[iodine-users] -b option

Lukas Haase lukashaase at gmx.at
Wed Feb 9 16:58:54 CET 2011


Hi,

 From the manpage:

        -b dnsport
               If this port is specified, all incoming requests not 
inside the tunnel domain will be forwarded to  this  port
               on localhost, to be handled by a real dns.  Note: The 
forwarding is not fully transparent, and not advised for
               use in production environments.


What means "not fully transparent". What does not work? Why not in 
production environments?

I would like to use this feature because I have a VServer with only a 
single IP address which acts as slave DNS for various domains.

The tunnel is configured as t.example1.com

Forwarding seems to work well for everything inside example1.com. - at 
least a few tests tests worked fine.

dig @server -t NS example1.com.
dig @server something.example1.com.
dig +trace -t NS example1.com. # call a few times until the reply is 
from our iodine server

One drawback: With http://www.dns-info.cz/en/dns-test/dom.php I get 
errors (no response from the server). I do not know why - with dig it 
works fine.

I think at least zone transfers work - at least a small test 
successfully transfered the zone.

However, forwarding does *not* work for the other domains example2.com, 
example3.com etc. Is there a reason for this? Can this be changed?


Best regards,
Luke





More information about the iodine-users mailing list