Re: [Dnsmasq-discuss] server-side dynamic resolving
standpoint. Anyway, this is particularly where I hit the issue and realized that dnsmasq is *just* attempting lookups via hosts files and dhpc leases and not additionally (or only) attempting nsswitch which would obviously generally include the system's dns servers among other things. If there were some way to achieve that I'd be set :) Contacting nsswitch would cause infinite recursion in the (common) case where the default dns server is localhost (necessary to allow other programs on the same computer to see dynamic DNS entries which dnsmasq contains by virtue of DHCP registrations). ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] server-side dynamic resolving
On Mon, Aug 13, 2012 at 05:17:49PM +0200, Chris Wilson wrote: Running a real DNS server and dnsmasq on the same host might be be tricky. You might need to add an IP alias on the server and bind bind to that alias, and dnsmasq's DNS server to the main IP address. It's not tricky at all, and it's much simpler than that. I use an alternate port for named: [named.conf or included file] listen-on 127.0.0.1 port 1035; and tell dnsmasq to ignore resolv.conf and use named as its upstream resolver: [dnsmasq.conf or included file] no-resolv server=127.0.0.1#1035 You can use multiple listen-on directives in named.conf(5) if needed. FWIW I have posted about this on this list in the past. I like dnsmasq as DHCP server and for the relative ease of administration. On Mon, Aug 13, 2012 at 07:10:58PM +0200, John Hallam wrote: * If you are wondering, why two caches, the reason is that dnsmasq allows me to redirect troublemaker domains to the black hole easily, while dnscache is a somewhat-paranoid full recursive caching resolver. (The dnsmasq has to forward queries to the dnscache; the reverse doesn't work straightforwardly.) FSVO full and paranoid. dnscache does not support DNSSEC signature verification, does it? Is anybody hacking on it since its abandonment? -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject: ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] server-side dynamic resolving
On Tue, Aug 14, 2012 at 08:16:02AM -0500, /dev/rob0 wrote: On Mon, Aug 13, 2012 at 07:10:58PM +0200, John Hallam wrote: * If you are wondering, why two caches, the reason is that dnsmasq allows me to redirect troublemaker domains to the black hole easily, while dnscache is a somewhat-paranoid full recursive caching resolver. (The dnsmasq has to forward queries to the dnscache; the reverse doesn't work straightforwardly.) FSVO full and paranoid. dnscache does not support DNSSEC signature verification, does it? Is anybody hacking on it since its abandonment? No, it doesn't support DNSSEC as far as I am aware. And I don't think anyone plans to add the facility to it. If you care about DNSSEC there are other good alternatives to bind available. (By somewhat-paranoid etc., I meant that dnscache always starts its resolution chain from the roots, only trusts authoritative servers and won't talk to upstream caches if working as a recursive resolver. (Fully-paranoid would also verify the zone signatures on each step.)) Cheers, John ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] server-side dynamic resolving
Contacting nsswitch would cause infinite recursion in the (common) case where the default dns server is localhost (necessary to allow other programs on the same computer to see dynamic DNS entries which dnsmasq contains by virtue of DHCP registrations). True (I'm not currently doing that but that would be an issue). What would be nice is if for specific domains/hosts we could specify an external script to be called :) -- Travis Hansen travisghan...@gmail.com 801.367.2715 ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] server-side dynamic resolving
Hi Travis, On Mon, 13 Aug 2012, Travis Hansen wrote: Bind doesn't do it, the client does. CNAME works like this: client - nsswitch - server: what's the address of 15z.foo.bar? client - nsswitch - server: 15z.foo.bar is a CNAME to 15z.local. client - nsswitch - mdns: what's the address of 15z.local? client - nsswitch - mdns: 15z.local is at 1.2.3.4 This assumes that nsswitch on the clients is configured to use mdns as well as dns, which on my system (Ubuntu 11.10) it is. Awesome! I believe that will work. Now I just need to figure out how to get bind/dnsmasq to play nicely together on the same machine :) If you've got tips let me konw. In any case I'll report back. Just so I understand the first step mentioned above for my particular setup. Would it be like this? client - nsswitch - server dnsmasq: what's the address of 15z.foo.bar - server bind: what's the address of 15z.foo.bar If you're going to run bind and dnsmasq on the same machine, yes. I was assuming however that you already have someone serving the 15z.foo.bar zone with a full nameserver, and you could just configure that to return CNAMEs. Running a real DNS server and dnsmasq on the same host might be tricky. You might need to add an IP alias on the server and bind bind to that alias, and dnsmasq's DNS server to the main IP address. Cheers, Chris. -- Aptivate | http://www.aptivate.org | Phone: +44 1223 967 838 Future Business, Cam City FC, Milton Rd, Cambridge, CB4 1UY, UK Aptivate is a not-for-profit company registered in England and Wales with company number 04980791. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] server-side dynamic resolving
