[Dnsmasq-discuss] DNS Rewriting requests.

Simon Kelley simon at thekelleys.org.uk
Sat May 4 20:40:27 BST 2013


On 04/05/13 18:27, Stuart Jenkins wrote:
>
> First off I can see the “potential for abuse” in my question. Its
> actually not the desire to do abuse which is causing the question –
> quite the reverse – it’s the ability to rewrite domain requests so I can
> hit a white list and hence filter traffic going through my access point.
>
> Personally I come from a .NET background and I have a client and server
> solution already working in .NET; But I want one working on an Access
> point. Hence getting an old TP-Link Access point, flashing with Openwrt
> (which nicely comes with DNSMASQ) and almost everything is ready to rock
> bar one thing.
>
> I want when a DNS request hits DNSMASQ (which will forward all requests
> to my own DNS Servers) for it to be able to alter the request.
> Specifically if the request was for www.domain.com
> <http://www.domain.com/> I want it to become
> www.domain.com.AccessPointID.FilterDomain.com
> <http://www.domain.com.accesspointid.filterdomain.com/> (ideally
> AccessPointID.FilterDomain.com <http://AccessPointID.FilterDomain.com>
> being specified in the config for dnsmasq as an “always append”)
>
> Where FilterDomain.com I control the Nameserver for – hence I get all
> the requests.
>
> The AccessPoint ID part of the request tells me which accesspoint it is
> and hence I know whether to filter www.domain.com
> <http://www.domain.com> or not for that access point.
>
>   Having looked through the man page, and all the options, even to the
> point of downloading the source of dnsmasq and looking at forward.c; I
> don’t believe out of the box I can do what I want with dnsmasq; and the
> C…. hmmm its not my strong suit.
>
> So finally the questions:
>
> 1.Am I right? Dnsmasq cannot do what I desire out of the box as it
> doesn’t have the desired feature (probably by design)
>
Correct.
> 2.Am I right in that it “could” be programmed into forward.c

Doing this is rather more difficult than you might imagine. The reason 
is the way dnsmasq forwards DNS queries. Essentially, it forwards the 
query complete, and keeps very little information about the query - just 
enough to route the answer when it arrives. Re-writing the query on the 
way out is easy, but there isn't enough information saved to restore it 
on the way back. The original requestor is expecting an answer to its 
original query, not something different.

Of course for the simple case - append, then the reverse operation is 
easy to do, so a simple version would be possible.
>
> 3.And if so any hints where to look in forward.c as I …. Well I struggled.
>

Not trivial, because the query is passed through in wire format. To be 
able to modify it, you'll have to add a lot of extra code.


Not a particularly helpful answer, sorry.

Cheers,

Simon.

> Thanks in advance
>
>
> Stu
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>




More information about the Dnsmasq-discuss mailing list