DNS Conditional Forwarding – dnsmasq

Why would I want to use Conditional Forwarding?

In my case, my local dns server has entries for local hostnames such as m2n.ion.lan, mongo.ion.lan, and tux.ion.lan. If I am using the vpn dns, then these address lookups would fail. By using Conditional Forwarding I can do all lookups locally, except for ones that match the remote top level domain (example.local). Anything that matches example.local would be forwarded to the remote dns server.


  1. Connect to remote vpn server and use local DNS server
  2. Ping server.remote.local (remote FQDN) – fail
  3. Ping server.ion.lan (local FQDN) – success

Of course the remote ping fails because the local DNS server knows nothing about the remote domain. If I was to configure my machine to use the remote DNS server the opposite would happen. I would be able to ping server.remote.local, but a ping to server.ion.lan would fail.

Solution: Use dnsmasq with conditional forwarding to forward *.work.local requests to the remote dns server.

1. Install dnsmasq using your local package manager

2. Edit /etc/dnsmasq.conf

# Tells dnsmasq to forward anything with the domain of remote.local to dns server

# Listen to requests only coming from the local machine

# Do not cache anything
# A decent dns server will already cache for your local network

3. Edit /etc/resolv.conf

# Local LAN Domain
domain ion.lan

# local dnsmasq server

# Your main dns server (dnsmasq will forward all requests to this server)

4. Start dnsmasq

5. Test – ping a local server and remote server using the FQDN

All dns requests will be forwarded to except any matching *.remote.local. server.remote.local will be forwarded to

One thought on “DNS Conditional Forwarding – dnsmasq

  1. Adam

    Thank you , good info but I’m slightly confused. You mention the following domains:


    Does work.local == remote.local?

Leave a Reply

Your email address will not be published. Required fields are marked *