QUESTION: How to implement Split Horizon DNS with dnsmasq?

Started by Kornelius777, Today at 06:47:42 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 06:47:42 AM
Dear all,

what was pretty easy with ISC, "somehow" doesn't want to fly using dnsmasq.

Using the option "forward first" in unbound appears not to work correctly.
At least, on my side, that option didn't bring any success.

Has anyone been able to implement Split Horizon DNS aka Split Brain DNS so far?
Would you mind sharing your thoughts and ideas with me?

Kind regards,
Today at 08:18:48 AM #1
Quote from: Kornelius777 on Today at 06:47:42 AMwhat was pretty easy with ISC

Since ISC does not do DNS I wonder what exactly it was you implemented? The recursive DNS server that went with ISC DHCP was Unbound so that part should work now just like it did back then?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 08:25:25 AM #2
Of course, it was unbound - and still is.

Nevertheless,
the whole host implementation was done with the help of ISC.
Now, it shall be realized via dnsmasq.

Unbound however appears not to play well with dnsmasq, yet.

Yet again my question:

How would you implement a Split Horizon DNS setup?

Kind regards,
Today at 09:10:16 AM #3
I still fail to see the connection with ISC and/or DNSmasq. Is it about handing different DNS server addresses to clients in different networks? Or about DNS updates from DHCP leases? Or what else?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 12:15:32 PM #4
It's about Split Horizon DNS.

Query "host.domain.tld" from outside and get a different result if you query "host.domain.tld" from inside. Same domain name. Same hostname.

Furthermore:
If "host.domain.tld" is non-existent on the LAN but exists in the outside world:
Resolve it nevertheless - however, forward the query into the internet.

This works nicely (and is well implemented into unbound) if you use ISC.
I do not get it working if I have to use dnsmasq behind unbound (as is proposed for 26.1 onwards).


And once more my request:
How can I implement this using dnsmasq behind unbound?
What is the tweak?
Today at 12:55:47 PM #5
Quote from: Kornelius777 on Today at 12:15:32 PMQuery "host.domain.tld" from outside and get a different result if you query "host.domain.tld" from inside.

Yes, perfectly understood. I don't get in which way the DHCP server - ISC or DNSmasq - plays into that.

Are you using DNSmasq for DNS? That's what I did not get at first. Then the solution is simple: don't. Only use Unbound for DNS like you used to and use DNSmasq strictly for DHCP. Or switch to Kea for that.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 01:02:20 PM #6
Well.
"Don't" doesn't help me answer my question.
Maybe, somebody could explain how this CAN be implemented (as concrete as possible)

Thank you kindly.
Today at 01:02:55 PM #7
Just use only Unbound for DNS - what is wrong with that?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions