dnsmasq / wildcards

Discussion:

dnsmasq / wildcards

J.D. Bronson

2010-01-20 12:01:48 UTC

Is there work in progress to add wildcards to dnsmasq?

I run dnsmasq and fill in all of my network hosts and of course if it
can't answer, then it forwards to OpenDNS for answers.

However I have noticed that windows7 seems to look to look up weird
things on my domain (like ipad.domain.com and some weird
*._udp.domain.com stuff) - and I am trying to prevent that noise from
reaching the OpenDNS servers.

If we could put a wildcard after all of the entries in the dnsmasq hosts
file, then I could filter out this noise.

Any thoughts? - tinyDNS is not an option for me. I can't tolerate it and
there isnt any bind9 package I could find. I usually roll my own bind9,
but pfsense isnt setup to install things manually like that.
--
J.D. Bronson
Information Technology
Aurora Health Care - Milwaukee WI

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Chris Buechler

2010-01-20 22:10:55 UTC

Permalink

Post by J.D. Bronson
Is there work in progress to add wildcards to dnsmasq?
I run dnsmasq and fill in all of my network hosts and of course if it can't
answer, then it forwards to OpenDNS for answers.
However I have noticed that windows7 seems to look to look up weird things
on my domain (like ipad.domain.com and some weird *._udp.domain.com stuff) -
and I am trying to prevent that noise from reaching the OpenDNS servers.
If we could put a wildcard after all of the entries in the dnsmasq hosts
file, then I could filter out this noise.

Not sure offhand if it's capable of doing that, it's not in the GUI at
least. As a workaround, if you have an internal DNS server for those
domains you can forward the entire domain to an internal server, which
will keep it from getting to OpenDNS.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Bruce Walker

2010-01-21 00:46:54 UTC

Permalink

Post by Chris Buechler

I create a custom dnsmasq.conf file and upload it to
/usr/local/etc/dnsmasq.conf (via the 'Diagnostics: Execute command' menu)

In that file I add entries for the domains that I'd like to return
NXDOMAIN for, like this:

local=/_dns-sd._udp.my-domain.com/
local=/doubleclick.net/

Works great!

-bmw

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

J.D. Bronson

2010-01-21 00:52:08 UTC

Permalink

Post by Bruce Walker
I create a custom dnsmasq.conf file and upload it to
/usr/local/etc/dnsmasq.conf (via the 'Diagnostics: Execute command' menu)
In that file I add entries for the domains that I'd like to return
local=/_dns-sd._udp.my-domain.com/
local=/doubleclick.net/
Works great!

This is exactly what I was looking for.
I do have a list of all of my internal machines but didnt think of this.
So the syntax is as you have listed above?

local=/blah.domain.com/

?

thanks,
--
J.D. Bronson
Information Technology
Aurora Health Care - Milwaukee WI
Office: 414.978.8282 // Fax: 414.978.3988

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Bruce Walker

2010-01-21 01:01:28 UTC

Permalink

Post by J.D. Bronson

This is exactly what I was looking for.
I do have a list of all of my internal machines but didnt think of this.
So the syntax is as you have listed above?
local=/blah.domain.com/
?
thanks,

That's correct; you need the forward slashes like that. The full syntax
is described in here ...

http://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

... under the -S option. It's a rather inscrutable description but the
relevant bit is:

"Also permitted is a -S flag which gives a domain but no IP address;
this tells dnsmasq that a domain is local and it may answer queries from
/etc/hosts or DHCP but should never forward queries on that domain to
any upstream servers."

Note that it matches all sub-domains of your spec'ed domain as well.
*Probably* what you want anyway.

Cheers!

-bmw

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

J.D. Bronson

2010-01-21 01:25:51 UTC

Permalink

Post by Bruce Walker
"Also permitted is a -S flag which gives a domain but no IP address;
this tells dnsmasq that a domain is local and it may answer queries from
/etc/hosts or DHCP but should never forward queries on that domain to
any upstream servers."

Thats exactly what I was seeking.

If it isnt listed in the hosts, it was forwarding to upstream for
resolution even though it was within the local domain.

Thats annoying and I wonder why that's the default?

Thanks for the tip..
--
J.D. Bronson
Information Technology
Aurora Health Care - Milwaukee WI
Office: 414.978.8282 // Fax: 414.978.3988

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org