On Wed, 30 Sep 2020 at 16:20, mick mbm@rlogin.net wrote:
Actually no, it doesn't. You are using dnsmasq to resolve your addresses so it makes perfect sense to use a local hosts file to list all your RFC1918 local addresses. Those addresses are not routeable over the wider internet so it makes no sense to query an external DNS server for such an address.
The use case is that inside my office they resolve via local DNS, but outside the office I may connect to them via VPN. Since I don't want to redirect all my DNS queries across the VPN, the external DNS solves this problem.
If there's a better solution I'm interested.
It is also very confusing for anyone /outside/ your network querying your DNS and getting an address they cannot reach.
They're not intended for external use so this shouldn't apply.
However, if you do as I do, and I suggested, and use your local dnsmasq on the router to query a local hosts file for /internal/ addresses you can sucessfully get both forward and reverse answers. Any non local DNS quesries will simply be passed to the external DNS servers you use - and they /should/ have correct in-addr.arpa zone files mapping the reverse addresses.
And my colleagues will have to add them to their router DNS too, and if I want to use my laptop from a hotel they'll need to be in the laptop hosts anyway (and I have several laptops). And I have no idea how to add them to the hosts file on my phone (although I'm sure that is possible.) A single external DNS solves all that.
I don't think turning off dns-rebind is a good idea. It leaves you open to same origin attacks from hostile websites. (See https://en.wikipedia.org/wiki/DNS_rebinding ).
Indeed, and I'd like a better solution. (I only need it for a single domain but I can't see a way to limit it that way.)
It worked fine before I installed OpenWRT so whilst OpenWRT's default is better than my old router's, having this open isn't unusual it seems.
-- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450 Registered in England (0456 0902) 21 Drakes Mews, Milton Keynes, MK8 0ER