Hello Mathias,

On 12.04.2009, at 11:56, Mathias Lustig wrote:

> with its integrated DNS server for name resolution und because of  
> that I've
> set up an entry in the DNS forwarder, which queries our DC for  
> everything
> related to the "joho.local" domain.
>
> This feature worked quite fine 'till the upgrade to 1.3b16 last  
> night. After
> the upgrade, my m0n0 box just refuses to look up any name from the

I've had a look at the changes since 1.3b15, but aside from the  
addition of the Dnsmasq "--all-servers" option (which is only used if  
you explicitly enable it) on the DNS forwarder setup page, I couldn't  
see anything that could cause this problem. A quick test of the domain  
override feature showed that it works (at least with a basic  
configuration).

If I understand your description correctly, you were having the DNS  
forwarder send queries for your AD domain to an upstream DNS server  
via an IPsec tunnel. For this to work, the local subnet in the IPsec  
tunnel configuration must include the source IP address that the DNS  
forwarder chooses to send its queries (which is the WAN interface's  
address, unless there are static routes). This is often not the case  
for a LAN-to-LAN VPN (where one usually uses the LAN subnet as the  
IPsec "local subnet").

This of course does not explain why it worked before the upgrade, but  
if you can give us some more detail on your addressing scheme, we may  
be able to pinpoint the problem and suggest a solution.

Regards,

Manuel