Project

General

Profile

Actions
Copy link

Feature #403

closed

tinydns/dnscache drop in replacement for dnsmasq in pfSense

Added by znerol znerol about 15 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
03/06/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

I'm taking one more time on an older ticket back from last year:

http://redmine.pfsense.org/issues/show/129#note-1
Scott Ullrich wrote:

Thanks but we cannot migrate to the new version of DNSMASQ until someone writes a replacement for the isc log scanning option that they removed in haste.

I'm sort of uncomfortable with the current situation, that is dnsmasq stuck on an old unsupported version. Because djbs tinydns is already the core of pfDNS i tried to come up with a setup which allows to replace dnsmasq in pfSense completely with tinydns and dnsmasq. I think it should work if its implemented like this:

Cache only operation, no hosted zone:
  • One dnscache instance listening on the LAN-IP (or an ip alias on the lan interface).
  • /etc/resolv.conf points to the ip address of dnscache.
Combined operation: dnscache + tinydns:
  • One tinydns instance is started listening on an ip alias on the same interface where dnscache is bound to.
  • Configure one (or more) DNS zone (example.com. / x.y.z.in-addr.arpa. pairs) with NS, A and SOA records.
  • Provide a simple interface allowing the user to enter host and alias records. In tinydns-terms a host record consists of two DNS records: A and corresponding PTR while an alias is just an additional A record.
dnscache + tinydns + dhcp:
  • Run an isc dhcp server on the same interface where dnscache is bound to.
  • Derive domain option from tinydns config, NS record from dnscache config.
  • Run a script watching /var/log/dhcp3/dhcpd.leases for changes. Whenever the file was altered the script parses the dhcp leases file and generates tinydns host entries for each hostname-ip pair found. The ttl parameter is derived from the lease time.
  • Signal the pfsense configuration system to regenerate the tinydns database and reload the dns server process.
  • For clients with fixed IP-MAC mapping the host record should not get overwritten by the leases script.
Additional notes:
  • It might be interesting to start the leases watcher script using daemon-tools, just like tinydns and dnscache.
  • There are PHP interfaces for FAM and libevent. Both of them use kqueue to watch a path or file descriptor for changes. This could be usefull to avoid a poll-loop which stats the leases file on a regular basis.
  • One could run several instances of tinydns and dnscache to serve different isolated LAN zones (on different interfaces). That's currently not possible.

I've attached some early proof-of-concept code for the dhcp-parsing and leasfile watching stuff. I'm willing to contribute to the lowlevel stuff aka lease-file parsing, daemontools and stuff like that if someone goes for the webinterface part.

Files

Download all files
dhcpd-leases.php (692 Bytes) dhcpd-leases.php znerol znerol, 03/06/2010 05:22 AM
monitor-fam.php (451 Bytes) monitor-fam.php znerol znerol, 03/06/2010 05:22 AM
monitor-poll.php (745 Bytes) monitor-poll.php znerol znerol, 03/06/2010 05:22 AM
tinydns-dhcpd-patches.tar.gz (6.47 KB) tinydns-dhcpd-patches.tar.gz znerol znerol, 03/19/2010 09:46 AM
0001-tinydns-replace-redundant-g-varetc_path-etc-with.patch (11 KB) 0001-tinydns-replace-redundant-g-varetc_path-etc-with.patch znerol znerol, 03/30/2010 05:30 AM
Actions
Copy link

Also available in: Atom PDF