means I have a complete variable number of tenants that can grow quite a bit. DNSmasq saves the day here for my development enviro as I can dynamically spin up sites/tenants and it just wildcard's all the *.mysite.com to the same IP. The pain is, things like, say, my printer which is wireless and totally dynamic could change it's IP and I wouldn't resolve to it anymore. Or my nas backup. (if i had those as host entries) My kids have a few computers on this and I haven't segmented out the network really, my wife uses the home network for her work as well. My experience is static IP's should be used with caution.

So while it's pretty easy for me to manage a handful of static IP's for VM's that I run my application off of using dnsmasq.conf. It would be a pain to static out everything else, I certainly *can* go into my router and bind every last device that I care about to static IP's and segment off that range from dhcp. But that's not a good way to go.
It's just damn odd to me that dnsmasq is working flawlessly except for machines on the same subnet. There seems like there shoudl be a configuration setting to get around this or I did something wrong. I'll keep diggin. tx
Understand what you mean. Try the iptables rule too.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] dnsmasq question: custom mapping of IP address to MAC FlinchX Slackware 6 03-18-2018 07:43 AM
dnsmasq question Woodsman Slackware 5 12-20-2012 07:28 AM
Dnsmasq TTL question Fredde87 Linux - Software 1 04-19-2010 08:31 AM
dnsmasq doubt/question dpballey Slackware 15 03-05-2008 01:56 PM
dnsmasq question davepass Linux - Software 0 02-25-2006 04:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration