[Dnsmasq-discuss] forwarding signed requests

Philip Craig philipc at snapgear.com
Wed Mar 18 09:28:56 GMT 2009


Why does dnsmasq have support for forwarding signed requests?
The changelog indicates that this was added for dynamic dns updates.

But I've tried to understand how dns updates work from RFC 2136, and
also Microsoft's description at:
	http://technet.microsoft.com/en-us/library/cc784052.aspx
and my understanding is that the client will only send these requests
to the primary server for the domain, which will never be the dnsmasq
server.

ie the process is:
1. send a SOA query to dnsmasq (no signing needed)
2. send an update request to the primary server (signed)

The RFC does talk about forwarding, but only in the context of
a zone slave forwarding to a master, which does not apply for dnsmasq.

What am I missing?

The reason I ask is that I am looking at adding some support for
retrying different servers for timeouts or NXDOMAIN responses,
which will require storing either the original query or a
NXDOMAIN response, and I'm trying to understand how the signed
request support should interact with this.




More information about the Dnsmasq-discuss mailing list