[Dnsmasq-discuss] DNS Rewriting requests.

Stuart Jenkins stuart at stuartj.plus.com
Sun May 5 09:39:44 BST 2013


Hi Simon

Would the solution to the simple append be (apologies for real school boy
question but I avoided C) in forward.c to :

a. SubRoutine: forward_query(...) to adjust the header; so almost new line
1 in the function which modifies the header ( as I assume there is a
property of the header being the name being requested (haven't found that
yet)
b. SubRoutine: process_reply(...) and again restructure the header

So in these cases adding/removing my append.

Or should I be looking at modifying:

daemon->namebuff = daemon->namebuff + 'AppendString'     (Not correct C I
know - I'll need to look that up and take into account lengthening the
string which I think might break something else?)

Thanks.






Stu


On Sun, May 5, 2013 at 7:58 AM, Stuart Jenkins <stuart at stuartj.plus.com>wrote:

> Thanks Simon.
>
> I think all I need is the *simple case - append*, As as you say then the
> reverse operation is easy to do, so a simple version would be possible.
>
> Append on the way out, trim off on the way back.
>
> Is forward.c the right place to be looking?
>
> Thanks
>
>
>
>
> Stu
>
>
> On Sat, May 4, 2013 at 8:40 PM, Simon Kelley <simon at thekelleys.org.uk>wrote:
>
>> On 04/05/13 18:27, Stuart Jenkins wrote:
>>
>>>
>>> First off I can see the “potential for abuse” in my question. Its
>>> actually not the desire to do abuse which is causing the question –
>>> quite the reverse – it’s the ability to rewrite domain requests so I can
>>> hit a white list and hence filter traffic going through my access point.
>>>
>>> Personally I come from a .NET background and I have a client and server
>>> solution already working in .NET; But I want one working on an Access
>>> point. Hence getting an old TP-Link Access point, flashing with Openwrt
>>> (which nicely comes with DNSMASQ) and almost everything is ready to rock
>>> bar one thing.
>>>
>>> I want when a DNS request hits DNSMASQ (which will forward all requests
>>> to my own DNS Servers) for it to be able to alter the request.
>>> Specifically if the request was for www.domain.com
>>> <http://www.domain.com/> I want it to become
>>> www.domain.com.AccessPointID.**FilterDomain.com<http://www.domain.com.AccessPointID.FilterDomain.com>
>>> <http://www.domain.com.**accesspointid.filterdomain.**com/<http://www.domain.com.accesspointid.filterdomain.com/>>
>>> (ideally
>>> AccessPointID.FilterDomain.com <http://AccessPointID.**FilterDomain.com<http://AccessPointID.FilterDomain.com>
>>> >
>>>
>>> being specified in the config for dnsmasq as an “always append”)
>>>
>>> Where FilterDomain.com I control the Nameserver for – hence I get all
>>> the requests.
>>>
>>> The AccessPoint ID part of the request tells me which accesspoint it is
>>> and hence I know whether to filter www.domain.com
>>> <http://www.domain.com> or not for that access point.
>>>
>>>
>>>   Having looked through the man page, and all the options, even to the
>>> point of downloading the source of dnsmasq and looking at forward.c; I
>>> don’t believe out of the box I can do what I want with dnsmasq; and the
>>> C…. hmmm its not my strong suit.
>>>
>>> So finally the questions:
>>>
>>> 1.Am I right? Dnsmasq cannot do what I desire out of the box as it
>>>
>>> doesn’t have the desired feature (probably by design)
>>>
>>>  Correct.
>>
>>> 2.Am I right in that it “could” be programmed into forward.c
>>>
>>
>> Doing this is rather more difficult than you might imagine. The reason is
>> the way dnsmasq forwards DNS queries. Essentially, it forwards the query
>> complete, and keeps very little information about the query - just enough
>> to route the answer when it arrives. Re-writing the query on the way out is
>> easy, but there isn't enough information saved to restore it on the way
>> back. The original requestor is expecting an answer to its original query,
>> not something different.
>>
>> Of course for the simple case - append, then the reverse operation is
>> easy to do, so a simple version would be possible.
>>
>>>
>>> 3.And if so any hints where to look in forward.c as I …. Well I
>>> struggled.
>>>
>>>
>> Not trivial, because the query is passed through in wire format. To be
>> able to modify it, you'll have to add a lot of extra code.
>>
>>
>> Not a particularly helpful answer, sorry.
>>
>> Cheers,
>>
>> Simon.
>>
>>  Thanks in advance
>>>
>>>
>>> Stu
>>>
>>>
>>> ______________________________**_________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss at lists.**thekelleys.org.uk<Dnsmasq-discuss at lists.thekelleys.org.uk>
>>> http://lists.thekelleys.org.**uk/mailman/listinfo/dnsmasq-**discuss<http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss>
>>>
>>>
>>
>> ______________________________**_________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.**thekelleys.org.uk<Dnsmasq-discuss at lists.thekelleys.org.uk>
>> http://lists.thekelleys.org.**uk/mailman/listinfo/dnsmasq-**discuss<http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20130505/e7ab9368/attachment-0001.html>


More information about the Dnsmasq-discuss mailing list