Hi Simon,
Continuing with my previous discussion, I propose we have a
configuration parameter such as "srv-host-nxdomain" or "nxdomain-hosts"
using which we can force dnsmasq to force to return NXDOMAIN for any
domains that we want to. What do you think?
Regards,
Rahul.
On Saturday 01 May 2010 02:59 PM, Rahul Amaram wrote:
Well yes. I have encountered some problems with this. I am using
Kerberos in my company LAN. While performing kinit on my system, the
SRV record for _kerberos-master.udp.EXAMPLE.COM is looked up. Now if
an NXDOMAIN is not returned but instead the default port 1 with empty
host is returned, the kinit command tries to further resolve that
empty host (which I think is replaced with <ROOT> somehow) and this
causes a extereme slowdown of kinit.
I think there should be some configuration option to say that an
NXDOMAIN should be returned for a particular SRV record. This would be
really helpful. What are your thoughts about this?
Simon Kelley wrote:
Rahul Amaram wrote:
Hi,
I think I have found a bug in dnsmasq though I am not sure if this is
the anticipated way it works. In /etc/dnsmasq.conf, it is mentioned:
# A SRV record indicating that there is no LDAP server for the domain
# example.com
#srv-host=_ldap._tcp.example.com
which means when a query for this record is made it is supposed to send
a NXDOMAIN reply but this does not happen.
I am attaching a patch which makes it behave this way. Kindly review it
and let me know if I have misinterpreted something.
Looking forward to an early reply.
I think you have mis-interpreted the way this works. NXDOMAIN means that
there is no data in the DNS for the given domain. That is not what's
happening here. The example line returns a valid SRV record for
_ldap._tcp.example.com which happens to be empty. The "domain" refers to
_ldap._tcp.example.com and not the domain which may be returned as part
of the reply.
Have you encountered real-world problems with the existing behaviour?
Cheers,
Simon.