BIND will completely drop D-BUS dynamic forwarders table support

Jima jima at beer.tclug.org
Thu Dec 6 13:25:43 UTC 2007


  Replying to a couple points in one email...

On Wed, 5 Dec 2007, Colin Walters wrote:
> If BIND is dropping support for configuring itself (i.e. it doesn't want 
> to be a usable caching nameserver for roaming laptops), then dnsmasq may 
> be what we need to use.

  Well, crap.  I just became a lot more important, huh?

On Wed, 5 Dec 2007, Till Maas wrote:
> On Mi Dezember 5 2007, Simo Sorce wrote:
>
>> For example I'd like to query my corporate domain server (over the vpn)
>> buy only for domain names that end in my.corp.com and use my ISP for
>> anything else.
>
> Btw. dnsmasq allows you to restrict nameservers on domains, i.e. specify a
> domain for which a nameserver should be asked. But a different question: How
> do you handle reverse dns lookups for the internal ip (vpn) addresses, are
> they forwarded to the ISP dns, too? Or do you prevent this somehow?

  Same way:

server=/my.corp.com/0.0.10.in-addr.arpa/10.0.0.1

  That makes dnsmasq look to 10.0.0.1 for both zones' records.

On Wed, 5 Dec 2007, David Zeuthen wrote:
> Running a full DNS server on a simple desktop seems like, well, a lot of 
> overhead not to mention security concerns...

  Have you *used* dnsmasq?  As Roland said, it's not a full DNS server; it 
doesn't even do recursion (it depends on its upstream servers for that). 
As for security, I'm not hugely concerned if it's bound to 127.0.0.1.

On Wed, 5 Dec 2007, Callum Lerwick wrote:
> This is *exactly* what dnsmasq is designed for. From what I can tell, 
> the author added dbus support to dnsmasq *specifically* so 
> NetworkManager could use it. I'm not sure what's up with the disconnect 
> here. :)

  Maybe not NM specifically, but certainly conceptually:

"Added method support for DBus (http://www.freedesktop.org/Software/dbus)
This is a superior way to re-configure dnsmasq on-the-fly with different 
upstream nameservers, as the host moves between networks. DBus support 
must be enabled in src/config.h and should be considered experimental at 
this point. See DBus-interface for the specification of the DBus method 
calls supported."

  (And yes, I enabled dbus support the day I submitted dnsmasq for review. 
:-)

      Jima




More information about the fedora-devel-list mailing list