DNSMASQ not answering DNS queries from routed subnet


I have two sub-nets connected together using two DD-WRT APs – The remote AP is in
Client-Routed mode so it has a separate subnet its IP are and The local AP is in AP mode
The DD-WRT DHCP settings are in forward mode for the remote AP

I have DNSMASQ setup within the first subnet on IP it is also the DHCP server for the second subnet – this works and my remote clients get the correct router. The DNSMasq machine can ping the PC on the second subnet and the reverse is also true
I can also RDP from a PC on the first subnet to the PC on the second subnet – so it appears to me most of the first to second subnet comms is working

My problem is DNSMasq does not send DNS replies to the second subnet – it does work to the first subnet. Can anyone suggest why?

One thing to note is that the route for the second network was on the gateway device ( ) but I found this dropped many packets – so each of the first sub-net devices has a local static route for the second subnet added to it.

route add mask

I've yet to test the DHCP assigned route at this point due to my current problem

This is a sketch of what I have Sketch network


# Configuration file for dnsmasq.
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. This option only affects forwarding, SRV records originating for dnsmasq (via srv-host= lines) are not
# suppressed by it.


# Change this line if you want dns to get its upstream servers from somewhere other that /etc/resolv.conf
# server=
# server= setup the default gateway

# option 42?

# DO NOT Set The route to that network Done on Gateway
#Send microsoft-specific option to tell windows to release the DHCP lease when it shuts down. Note the "i" flag,
#  to tell dnsmasq to send the value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
# Set the DHCP server to authoritative mode. In this mode it will barge in and take over the lease for any client
# which broadcasts on the network, whether it has a record
# of the lease or not. This avoids long timeouts when a machine wakes up on a new network.
# DO NOT enable this if there's the slightest chance that you might end up
# accidentally configuring a DHCP server for your campus/company accidentally.
# The ISC server uses the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
# Log lots of extra information about DHCP transactions.

Best Answer

  • Ok so after reading the manual better I need to add in something to override the default of only answer local sub-nets (--local-service) a default option which has no negation so for example I tried


    However as resolve.conf has the line


    my change stopped DNSMASQ answering queries from itself - so strangely enough the DNS server no longer could resolve any dns name whilst all other machines were successfully using it as a dns server. I fixed this by adding the following line instead


    as I could not work out a simple way to fix what resolveconf was doing

  • Related Question