openresolv-discuss

Home Other Lists Thread Index Date Index Search
Thread Prev Thread Next Date Prev Date Next Thread Index Date Index

Re: Restrict DNS to given interface?

Roy Marples

Tue Aug 14 22:41:16 2012
Hi

On 14/08/2012 23:06, Ed W wrote:

Hi, DNSMasq has an option to restrict the use of a DNS server to a
specific interface. (format is server=1.2.3.4@eth1 )
No, it means that queries to that DNS server 1.2.3.4 will be sent via eth1. AFAIK it has no relevance in DNSmasq selecting which DNS server to actually query. 


For several situations I would like to limit my DNS as far as
possible to specific upstream servers, however, in the case of captive 
portals and wifi access it's often necessary to compromise and allow
some new DNS server to be used since others might be blocked. I would 
like to avoid "tainting" traffic by avoiding that DNS server where I
can

Ideally this is a feature request that dhcpcd can be set to restrict
dns to just that interface and in turn it indicates this to
openresolv, which in turn would only support this on the subset of
resolvers which can limit requests by interface

I'm not actually sure that this isn't a very common use case for the
situation of having a globally accessible DNS
(OpenDNS/GoogleDNS/Something Else), but various interfaces are trying
to add additional DNS servers.  Eg adding my 3G data card as an
available backup route is currently adding those DNS entries even
though I might be using a DSL line at present.  DNSmasq is smart
enough to latch on to the "fastest responding server", but in the
event that not all DNS servers are the same, then I would prefer to
lock the 3G DNS server to only be available over that 3G connection.

Would you consider such a feature request? Is there some existing
ability that I might have overlooked that can implement this?


I'm not entirely sure what you're asking for.
An application generally tells the host "I want to look up domain foo".
At no point in this request is an interface specificed - it's interface agnostic.
However, it's possible for openresolv to configure DNSmasq (unbound, bind) to only send queries for domain foo to 1.2.3.4. 
But I'm not sure this is what you want either.
What openresolv can do is prefer each interface by metric as such and force an ordering on the DNS servers listed. Generally DNS resolvers try the forwarders in order first and you can force DNSmasq to do this by using the strict-order option. Doing this, your 3G DNS servers will be last in the food chain and only used if all else fails. 

Thanks

Roy
Follow-Ups:
Re: Restrict DNS to given interface?Ed W
References:
Restrict DNS to given interface?Ed W
Archive administrator: postmaster@marples.name