More than one "Conditional Forwarding" entry in the GUI

ftldns-beta
v4-0

#1

Hi all,

while I understand that in most cases one “Conditional Forwarding” rule is sufficient, there are situations where you’d want more than one entry. In the “Upstream DNS Servers” section above you can enter multiple servers, it would be nice to have multiple “Conditional Forwarding” entries as well.

Thanks!


#2

Could you give an example of how or when this would be used and why it would be helpful?


#3

When forwarding to a Ubiquiti USG, then the localdomain forwarding like

server=/my.local.domain/192.168.1.1

is not enough. There are also rules like

server=/setup/192.168.1.1
server=/setup.ubnt.com/192.168.1.1
server=/unifi/192.168.1.1
server=/USG/192.168.1.1

necessary to resolve UBNT internal names. Currently I’m doing this with a /etc/dnsmasq.d/05-custom.conf and everything is well, I just thought that adding additional fields to the GUI would be nicer.


#4

Hi sbellon and jfb,

Same problem here. I’d like several “Conditional Forwarding” as I’ve got my local LAN (10.0.0.1), my Google WiFi Mesh (192.168.86.1) and two VPN Servers (10.8.0.1 and 10.9.0.1) which all use my Pi-Hole on Raspi with LAN and WiFi to filter DNS. It is

server=/testwifi/192.168.86.1 # Google WiFi
server=/lan/10.0.0.1 # Local LAN
server=/openvpn1/10.8.0.1 # VPN1
server=/openvpn2/10.9.0.1 # VPN2

I’d do it also through the config files if its possible?


#5

Config files works perfectly, as mentioned in my post.


#6

-S, --local, --server=[/[]/[domain/]][[#][@|[#]]
Specify IP address of upstream servers directly. Setting this flag does not suppress reading of /etc/resolv.conf, use -R to do that. If one or more optional domains are given, that server is used only for those domains and they are queried only using the specified server. This is intended for private nameservers: if you have a nameserver on your network which deals with names of the form xxx.internal.thekelleys.org.uk at 192.168.1.1 then giving the flag -S /internal.thekelleys.org.uk/192.168.1.1 will send all queries for internal machines to that nameserver, everything else will go to the servers in /etc/resolv.conf. DNSSEC validation is turned off for such private nameservers, UNLESS a --trust-anchor is specified for the domain in question. An empty domain specification, // has the special meaning of “unqualified names only” ie names without any dots in them. A non-standard port may be specified as part of the IP address using a # character. More than one -S flag is allowed, with repeated domain or ipaddr parts as required.

More specific domains take precedence over less specific domains, so: --server=/google.com/1.2.3.4 --server=/www.google.com/2.3.4.5 will send queries for *.google.com to 1.2.3.4, except *www.google.com, which will go to 2.3.4.5

The special server address ‘#’ means, “use the standard servers”, so --server=/google.com/1.2.3.4 --server=/www.google.com/# will send queries for *.google.com to 1.2.3.4, except *www.google.com which will be forwarded as usual.

So using the # on the same line is wrong.

server=/testwifi/10.0.0.1
server=/lan/10.0.0.1
server=/openvpn1/10.0.0.1 
server=/openvpn2/10.0.0.1

#7

@msatter and @sbellon thanks a lot, works like a charm :slight_smile:


#8

Do you understand what wrong with your initial setup after reading the DNSmasq manual section?


#9

@msatter thanks again, yes, I messed up my config file with the hash signs as if comments…


#10

@jfb Another real world use case would be for local domains that span multiple subnets. When you configure conditional forwarding, it assumes the reverse lookup subnet based on your configured router IP. In mycase i’m just using “local” but i’m using it on 3 different subnets/vlans.

I’ve had to create a custom file like @msatter but just with additional reverse zones:

 pi@ns01:~ $ cat /etc/dnsmasq.d/02-custom.conf
 server=/4.81.10.in-addr.arpa/10.81.0.6

#11

Adding more and more features that will only be used by a few experts out there seems to be not a good idea. Each new feature can bring new issues along and the more complex the entire system becomes, the more complicated and possibly less straightforward the interface becomes for the arbitrary user.

We deliberately allow experienced users to configure anything they want by placing custom configuration files into /etc/dnsmasq.d/. This allows for a much greater flexibility than could ever be possible with a GUI.


#14

A post was split to a new topic: Conditional forwarding help