[Dnsmasq-discuss] Dynamic DNS
Hi Simon, are there any plans of implementing Dynamic DNS for dnsmasq? There is a perl script that adds that functionality here: http://psydev.syw4e.info/new/dynamic-dnsmasq/dynamic-dnsmasq.pl http://psydev.syw4e.info/new/dynamic-dnsmasq/dynamic-dnsmasq.pl Thanks for all the great work, Alberto Cuesta-Canada GaaS Team Lead Excelian Ltd. +44 (0) 7942633361 The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Excelian 50 Featherstone Street London EC1Y 8RT Tel: +44 (0) 20 7336 9595 Fax: +44 (0) 20 7336 9596 www.Excelian.com _ This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.
Re: [Dnsmasq-discuss] Dynamic DNS
On Thu, Jun 24, 2010 at 09:51:57AM +0100, Alberto Cuesta-Canada wrote: are there any plans of implementing Dynamic DNS for dnsmasq? There is a perl script that adds that functionality here: http://psydev.syw4e.info/new/dynamic-dnsmasq/dynamic-dnsmasq.pl I don't understand all the desire to invent new protocols for dynamic DNS. RFC 2136 handles it quite well. If dnsmasq were to add another protocol, it should be RFC 2136. Dyndns.org's protocol is not a standard. Some years back, before I really understood 2136, I wrote a perl/CGI frontend for nsupdate(8) which does something similar without exposing another root-owned TCP socket to the world. By means of permissions on a copy of the key, I was able to allow the httpd(8) user to run nsupdate after authenticating the user. (Perhaps your perl script could be amended to run as the dnsmasq user; I think that would be a very good idea.) Another thing I'm not understanding is why is this needed? Are you running dnsmasq as authoritative nameserver for the world? I hope Simon will correct me if I'm wrong, but I don't see that as a typical role for dnsmasq. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: [Dnsmasq-discuss] Dynamic DNS
/dev/rob0 wrote: On Thu, Jun 24, 2010 at 09:51:57AM +0100, Alberto Cuesta-Canada wrote: are there any plans of implementing Dynamic DNS for dnsmasq? There is a perl script that adds that functionality here: http://psydev.syw4e.info/new/dynamic-dnsmasq/dynamic-dnsmasq.pl I don't understand all the desire to invent new protocols for dynamic DNS. RFC 2136 handles it quite well. If dnsmasq were to add another protocol, it should be RFC 2136. Dyndns.org's protocol is not a standard. Some years back, before I really understood 2136, I wrote a perl/CGI frontend for nsupdate(8) which does something similar without exposing another root-owned TCP socket to the world. By means of permissions on a copy of the key, I was able to allow the httpd(8) user to run nsupdate after authenticating the user. I just skimmed through RFC 2136. From a practical standpoint, it has a serious flaw in sections 3.3.1 and 3.3.2: 3.3.1. Next, the requestor's permission to update the RRs named in the Update Section may be tested in an implementation dependent fashion or using mechanisms specified in a subsequent Secure DNS Update protocol. What good is such a drastic DNS operation when no authentication is defined? Other than that the RFC reads like a stripped down version of nsupdate's technical manual (if such a thing exists). The benefit to not defining it there is that any mechanisms can be used. Arriving at this conclusion leaves us looking at eg. dyndns's protocol. I think it's one of the worst alternatives in this context: dnsmasq often runs in local link areas, where people can easily snoop the credentials, and it mocks up an HTTP server, which is quite complicated for this task. A much simpler approach would be for the client to send the base64(sha1(user:password:hostname)) (a hash of user, password and desired, preregistered hostname) to some special host and maybe wait for the ACK. That could be decoupled from dnsmasq, which is propably not the right place to implement it. Why not look at the existing dnsmasq option dhcp-script? I never used it, but it seems to provide what's needed provided all the dhcp clients are automatically authorized to enter a name into the DNS. Another thing I'm not understanding is why is this needed? Are you running dnsmasq as authoritative nameserver for the world? I hope Simon will correct me if I'm wrong, but I don't see that as a typical role for dnsmasq. +1 I'm aware of DHCP options that let a client request a dynamic DNS update, though. The manual doesn't mention them, though. clemens
Re: [Dnsmasq-discuss] TFTP for IPv6
Thanks to Jan 'RedBully' Seiffert, dnsmasq now has IPv6 support in the TFTP server. To use this, you'll need a client which also knows about IPv6, I found that current versions of tftp-hpa do. A test release with this functionality is available at: http://www.thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.56test4.tar.gz Cheers, Simon.