[Dnsmasq-discuss] Feature Proposal: DNS Recursor
Carlos Carvalho
carlos at fisica.ufpr.br
Tue Nov 23 19:56:04 GMT 2010
Simon Kelley (simon at thekelleys.org.uk) wrote on 23 November 2010 16:02:
>Loune Lam wrote:
>> I've been using dnsmasq for a long time and it has been working
>> brilliantly. One feature I find that it's missing though, is a DNS
>> recursor. Having the ability to recurse would make it the most
>> lightweight self-containing DNS server/Cache. I've done some preliminary
>> investigations on how this could be done, which I've outlined below. If
>> Simon and others here are interested I'd be happy to create a patch for
>> inclusion in the mainline.
>
>I'd certainly consider this, but I'm not sure it's a good idea.
>
>It's a lot of extra code, when dnsmasq tries to be small.
>
>Most dnsmasq installations don't need it, indeed dnsmasq allows people
>to have their own nameserver without having their own _recursive_
>nameserver. I'm not sure it's a good idea to encourage every leaf node
>on the net to run a recursive server. When your ISP's nameserver looks
>up www.google.com at Google's authoritative server, it shares that
>information with thousands of customers. If all those customers run
>recursive servers, they all have to talk to Google's servers.
>
>Doing recursive DNS without generating security holes seems to be hard.
>I certainly don't know enough to be sure of doing it safely without a
>lot of research. Solutions are already available which have tackled the
>problems. (see below)
>
>Those people who have needed this, have generally done it by using
>dnsmasq as a front end and pointing it at dnscache
That's what I do here, and it works very well.
>If you want to patch dnsmasq for your own use, and make the changes
>available, that's great. Use the power of Free Software. If the patch
>allows conditional compilation of the recursor, and looks like it won't
>be a big ongoing maintenance headache, I _might_ take it into the
>mainline, but no promises.
Lots of if's in the paragraph above... And it'd have to be a high
quality work, because if it's inferior to the other solutions it's
not worth it.
>A chorus of "but we'd love that feature" on here would help sway me.
I would, but only under the above conditions. The cost/benefit seems
hard to justify...
More information about the Dnsmasq-discuss
mailing list