In a DNS bind? Get Out With dnsmasq - Page 2

By Carla Schroder | Posted Jul 6, 2004
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

DHCP Server

The simplest way to use the DHCP server in Dnsmasq is to set the hostnames on each host on your LAN. Then make these edits to /etc/dnsmasq.conf:

expand-hosts
domain=test.net (use your own domain here, of course)
dhcp-range=192.168.1.100,192.168.1.150,168h

The first line automatically expands the hostnames to include the domain name, which is specified on the next line. The third line shows how to set a range of IP addresses for your DHCP pool, with a 168-hour lease. You can set the lease to any interval you like, either in hours (h) or minutes (m) or infinite, for a permanent lease.

Setting Hostnames Correctly
The key to making all this work nicely is to have hostnames correctly configured on your PCs. On most Linux systems, you must edit /etc/hostname. /etc/hostname sets only the system's hostname:

workstation1

On Red Hat and Fedora, you must edit /etc/sysconfig/network instead of /etc/hostname:

HOSTNAME=workstation1

Anytime you change the hostname, you must reboot. Then you can check your work with the hostname command:

$ hostname
workstation1

Foiling Sitefinder and Related Foolishnesses

Verisign's Sitefinder has gone away, for the moment, but they are making noises about trying again. A number of registries for various domains still do it. For those who have mercifully erased this nonsense from their memory banks: Sitefinder, instead of returning a proper NXDOMAIN response for non-existent .com and .net addresses, instead re-directed to a Verisign search page. Which broke DNS, messed up applications that depended on accurate DNS queries, subjected users to yet more advertising, and did not help anyone at all. Except Verisign, who collected ad revenue.

As usual, the tech community swiftly responded with various workarounds. Should Sitefinder return, or you encounter other that registries implement a similar "service", Dnsmasq can foil it. Simply enter the offending IP address in /etc/dnsmasq.conf:

bogus-nxdomain=64.94.110.11

That was the IP used by Sitefinder, so all DNS redirected to that IP is considered bogus, and forced to return a proper NXDOMAIN response. This page has a list of other offending IPs that do, or have done, the same thing. Testing for this DNS-breaking silliness is simple enough, using the host command and bogus addresses:

$ host jd89hv8eef09jvoiuew90ofhjyfhf.ws
jd89hv8eef09jvoiuew90ofhjyfhf.ws has address 216.35.187.246

Oho, a live one! A correct response would be

Host jd89hv8eef09jvoiuew90ofhjyfhf.ws not found: 3(NXDOMAIN)

Try www.jd89hv8eef09jvoiuew90ofhjyfhf.ws in a Web browser, and see what you get. Not a correct "Page not found", but one of those annoying registrar pages. You should probably try a few improbable domain names just to make sure. When you're certain you've tracked down a bogus redirect IP, in this example 216.35.187.246, just slap it into /etc/dnsmasq.conf:

bogus-nxdomain=216.35.187.246

Documentation

See /etc/dnsmasq.conf for a lot of good, well-commented examples, and dnsmasq (8) for complete options, and more examples.

Resources

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter