Support prefix /12 for conditonal forwarding

DL6ER · July 4, 2019, 1:57pm

dnsmasq only supports the following prefix lengths: 8, 16, 24, 32. The line

rev-server=172.16.0.0/12,172.16.0.4

specifies a netmark of /12 which is not allowed. This has nothing to do with your last assumption.

This is documented in the dnsmasq man page (albeit poorly and only under the option domain):

If the address range is given as ip-address/network-size, then a additional flag "local" may be supplied which has the effect of adding local declarations for forward and reverse DNS queries. Eg.
domain=thekelleys.org.uk,192.168.0.0/24,local
is identical to
domain=thekelleys.org.uk,192.168.0.0/24
local=/thekelleys.org.uk/
local=/0.168.192.in-addr.arpa/
The network size must be 8, 16 or 24 for this to be legal.

It would be easy to allow /12 (or even any arbitrary mask!), however, it is a feature request that needs to be addressed by dnsmasq not pihole-FTL (we follow a minimal modifications of dnsmasq policy).
I checked how it is currently implemented and realized that dnsmasq uses a quite clever trick to simplify the task significantly. Unfortunately, this trick - going from in-addr.arpa downwards in "subdomains" - ultimately prevents any netmask that is not a multiple of 8. Allowing something like /12 would require a complete rewrite of the entire algorithm used here.

CharAznable · July 4, 2019, 8:51pm

Thanks for the explanation. Seems there is quite a bit going on here behind the scenes. I could split up the /12 so it falls in line with this requirement for dnsmasq.

shoka · December 31, 2019, 2:54pm

172.16.0.0/12 is one of the IANA reserved address ranges for private networks. Shame you cannot cope with that as a network spec. Variable length subnet masks are hardly uncommon.

DL6ER · December 31, 2019, 4:17pm

I know, however, this is a feature request that needs to get addressed to the dnsmasq mailing list. Pi-hole cannot implement this on their own as this would cause a deviation from the upstream code. Feel free to contact Simon Kelley under dnsmasq-discuss@lists.thekelleys.org.uk

CharAznable · January 1, 2020, 3:56am

I agree it would be nice to be able to have make just the three entries. This is what I have entered and it has worked fine thus far.
Screenshot_20191231_195152

shoka · January 1, 2020, 2:53pm

That's valid. Its a little clumsy though... Also does not cope with narrower than /24 netmasks, as far as I can see.

DL6ER · June 5, 2020, 12:55pm

Update: I coded support for arbitrary prefix lengths, however, dnsmasq upstream hasn't picked up my patches, so far. In fact, there was no reaction at all.

In case you want to follow on this check out:

[Dnsmasq-discuss] [PATCH] Reimplement rev-server to support arbitrary IPv4 prefix lengths
[Dnsmasq-discuss] [PATCH] Reimplement rev-server to support arbitrary IPv4 prefix lengths

Whenever the upstream adopts it, Pi-hole can immediately implement this.

CharAznable · June 5, 2020, 2:28pm

Thanks for moving this forward. Hopefully folks in the dnsmasq project see the importance in supporting these prefixes.

slenk · July 18, 2020, 7:41pm

Is there a way we can help push this through? I don't want to switch to /24s

DL6ER · July 19, 2020, 8:20pm

Actually, I don't know. I will bump this once more on the mailing list after v2.82 has been released. I don't think they'd consider anything new at all at this point as dnsmasq is not working with release and feature branches. If still no echo, the only thing you could do is maybe replying to the dnsmasq mailing list and expressing why this is advantageous.

More support for a feature request hopefully means more consideration. Sometimes feature patches can go a very long way with dnsmasq...

Coro · July 20, 2020, 5:59am

Now is the time, please don't forget about this. I already applied your patches locally but having to compile myself is a bit of extra work I'd like to avoid when possible.

marl-scot · August 25, 2020, 4:03pm

I have come across this same issue. From reading through various posts this is a limitation of DNSMASQ, but it appears there is a way around this by entering something like CharAznable's set of 'rev-server=' lines rather than using the web GUI. I think it would be good to have a post that details actually what needs to be done to get conditional forwarding working on non standard subnets.
Anyone want to contribute to this with corrections or ideas?

WORK IN PROGRESS, NOT GUARANTEED TO WORK - MOST LIKELY TO BROK YOUR SETUP!

As DNSMASQ doesn't allow conditional forwarding for subnets other than /8,/16,/24 or /32. If you have a network with (for example) /23 for its subnet, this can be configured manually within the PiHole server by following the steps below.

ssh root@pihole.local
cd /etc/dnsmasq.d/
nano 02-condfor.conf

Add one entry per line in the format :

rev-server=MySubNetwork/24,IpOfUpstreamServer

For example, I use a /23 network on 192.168.4.0/23 and want to forward requests to a server at 192.168.4.248

rev-server=192.168.4.0/24,192.168.4.248
rev-server=192.168.5.0/24,192.168.4.248

Once these entries have been made, restart (from ssh session) with

pihole restartdns

Unfortunately I am unable to test the above at present as my only PiHole server with a non /24 network is in use 24/7 so hoping some other users can contribute to this.
One thing I am unsure of is having a forward to a server that is not within the subnet (192.168.5.0/24 -> 192.168.4.248) does this work ok?
Is anything else required to make this work? Do any other PiHole or DNSMASQ files need to be edited? Or anything changed within the PiHole GUI?

DL6ER · August 25, 2020, 4:22pm

No, that's all.

DL6ER · September 21, 2021, 7:52pm

I resubmitted my patch last week and it was accepted by the dnsmasq maintainer. It'll come with the next Pi-hole release that includes the next dnsmasq version.

yubiuser · September 30, 2021, 7:42am

This has been implemented with