2011-06-26 - [GRASE-Hotspot] DNS fix proposal

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: f75b396bbbc553d01d224f785bc6670ec5ee3e4b0c6d44dc28a9a66172bdcdd6
Message ID: <BANLkTinUH=1p-hq2cKU5SYCUF=quwZ6QAQ@mail.gmail.com>
Reply To: N/A
UTC Datetime: 2011-06-26 03:18:49 UTC
Raw Date: Sun, 26 Jun 2011 20:18:49 +1000

Raw message 

I've realised that a component I took out of the hotspot system before
releasing it to the public last year, probably needs to be added back
in.
Simply, dnsmasq.

Currently the coovachilli config file gives out 2 IP's for DNS, one is
an OpenDNS one, and the other is 10.1.0.1 which will timeout if the
server doesn't have a DNS server as well. I don't want to go back to
OpenDNS (as I don't aggree with their idea of redirecting NX to their
search page).
What I am going to do is have both DNS's ips (because coovachilli
needs 2) to point to 10.1.0.1 and depend on dnsmasq. Through a simple
script we can allow the admin to change which dns servers dnsmasq
looks at by writing a file to /etc/dnsmasq.d/ with the server=x.y.z.a
lines as required.
The default options that I'll install with grase-www-portal will include:
* strict-order so that the computers default dns (as in
/etc/resolv.conf) will be tried first
* server=opendnsipaddress
* server=googlednsipaddress
* bogus-nxdomain=x.y.z

What this will do is allow us to try the users default dns server
first (need for example here on an iinet connection to ensure freezone
traffic is actually free). Failing that we can try OpenDNS and Google
DNS without them redirecting NX to their search page (the
bogus-nxdomain stuff). What it'll also allow us to do, is have the
hotspot write another file that will be loaded before the defaults, so
that the admin can override the options with their own server= lines
(i.e. OpenDNS Family Filter) and with no-resolv to not use the default
DNS provided by the system.

The only issue I can see currently is if the admin wants to run
another DNS server on the machine as well. We can tell dnsmasq to only
bind to the coova chilli interfaces, however I'm inclined to add that
option commented out and leave it to the system admin to uncomment it
if they wish to run another DNS server as well.

Any thoughts on all of this? Using dnsmasq may also open up the door
for Layer 3 coovachilli, however until such a time that I need Layer 3
coova chilli, I'm probably not going to work on it.

All thoughts are welcomed. If people object to using OpenDNS or Google
DNS as fallbacks, please speak up.

Tim

Thread