New option in DNS WINS Server setup question

[R1-Limited]

Just curious as to the intent and what this new option does

Forward local domain queries to upstream DNS Yes / No

Thanks in Advanced

 

[Nullity]

I think it means when you attempt to resolve "computer.localdomain" the router, instead of giving you the resolved local/LAN IP of that host, will forward you request to your upstream DNS servers (which you configured elsewhere in the GUI).

You usually want local hosts resolved locally, unless you have a local DNS server elsewhere on your LAN.


If you want the most accurate answer, look up the dnsmasq documentation. Dnsmasq is what the router uses for DHCP and DNS forwarding/caching.

 

[kevindb]

It adds '-local' & '-bogus-priv' options to dnsmasq. The intent is that lookups for the local domain, both forward and reverse, are constrained to dnsmasq's knowledge and not forwarded in any way to your ISP's servers.

From an IP address perspective, the vast majority of us will be using private non-globally internet routable IP addresses, therefore it makes no sense whatsoever to forward '192.168' reverse lookups and increase the load on the root DNS servers etc.

Similarly forward lookups for a private local domains like 'local.' shouldn't really be forwarded to the wider DNS servers... if we don't know then they won't either so why bother asking.

There are hybrid cases (split brain DNS) as I have where a proper domain is in use but with mostly private IP addresses. In this case I set the 'forward option' to 'yes' but manually append a 'bogus-priv' option to dnsmasq.conf. In other words forward lookups for my domain can go to the wider internet but the reverses never do as there's no point as I've private IP addresses.

 

[DSwit]

Just curious as to the intent and what this new option does

Forward local domain queries to upstream DNS Yes / No

Thanks in Advanced

If you look at the router logs you may see all local domain searches are being forwarded to your wan dns, regardless of the forwarding being disabled or enabled. The feature may be broken at the moment.

 

[kevindb]

If you look at the router logs you may see all local domain searches are being forwarded to your wan dns, regardless of the forwarding being disabled or enabled. The feature may be broken at the moment.

That's not quite what its doing. Its set to forward a domain literally called 'local' to WAN DNS servers, which I'll be honest and say I really don't understand the logic! Even if your local domain was called 'local' what would your ISP's DNS know about it - nothing! There may be some clever thinking going on here by someone at Asus, or maybe it's something specific for a particular ISP but to the casual observer it really makes no sense.

My own domain is not called 'local'. '-bogus-priv' I really consider a sensible option to have as default, the internet DNS servers DO NOT know about private IP addresses so why bother asking 'reverse lookups' for them.

 

[Nullity]

That's not quite what its doing. Its set to forward a domain literally called 'local' to WAN DNS servers, which I'll be honest and say I really don't understand the logic! Even if your local domain was called 'local' what would your ISP's DNS know about it - nothing! There may be some clever thinking going on here by someone at Asus, or maybe it's something specific for a particular ISP but to the casual observer it really makes no sense.

My own domain is not called 'local'. '-bogus-priv' I really consider a sensible option to have as default, the internet DNS servers DO NOT know about private IP addresses so why bother asking 'reverse lookups' for them.

The forwarded (or not forwarded, depending on your configuration choice) local domain is configured by the user. You set the local domain to a domain of your choosing, like "wlan" or "lakehouse.wlan" for example. Dnsmasq does not forward only literal ".local" domains. Usually dnsmasq checks /etc/resolv.conf for your local domain.

Yes, the LAN host DNS requests probably make no sense to the outside DNS servers but you should be at least a little concerned about leaking that information outside your LAN. Privacy is important to most people, especially after Snowden's revelations.

 

[RMerlin]

That option is usually needed if you use an internal nameserver (for instance on a Windows Server) rather than a public, ISP-provided server.

 

[kevindb]

The forwarded (or not forwarded, depending on your configuration choice) local domain is configured by the user. You set the local domain to a domain of your choosing, like "wlan" or "lakehouse.wlan" for example. Dnsmasq does not forward only literal ".local" domains. Usually dnsmasq checks /etc/resolv.conf for your local domain.

Yes, the LAN host DNS requests probably make no sense to the outside DNS servers but you should be at least a little concerned about leaking that information outside your LAN. Privacy is important to most people, especially after Snowden's revelations.

I've no idea whether you're agreeing with me or not. Yes you set the local domain name, *but* and this is the thing I don't understand, if you look at /tmp/resolv.dnsmasq you'll find "server=/local/dns.server.ip.address", and 'local' is literally 'local' no matter what you set your local domain name to. To me this makes no sense. You'll also find any IPv6 dns resolvers in this file as well if you're using IPv6.

/tmp/resolv.conf also provides nameservers to dnsmasq rather than /etc/resolv.conf. /etc/resolv.conf points to loopback (127.0.0.1), this is so the router uses dnsmasq as its resolver which means the router can lookup dhcp hostnames etc that it has provided.

 

[Nullity]

I've no idea whether you're agreeing with me or not. Yes you set the local domain name, *but* and this is the thing I don't understand, if you look at /tmp/resolv.dnsmasq you'll find "server=/local/dns.server.ip.address", and 'local' is literally 'local' no matter what you set your local domain name to. To me this makes no sense. You'll also find any IPv6 dns resolvers in this file as well if you're using IPv6.

/tmp/resolv.conf also provides nameservers to dnsmasq rather than /etc/resolv.conf. /etc/resolv.conf points to loopback (127.0.0.1), this is so the router uses dnsmasq as its resolver which means the router can lookup dhcp hostnames etc that it has provided.

The part where you said your local domain differed from dnsmasq's confused me. Most users will be using the same local domain that dnsmasq specifies via DHCP.

Is there no way to choose a local domain with the GUI?

 

[kevindb]

The domain that is considered local or perhaps a better way of describing it is managed is specified in the 'Lan -> DHCP server -> Domain name' option. This tells dnsmasq the name of the domain to which it should attach DHCP leases (and is also advertised as the default domain to all DHCP clients)

That option does not specify the default domain name for any lookups that the router may choose to do, normally specified as 'domain require.domain' in /etc/resolv.conf. DHCP clients are provided with the local managed domain via DHCP options as I mentioned earlier.

The bizarreness is that a thing called "local" is put into /tmp/resolv.dnsmasq and this tells dnsmasq to refer lookups to the domain "local" to your ISPs servers and this is what leads to a line like "Mar 16 16:41:32 dnsmasq[417]: using nameserver 74.82.42.42#53 for domain local" in syslog.

 

[Nullity]

The domain that is considered local or perhaps a better way of describing it is managed is specified in the 'Lan -> DHCP server -> Domain name' option. This tells dnsmasq the name of the domain to which it should attach DHCP leases (and is also advertised as the default domain to all DHCP clients)

That option does not specify the default domain name for any lookups that the router may choose to do, normally specified as 'domain require.domain' in /etc/resolv.conf. DHCP clients are provided with the local managed domain via DHCP options as I mentioned earlier.

The bizarreness is that a thing called "local" is put into /tmp/resolv.dnsmasq and this tells dnsmasq to refer lookups to the domain "local" to your ISPs servers and this is what leads to a line like "Mar 16 16:41:32 dnsmasq[417]: using nameserver 74.82.42.42#53 for domain local" in syslog.

Hmm... that does seem strange at first glance.

Though, I think it means that standard (non-".local") DNS requests from ".local" are forwarded to 74.82.42.42.

DNS requests from ".local" requesting a ".local" IP are different and should most likely not be forwarded.