[iodine-users] -b option

Dmitry Shyshkin dmitry.shyshkin at gmail.com
Thu Feb 10 06:08:33 CET 2011 

> What means "not fully transparent". What does not work? Why not in 
> production environments? 
Request is decoded and then encoded again inside iodine. Only one 
question per packet is supported (dns protocol allow multiple question 
to be asked)
Requests with id 0 are ignored, this mean that on 1 out of 65536 request 
you will receive no response. Simultaneously requests limited to very 
small amount (16) which is not suitable for high load production server. 
Source address will be lost -  so no source rules can be used inside 
real name server.
Also if you have rule based routing (when routing depends for example on 
source address) iodine will fail to properly handle it.

Everything else should work fine (at least I haven't noticed any other 
problems). I use modified version with fixed rule based forwarding and 
request transparency - everything looks fine, but my name server is not 
high load.

Regards,
Dmitry Shyshkin

On 02/09/2011 05:58 PM, Lukas Haase wrote:
> Hi,
>
> From the manpage:
>
>        -b dnsport
>               If this port is specified, all incoming requests not 
> inside the tunnel domain will be forwarded to  this  port
>               on localhost, to be handled by a real dns.  Note: The 
> forwarding is not fully transparent, and not advised for
>               use in production environments.
>
>
> What means "not fully transparent". What does not work? Why not in 
> production environments?
>
> I would like to use this feature because I have a VServer with only a 
> single IP address which acts as slave DNS for various domains.
>
> The tunnel is configured as t.example1.com
>
> Forwarding seems to work well for everything inside example1.com. - at 
> least a few tests tests worked fine.
>
> dig @server -t NS example1.com.
> dig @server something.example1.com.
> dig +trace -t NS example1.com. # call a few times until the reply is 
> from our iodine server
>
> One drawback: With http://www.dns-info.cz/en/dns-test/dom.php I get 
> errors (no response from the server). I do not know why - with dig it 
> works fine.
>
> I think at least zone transfers work - at least a small test 
> successfully transfered the zone.
>
> However, forwarding does *not* work for the other domains 
> example2.com, example3.com etc. Is there a reason for this? Can this 
> be changed?
>
>
> Best regards,
> Luke
>
>
> _______________________________________________
> iodine-users mailing lists
> iodine-users at lists.wpkg.org
> http://lists.wpkg.org/mailman/listinfo/iodine-users

More information about the iodine-users mailing list