[Dnsmasq-discuss] Hooking up dnsmasq with the Samba 4 AD

Simon Kelley simon at thekelleys.org.uk
Wed Jan 13 10:24:31 GMT 2010 

Kai Blin wrote:
> On Tuesday 12 January 2010 10:23:03 Simon Kelley wrote:
> 
>>> Looking at what Win2k8R2 returns, I need support for A/AAAA, PTR, NS,
>>> SOA, MX, CNAME, SRV and TXT records. I haven't wrapped my head around the
>>> dnsmasq code enough to see which of these are already supported.
>> We supportall except NS and SOA currently.
> 
> Ok.
> 
> 
>>> My plan was to either add an ldap or ldb backend to dnsmasq. I'm not too
>>> exited about DBus, as it would require to add yet another RPC protocol to
>>> Samba. At the moment, an ldap backend that supports the dnsZone schema
>>> seems to be the best fit.
>> Turning that around, I'd be wary of adding another RPC protocol to
>> dnsmasq, which probably has tighter size contraints than Samba.
> 
> Fair enough. I'll have to poke at dbus a bit more then. Our option to support 
> Bind via LDAP is pretty straightforward, but memory size-wise Bind is a 
> monster. As I play with Samba on embedded systems, I do understand your 
> concern for size constraints.
> 
>> A thought: what domains are involved? If the records are for a defined
>> set of domains, then you could simply configure dnsmasq with something like
>>
>> server=/domain.supplied.by.samba/127.0.0.1#500
>>
>> and add some code to samba which accepts DNS queries on port 500 (or
>> whatever) and answers then. Essentially using the DNS protocol as an RPC
>> method.
> 
> To be honest, if we go and implement enough of DNS to support that part, it 
> probably makes sense to go the last step to being a full DNS server 
> ourselves, which would allow us to easily handle all the encryption required 
> for the client-sent updates.
> 
> So if I can add (arbitrary) records to the dnsmasq via dbus, that would be an 
> option I could work with. 

You can't add arbitrary options at present, but I'd certainly consider 
adding that if is was shown to be useful. The current DBus interface is 
documented in  dbus/DBus-interface  in the dnsmasq tarball.

I'd consider the DNS-as-RPC route. The amount of code required to decode 
a DNS request and then pack a response is quite limited, (and you can 
lift it from dnsmasq, if you like.....) Assuming the requests are for a 
limited domain, that would work quite well. It's actaully much less work 
that makeing a fully-fledged DNS server.


Cheers,

Simon.

> 
> Cheers,
> Kai
>

More information about the Dnsmasq-discuss mailing list