[Dnsmasq-discuss] Feature Request?

Simon Kelley simon at thekelleys.org.uk
Wed Sep 17 14:36:46 BST 2008 

Jorge Bastos wrote:
> Hi Simon,
> 
> What can you say about this?
> 
>  
It rather depends on what you mean by "doesn't respond". The
possibilities I can think of are

1) network error "No route to host" talking to upstream server.
2) Upstream server returns NXDOMAIN or NODATA reply.
3) Upstream server returns SERVFAIL or REFUSED return codes.
4) Upstream server doesn't reply at all.

1) is already detected, and results is a REFUSED reply to the original
requestor, that could be customised fairly easily.

2) are legitimate replies and shouldn't be interfered with,
3) are arguably also legit replies, but could be substituted.

4) Is difficult to even reliably detect. DNS usually uses UDP as a
transport, the only way to substitute a different reply for no-reply
from the upstream server is to use a shorter time-out then the original
requestor. Since the length of that time-out is not known, that's
difficult to do reliably.

On top of this, messing with the DNS in this way can have unexpected
results: it sounds like you're trying to control the web-surfing
experience, but DNS is not just the web. If having the DNS go down
results in substituted results rather than errors, you could easily find
the contents of your mail spool delivered to your local webserver or,
more likely, bounced by it. There's also the problem that the results of
DNS lookups can get cached in surprising places, leading to problems
after connectivity is restored.

Cheers,

Simon.








> 
> Jorge,
> 
>  
> 
>  
> 
> From: dnsmasq-discuss-bounces at lists.thekelleys.org.uk
> [mailto:dnsmasq-discuss-bounces at lists.thekelleys.org.uk] On Behalf Of Jorge
> Bastos
> Sent: segunda-feira, 15 de Setembro de 2008 17:47
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: RE: [Dnsmasq-discuss] Feature Request?
> 
>  
> 
> Yap, DNSMasq is much better, that's why i'd like to have this feature on it.
> 
>  
> 
>  
> 
>  
> 
> From: dnsmasq-discuss-bounces at lists.thekelleys.org.uk
> [mailto:dnsmasq-discuss-bounces at lists.thekelleys.org.uk] On Behalf Of Paul
> Chambers
> Sent: segunda-feira, 15 de Setembro de 2008 16:52
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] Feature Request?
> 
>  
> 
> I'd like to do something vaguely similar, though in my case it's sending
> requests in a particular domain to a given pair of servers, only when a vpn
> is up (e.g. tun0). If the VPN isn't up, those servers are not reachable
> anyhow.
> 
> I noticed the 'server=/<domain>/<ipaddr>@<interface>' variant in the docs,
> but haven't had the time to investigate how it behaves if the interface in
> question is down.
> 
> This is also something pdnsd can do, but dnsmasq is a much better tool for
> my needs in just about every respect, and I'd really prefer not to have to
> run both.
> 
> Paul
> 
> Jorge Bastos wrote: 
> 
> Hi,
> 
> Simon, i'd like to ask for a feature if not implemented yet.
> 
> I've saw in other dns/dns proxy servers, the ability to serve an IP when
> certain DNS host is down/doesn't respond.
> 
> Is it possible for dnsmasq, to do this, with two parameters, one for on/off
> the feature, and the 2nd to specify the host/IP for the response.
> 
> With this I could for example, inside my network, redirect all broken DNS's
> to my webserver specifying a host and do a webpage explaining what happened.
> 
>  
> 
> Is this possible?
> 
>  
> 
> Thanks in advanced,
> 
> Jorge
> 
>  
> 
> PS: I saw it here, and it's something that will be very handy for me, and
> I'm sure for other because of dns problems.
> 
> ---
> 
> About: pdnsd is a Proxy DNS server for Linux and FreeBSD that is designed to
> cope with unreacheable nameservers (e.g. because the dial-in link is not up)
> in a graceful manner to prevent DNS-dependent applications like Netscape
> from hanging. It has a permanent disk cache and supports parallel query and
> a wide variety of link uptests. It also has the ability to serve some local
> records.
> 
>  
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list