[Dnsmasq-discuss] DNAME or domain to domain transltion?

Simon Kelley simon at thekelleys.org.uk
Fri Mar 20 21:14:27 GMT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/03/15 13:49, Adrian Lewis wrote:
> Forgive me if I've not understood how dnsmasq works (still
> investigating) or if my terminology isn't quite correct but...
> 
> 1. If a client requests a lookup for a-record.domain1.tld, 2.
> dnsmasq forwards the lookup and receives a DNAME record as the
> answer saying domain1.tld is a DNAME for domain2.tld,
> 
> ...will it 3. then recursively look up a-record.domain2.tld and
> send the answer with IP back to the client? ...or does it 4. simply
> pass the DNAME answer back to the client without resolved IP for it
> to do the lookup again using the new domain?

The later.

> 
> I had assumed that for CNAME records, this recursion happens
> within dnsmasq before a reply is given back to the client. If so,
> would the same not be feasible for DNAME records configured locally
> in dnsmasq in the same way as CNAME records?
> 

CNAME records don't work like that. If dnsmasq forwards a query for an
A record which is actually a CNAME, it gets back a single reply which
has two (or more) answers, a CNAME record for the original query with
target a new name and an A record for the new name. Dnsmasq simply
passes that answer back to the original requestor, it doesn't need to
do anything special.

If the answer comes back that the original name is a CNAME, and there
is no A record for the CNAME target, then that's proof that such a
record doesn't exist. If it did exist then the recursive server would
have included it.

I don't know enough about DNAMES to know if the process there is
exactly analogous.

Cheers,

Simon.

> 
> -----Original Message----- From: Dnsmasq-discuss 
> [mailto:dnsmasq-discuss-bounces at lists.thekelleys.org.uk] On Behalf
> Of Simon Kelley Sent: 17 March 2015 21:54 To:
> dnsmasq-discuss at lists.thekelleys.org.uk Subject: Re:
> [Dnsmasq-discuss] DNAME or domain to domain transltion?
> 
> You're right that there's no ability to do this in dnsmasq. The 
> synth-domain stuff is not really applicable, since it generates
> records locally, rather than using data from an upstream server.
> 
> Your description implies that you want to modify the DNS as seen
> by clients of dnsmasq - ie that it does a transformation of the
> data being returned by the authoritative servers for a domain.
> That's not what DNAME does, from a quick reading if the relevant
> RFC, DNAME processing is not transparent to the stub resolver.
> 
> Implementing the sort of translation you want in dnsmasq would be
> more difficult than you might expect. The normal process is that
> dnsmasq forwards a DNS query, and then only retains a very small,
> fixed size data structure whilst it awaits the reply. It doesn't,
> for instance keep the original query. That makes applying the
> transformation to the reply impossible. Keeping more information
> can be done (it's done for DNSSEC processing, for instance) but you
> start to lose the attributes of small, and fixed, memory usage,
> which makes dnsmasq attractive in its niche.
> 
> TL;DR. What you're asking for isn't DNAME. It could be done, but
> not simply and there would be tradeoffs. It's not clear if it would
> be generally useful enough to make people want to pay the costs.
> 
> Cheers,
> 
> Simon.
> 
> 
> 
> 
> 
> 
> On 17/03/15 01:33, Adrian Lewis wrote:
>> Would it be fair to assume that there is no trick to this and if
>> so, is there any interest in a feature request for supporting
>> DNAME records? Unfortunately I'm simply a (very grateful)
>> freeloader with no programming skills whatsoever. I have no idea
>> whether implementing this would be something really simple or the
>> opposite.
> 
>> Many thanks,
> 
>> Adrian
> 
>> -----Original Message----- From: Adrian Lewis 
>> [mailto:adrian at alsiconsulting.co.uk] Sent: 11 March 2015 19:06
>> To: 'dnsmasq-discuss at lists.thekelleys.org.uk' Subject: DNAME or
>> domain to domain transltion?
> 
>> Hi,
> 
>> I've tried to find this out through reading and googling and I
>> can't find any obvious solution so I was hoping someone might
>> know a trick that would help me. I'm trying to do some sort of
>> domain to domain translation so that when a query for the a
>> record of host1.firstdomain.tld is received, dnsmasq does a
>> lookup for host1.seconddomain.tld and returns the IP as if the
>> client had asked for host1.seconddomain.tld.
> 
>> For an individual host this is much the same as a CNAME record
>> but I need to be able to specify the hostname dynamically so
>> that %anything%.firstdomain.tld is a CNAME for
>> %anything%.seconddomain.tld. Wildcards don't help either as this
>> is not a case of %anything%.firstdomain.tld being a CNAME for 
>> specifichost.seconddomain.tld.
> 
>>> From what I gather, this is what a DNAME record will do
>>> although support
>> for this type of record seems a little scarce and dnsmasq
>> doesn't support these directly. The purpose is not nefarious and
>> it is all being done for internal to internal translation. I've
>> not gone into why I need this in any great detail but it's
>> nothing dodgy.
> 
>> The --synth-domain feature suggests that there is some sort of
>> engine to create dynamic replies based on the query but I need
>> the equivalent of:
>> --synth-domain=firstdomain.tld,seconddomain.tld
> 
>> Can anyone help?
> 
>> TIA,
> 
>> Adrian
> 
>> _______________________________________________ Dnsmasq-discuss 
>> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
> 
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlUMjbMACgkQKPyGmiibgreLlQCeJ+SDrXHij401TFJQN236QdBX
XfYAmQHzUEFsiZ4BH65CRaFN1yr+PGAp
=CskZ
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list