I recently had the need to use my workplace's internal DNS to access its internal services, but this DNS also forwards queries it can't answer to an upstream DNS.
This is annoying, as it bypasses my own intranet's DNS, which gives me access to my own internal services, and also block ads, trackers and bloat through an installed PiHole server.
Note that I ultimately decided to abandon PiHole in favor of raw Dnsmasq, as written here.
My system's DNS client, like most, doesn't support conditional forwarding, so I either have my workplace or my own intranet, but not both.
What I need
I need something lightweight (it will constantly run on my desktop, I don't want to drain my battery or consume power for nothing).
I need to have the ability to add a DNS resolver for a given TLD, and add a DNS resolver list for defaults.
Additionally, I wanted to also resolve the
local TLD as
for every query.
Dnsmasq provides Domain Name System (DNS) forwarder, Dynamic Host Configuration Protocol (DHCP) server, router advertisement and network boot features for small computer networks, created as free software.
We need a DNS forwarder, which is what Dnsmasq does.
It bundles a few other features we don't need, but thankfully, we're able to disable them.
The configuration file is located at
/etc/dnsmasq.conf on my environment.
The first thing is to disable every other service than DNS, which is done with
I'll set my general-purpose upstream resolvers in
with my PiHole.
nameserver 10.0.10.1 nameserver 18.104.22.168 nameserver 22.214.171.124
I want dnsmasq to always query my own DNS, and only if not available, to query CloudFlare ones.
This can be configured with the key
strict-order in the Dnsmasq configuration
That means that, in the rare cases in which I'm not logged onto my intranet's VPN, I'll need to wait for the query to the first nameserver to timeout before getting my DN.
Right now, the dnsmasq configuration file looks like this.
Mapping TLDs to addresses
I'll start by adding the configuration to resolve
.local domains to
This is done with
This is the only TLD I wanted to map to an address, so let's start with conditional upstreams.
Mapping TLD querying to upstreams
The first TLD I want to resolve differently is my workplace's intranet.
The other TLD I want to resolve is my own intranet's one.
I just need to add the two following clauses to the Dnsmasq configuration file.
And that is all I need!
Final configuration file
dnsmasq.conf is the following, and works just fine.
no-dhcp-interface= strict-order address=/local/127.0.0.1 server=/work/10.0.1.3 server=/space/10.0.10.1