[Dnsmasq-discuss] DNS Rewriting requests.

Stuart Jenkins stuart at stuartj.plus.com
Sun May 5 07:58:14 BST 2013


Thanks Simon.

I think all I need is the *simple case - append*, As as you say then the
reverse operation is easy to do, so a simple version would be possible.

Append on the way out, trim off on the way back.

Is forward.c the right place to be looking?

Thanks




Stu


On Sat, May 4, 2013 at 8:40 PM, Simon Kelley <simon at thekelleys.org.uk>wrote:

> On 04/05/13 18:27, Stuart Jenkins wrote:
>
>>
>> First off I can see the “potential for abuse” in my question. Its
>> actually not the desire to do abuse which is causing the question –
>> quite the reverse – it’s the ability to rewrite domain requests so I can
>> hit a white list and hence filter traffic going through my access point.
>>
>> Personally I come from a .NET background and I have a client and server
>> solution already working in .NET; But I want one working on an Access
>> point. Hence getting an old TP-Link Access point, flashing with Openwrt
>> (which nicely comes with DNSMASQ) and almost everything is ready to rock
>> bar one thing.
>>
>> I want when a DNS request hits DNSMASQ (which will forward all requests
>> to my own DNS Servers) for it to be able to alter the request.
>> Specifically if the request was for www.domain.com
>> <http://www.domain.com/> I want it to become
>> www.domain.com.AccessPointID.**FilterDomain.com<http://www.domain.com.AccessPointID.FilterDomain.com>
>> <http://www.domain.com.**accesspointid.filterdomain.**com/<http://www.domain.com.accesspointid.filterdomain.com/>>
>> (ideally
>> AccessPointID.FilterDomain.com <http://AccessPointID.**FilterDomain.com<http://AccessPointID.FilterDomain.com>
>> >
>>
>> being specified in the config for dnsmasq as an “always append”)
>>
>> Where FilterDomain.com I control the Nameserver for – hence I get all
>> the requests.
>>
>> The AccessPoint ID part of the request tells me which accesspoint it is
>> and hence I know whether to filter www.domain.com
>> <http://www.domain.com> or not for that access point.
>>
>>
>>   Having looked through the man page, and all the options, even to the
>> point of downloading the source of dnsmasq and looking at forward.c; I
>> don’t believe out of the box I can do what I want with dnsmasq; and the
>> C…. hmmm its not my strong suit.
>>
>> So finally the questions:
>>
>> 1.Am I right? Dnsmasq cannot do what I desire out of the box as it
>>
>> doesn’t have the desired feature (probably by design)
>>
>>  Correct.
>
>> 2.Am I right in that it “could” be programmed into forward.c
>>
>
> Doing this is rather more difficult than you might imagine. The reason is
> the way dnsmasq forwards DNS queries. Essentially, it forwards the query
> complete, and keeps very little information about the query - just enough
> to route the answer when it arrives. Re-writing the query on the way out is
> easy, but there isn't enough information saved to restore it on the way
> back. The original requestor is expecting an answer to its original query,
> not something different.
>
> Of course for the simple case - append, then the reverse operation is easy
> to do, so a simple version would be possible.
>
>>
>> 3.And if so any hints where to look in forward.c as I …. Well I struggled.
>>
>>
> Not trivial, because the query is passed through in wire format. To be
> able to modify it, you'll have to add a lot of extra code.
>
>
> Not a particularly helpful answer, sorry.
>
> Cheers,
>
> Simon.
>
>  Thanks in advance
>>
>>
>> Stu
>>
>>
>> ______________________________**_________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.**thekelleys.org.uk<Dnsmasq-discuss at lists.thekelleys.org.uk>
>> http://lists.thekelleys.org.**uk/mailman/listinfo/dnsmasq-**discuss<http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss>
>>
>>
>
> ______________________________**_________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.**thekelleys.org.uk<Dnsmasq-discuss at lists.thekelleys.org.uk>
> http://lists.thekelleys.org.**uk/mailman/listinfo/dnsmasq-**discuss<http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20130505/6edc7b9f/attachment.html>


More information about the Dnsmasq-discuss mailing list