Get DNSmasq to redirect local network requests to server on network

0

I have a server on my network. Accessing it from devices outside the network by domain name works perfectly. Some devices though, like my phone, connect to the network by wifi, and when they do, they fail to lookup that the domain name should point to a specific internal IP address. (This is because my ISP provided router lacks the ability to do hairpinning).

I cannot edit /etc/hosts on the devices connecting by wifi, although I can on the server.

To try and work around this, I'm trying to replace my router's default DNS server with DNSmasq on my server.

I want DNSmasq to forward all requests for my domains to itself, and any other domains to a public dns lookup service like openDNS.

Essentially, I'd like devices like phones that connect to my WiFi to still be able to connect to my domains, despite no hairpinning on my router, and no ability to edit the phones /etc/hosts files.

Currently, the only thing's I've changed are that:

  1. The router's DNS server IP's point to my server's static, internal IP.
  2. The server has my domains pointing to it's own static internal IP in /etc/hosts
  3. I've opened ports 52-54 and pointed them to my server (although it's also currently DMZ'd, so that shouldn't matter)
  4. /etc/host, /etc/resolv.conf and /etc/dnsmasq.conf are all still default.

Currently all requests for any of my domains timeout, by any device on the network, where I haven't modified the /etc/hosts file.

Any suggestions?

For the record I'm running Debian 8 with Nginx on a Bell Smartstream 2000 modem.

Theyre In My Head

Posted 2018-10-07T09:56:17.263

Reputation: 1

52-54? What's the purpose of that? The only port used by standard DNS from that range is 53. – user1686 – 2018-10-07T16:55:59.487

52-54 was just because for whatever reason, my router will only allow a range of ports to be forwarded, not just one. If I try and just enter port 53 it won't save it. If I enter 52-54 it does. ¯_(ツ)_/¯ – Theyre In My Head – 2018-11-24T16:42:14.013

Answers

0

In dnsmasq, use the address option.

-A, --address=/<domain>[/<domain>...]/[<ipaddr>]

Specify an IP address to return for any host in the given domains. Queries in the domains are never forwarded and always replied to with the specified IP address which may be IPv4 or IPv6. To give both IPv4 and IPv6 addresses for a domain, use repeated -A flags.

For example:

address=/example.com/www.example.com/192.168.1.42

In Unbound, use the local-zone and local-data options. For example:

server:
    local-data: "example.com. A 192.168.1.42"
    local-data: "www.example.com. A 192.168.1.42"

user1686

Posted 2018-10-07T09:56:17.263

Reputation: 283 655

I tried adding this (with the domain names changed from your example) to /etc/dnsmasq.conf and still get the same result. Locally hosted sites work fine. Anything else times out. Here's the traceroute from my router for wikipedia.org: https://pastebin.com/zaSyiEJR

– Theyre In My Head – 2018-11-24T16:57:32.220

What does the traceroute have to do with anything? The path to the website – how the HTTP requests are sent – is completely separate from how the DNS queries are performed. You need to be more specific about which of them actually times out. – user1686 – 2018-11-24T17:02:10.267

Asked: 2018-10-07T09:56:17.263

Viewed: 989 times

Active: 2018-10-07T16:57:48.190