[Dnsmasq-discuss] Feature Proposal: DNS Recursor

Carlos Carvalho carlos at fisica.ufpr.br
Tue Nov 23 19:56:04 GMT 2010


Simon Kelley (simon at thekelleys.org.uk) wrote on 23 November 2010 16:02:
 >Loune Lam wrote:
 >> I've been using dnsmasq for a long time and it has been working 
 >> brilliantly. One feature I find that it's missing though, is a DNS 
 >> recursor. Having the ability to recurse would make it the most 
 >> lightweight self-containing DNS server/Cache. I've done some preliminary 
 >> investigations on how this could be done, which I've outlined below. If 
 >> Simon and others here are interested I'd be happy to create a patch for 
 >> inclusion in the mainline.
 >
 >I'd certainly consider this, but I'm not sure it's a good idea.
 >
 >It's a lot of extra code, when dnsmasq tries to be small.
 >
 >Most  dnsmasq installations don't need it, indeed dnsmasq allows people
 >to have their own nameserver without having their own _recursive_
 >nameserver. I'm not sure it's a good idea to encourage every leaf node
 >on the net to run  a recursive server. When your ISP's nameserver looks
 >up www.google.com at Google's authoritative server, it shares that
 >information with thousands of customers. If all those customers run
 >recursive servers, they all have to talk to Google's servers.
 >
 >Doing recursive DNS without generating security holes seems to be hard.
 >I certainly don't know enough to be sure of doing it safely without a
 >lot of research. Solutions are already available which have tackled the
 >problems. (see below)
 >
 >Those people who have needed this, have generally done it by using
 >dnsmasq as a front end and pointing it at dnscache

That's what I do here, and it works very well.

 >If you want to patch dnsmasq for your own use, and make the changes
 >available, that's great. Use the power of Free Software. If the patch
 >allows conditional compilation of the recursor, and looks like it won't
 >be a big ongoing maintenance headache, I _might_ take it into the
 >mainline, but no promises.

Lots of if's in the paragraph above... And it'd have to be a high
quality work, because if it's inferior to the other solutions it's
not worth it.

 >A chorus of "but we'd love that feature" on here would help sway me.

I would, but only under the above conditions. The cost/benefit seems
hard to justify...



More information about the Dnsmasq-discuss mailing list