nareshovの日記

(TL note: nareshov's diary)

Using Dnsmasq to serve from a central /etc/hosts

leave a comment »

Recently at $work, I came across a situation where: a. public DNS records are served off of a GoDaddy account and b. a couple of domain names needed a office network-wide override pointing it to IPs in the local network.

i.e.

dig +short @8.8.8.8 qa.example.com

<returns public IP>

dig +short qa.example.com

<returns private IP>

If there aren’t too many consumers for this name resolution, we could’ve done with putting in entries into /etc/hosts on each consumer host. But our consumer hosts included a lot of android phones. And we didn’t want to root them all to be able to modify their /etc/hosts.

If we were running our own DNS server in our DMZ, we could’ve configured the infamous split-DNS setup through BIND or tinydns. (Un)fortunately, we didn’t.

The first "workaround" to this was to maintain a duplicate zone for example.com on our local DNS server (the one served by our DHCP server) and override the records as required. This would soon start to suck.

A colleague of mine – who didn’t take my word that the above two methods are our only options available – persevered through the PowerDNS docs and found an option where it could serve off the host’s /etc/hosts file. Now what was brilliant about this was, adding a ‘192.168.1.223 qa.example.com’ into /etc/hosts effectively solved the problem we had!

We didn’t really needed a full-fledged DNS server like PowerDNS and I looked if dnsmasq could solve the same problem – and it does.

[root@blr-vbox1 ~]# egrep -v ‘^#|^\B+’ /etc/dnsmasq.conf
bogus-priv
resolv-file=/etc/resolv.conf.isp
interface=eth0
no-dhcp-interface=eth0
no-dhcp-interface=lo0
conf-dir=/etc/dnsmasq.d

Our ISP’s DNS servers go into /etc/resolv.conf.isp

Ensure that the host that’s running dnsmasq has only ‘nameserver 127.0.0.1’ in /etc/resolv.conf and put in all your entries to be served into /etc/hosts.

Advertisements

Written by Naresh

December 2, 2011 at 12:12 pm

Posted in LAN, Work Life

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: