1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can I specify a specific DNS server only for certain sites?

Discussion in 'Tomato Firmware' started by Morac, Jul 25, 2009.

  1. Morac

    Morac Network Guru Member

    Limelight's IAD server farm is having major speed issues during evenings. Unfortunately my DNS server causes requests to Limelight to be sent to the IAD server. I can switch my DNS server to a different server which results in connecting to a different Limelight server farm, but this affects all other geodistributed servers like Yahoo, Google, Akamai, etc resulting in worse pings and the like.

    Is there a way to set up tomato to use one DNS server for a specific domain (in this case llnw.net) and use a different DNS server for everything else?
  2. mstombs

    mstombs Network Guru Member

  3. Morac

    Morac Network Guru Member

    So something like the following should work?

    -S /llnw.net/

    If I put this in the custom configuration box on the Advanced DHCP / DNS page, does it append to the current rules or overwrite them?
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    You'd have to put
    in the dnsmasq custom configuration.

    The "-" type switches (eg, "-S") are meant for using on the command line invocation of dnsmasq. For the .conf file (which is where the custom configuration is appended), you take the "--" type switches (eg, "--server") and drop the "--".
  5. Morac

    Morac Network Guru Member

    Okay I'll try that, thanks.

    When does that box get read in, when the router first powers up, on a WAN connection or immediately?

    Also does that cover all cases of anything ending in llnw.net? In other words does it work with not only a.llwn.net, but also a.b.c.llwn.net?
  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    That box is read whenever Dnsmasq is (re)started. This includes when the router boots, when the WAN (re)connects, and immediately when you save that page.

    I've never used that option, but the manpage (mstombs linked to it) says that it includes subdomains, too. As far as multiple levels of subdomains goes... I would imagine that would also work, but I'd say you should just try it out and see.
  7. Morac

    Morac Network Guru Member

    Okay I'll try it when I see the problem again.

    For whatever reason today, the router is always using the secondary DNS server for all requests, where as yesterday it was using the primary. I have no idea why it's doing that, but until it goes back to normal, testing would result in inaccurate results.
  8. Morac

    Morac Network Guru Member

    I decided to try it and it's not working as far as I can tell.

    After adding the following line I did nslookups on my router.

    nslookup amazon-128.fcod.llnwd.net

    This gave me:
    Name:      amazon-128.fcod.llnwd.net
    Address 1: fcds204.iad.llnw.net
    nslookup amazon-128.fcod.llnwd.net

    Name:      amazon-128.fcod.llnwd.net
    Address 1: fcds204.iad.llnw.net
    The above is wrong and I've since determined that the server parameter is ignored when doing nslookup on the router. It will always return the default DNS server.

    So I did a nslookup amazon-128.fcod.llnwd.net on my PC and got the following:

    Non-authoritative answer:
    Name:    amazon-128.fcod.llnwd.net

    Any other ideas?
  9. Morac

    Morac Network Guru Member

    Ok I found out that it doesn't include subdomains. I tried adding a rule for yahoo.com and it works for www.yahoo.com, but not for www.mail.yahoo.com.

    I have no idea how many subdomains Limelight has, but there's no way I can put them all in there. Is there something else I can try?
  10. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I disagree.

    I just added
    to my Dnsmasq custom configuration on the router.

    And, from my laptop, I ran
    nslookup yahoo.com (timed out)
    nslookup www.yahoo.com (timed out)
    nslookup www.mail.yahoo.com (timed out)
    nslookup www.linksysinfo.org (succeeded)
    The following showed up in my router logs:
    query[A] yahoo.com from <laptop IP>
    forwarded yahoo.com to
    query[A] www.yahoo.com from <laptop IP>
    forwarded www.yahoo.com to
    query[A] www.mail.yahoo.com from <laptop IP>
    forwarded www.mail.yahoo.com to
    query[A] www.linksysinfo.org from <laptop IP>
    forwarded www.linksysinfo.org to <ISP DNS IP>
    reply www.linksysinfo.org is <CNAME>
    reply linksysinfo.org is
    The rule clearly applies to at least two levels of subdomains for yahoo.com.

    Could you try a similarly controlled test?

    EDIT: I have also found it frustrating in the past that the nslookup on the router doesn't heed the server parameter. Don't ever count on that working.
  11. Morac

    Morac Network Guru Member

    Okay I had a "duh" moment. I added a rule for llnw.net, but Limelight also uses llnwd.net. Once I added both things worked.

    Now instead of an abysmal 2 to 4 mbps from Limelight, I'm getting 12+ mbps. All without impact speeds from Yahoo, Google or Akamai (which has servers on my ISP).

    Thanks a lot.
  12. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Awesome! Glad it's all working for you.
  13. mstombs

    mstombs Network Guru Member

    Doh - should have known this - it is similar to the way dnsmasq can be used to block ad domains using "address=".

    Good result!

    Now where's that big dnsmasq config thread this one should be hooked into...
  14. tinyema

    tinyema Reformed Router Member

    Old thread, but... you must also uncheck "Prevent DNS-rebind attacks" under Advanced > DHCP/DNS or it will not work.

  15. PBandJ

    PBandJ Networkin' Nut Member

    No, you don't.
  16. tinyema

    tinyema Reformed Router Member

    uhm... maybe something related to my environment?
    INET --> Private LAN with MS AD Domain and DNS --> Tomato WAN --> Tomato Private LAN
    So my tomato WAN address it's a private MS AD Domain LAN address...
    In tomato LAN I want to be able to resolve my ms domain machines, so i put in advanced DHCP/DNS:

    where lan.foo.com is my MS AD Domain, so i can reach for example server.lan.foo.com

  17. Monk E. Boy

    Monk E. Boy Network Guru Member

    You should be able to have Tomato configured to pull from your AD server so all non-local Tomato DNS queries get forwarded to it.

    Unless you're worried about security, you could turn Tomato into an access point and not use DNSMasq at all, just put all systems on the bridged LAN/WLAN. Then systems, wired or wireless, will directly query your AD server.

Share This Page