[Dnsmasq-discuss] [PATCH] --dont-mirror-queries option
Chris Novakovic
chris at chrisn.me.uk
Fri Jan 29 13:38:22 GMT 2016
I have a (rather odd, and perhaps ill-advised) network setup in which
names in a particular domain (e.g. example.com) are split across three
sites, and I need three dnsmasq servers to be mutually dependent in the
following hierarchy to resolve names for that domain:
master
/ \
/ \
area1 area2
If a client sends a query for x.example.com to area1 that area1 can't
answer, or if another client sends a query for y.example.com to area2
that area2 can't answer, both servers will forward the query to master,
which is configured (with --server) to be the sole upstream DNS server
for example.com on both area1 and area2. If master can't answer a query
for example.com, it is configured to forward the query to area1 and
area2. Clearly, master shouldn't forward queries that originate from
area1 back to area1: this would lead to an infinite forwarding loop.
The attached patch implements a new option, --dont-mirror-queries. When
enabled, this option prevents dnsmasq from forwarding a request to an
upstream server if its IP address matches that of the sender of the
query. I suppose this could be considered a dynamic, per-query version
of the --dns-loop-detect option that is only capable of detecting 1-hop
loops.
Kurt H Maier <khm at sciops.net> was the brains of this operation, helping
me figure out the part of forward.c that needed patching.
Cheers,
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: added-dont-mirror-queries-option.patch
Type: text/x-patch
Size: 4661 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160129/4681329d/attachment.bin>
More information about the Dnsmasq-discuss
mailing list