I have OpenWRT 14.07 running on my home router. It has DNS and DHCP services enabled for the local LAN devices.
However, this also "leaks" the name of each device connected to the router, even if connected to the same router through a different LAN. The entire network is like this:
OpenWRT router @ 192.168.0.1 and 192.168.222.1
|-- LAN
| '-- DesktopComputer @ 192.168.0.99
'-- Guest LAN
'-- LaptopComputer @ 192.168.222.88
Running any of the following commands on LaptopComputer:
$ dig -x 192.168.0.99 @192.168.0.1
$ nslookup 192.168.0.99 192.168.0.1
Returns LaptopComputer.lan.
as the result.
This means dnsmasq
in OpenWRT is resolving internal IP addresses to internal names based on the names from DHCP negotiation. How can I prevent that?
I want such reverse-resolutions to simply fail (or return NXDOMAIN
, or whatever is the appropriate response).
I don't even use local host name resolution, so I'm also accepting a solution that disables it entirely (while still resolving Internet names).
Best Answer
Your option of choice for dnsmasq appears to be:
This option is available in dnsmasq 2.71, which is part of OpenWrt Barrier Breaker 14.07.
If you don't specify any hosts in /etc/hosts or /etc/ethers (or disable using them completely) no hostname information should "leak" anymore. However, be aware that thare're other tools like ie. Netscan, nbtscan, or the whole lots of Metasploit scanners, that can provide this information if not firewalled tightly.