[Dnsmasq-discuss] query rewriting

Tom Metro tmetro+dnsmasq at gmail.com
Fri Dec 4 17:48:26 GMT 2009 

richardvoigt at gmail.com wrote:
> Spoofing addresses in other people's domains doesn't solve any
> problems, it only creates more (and is borderline illegal in many
> areas).

No more illegal than modifying your own hosts file. The scope of the 
modification is, of course, relevant. Doing this at an ISP would be bad. 
Doing this on your private LAN, not a problem.


> What are you trying to accomplish?

The use case is a web server that has both public and private IPs, where 
the private IPs are accessible through a VPN. If VPN connected 
developers wish to access the server via the private interface (which 
enables diagnostics), while using the public host name (to invoke the 
correct virtual host), mapping the private host name to the public host 
name is one way to do this. Avoiding the use of a static IP in that map 
makes sure things don't break if the IT guys change IP addresses.

There are other, and probably better, ways to do this, such as adding a 
host name alias to the public virtual host that corresponds to a private 
IP address, but that would require both code (the host name is used by 
the application) and configuration changes in production.


Simon Kelley wrote:
> There's no way to do that, and it would be very difficult to provide one 
> for the following reason. Dnsmasq doesn't store a query when it forwards 
> it: it keeps the minimum amount of information needed to recognise the 
> reply and send it back to the original requestor.

Yeah, I had a vague recollection of that from a prior discussion on CNAMEs.


> If the domain was re-written before forwarding, there would be no-way
> to restore the original question before returning the answer.

If it was useful enough functionality, it should certainly be doable. It 
would just require a special case.

One way is having a thread make the request and block until a reply or 
timeout happened. Though you'd probably need to limit the quantity of 
such requests you'd process to avoid being DoSed.

Alternatively, could the memory structure you now keep on outstanding 
queries be modified to hold optional fields or a pointer to an optional 
extended data structure? Then you could add in the supplemental 
information for these special case queries without increasing the size 
of the query state information for typical queries.

Theres always the hack approximation. A cron script that periodically 
looks up the target name, and sends a config change to dnsmasq via dbus 
to add an 'address' entry mapping the public host name to the private IP 
address.

  -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/

More information about the Dnsmasq-discuss mailing list