Chapter 30. DNS proxy

One way to support transparent HIT look up for the whole system is to use the python-based DNS proxy daemon. It is located in the tools directory (dnsproxy.py) and has to be started with root priviledges. After you start the script, it will rewrite /etc/resolv.conf to redirect all DNS look ups to itself so that it can return HITs to applications when applicable.

The dnsproxy tries to find host identities from three places: "hosts" files (/etc/hosts and /etc/hip/hosts), HI records in DNS and Bamboo DHT (experimental). It returns the host identities as HITs or LSIs to the requesting application.

For faster DNS look ups, you can optionally run the DNS proxy under DJB's daemontools package http://cr.yp.to/daemontools.html which is also used to provide some necessary environment variables (see comments in dnshipproxy). It acts as a DNS cache (see http://cr.yp.to/djbdns.html) in front of DNS proxy. The use of DNS proxy without DNS cache results in longer look up latencies.

If you are running already dnsmasq on the host, it will occupy the DNS port 53 and prevent DNS proxy start up with default options. In such a case, you need to either disable the dnsmasq (--port=0) or "chain" it with DNS proxy (which is then used as a DNS cache). Due to the current implementation design of the DNS proxy (which overwrites /etc/resolv.conf), you need chain it with DNS proxy. First is are the network applications, second dnsmasq, third DNS proxy and finally the DNS in the Internet. This can be accomplished using the following command line options to dnsmasq and DNS proxy:

The easiest way to configure the options is to append them to OPTIONS variable in "/etc/init.d/dnsmasq" file and run "/etc/init.d/dnsmasq restart".