[Dnsmasq-discuss] DNSMasq script lookup

Simon Kelley simon at thekelleys.org.uk
Thu Mar 29 09:54:37 BST 2012 

On 29/03/12 00:50, Rob Zwissler wrote:
> Hey Simon -
>
> Would it be a big project, or one that interests you, to add the
> functionality to interface DNSMasq with a script or (more interestingly)
> a named pipe, so it could dynamically retrieve DNS records... a named
> pipe could have a script on the other side that could do rewriting,
> SQLite or other databases lookups, etc...  then some of these more
> sophisticated/niche feature requests some of us have could be offloaded
> out of DNSMasq which in end would make DNSMasq more powerful and lean...?
>

It's all down to concurrency.

What happens in dnsmasq at the moment when a DNS query comes in is this.

1) Check is the query can be answered locally (Cache, /etc/hosts, DHCP)
and if so  return answer.

2) Pick nameserver(s) to forward the query to. Send basically the same 
UDP packet that arrived on to the upstream nameservers.

3) Save an entry in a small table the following data: where the query 
came from, where it was sent to, a fingerprint of the query.

4) Forget the original query.


At this point, dnsmasq is free to again serve new queries, and the only 
resources being used at a small fixed-size entry in an array. The only 
limit on the number of concurrent queries is the size of this array.

When the answer comes in, it includes the original query, and just needs 
to be send back to the original requestor. The forwarding table has all 
the information needed to do that.


Now, if you're going to start interacting with a script, (or anything 
which doesn't speak DNS) the entry in forwarding table isn't enough. You 
either have to block, waiting for the script to return the answer, 
during which time other queries get queued or ignored (bad) or you have 
to change dnsmasq so that it allocates memory and saves much more state 
about each query. (not so bad, but removes a dnsmasq USP)

One way round this is to  make the script, or whatever, speak DNS. 
Essentially, it becomes a DNS server itself. For simple cases, this is 
supported already. Arrange a DNS server which replies from a database 
(write it de novo, or adapt an existing program), and point dnsmasq to 
that server for domains of interest with

--server=/example.com/<ip-of-server>

On thing which might be interesting, is to define a new type of upstream 
server (maybe called a look-aside server) which dnsmasq will send a 
query to first, and which if it can't answer the query can return a 
custom return-code "Not known", which causes dnsmasq to then push the 
query into the standard server pathway.

That becomes useful if such a server exists.


Cheers,

Simon.

More information about the Dnsmasq-discuss mailing list