[Dnsmasq-discuss] patch proposal: getent support for ethers

Simon Kelley simon at thekelleys.org.uk
Mon Jun 29 15:03:18 BST 2009


Gabriel Winckler wrote:
> Hi,
> 
> I'm new around here, so I'm not sure if this message belongs to this list.
> 
> I made a patch for dnsmasq, allowing dynamic query the ether
> information using getent calls.
> 
> My goal is use dnsmasq in a large cluster deployment (exactly the
> original goal of this code), providing DHCP using LDAP as the backend
> server.
> Many people have asked for a DHCP server with LDAP support, but nobody
> make that happen (at least, not with dynamic updates).
> 
> Since this is the best DHCP server code on the market (I tried to
> implement this using the ISC... not a happy story), I propose a patch.
> 
> Just to clarify my plan:
> 
> - Store the MAC/IP information on a LDAP server.
> - Configure libnss to access this information (yes, libnss provide
> infrastructure for the /etc/ethers file)
> - Access the data in dnsmasq using getent.
> 
> So, no need to link, call or configure LDAP in dnsmasq.
> 
> The drawback is the slowdown (I know, this is why dnsmasq read the
> ethers file only during the initialization) of nss queries.
> 
> So, I'm submitting a draft patch, that adds this support. In my tests,
> everything works (with LDAP!).
> 
> ** I'm a sysadmin, not a C programmer. **
> Feel free to change this patch or express how bad I code.
> 
> This patch is for the 2.50test3 revision. (Is there a code repository
> somewhere?)
> 
> Is this a interesting feature? Any chances of something like this to
> be included?
> If so, we may need a option "getent-ethers", or something.
> 
> Thanks,
> 
> Winckler
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

This generated some interesting discussion, but it's taken 'till now to 
find time to look at the actual patch.

It needs some clean-up, but something like this has some attractions. 
The main drawback I can see is that the get_() library calls can all 
block for arbitrary lengths of time, which leaves the network with no 
DNS and no DHCP and no TFTP. Worse: gethostbyname() and gethostbyaddr() 
can possibly attempt to use DNS to get the host info, routing the 
queries through dnsmasq, which is blocked in the gethost*() call, 
leading to deadlock.

A solution which pulls all the host info from the LDAP database and 
pushes it into a file which is read by dnsmasq (or the named-pipe 
variant of this) avoids that pain.

Maybe something like "--read-ethers=nss" to switch on read-ethers 
semantics, but via the nss, would be good, if this solution is adopted?

Simon.




More information about the Dnsmasq-discuss mailing list