On 12.04.2009, at 11:56, Mathias Lustig wrote:
> with its integrated DNS server for name resolution und because of
> that I've
> set up an entry in the DNS forwarder, which queries our DC for
> related to the "joho.local" domain.
> This feature worked quite fine 'till the upgrade to 1.3b16 last
> night. After
> the upgrade, my m0n0 box just refuses to look up any name from the
I've had a look at the changes since 1.3b15, but aside from the
addition of the Dnsmasq "--all-servers" option (which is only used if
you explicitly enable it) on the DNS forwarder setup page, I couldn't
see anything that could cause this problem. A quick test of the domain
override feature showed that it works (at least with a basic
If I understand your description correctly, you were having the DNS
forwarder send queries for your AD domain to an upstream DNS server
via an IPsec tunnel. For this to work, the local subnet in the IPsec
tunnel configuration must include the source IP address that the DNS
forwarder chooses to send its queries (which is the WAN interface's
address, unless there are static routes). This is often not the case
for a LAN-to-LAN VPN (where one usually uses the LAN subnet as the
IPsec "local subnet").
This of course does not explain why it worked before the upgrade, but
if you can give us some more detail on your addressing scheme, we may
be able to pinpoint the problem and suggest a solution.