[Dnsmasq-discuss] mDNS forwarding in dnsmasq (not avahi, but nss-mdns sort of thing)

Dmitry Khromov icechrome at gmail.com
Mon Nov 4 16:43:22 GMT 2013

>> Is it possible to remove reply's IP address check for in
>> dnsmasq? Maybe, check if the reply is from given subnets instead. Doing
>> so should allow to proxy mDNS replies, eliminating need for nss-mdns in
>> some scenarios by just using something like -S
>> /mydomain.local/
>> Thanks!
> I looked at this a long time ago, and it's not so simple. The mDNS
> protocol is subtly different to unicast DNS. For instance, replies don't
> necessarily include the "question" section. I'm aware that mDNS would be
> a useful addition to dnsmasq, and actively thinking about options.

Actually, RFC 6762, section 6 "Responding". explicitily states that
 > Multicast DNS responses MUST NOT contain any questions in the
 > Question Section.

But, at the same time section 6.7 "Legacy Unicast Responses" (it's our 
case, if we ask dnsmasq to not send requests using port 5353) states
 > This unicast response MUST be a conventional unicast response as
 > would be generated by a conventional Unicast DNS server; for example,
 > it MUST repeat the query ID and the question given in the query
 > message.

Anyway, I would like to show it is working for A records with Avahi, so 
one could possibly workaround that, if needed (e.g. using netfilter 
rules, socat is just for quick'n'dirty test):

# socat UDP-RECVFROM:25353,fork UDP-DATAGRAM: &
# dnsmasq -d -q -p 45353 -R -S /local/ &> /tmp/dnsmasq.out &
# dig -p 45353 A monotone-t0.local @

; <<>> DiG 9.9.3-P2 <<>> -p 45353 A monotone-t0.local @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43240
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;monotone-t0.local.             IN      A

monotone-t0.local.      10      IN      A

;; Query time: 178 msec
;; WHEN: Tue Nov 05 00:12:11 MSK 2013
;; MSG SIZE  rcvd: 51

# cat /tmp/dnsmasq.out 

dnsmasq: started, version 2.66 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus i18n IDN DHCP 
DHCPv6 no-scripts no-TFTP no-conntrack ipset no-auth
dnsmasq: using nameserver for domain local
dnsmasq: ignoring nameserver - local interface
dnsmasq: read /etc/hosts - 2 addresses
dnsmasq: query[A] monotone-t0.local from
dnsmasq: forwarded monotone-t0.local to
dnsmasq: reply monotone-t0.local is

- Dmitry.

More information about the Dnsmasq-discuss mailing list