Hi Travis, On Sat, 11 Aug 2012, Travis Hansen wrote: I'm attempting to integrate dnsmasq with mdns. I'm not really sure how to go about it but I'll explain the scenario... 1. My machine is known as '15z' and via mdns clients resolves as 15z.local 2. I have apache running mod_dnssd (not actually critical to the situation but gives context at least) with a virtual host 15z.foobar.dev 3. I'd like to make it so 15z.foobar.dev gets returned by dnsmasq as whatever the current value of 15z.local is (the server is running avahi). Anyone have any great suggestions for me? I've thought about combinations of entering cname records into dnsmasq and somehow trying to integrate that but ultimately Do you control the DNS for the foobar.dev zone, and is it hosted by a full DNS server (not dnsmasq)? If so, just put a CNAME in the zone file: 15z IN CNAME 15z.local. If not, and 15z registers itself with the dnsmasq DHCP server, then you can bypass ahavi/mdns and just CNAME 15z.foobar.dev to the machine 15z in dnsmasq config: cname=15z.foobar.dev,15z I couldn't get dnsmasq to return what the local *server* resolves a given name too (limited to just hosts/dhcp/upstream dns). You probably can't do that without programming, so I suggest you find other ways to achieve what you want first, such as CNAME. I'd rather not run stuff client side. With a CNAME you don't need to run anything other than a standard resolver on the client side, which most likely you already do. Cheers, Chris. -- Aptivate | http://www.aptivate.org | Phone: +44 1223 967 838 Future Business, Cam City FC, Milton Rd, Cambridge, CB4 1UY, UK Aptivate is a not-for-profit company registered in England and Wales with company number 04980791. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] server-side dynamic resolving
Chris On Sun, Aug 12, 2012 at 3:48 AM, Chris Wilson ch...@aptivate.org wrote: Hi Travis, On Sat, 11 Aug 2012, Travis Hansen wrote: I'm attempting to integrate dnsmasq with mdns. I'm not really sure how to go about it but I'll explain the scenario... 1. My machine is known as '15z' and via mdns clients resolves as 15z.local 2. I have apache running mod_dnssd (not actually critical to the situation but gives context at least) with a virtual host 15z.foobar.dev 3. I'd like to make it so 15z.foobar.dev gets returned by dnsmasq as whatever the current value of 15z.local is (the server is running avahi). Anyone have any great suggestions for me? I've thought about combinations of entering cname records into dnsmasq and somehow trying to integrate that but ultimately Do you control the DNS for the foobar.dev zone, and is it hosted by a full DNS server (not dnsmasq)? If so, just put a CNAME in the zone file: 15z IN CNAME 15z.local. I'm not a dns expert but I doubt this will work either since I'm guessing something like bind is using pure dns lookups and is not capable of using the system resolver(s) (mdns) to find an IP. If I can do that then I'd just need to figure out how to get bind and dnsmasq on the same machine without clobbering each other. If you know of some sort of dns proxy that will simply return/cache whatever the server resolves vi nsswitch let me know what it is as I'd like to try it. If not, and 15z registers itself with the dnsmasq DHCP server, then you can bypass ahavi/mdns and just CNAME 15z.foobar.dev to the machine 15z in dnsmasq config: cname=15z.foobar.dev,15z This is actually what I tried initially but it was cname=15z.foobar.dev,15z.local. What I'm up against here (why I can't use cname=15z.foobar.dev,15z) is we have multiple laptops that float around from being plugged in to wireless each with different IPs depending on the nic. What that equates to in dnsmasq terms is static leases but not for '15z' but rather '15z-wifi' *and* '15z-eth0' for example. Avahi just picks the 'best' current IP to broadcast but I can never be sure which one it'll be from a purely dns/dhcp standpoint. Anyway, this is particularly where I hit the issue and realized that dnsmasq is *just* attempting lookups via hosts files and dhpc leases and not additionally (or only) attempting nsswitch which would obviously generally include the system's dns servers among other things. If there were some way to achieve that I'd be set :) I couldn't get dnsmasq to return what the local *server* resolves a given name too (limited to just hosts/dhcp/upstream dns). You probably can't do that without programming, so I suggest you find other ways to achieve what you want first, such as CNAME. I'd rather not run stuff client side. With a CNAME you don't need to run anything other than a standard resolver on the client side, which most likely you already do. Cheers, Chris. -- Aptivate | http://www.aptivate.org | Phone: +44 1223 967 838 Future Business, Cam City FC, Milton Rd, Cambridge, CB4 1UY, UK Aptivate is a not-for-profit company registered in England and Wales with company number 04980791. -- Travis Hansen travisghan...@gmail.com 801.367.2715 ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] server-side dynamic resolving
I'm attempting to integrate dnsmasq with mdns. I'm not really sure how to go about it but I'll explain the scenario... 1. My machine is known as '15z' and via mdns clients resolves as 15z.local 2. I have apache running mod_dnssd (not actually critical to the situation but gives context at least) with a virtual host 15z.foobar.dev 3. I'd like to make it so 15z.foobar.dev gets returned by dnsmasq as whatever the current value of 15z.local is (the server is running avahi). I'd rather not run stuff client side. Anyone have any great suggestions for me? I've thought about combinations of entering cname records into dnsmasq and somehow trying to integrate that but ultimately I couldn't get dnsmasq to return what the local *server* resolves a given name too (limited to just hosts/dhcp/upstream dns). -- Travis Hansen travisghan...@gmail.com 801.367.2715 ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss