4

I've setup consul (http://consul.io/) and dnsmasq so that I can have my own internal dns resolution. I have tested with dig that consul supports reverse dns lookups:

$ dig @127.0.0.1 -p 8600 +noall +answer -x  11.0.16.69
69.16.0.11.in-addr.arpa. 0      IN      PTR     ip-11-0-16-69.node.dc1.consul.

However reverse dnslookups through dnsmasq fail. How do I configure dnsmasq to forward reverse lookup entries to consul?

I'm currently running consul with default configurations. Each node has a consul agent started like so:

consul agent -data-dir=/tmp/consul -bind <ip> -node <short hostname>

Dnsmasq is running on each node with default configurations except for a single setting to forward dns requests to consul at port 8600. There is a file at /etc/dnsmasq.d/10-consul that does this with content:

server=/consul/127.0.0.1#8600

Finally, I added an entry in /etc/resolve.conf to point to localhost so dnsmasq is used:

search us-gov-west-1.compute.internal
nameserver 127.0.0.1
nameserver 11.0.0.2

I'm on AWS and it is vital that I can still leverage the dns service they provide in their environment as well as my own internal dns scheme.

Alex Ethier
  • 497
  • 2
  • 7
  • 18

1 Answers1

4

Add the line:

server=/16.0.11.in-addr.arpa/127.0.0.1#8600

To a file in /etc/dnsmasq.d/some_name

16.0.11 stands for any ip in the cidr 11.0.16/24

So IP's in that range will get forwarded to the second section (consul agent dns running at port 8600).

vjdhama
  • 4,878
  • 5
  • 33
  • 47
Alex Ethier
  • 497
  • 2
  • 7
  • 18
  • Do you know if it's possible to access Consul's DNS through dnsmasq if ACLs are activated and the default policy is deny? – Lethargos Mar 28 '23 at 10:21