[Dnsmasq-discuss] [Patch] dnsmasq biased round robin for new requests

Ed W lists at wildgooses.com
Tue Jun 7 09:26:27 BST 2011


On 06/06/2011 06:26, harish badrinath wrote:
> This (in my world) starts making sense when dnsmasq needs to work
> with  chillispot  (http://www.chillispot.info/)  for  example,
> to whitelist/blacklist certain domains  based on  "business logic"
> and for that dnsmasq needs to communicate with other processes using
> static shared memory.

Simon has kindly introduced a new feature in the latest test releases
which  essentially perpetuates the iptables conntrack mark from the
inbound client request, onto the upstream server request. (ie to
IPTABLES, the upstream request continues to look like the original
connection) I'm hoping to use this for some of my "business logic"
requirements (in particular it could be used to prevent DNS tunnelling)

Perhaps give some consideration to whether that feature could be used to
simplify some of your configuration? ie using iptables to route/limit
the requests based on the user making them?

However, some kind of in-process high speed filtering does sound like a
cool feature (not sure what I would personally use it for though).
Perhaps it's worth sponsoring a specific feature here (ie inside of
dnsmasq)? eg adding some kind of high speed static lookup table to
support white/blacklists? (also be aware of IPSET in modern kernels
which implements flexible hashes of ip addresses, ports and more)

Good luck

Ed W



More information about the Dnsmasq-discuss mailing list