On 20/06/11 22:05, Joshua Lamorie wrote:
Gidday there,
Is it possible to tell dnsmasq to drop every request (or reply NXDOMAIN
or SERVFAIL or whatever) except for the requests it knows about plus the
requests it knows that a 'peer' dnsmasq knows about?
I have a couple of test networks (A.foo.com and B.foo.com) that are
isolated from the rest of the interweb. They are also separated from
each other by a link emulator that provides variable levels of
connectivity.
Each LAN has a single dnsmasq instance and so far is quite capable to
perform DHCP tasks for the LAN and provide name resolution to the local
LAN as well as forwarding (and receiving) requests to the other LAN.
For example, client.A.foo.com requests www.B.foo.com from dns.A.foo.com
and successfully receives the address.
However, these LANs have some stock ubuntu and fedora boxen that are
constantly trying to find various things such as pool.ntp.org,
fedora.org, evil-lair.shuttleworth.canonical.com, etc.
When my dnsmasq servers receive these requests they seem to bounce back
and forth and cause a lot of traffic and funny delays. I've looked
around the mailing list, FAQ and manual and I can't find any explicit
switch similar to
--drop-every-request-I-dont-know-about-and-dont-forward-it-neither
Thanks in advance
Joshua
--no-resolv
--server/A.foo.com/<ip of A.foo.com>
should do it. (and the mirror image for B, of course) The trick is to
stop dnsmasq from finding upstream servers in /etc/resolv.conf.
HTH
Simon.
