[Dnsmasq-discuss] DNS Rewriting requests.
stuart at stuartj.plus.com
Sun May 5 07:58:14 BST 2013
I think all I need is the *simple case - append*, As as you say then the
reverse operation is easy to do, so a simple version would be possible.
Append on the way out, trim off on the way back.
Is forward.c the right place to be looking?
On Sat, May 4, 2013 at 8:40 PM, Simon Kelley <simon at thekelleys.org.uk>wrote:
> On 04/05/13 18:27, Stuart Jenkins wrote:
>> First off I can see the “potential for abuse” in my question. Its
>> actually not the desire to do abuse which is causing the question –
>> quite the reverse – it’s the ability to rewrite domain requests so I can
>> hit a white list and hence filter traffic going through my access point.
>> Personally I come from a .NET background and I have a client and server
>> solution already working in .NET; But I want one working on an Access
>> point. Hence getting an old TP-Link Access point, flashing with Openwrt
>> (which nicely comes with DNSMASQ) and almost everything is ready to rock
>> bar one thing.
>> I want when a DNS request hits DNSMASQ (which will forward all requests
>> to my own DNS Servers) for it to be able to alter the request.
>> Specifically if the request was for www.domain.com
>> <http://www.domain.com/> I want it to become
>> AccessPointID.FilterDomain.com <http://AccessPointID.**FilterDomain.com<http://AccessPointID.FilterDomain.com>
>> being specified in the config for dnsmasq as an “always append”)
>> Where FilterDomain.com I control the Nameserver for – hence I get all
>> the requests.
>> The AccessPoint ID part of the request tells me which accesspoint it is
>> and hence I know whether to filter www.domain.com
>> <http://www.domain.com> or not for that access point.
>> Having looked through the man page, and all the options, even to the
>> point of downloading the source of dnsmasq and looking at forward.c; I
>> don’t believe out of the box I can do what I want with dnsmasq; and the
>> C…. hmmm its not my strong suit.
>> So finally the questions:
>> 1.Am I right? Dnsmasq cannot do what I desire out of the box as it
>> doesn’t have the desired feature (probably by design)
>> 2.Am I right in that it “could” be programmed into forward.c
> Doing this is rather more difficult than you might imagine. The reason is
> the way dnsmasq forwards DNS queries. Essentially, it forwards the query
> complete, and keeps very little information about the query - just enough
> to route the answer when it arrives. Re-writing the query on the way out is
> easy, but there isn't enough information saved to restore it on the way
> back. The original requestor is expecting an answer to its original query,
> not something different.
> Of course for the simple case - append, then the reverse operation is easy
> to do, so a simple version would be possible.
>> 3.And if so any hints where to look in forward.c as I …. Well I struggled.
> Not trivial, because the query is passed through in wire format. To be
> able to modify it, you'll have to add a lot of extra code.
> Not a particularly helpful answer, sorry.
> Thanks in advance
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.**thekelleys.org.uk<Dnsmasq-discuss at lists.thekelleys.org.uk>
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.**thekelleys.org.uk<Dnsmasq-discuss at lists.thekelleys.org.uk>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dnsmasq-discuss