[iodine-users] -b option
Dmitry Shyshkin
dmitry.shyshkin at gmail.com
Thu Feb 10 06:08:33 CET 2011
> What means "not fully transparent". What does not work? Why not in
> production environments?
Request is decoded and then encoded again inside iodine. Only one
question per packet is supported (dns protocol allow multiple question
to be asked)
Requests with id 0 are ignored, this mean that on 1 out of 65536 request
you will receive no response. Simultaneously requests limited to very
small amount (16) which is not suitable for high load production server.
Source address will be lost - so no source rules can be used inside
real name server.
Also if you have rule based routing (when routing depends for example on
source address) iodine will fail to properly handle it.
Everything else should work fine (at least I haven't noticed any other
problems). I use modified version with fixed rule based forwarding and
request transparency - everything looks fine, but my name server is not
high load.
Regards,
Dmitry Shyshkin
On 02/09/2011 05:58 PM, Lukas Haase wrote:
> Hi,
>
> From the manpage:
>
> -b dnsport
> If this port is specified, all incoming requests not
> inside the tunnel domain will be forwarded to this port
> on localhost, to be handled by a real dns. Note: The
> forwarding is not fully transparent, and not advised for
> use in production environments.
>
>
> What means "not fully transparent". What does not work? Why not in
> production environments?
>
> I would like to use this feature because I have a VServer with only a
> single IP address which acts as slave DNS for various domains.
>
> The tunnel is configured as t.example1.com
>
> Forwarding seems to work well for everything inside example1.com. - at
> least a few tests tests worked fine.
>
> dig @server -t NS example1.com.
> dig @server something.example1.com.
> dig +trace -t NS example1.com. # call a few times until the reply is
> from our iodine server
>
> One drawback: With http://www.dns-info.cz/en/dns-test/dom.php I get
> errors (no response from the server). I do not know why - with dig it
> works fine.
>
> I think at least zone transfers work - at least a small test
> successfully transfered the zone.
>
> However, forwarding does *not* work for the other domains
> example2.com, example3.com etc. Is there a reason for this? Can this
> be changed?
>
>
> Best regards,
> Luke
>
>
> _______________________________________________
> iodine-users mailing lists
> iodine-users at lists.wpkg.org
> http://lists.wpkg.org/mailman/listinfo/iodine-users
More information about the iodine-users
mailing list