Menu
▾
▴
Re: A Patch for Using Sub-DNS with DNSJava
|
From: testttt <qwo...@ya...> - 2004-04-03 02:04:51
|
Brian Wellington wrote: >On Wed, 31 Mar 2004, testttt wrote: > > > >>Hi, Brian and all others, >> >>In order to use DNSJava in my box without extensively configuring it, I >>found it's handy if DNSJava can query a sub-DNS before it returns an >>empty query result. This will work with the *nix resolv library. So, I >>did some very simple change to jnamed.java: >> >>1. a new keyword 'sub-dns' for jnamed.conf. It has a ip and an optional >>port attribute; >>2. create a SimpleResolver object for each sub-dns attribute; >>3. When jnamed is returning response to a query, it checks if the answer >>section in the response is empty or not; >>4. If empty, it will try the configured SimpleResolver object to resolve >>the query; >>5. break until the response has non-empty answer section, or all sub-dns >>has been tried; >> >>So far, it works ok in my machine. I would like to get some comments >>from Brian or whoever is interested. And ultimately, I'd like this >>feature in DNSJava or merge my change into DNSJava. Please let me know! >> >> > >It looks like you're trying to implement something like BIND's forwarders, >which is a reasonable thing to do. It's unclear from your code what you >actually want to do with the queries, though - checking for a non-empty >answer section isn't right, because if a server returns a valid negative >answer, you should believe it and not ask anyone else. > >The bigger question, though, is why are you using the dnsjava server? >Its error handling is virtually non-existant, it's not fast, and it >doesn't do much. I'd really recommend just running BIND with forwarders. > >Brian > > > You are right, my main purpose is not the forwarder feature, instead I need another feature which I call "Virtual Zone". I am not sure if this is correct name for this feature, but let me explain below: I need to access my company's intranet from home using SOCKS5. I use TSOCKS for this. It works fine if I know the IP. But I really need DNS to work since there are thousands of machines in the intranet and no intranet DNS server is on public internet. TSOCKS only handles TCP and DNS query is using UDP by default. Yes, TSOCKS has a USE_TCP_4_DNS option, but it doesn't seem to work on linux. So, my workaround is this virtual zone feature: when the DNS server got a request for a DNS name which is in the intranet, it would simly return a virtual IP address, 0.1.0.3, for example. When TSOCKS receives a connect request and the IP is in 0.1.0.x range, it would query the DNS server to convert the IP to the DNS name and it then uses the DNS name in SOCKS5 connect request. The SOCKS5 server will then query the DNS server in the intranet and handle it from there. I've done the prelimiary virtual zone work in DNSJava and it works great with my hacked TSOCKS. However, since DNSJava doesn't have this forwarder feature, it doesn't know how to handle those normal DNS queries. I've added this forwarder feature and it seems to work quite fine. I know I could do this virtual zone feature in BIND, but I haven't done C/C++ in the past 4 years. (Hmm, I think I can use BIND as my DNS server and use DNSjava as a forward target in BIND. Cool, this should work too. ) This virtual zone feature is vital in my situation. There are some commercial product which has this feature, Aventail Connect client, for example. Aventail Connect will intercept the call to gethostbyname() and it would do the virtual zone stuff there. But Aventail Connect is windows only. I think I should be able to do the same as Aventail: intercept the call to gethostbyname(). I worked on this for a while without success. I also blamed this becasue I am a Java guy now. Anyway, please me know if you'd like to include any of my work into your project. I am a very experienced Java guy (may not a DNS expert though). Thanks! Ben |
