BIND will completely drop D-BUS dynamic forwarders table support
Jima
jima at beer.tclug.org
Thu Dec 6 13:25:43 UTC 2007
Replying to a couple points in one email...
On Wed, 5 Dec 2007, Colin Walters wrote:
> If BIND is dropping support for configuring itself (i.e. it doesn't want
> to be a usable caching nameserver for roaming laptops), then dnsmasq may
> be what we need to use.
Well, crap. I just became a lot more important, huh?
On Wed, 5 Dec 2007, Till Maas wrote:
> On Mi Dezember 5 2007, Simo Sorce wrote:
>
>> For example I'd like to query my corporate domain server (over the vpn)
>> buy only for domain names that end in my.corp.com and use my ISP for
>> anything else.
>
> Btw. dnsmasq allows you to restrict nameservers on domains, i.e. specify a
> domain for which a nameserver should be asked. But a different question: How
> do you handle reverse dns lookups for the internal ip (vpn) addresses, are
> they forwarded to the ISP dns, too? Or do you prevent this somehow?
Same way:
server=/my.corp.com/0.0.10.in-addr.arpa/10.0.0.1
That makes dnsmasq look to 10.0.0.1 for both zones' records.
On Wed, 5 Dec 2007, David Zeuthen wrote:
> Running a full DNS server on a simple desktop seems like, well, a lot of
> overhead not to mention security concerns...
Have you *used* dnsmasq? As Roland said, it's not a full DNS server; it
doesn't even do recursion (it depends on its upstream servers for that).
As for security, I'm not hugely concerned if it's bound to 127.0.0.1.
On Wed, 5 Dec 2007, Callum Lerwick wrote:
> This is *exactly* what dnsmasq is designed for. From what I can tell,
> the author added dbus support to dnsmasq *specifically* so
> NetworkManager could use it. I'm not sure what's up with the disconnect
> here. :)
Maybe not NM specifically, but certainly conceptually:
"Added method support for DBus (http://www.freedesktop.org/Software/dbus)
This is a superior way to re-configure dnsmasq on-the-fly with different
upstream nameservers, as the host moves between networks. DBus support
must be enabled in src/config.h and should be considered experimental at
this point. See DBus-interface for the specification of the DBus method
calls supported."
(And yes, I enabled dbus support the day I submitted dnsmasq for review.
:-)
Jima
More information about the fedora-devel-list
mailing list