[Dnsmasq-discuss] DNSMasq script lookup
Simon Kelley
simon at thekelleys.org.uk
Thu Mar 29 09:54:37 BST 2012
On 29/03/12 00:50, Rob Zwissler wrote:
> Hey Simon -
>
> Would it be a big project, or one that interests you, to add the
> functionality to interface DNSMasq with a script or (more interestingly)
> a named pipe, so it could dynamically retrieve DNS records... a named
> pipe could have a script on the other side that could do rewriting,
> SQLite or other databases lookups, etc... then some of these more
> sophisticated/niche feature requests some of us have could be offloaded
> out of DNSMasq which in end would make DNSMasq more powerful and lean...?
>
It's all down to concurrency.
What happens in dnsmasq at the moment when a DNS query comes in is this.
1) Check is the query can be answered locally (Cache, /etc/hosts, DHCP)
and if so return answer.
2) Pick nameserver(s) to forward the query to. Send basically the same
UDP packet that arrived on to the upstream nameservers.
3) Save an entry in a small table the following data: where the query
came from, where it was sent to, a fingerprint of the query.
4) Forget the original query.
At this point, dnsmasq is free to again serve new queries, and the only
resources being used at a small fixed-size entry in an array. The only
limit on the number of concurrent queries is the size of this array.
When the answer comes in, it includes the original query, and just needs
to be send back to the original requestor. The forwarding table has all
the information needed to do that.
Now, if you're going to start interacting with a script, (or anything
which doesn't speak DNS) the entry in forwarding table isn't enough. You
either have to block, waiting for the script to return the answer,
during which time other queries get queued or ignored (bad) or you have
to change dnsmasq so that it allocates memory and saves much more state
about each query. (not so bad, but removes a dnsmasq USP)
One way round this is to make the script, or whatever, speak DNS.
Essentially, it becomes a DNS server itself. For simple cases, this is
supported already. Arrange a DNS server which replies from a database
(write it de novo, or adapt an existing program), and point dnsmasq to
that server for domains of interest with
--server=/example.com/<ip-of-server>
On thing which might be interesting, is to define a new type of upstream
server (maybe called a look-aside server) which dnsmasq will send a
query to first, and which if it can't answer the query can return a
custom return-code "Not known", which causes dnsmasq to then push the
query into the standard server pathway.
That becomes useful if such a server exists.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list