Aug 12

One of my customers is running a IPCop machine that does all the DHCP/DNS/Gateway stuff on the network. This works on the local 192.168.10.x network.
Recently we added a second internet line for accessing the company’s headquarter. They use the 172.16.x.x network.

Therefore a
route add -net 172.16.0.0 netmask 255.255.0.0 gw 192.168.10.2
does the job.
In order to make that route permanent the above line has to be added to /etc/rc.d/rc.netaddress.up also.

Now every workstation on the local network is capable of accessing the headquarter’s network by IP address. But accessing the headquarter’s network by hostname does NOT work.
The reason is that every DNS request to the domain .headquarter.group gets transferred to the public DNS by IPCop and .group is no valid public TLD.

Using IPCop’s DNS1 / DNS2 settings does not work because the multiple DNS only get asked in case the previous one is unaccessible.

What has to be done is to tell IPCop that he has to use a different DNS once a request concerning .headquarter.group arrives.

IPCop’s DNS stuff gets handled by dnsmasq and  is started either by /etc/rc.d/rc.netaddress.up or /etc/rc.d/rc.updatered .

man dnsmasq tells us that the –server option is our friend.
Everything we have to do is to add
–server=/headquarter.group/172.16.1.100
to the startup scripts.
This means that in case we ask for a address on the .headquarter.group network then (and only then) the DNS request should go to 172.16.1.100

In /etc/rc.d/rc.updatered there are two lines starting /usr/bin/dnsmasq where we add the –server option at the end.

# –min-port=4096 is an arbitary value that should work for all
# It should be set to the value+1 of the higest port you may drop in custom
# rules, leaving upper range to randomized ports for request to dns server
DOMopt=”"
[ "$DOMAIN_NAME_GREEN" ] && DOMopt=”-s $DOMAIN_NAME_GREEN”
if [ -e "/var/ipcop/red/dial-on-demand" -a "$DIALONDEMANDDNS" == "on" -a ! -e "/var/ipcop/red/active" ]; then
/usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r /var/ipcop/ppp/fake-resolv.conf –min-port=4096 –server=/headquarter.group/172.16.1.100
else
/usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r /var/ipcop/red/resolv.conf –min-port=4096 –server=/headquarter.group/172.16.1.100
fi
unset DOMopt


And in /etc/rc.d/rc.netaddress.up we add the –server option to the line dealing with OPT_DNSMASQ

# Start DNSMASQ with defaults settings to resolve names defined in /etc/hosts
# Start in any cases : even if rc.red start fail, we still want be able to use /etc/hosts names
OPT_DNSMASQ=”-l /var/state/dhcp/dhcpd.leases –server=/headquarter.group/172.16.1.100″

After restarting the red interface or doing a power cycle everthing should work.

Leave a Reply

You must be logged in to post a comment.

preload preload preload

WP SlimStat