# DNSMASQ not answering DNS queries from routed subnet

dnsmasqnetworking

I have two sub-nets connected together using two DD-WRT APs – The remote AP is in
Client-Routed mode so it has a separate subnet its IP are 192.168.2.1/24 and 192.168.0.5/24. The local AP is in AP mode
The DD-WRT DHCP settings are in forward mode for the remote AP

I have DNSMASQ setup within the first subnet on IP 192.168.0.2/24 it is also the DHCP server for the second subnet – this works and my remote clients get the correct router. The DNSMasq machine can ping the PC on the second subnet and the reverse is also true
I can also RDP from a PC on the first subnet to the PC on the second subnet – so it appears to me most of the first to second subnet comms is working

My problem is DNSMasq does not send DNS replies to the second subnet – it does work to the first subnet. Can anyone suggest why?

One thing to note is that the route for the second network was on the gateway device (192.168.0.1 ) but I found this dropped many packets – so each of the first sub-net devices has a local static route for the second subnet added to it.

route add 192.168.2.0 mask 255.255.255.0 192.168.0.5


I've yet to test the DHCP assigned route at this point due to my current problem

This is a sketch of what I have

DNSMASQ Config

# Configuration file for dnsmasq.
domain-needed
bogus-priv
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. This option only affects forwarding, SRV records originating for dnsmasq (via srv-host= lines) are not
# suppressed by it.
filterwin2k

dhcp-range=set:house,192.168.0.1,192.168.0.254,infinite
dhcp-range=set:backyard,192.168.2.1,192.168.2.254,infinite

# Change this line if you want dns to get its upstream servers from somewhere other that /etc/resolv.conf
resolv-file=/var/run/dnsmasq/resolv.conf
# server=61.9.134.49
# server=61.9.133.193 setup the default gateway
dhcp-option=tag:house,option:router,192.168.0.1
dhcp-option=tag:backyard,option:router,192.168.2.1

# option 42?
dhcp-option=option:ntp-server,192.168.0.2
expand-hosts
domain=wilson.lan
dhcp-range=192.168.0.100,192.168.0.150,12h
dhcp-range=192.168.2.100,192.168.2.150,255.255.255.0,12h

# DO NOT Set The route to that network Done on Gateway
#dhcp-option=121,192.168.2.0/24,192.168.0.5
#Send microsoft-specific option to tell windows to release the DHCP lease when it shuts down. Note the "i" flag,
#  to tell dnsmasq to send the value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i
# Set the DHCP server to authoritative mode. In this mode it will barge in and take over the lease for any client
# which broadcasts on the network, whether it has a record
# of the lease or not. This avoids long timeouts when a machine wakes up on a new network.
# DO NOT enable this if there's the slightest chance that you might end up
# accidentally configuring a DHCP server for your campus/company accidentally.
# The ISC server uses the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
dhcp-authoritative
# Log lots of extra information about DHCP transactions.
log-dhcp


• Ok so after reading the manual better I need to add in something to override the default of only answer local sub-nets (--local-service) a default option which has no negation so for example I tried

listen-address=192.168.0.2


However as resolve.conf has the line

nameserver 127.0.0.1


my change stopped DNSMASQ answering queries from itself - so strangely enough the DNS server no longer could resolve any dns name whilst all other machines were successfully using it as a dns server. I fixed this by adding the following line instead

listen-address=192.168.0.2,127.0.0.1


as I could not work out a simple way to fix what resolveconf was doing