Reading this wiki page, Wildcard_Records_in_DNS_Forwarder, doesn't answer how to blend two outcomes.
I would like to have a few subdomains/hosts point to their respective machines, but then have anything else point to one other machine.
How would one use the dnsmasq configuration screen to do this:
That is, first work through known hosts, if no match, then go here.
From my understanding it would work that way - just create the records.
And this is how it works.
C:\Windows\system32>dig anything.example.com +short
C:\Windows\system32>dig otherthing.example.com +short
C:\Windows\system32>dig billbob.example.com +short
C:\Windows\system32>dig spec.example.com +short
Your response offers a ray of sunshine. But the question remains:
How would one use the dnsmasq configuration screen in the pfsense web configurator to do this?
This screen has two parts: General Options advanced, and Host Overrides. Would I put the properly formatted statement for ???.example.com in the advanced field while retaining the other individual Host Overrides? Or replicate all the Host Overrides as properly formatted statements in the advanced field?
You put your wildcard in the advanced.
And then just put your specific hosts in the over ride sections
edit: I can post up a picture if you like.. But not really understanding why you would be confused on how to use the gui, its pretty straight forward. How to create a wild card is the trickier part ;)
The implied question was, what takes priority? It's not confusing what to put where (once given instruction on the wiki page).
What was not answered was, which part is dealt with first: the advanced field or the Host Overrides?
Your first response, "More specific should win over the wildcard," and, "this is how it works," was inferred to mean that dnsmasq can do such a thing, provided that the pfSense interface supplies the "list" to dnsmasq in a prepared order - that order being no order at all, the order added, alphabetical, or alphabetical with whatever is in the advanced field to follow.
The concern stems from this hypothetical scenario: the 16 host overrides are converted to "address=" statements and are listed after the wildcard statement in the advanced field. Like the firewall rules where the first firewall rule that matches wins the action, would dnsmasq process this list in the same fashion, or would dnsmasq scan the entire list looking for the best possible match?
Of two possible methods, a formatted statement in the advanced tab for the wildcard vs. having a Host Override entry where Host is blank, leads one to believe that pfSense processes the two parts of this form differently and/or gives to dnsmasq these two data items in a different fashion. Such an assumption could be absolutely wrong.
(When I say Host is blank, not actually having tried it, I see that the Add/Edit Host screen does not have the Host legend emboldened, which I infer meaning it is optional.)
I think your overthinking it ;)
Not sure what it matters, they all apply to the same config. Be it you put it as advanced option that I believe get applied when the service starts or actual entries. If what your saying is that you can just leave host blank or use say * for host works. then I have access to edit the doc wiki and could update that article to reflect the host over ride way of doing it.
But if there is a more specific entry, then that gets used - if there is not and there is a wildcard entry pointing to something, then that would be used.
edit: just did a test and no leaving the host blank does not work as a wildcard, and you can not put in * as hostname. It resolves example.com to the ip you put in there. but does not resolve anything.example.com like the advanced option does.
So create your specific entries via the host overrides, and then use advanced as your wildcard entry.
as specific host override entries and then you create advanced for example.com 18.104.22.168
If you query one, two or three you will resolve the specific entry. If you then query five.example.com or something.example.com or somethingelse.example.com those will all hit the wild entry since nothing specific set for them and resolve to 22.214.171.124
edit2: When I get a chance today I will update the article to reflect this and give such an example. Should make it clearer for the next guy.
edit3: Ok edits made, take a look - if you would like something more in the article just let me know. But I think my edits should make it clearer for your scenario.
Over-thinking and being overly-cautious/overly-curious sometimes looks the same.
Thank you for the wiki page update.
To close out this conversation, I will say that I am allowing the Apache Server's vhosts to sort out the myriad subdomains/hosts for my internal LAN.
I hear ya, I would consider myself overly-curious as well.
I did those updates in a couple of minutes, if you have any suggestions on rewording or better examples - just let me know and we can edit the page.
You don't seem to have all that many posts as of yet, but if you wanting to contribute to making the wiki better.. You can ask for an account and can create your own pages and edits, etc.
I am a big fan of too much information ;) Helps with the over-curious nature.. And examples of what happens and how it works is always a good thing. Pictures can paint a 1000 words sort of thing.