[Dnsmasq-discuss] Enhancement idea: localhost DNS

Simon Kelley simon at thekelleys.org.uk
Thu Jun 5 20:59:15 BST 2008

Bill C. Riemers wrote:
> Hello,
> I would like to enhance dnsmasq to work as a localhost DNS.   However,
> before I start patching code I thought I should check on the list to
> find out if anyone has ideas on how to implement this, or if it has been
> already implemented.  First a brief description of what I am trying to
> accomplish and why.
> Basically, I want a DNS server running on my machine that redirects
> requests to selectively to different DNS servers.   I am currently
> running dnsmasq on a NSLU2, which serves all my local machines for DNS
> and DHCP.   However, when I run vpnc, /etc/resolv.conf is redirected so
> that my local names no longer resolve.  While I can list the names in
> /etc/hosts to bypass this limitation, that defeats the whole point of
> running my own DNS server.  Also, I found sometimes my etc hosts entries
> are ignored by web browsers because the same name has been resolved by
> the remote DNS.
> As a hack, I modified both
> /etc/sysconfig/network-scripts/network-functions and
> /etc/vpnc/vpnc-script to write updated DNS info to
> /etc/resolv.conf.dnsmasq instead of /etc/resolv.conf.  I configured
> dnsmasq to read /etc/resolv.conf.dnsmasq, and I wrote as the
> name server in /etc/resolv.conf.
> This works.  I can do things like "nslookup hartnell.local" and have it
> work as expected, even when connected via vpnc.   However, it means I
> run the risk with every update that my scripts are going to be replaced,
> and of course I can't very well start telling others this a good way to
> do it.
> So it occurred to me a simple solution would be to patch dnsmasq so that
> when it detects a change in /etc/resolv.conf that after it reads in the
> updated information it replaces the nameserver lines as "".  
> That way dnsmasq is correctly using the information from DHCP and VPNC
> for any domain I do not explicitly override.   However, all other
> applications will still use dnsmasq.   I would probably activate this
> feature by setting the server option in dnsmasq.conf to localhost, or
> making a new option like overwrite-resolv=true.

There's no really good way to do this, because there's no well  defined, 
portable way to have network configuration systems handle the 
information about nameservers which comes from the various sources which 
configure networking.

Something that you need to think about is race conditions on 
modification of /etc/resolv.conf. The various scripts can change the 
file at any time, and leave it inconsistent states. Really, they should 
create resolv.cof.new and then do an atomic "mv resolv.conf.new 
resolv.conf", but not all do. Dnsmasq already has some tricks to avoid 
problems with this: it will be much more difficult to get right if 
dnsmasq is re-writing the file.

You might be able to avoid changing the scripts if there's some way to 
configure the distros netconf system with a static nameserver which 
comes first in resolv.conf. Then you can end up with

nameserver <dynamic nameserver from DHCP, vpnc, etc>

dnsmasq will ignore since it's clever enough to know that it 
is listening on that address, everything else will use it since it's first.

> My questions are:
>    1. Does anyone have better ideas on how I can accomplish the same thing?

Something I've thought about, but not investigated in detail, is to 
provide a new NSS module which does pretty much the same thing as the 
existing dns module, but doesn't use /etc/resolv.conf, instead using for DNS lookups. Then all you could just change one line in 
/etc/nsswitch.conf from

hosts:          files dns


hosts:          files dnsmasq

and have all name resolution go to dnsmasq via
Dnsmasq would still use /etc/resolv.conf, so the standard network 
scripts would work.

>    2. Is anyone else working on the same thing?

>    3. Is there public access to the dnsmasq source tree, or do I simply
> make my change to the latest source download and let the maintainer
> worry about merging
>        it with the current code base?

Send stuff to me. The latest development code can be found in 
http://www.thekelleys.org.uk/dnsmasq/test-releases/ so work from that 
rather than the stable releases.




> Bill
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list