Discussion:
[Dnsmasq-discuss] Adding DNS ALG support to dnsmasq
Bill
2015-10-24 20:48:36 UTC
Permalink
I was wondering if anyone has looked at or is is the process of adding DNS ALG
support, or something similar, to dnsmasq?

https://tools.ietf.org/html/rfc2694

What I would like to do to have the ability to query a DNS server located
behind a NAT, and have it return the IP of the NAT, and setup connection
tracking in the NAT to pass traffic thru to the host behind the NAT. The
effect of this is to have a reversible NAT, ie one that provides access to
hosts behind the NAT, not by their IP, but by their hostname.

(There are other things in DNS ALG, but I am really interesting only in the
reversible NAT aspect.)

Implementing this seems to need the DNS server (dnsmasq in this case), to
configure the NAT using the 'expect' feature of connection tracking. This
would permit the following packets to traverse the NAT to the host, provided
of course they meet the expectation (source, protocol, etc).

I'd like to know of anyone has looked at this, is implementing it, or knows of
any implementations. I have looked into it but have only seen enterprise
implementations (Cisco & Juniper), but nothing open-source.

/bill
Leonardo Rodrigues
2015-10-27 12:08:04 UTC
Permalink
Post by Bill
I was wondering if anyone has looked at or is is the process of adding DNS ALG
support, or something similar, to dnsmasq?
https://tools.ietf.org/html/rfc2694
This is from September 1999 !!! If something that old is not
implemented yet, it surely will not anymore. And even if something that
old is implemented, it's very likely to be very outdated by now.

The internet from that days do not exist anymore. Some 'good' ideas
at that time are completly crazy on the real world by now.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
***@solutti.com.br
My SPAMTRAP, do not email it
Bill
2015-10-30 16:43:16 UTC
Permalink
Yea, I know it is old, but I looked into it as a possible solution to a
research issue I am looking at where devices be accessible by name.

The devices might have different IP addresses when they connect and I don't
want any connection to them to be able to keep an old IP, or even know what
their IP address is. By that I mean they should appear as if they initiated
the connection from behind the NAT.

I picked up on the DNS-ALG spec as possibly addressing part of this and hoped
if there was an implementation I'd start with it.

/bill
Post by Leonardo Rodrigues
Post by Bill
I was wondering if anyone has looked at or is is the process of adding
DNS ALG support, or something similar, to dnsmasq?
https://tools.ietf.org/html/rfc2694
This is from September 1999 !!! If something that old is not
implemented yet, it surely will not anymore. And even if something that
old is implemented, it's very likely to be very outdated by now.
The internet from that days do not exist anymore. Some 'good' ideas
at that time are completly crazy on the real world by now.
Loading...