Home / server / Questions / 419828
Accepted
RomanSt
Asked: 2012-08-22 13:37:55 +0800 CST

DNSMasq swallows local A-entries

  • 772

When I query the ISP's DNS server for foo.example.com, it comes back with something like this:

;; ANSWER SECTION:
foo.example.com. 159 IN A       192.168.40.20

(note that the IP address is a local one)

When I do the same over DNSMasq, the response is empty; the A record is missing. It works fine for every other address I've tried.

What is this, a mis-configuration of DNSMasq, a bug, or expected behaviour?

domain-name-system

2 Answers

  1. Best Answer

    You probably have dnsmasq's rebind protection enabled with this option: 

       --stop-dns-rebind
          Reject (and log) addresses from upstream nameservers  which  are
          in  the private IP ranges. This blocks an attack where a browser
          behind a firewall  is  used  to  probe  machines  on  the  local
          network.

    You can disable this entirely by removing this option, or you can whitelist certain domains using this option:

    --rebind-domain-ok=example.com
    • 4

  2. I think it could be Bind9 view feature, especially if your DNSMasq is not in the same ip range as your PC

    The view statement is a powerful new feature of BIND 9 that lets a name server answer a DNS query differently depending on who is asking (...) more

    • 0