DNS entry for server with multiple interfaces

  • Hi,

    I'm using pfsense as firewall and dns server in our company and have the following issue now:

    I have a server that has several interfaces in different vlans (afp doesn't work if there is a router in between …)

    we use staic dhcp mappings and i want the server to be reachable in every subnet with the same hostname.

    problem is now, that dnsmasq serves both ip addresses via dns with roundrobin.


    my client is in, the server has ip in and one in

    when i do a nslookup on my client i get both ips back:

    Name: server

    Name: server

    the next time, it is the other way round ...

    is there a way to let dnsmasq decide which ip to give back to the client, depending of the subnet the reuest was from?

    thx, Armin

  • From the dnsmasq man page (e.g. http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html) :

    -y, –localise-queries
    Return answers to DNS queries from /etc/hosts which depend on the interface over which the query was received. If a name in /etc/hosts has more than one address associated with it, and at least one of those addresses is on the same subnet as the interface to which the query was sent, then return only the address(es) on that subnet. This allows for a server to have multiple addresses in /etc/hosts corresponding to each of its interfaces, and hosts will get the correct address based on which network they are attached to. Currently this facility is limited to IPv4.

    This looks like a good and harmless thing for all use cases - can anyone think of a use case where this would NOT be desirable?

    You could try it by editing /etc/inc.services.inc - look for "/* run dnsmasq */" - add to the dnsmasq command on the line below "–localise-queries"

    If there is a reason not to do this in some cases, it could easily be made a selectable option on the DNS Forwarder GUI.

  • DNS forwarder command line options can be added to Services -> DNS Forwarder then clicking on the Advanced button and adding the command line options in the box that appears.

  • Yep, works like a bought one ;) I connected my laptop to the WiFi and physical LAN at the same time, allocated static mappings with the same computer name for each connection with addresses in those 2 subnets. "Register DHCP static mappings in DNS forwarder" is on. nslookup from the LAN gives me back 2 addresses.
    Put "localise-queries" in the Advanced box - note, you don't put in the "–", the code does that for you underneath.
    Now nslookup just returns me the address local to the subnet I am on.

  • thx. that works perfect. exactly what i was looking for.

Log in to reply