0

What is the recommended place for storing key-value pairs in a DNS request?

I'm designing a system where the DNS requests traverse multiple hops. Some hops may need to append key-value pairs to the traversing DNS request.

I thought about adding a TXT record to the questions section but it looks like no data can be set on the TXT record when it is present in the questions section (I used the dnsjava library to generate the DNS request). I also thought about using an OPT record.

What is the best practice?

Thanks, Mickael

manash
  • 6,985
  • 12
  • 65
  • 125
  • What is it you are wanting to achieve? – Michael B Jan 07 '16 at 19:10
  • I would agree with @calle answer, that it sounds like you're trying to solve another problem by fudging DNS. DNS is a very mature technology, if it is possible to do something in DNS it has likely been done already, if it hasn't already been done, there is likely a reasonably good reason for that. – Michael B Jan 10 '16 at 10:26

1 Answers1

1

There is no recommended place to store random information in a DNS query packet. You can perhaps try to stick some in the unused parts of an OPT RR (or just add random RDATA to it) and hope that nobody on the way will drop or corrupt it, but there will be absolutely no guarantees whatsoever that it will work. Unless, of course, you control all the software involved, in which case you're free to redefine the DNS wire format as you see fit (just don't expect to interoperate with the Internet).

Also your question smells a lot like an "A-B-question". What is it that you're actually trying to achieve?

Calle Dybedahl
  • 5,228
  • 2
  • 18
  • 22
  • I'm designing a DNS load balancer. However, the load balancer is not responsible of authenticating DNS requests. The next hop (DNS server) is responsible of authentication. However, we also want to use IP based authentication, therefore the next hop needs to know the original IP. Therefore, I want the load balancer to store the original IP in the DNS request. – manash Jan 08 '16 at 11:40
  • For DNS authentication, see TSIG or SIG(0). IP-based is not really viable, since UDP source IP is trivially spoofed. But even so, since it must be the case the you write both balancer and server, why not wrap the DNS packet in a frame along with whatever information you want to send on from one to the other? – Calle Dybedahl Jan 08 '16 at 16:29
  • Encapsulating the DNS packet in a custom frame itself encapsulated in a UDP datagram would add unnecessary overhead I guess. I thought that using an approach similar to the Path header used in SIP. – manash Jan 10 '16 at 10:02