[Dnsmasq-discuss] query rewriting
Tom Metro
tmetro+dnsmasq at gmail.com
Fri Dec 4 17:48:26 GMT 2009
richardvoigt at gmail.com wrote:
> Spoofing addresses in other people's domains doesn't solve any
> problems, it only creates more (and is borderline illegal in many
> areas).
No more illegal than modifying your own hosts file. The scope of the
modification is, of course, relevant. Doing this at an ISP would be bad.
Doing this on your private LAN, not a problem.
> What are you trying to accomplish?
The use case is a web server that has both public and private IPs, where
the private IPs are accessible through a VPN. If VPN connected
developers wish to access the server via the private interface (which
enables diagnostics), while using the public host name (to invoke the
correct virtual host), mapping the private host name to the public host
name is one way to do this. Avoiding the use of a static IP in that map
makes sure things don't break if the IT guys change IP addresses.
There are other, and probably better, ways to do this, such as adding a
host name alias to the public virtual host that corresponds to a private
IP address, but that would require both code (the host name is used by
the application) and configuration changes in production.
Simon Kelley wrote:
> There's no way to do that, and it would be very difficult to provide one
> for the following reason. Dnsmasq doesn't store a query when it forwards
> it: it keeps the minimum amount of information needed to recognise the
> reply and send it back to the original requestor.
Yeah, I had a vague recollection of that from a prior discussion on CNAMEs.
> If the domain was re-written before forwarding, there would be no-way
> to restore the original question before returning the answer.
If it was useful enough functionality, it should certainly be doable. It
would just require a special case.
One way is having a thread make the request and block until a reply or
timeout happened. Though you'd probably need to limit the quantity of
such requests you'd process to avoid being DoSed.
Alternatively, could the memory structure you now keep on outstanding
queries be modified to hold optional fields or a pointer to an optional
extended data structure? Then you could add in the supplemental
information for these special case queries without increasing the size
of the query state information for typical queries.
Theres always the hack approximation. A cron script that periodically
looks up the target name, and sends a config change to dnsmasq via dbus
to add an 'address' entry mapping the public host name to the private IP
address.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Dnsmasq-discuss
mailing list