Saturday, October 27, 2012

DNS Shenanigans

In my travels I have used various wireless networks, both free and paid for that have had varying levels of brokenness.  The worst ones I have encountered are the ones that have their DNS servers set up to wildcard all domains AND prevent name look ups to any servers but their own, one rung up from these network bottom feeders are the ones that just have their DNS set up to wildcard.

Both of these setups screw me over on the laptop because I have a tunnel set up using stunnel that allows postfix on my laptop to securely deliver mail to my ISP's secure mail relay.  To do this postfix wants to resolve localhost.localdomain which these broken network set ups resolve to something other than 127.0.0.1 which, of course, breaks the whole process.

To try and work around this problem I set up BIND on my laptop so that rather than relying on (possibly broken) external DNS providers I had my own.  I added some functions to /etc/dhclient-enter-hooks to prevent my /etc/resolv.conf being overwritten.  This worked well for every thing but the worst network offenders that prevent DNS look ups to anything but their own infrastructure.  I was relenting, using their DNS and living with the fact that I couldn't send emails until I connected to a better configured network.  That was until one day when I was moaning about this situation online and somebody suggested setting up BIND to use the DNS servers given to me as forwarders.  This is a great idea, it allows me to protect myself from the broken idea of wildcarding .localdomain but still have DNS that works with even the most broken network setups.  I set about configuring this up.

Firstly in /etc/named.conf I added the following to the options section:

        include "/etc/namedb/forwarders";



This will cause BIND to include the contents of the given file.  To create the file we need to hook into the information retrieved by dhclient, this is done adding the following function to /etc/dhclient-enter-hooks:


make_resolv_conf() {
        if [ -f /etc/namedb/forwarders ]
        then
                mv /etc/namedb/forwarders /etc/namedb/forwarders.old
        fi

        printf "forwarders { " > /etc/namedb/forwarders
        for nameserver in $new_domain_name_servers
        do
                printf "%s; " ${nameserver} >> /etc/namedb/forwarders
        done
        echo "};" >> /etc/namedb/forwarders
        echo "forward only;" >> /etc/namedb/forwarders

        pkill -HUP named
        return 0
}

The above shell function takes the DNS server list given in the variable new_domain_name_servers and formats up a valid BIND forwarders statement, after writing out the forwarders into the file it gives named a HUP signal to get named to re-read the configuration.  Of course, /etc/resolv.conf is untouched here and is simply configured to query localhost.

So far this configuration has allowed everything on my laptop to operate correctly irrespective of how badly set up the DNS is on the network I am connecting to.  Win.

1 comment:

Unknown said...

It's actually a nice and useful piece of info. I am glad that you just shared this useful information with us. Please stay us up to date like this. Thanks for sharing.
recover deleted pst