如何防止 dnsmasq 将我的域名附加到无效的域请求中?
我使用 dnsmasq 来解析家庭网络上的 DNS 查询。 不幸的是,如果域名未知,它会将我自己的域名附加到请求中,这意味着我最终总是在浏览器中查看我自己的网站。
例如,如果我在浏览器中输入 http://dlksfhoiahdsfiuhsdf.com,我最终会看到我自己的网站网址。 如果我尝试类似的操作:
host dlksfhoiahdsfiuhsdf.com
而不是预期的:
Host dlksfhoiahdsfiuhsdf.com not found: 3(NXDOMAIN)
我得到这个:
dlksfhoiahdsfiuhsdf.com.mydomainname.com has address W.X.Y.Z.
显然,dnsmasq 正在将我的域名附加到不可能的名称请求中,以努力解决它们,但我宁愿看到未找到错误。
我尝试使用 expand-hosts 和 domain 配置设置,但无济于事。 还有什么我可以尝试的吗?
I use dnsmasq to resolve DNS queries on my home network. Unfortunately, if a domain name is not known, it will append my own domain name to the request which means that I always end up viewing my own site in a browser.
For example, if I enter http://dlksfhoiahdsfiuhsdf.com in a browser, I end up viewing my own site with that URL. If I try something like:
host dlksfhoiahdsfiuhsdf.com
Instead of the expected:
Host dlksfhoiahdsfiuhsdf.com not found: 3(NXDOMAIN)
I get this:
dlksfhoiahdsfiuhsdf.com.mydomainname.com has address W.X.Y.Z.
Clearly, dnsmasq is appending my domain name to impossible name requests in an effort to resolve them, but I'd rather see the not found error instead.
I've tried playing with the expand-hosts and domain configuration settings, but to no avail. Is there anything else I can try?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
尝试使用尾随点进行查询以显式设置根:
try querying with a trailing dot to explicitly set the root:
它可能不是 dnsmasq 做的,而是你的本地解析器库。 如果您使用 unixish,请尝试从 /etc/resolv.conf 中删除“search”或“domain”行
It is probably not dnsmasq doing it, but your local resolver library. If you use a unixish, try removing the "search" or "domain" lines from /etc/resolv.conf
可能还有其他原因,但最明显的原因是 /etc/resolv.conf 的配置,以及大多数 DNS 客户端喜欢对错误非常简洁的事实。
(好吧,我使用什么进行 DNS 配置?)
(编辑...)
如果不费心进行数据包跟踪,可能的行为是它返回它尝试的最后一个 FQDN 的错误。
There might be other causes, but the most obvious cause is the configuration of /etc/resolv.conf, and the fact that most DNS clients like to be very terse about errors.
(okay, what was I using for a DNS config?)
(edit...)
Without bothering to do a packet trace, the likely behavior is that it returns the error for the last FQDN it tried.
您有通配符域名吗?
dnsmasq 正在将附加的名称转发到外部 dns 服务器,并使其成为通配符。
您可以使用 --server=/yourinternaldomainhere/ 确保您的内部域名查找不会转发出去。
在这种情况下,语法为:
--server=/domain/iptoforwardto
,在这种情况下,将 iptoforwardto 区域留空,因为您不希望它转发到任何地方。
You have a wildcard domain?
dnsmasq is forwarding the appended name out to the external dns server and its getting wildcarded.
you can use --server=/yourinternaldomainhere/ to make sure that your internal domain name lookups are not forwarded out.
syntax in this case would be:
--server=/domain/iptoforwardto
and in this case leave the iptoforwardto area blank as you don't want it to forward anywhere.
我尝试从我自己的配置中删除 domain-needed 来复制您的问题,但它没有产生此行为。 这是我能找到的唯一可能接近相关的其他参数。
你的主机文件是什么样的? 也许那里发生了一些奇怪的事情,使它认为所有奇怪的域都是您网络的本地域?
I tried removing domain-needed from my own configuration to replicate your issue and it did not produce this behaviour. It's the only other parameter I could find that might be close to relevant.
What does your hosts file look like? Maybe something weird is going on there that makes it think all weird domains are local to your network?