2

I would like to set up a basic DNS forwarder that does two things.

First, it simply forwards DNS queries upstream. Second, if the upstream DNS servers can not resolve a hostname then this DNS forwarder should return a garbage IP address like 127.255.255.255 or 100::.

The result of this could be that all hostnames should always resolve but hostnames that normally wouldn't resolve are resolved to a garbage IP address.

For example, if I had two hostnames: resolvable which the upstream DNS server knows is at 1.2.3.4; and notresolvable which the upstream DNS server does not know the IP address for. If I then query the DNS forwarded with these two hostnames, resolvable would return 1.2.3.4 and notresolvable would return 127.255.255.255 (rather than not found). 

Hostname:            resolvable              notresolvable
                    |         / \            |          / \
                    |          |             |           |_________
                   \ /         |            \ /                    |
DNS Forwarder:   forward      found       forward      not  __\  use garbage ip
                 upstream   ip=1.2.3.4    upstream    found   /  ip=127.255.255.255
                    |        / \               |      / \
                    |         |                |       |
                   \ /        |               \ /      |
Upstream DNS     found ip=1.2.3.4              not found
server:

The closest I have got to making this system happen is with dnsmasq. dnsmasq by default sends dns queries upstream so it works for my first requirement.

I can also add address=/#/127.255.255.255 to the end of /etc/dnsmasq.conf which then resolves all hostnames to the garbage IP address. However, this also resolves hostnames that the upstream DNS server can resolve which is not what I want.

After reading the dnsmasq man page I found this in the address section:

Queries in the domains are never forwarded

which suggests to me that what I need is not possible with dnsmasq.

So my question is, what program is best suited to make this setup possible and how would I go about it?

Edit: Context

I have an application which is running inside a docker container which uses docker networking to connect with other docker containers using hostnames.

The problem I am trying to solve is said application won't start or continue running if a hostname doesn't resolve (which occurs if the container it is referencing is not running).

So the dns server I reference above would be a server which runs along side the application inside the docker container.

I have also removed reference to resolv.conf as it doesn't seem necessary to get this to work. The dns server just has to forward on to docker's internal dns server which just happens to be listed in resolv.conf.

JamesStewy
  • 227
  • 2
  • 3
  • 8
  • I'm not sure you'll find an existing fully functional solution. You may instead adapt `bind` to fit your requirements which wouldn't be that big a job. – Julie Pelletier May 15 '16 at 04:10
  • `dnsmasq` is also something of a rarity among nameservers: most implementations of a recursive server do not read the contents of `/etc/resolv.conf ` at all. `/etc/resolv.conf` is mostly for use by OS and programs which act as a DNS client. (i.e. `dig`) – Andrew B May 15 '16 at 05:03
  • 1
    As it stands, this reads like a [XY problem](http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem). We might be able to help better if you focus more on the problems you are trying to solve, and less on this specific strategy for accomplishing it. (i.e. tell us why you want `/etc/resolv.conf` to control it) – Andrew B May 15 '16 at 05:06
  • I have made an edit to add some context to the question. I have also got rid of `resolv.conf` in the question as it is not necessary. – JamesStewy May 15 '16 at 05:34
  • 1
    "The problem I am trying to solve is said application won't start or continue running if a hostname doesn't resolve (which occurs if the container it is referencing is not running)." -- you're not trying to *solve* that problem, you're trying to *hack around it* in an amazingly ugly way. Don't do that. Instead, fix the app to not have a complete meltdown if it can't resolve a name. – womble May 15 '16 at 06:58
  • 1
    I 100% agree, fixing the app would be easier. However, I can not fix the application as it is not mine and it is closed source as far as I am aware. – JamesStewy May 15 '16 at 08:02

0 Answers0