[Dnsmasq-discuss] TTL override for clients?

Simon Kelley simon at thekelleys.org.uk
Wed Apr 21 20:58:05 BST 2010


Fredrik Ringertz wrote:
> Hi Simon,
> 
> Thank you for clarifying that! If a packet is signed, is it ever
> cached by dnsmasq? I would assume not because it would contain a
> timestamp of some sort?

Data from the packet could be cached, but no reply from the dnsmasq
cache is ever signed, this is just about allowing signed packets from
upstream.

> 
> I have to admit that I haven't dealt a lot with signatures before in
> DNS, am I correct in thinking they are only used when a client wants
> to initiate a dynamic update? Or can it be used in standard lookups?
> I only have 10-15 or so clients behind my dnsmasq server and none of
> them are in need of anything more then normal record lookups.

It's highly unlikely that you'll see any signed packets, but to do this
right and allow dnsmasq to act as a transparent proxy for any query,
it's necessary to avoid touching signed packets.

Cheers,

Simon.



More information about the Dnsmasq-discuss mailing list