Hi,
From the manpage:
-b dnsport
If this port is specified, all incoming requests not
inside the tunnel domain will be forwarded to this port
on localhost, to be handled by a real dns. Note: The
forwarding is not fully transparent, and not advised for
use in production environments.
What means "not fully transparent". What does not work? Why not in
production environments?
I would like to use this feature because I have a VServer with only a
single IP address which acts as slave DNS for various domains.
The tunnel is configured as t.example1.com
Forwarding seems to work well for everything inside example1.com. - at
least a few tests tests worked fine.
dig @server -t NS example1.com.
dig @server something.example1.com.
dig +trace -t NS example1.com. # call a few times until the reply is
from our iodine server
One drawback: With http://www.dns-info.cz/en/dns-test/dom.php I get
errors (no response from the server). I do not know why - with dig it
works fine.
I think at least zone transfers work - at least a small test
successfully transfered the zone.
However, forwarding does *not* work for the other domains example2.com,
example3.com etc. Is there a reason for this? Can this be changed?
Best regards,
Luke
|
|