Re: [Dnsmasq-discuss] DNSMasq script lookup
On 29/03/12 00:50, Rob Zwissler wrote: Hey Simon - Would it be a big project, or one that interests you, to add the functionality to interface DNSMasq with a script or (more interestingly) a named pipe, so it could dynamically retrieve DNS records... a named pipe could have a script on the other side that could do rewriting, SQLite or other databases lookups, etc... then some of these more sophisticated/niche feature requests some of us have could be offloaded out of DNSMasq which in end would make DNSMasq more powerful and lean...? It's all down to concurrency. What happens in dnsmasq at the moment when a DNS query comes in is this. 1) Check is the query can be answered locally (Cache, /etc/hosts, DHCP) and if so return answer. 2) Pick nameserver(s) to forward the query to. Send basically the same UDP packet that arrived on to the upstream nameservers. 3) Save an entry in a small table the following data: where the query came from, where it was sent to, a fingerprint of the query. 4) Forget the original query. At this point, dnsmasq is free to again serve new queries, and the only resources being used at a small fixed-size entry in an array. The only limit on the number of concurrent queries is the size of this array. When the answer comes in, it includes the original query, and just needs to be send back to the original requestor. The forwarding table has all the information needed to do that. Now, if you're going to start interacting with a script, (or anything which doesn't speak DNS) the entry in forwarding table isn't enough. You either have to block, waiting for the script to return the answer, during which time other queries get queued or ignored (bad) or you have to change dnsmasq so that it allocates memory and saves much more state about each query. (not so bad, but removes a dnsmasq USP) One way round this is to make the script, or whatever, speak DNS. Essentially, it becomes a DNS server itself. For simple cases, this is supported already. Arrange a DNS server which replies from a database (write it de novo, or adapt an existing program), and point dnsmasq to that server for domains of interest with --server=/example.com/ip-of-server On thing which might be interesting, is to define a new type of upstream server (maybe called a look-aside server) which dnsmasq will send a query to first, and which if it can't answer the query can return a custom return-code Not known, which causes dnsmasq to then push the query into the standard server pathway. That becomes useful if such a server exists. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNSMasq script lookup
On Thu, Mar 29, 2012 at 3:54 AM, Simon Kelley si...@thekelleys.org.uk wrote: snip On thing which might be interesting, is to define a new type of upstream server (maybe called a look-aside server) which dnsmasq will send a query to first, and which if it can't answer the query can return a custom return-code Not known, which causes dnsmasq to then push the query into the standard server pathway. That becomes useful if such a server exists. Cheers, Simon. Simon: I just wanted to chime in here because this idea would fix one of the problems I've been working with for some time. I have my own dns server (to deal with IPs that send my mail server spam, etc) I currently send all dns requests to my dns server first. The second dns server is fast (its a small install of djbdns from Dan Bernstein). But not every query needs to be handled this way. I could improve the overall efficiency if of this idea if I could somehow filter which dns queries go off toward my server and which go out to the internet the standard way. Your look-aside server idea would go a long way toward making this happen. The only missing piece would be a sensible way to choose if the look-aside server was needed or not. Thanks. Rance ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNSMasq script lookup
On 29/03/12 12:52, Rance Hall wrote: On Thu, Mar 29, 2012 at 3:54 AM, Simon Kelleysi...@thekelleys.org.uk wrote: snip On thing which might be interesting, is to define a new type of upstream server (maybe called a look-aside server) which dnsmasq will send a query to first, and which if it can't answer the query can return a custom return-code Not known, which causes dnsmasq to then push the query into the standard server pathway. That becomes useful if such a server exists. Cheers, Simon. Simon: I just wanted to chime in here because this idea would fix one of the problems I've been working with for some time. I have my own dns server (to deal with IPs that send my mail server spam, etc) I currently send all dns requests to my dns server first. The second dns server is fast (its a small install of djbdns from Dan Bernstein). But not every query needs to be handled this way. I could improve the overall efficiency if of this idea if I could somehow filter which dns queries go off toward my server and which go out to the internet the standard way. Your look-aside server idea would go a long way toward making this happen. The only missing piece would be a sensible way to choose if the look-aside server was needed or not. That's sort of backwards from what I was envisaging. The point of the look-aside server is that it sees _all_ the requests but only chooses to answer some of them. You can route just a subset of queries to a local server using dnsmasq now, as long as the criteria for choosing which is just the domain. Other filters could be added, but I can't think off-hand of any other useful ones. Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNSMasq script lookup
On thing which might be interesting, is to define a new type of upstream server (maybe called a look-aside server) which dnsmasq will send a query to first, and which if it can't answer the query can return a custom return-code Not known, which causes dnsmasq to then push the query into the standard server pathway. How's this help? Hasn't dnsmasq thrown away the information it would need to send the query to a second server at this point? Or is the fingerprint kept in a not known table, such that when the client tries again (and dnsmasq receives a second copy of the query), the look-aside is skipped and the normal servers are used? That would work, but add a non-negligible retry timeout to all queries which use the normal servers. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss