[Dnsmasq-discuss] [Patch] dnsmasq biased round robin for new requests
lists at wildgooses.com
Tue Jun 7 09:26:27 BST 2011
On 06/06/2011 06:26, harish badrinath wrote:
> This (in my world) starts making sense when dnsmasq needs to work
> with chillispot (http://www.chillispot.info/) for example,
> to whitelist/blacklist certain domains based on "business logic"
> and for that dnsmasq needs to communicate with other processes using
> static shared memory.
Simon has kindly introduced a new feature in the latest test releases
which essentially perpetuates the iptables conntrack mark from the
inbound client request, onto the upstream server request. (ie to
IPTABLES, the upstream request continues to look like the original
connection) I'm hoping to use this for some of my "business logic"
requirements (in particular it could be used to prevent DNS tunnelling)
Perhaps give some consideration to whether that feature could be used to
simplify some of your configuration? ie using iptables to route/limit
the requests based on the user making them?
However, some kind of in-process high speed filtering does sound like a
cool feature (not sure what I would personally use it for though).
Perhaps it's worth sponsoring a specific feature here (ie inside of
dnsmasq)? eg adding some kind of high speed static lookup table to
support white/blacklists? (also be aware of IPSET in modern kernels
which implements flexible hashes of ip addresses, ports and more)
More information about the Dnsmasq-discuss