[Dnsmasq-discuss] A reason for setting NS records in dnsmasq
Simon Kelley
simon at thekelleys.org.uk
Fri Nov 2 14:46:58 GMT 2012
On 02/11/12 12:43, Gui Iribarren wrote:
>
> On Fri, Nov 2, 2012 at 8:58 AM, Simon Kelley <simon at thekelleys.org.uk
> <mailto:simon at thekelleys.org.uk>> wrote:
>
> That looks very interesting. It's out of comfort-zone for DNS-wrangling,
> but I will cause it to be looked at by people who know more about this.
> If they think it's a valid thing to do, I'll implement enough NS record
> functionality to make it possible.
>
>
> When I first changed the NS at the registrar, (from a proper,
> authoritative one) to pointing to my frankestein, there was a window of
> a couple of hours, until it propagated completely, where i could ask
> 8.8.8.8, and my dnsmasq would return a cached correct NS reply, thus it
> all worked for an afternoon. I was delighted. :)
> since then i've been banging my head, trying different configs in bind9
> / dnsmasq, until accepting an NS record in dnsmasq would make it.
>
>
> One thought: to make this work, you are going to have to make dnsmasq
> open to queries from "outside". That's normally seen as a really bad
> idea. It may be necessary to limit the domains and/or query types for
> queries from outside.
>
>
> Definitely: as it stands right now, when asked for A records, it answers
> with 10.x.x.x to queries from the Internet, which is a *big* no-no...
> So that would need a "reverse" bogus-priv option or something
That's true, but more generally accepting queries from outside that then
get forwarded outside make a DNS forwarder into a DoS amplifier. There
would have to be access control that only accepted queries that can be
answered internally.
>
> But i'm really glad you liked the idea
>
> it's a simple free-ride on the inspiringly elegant hack that is ra-names ;)
>
Flattery will get you anywhere :) I can only accept credit for the
implementation: I'm aware of at least two different inventors, neither
of them me.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list