[Dovecot] Proxying to a DNS Name
Hello,
reading the wiki I found http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy?highlight=(no DNS resolving)
I have a setup where the destination of a proxyconnection is an DNS name. Is there a technical reason which currently require host= to be an IP address ?
-- Andreas Schulze Internetdienste | P532
DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
On Mon, 2010-01-25 at 13:58 +0100, Andreas Schulze wrote:
Hello,
reading the wiki I found http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy?highlight=(no DNS resolving)
I have a setup where the destination of a proxyconnection is an DNS name. Is there a technical reason which currently require host= to be an IP address ?
Yeah. DNS lookups are blocking, so whenever DNS server can't be reached, the lookups start hanging and admins start wondering why Dovecot is just hanging.
Solutions would be:
a) Assume "the hang never happens" and just do the blocking lookups.
b) Get some async DNS library from somewhere.
c) With v2.0 there could be a separate dns lookup processes that do blocking lookups, but since the caller processes would be doing async lookups they could report errors after a couple of seconds of waiting.
Hmm. Actually I think I like c).
On Mon, 2010-01-25 at 20:53 +0200, Timo Sirainen wrote:
b) Get some async DNS library from somewhere.
I have been looking for that as well recenly, and I stumbled upon the unbound library, part of the unbound project.
http://unbound.net/documentation/libunbound.html
HTH,
Mike.
On Mon, 2010-01-25 at 20:22 +0100, Miquel van Smoorenburg wrote:
On Mon, 2010-01-25 at 20:53 +0200, Timo Sirainen wrote:
b) Get some async DNS library from somewhere.
I have been looking for that as well recenly, and I stumbled upon the unbound library, part of the unbound project.
I know there are a few of them, but I'd prefer to use the system's own resolver. A few reasons that I can think of:
- do external dns resolver libraries support /etc/hosts?
- or are there some other site-specific features? dnssec, etc.?
- DNS has had security problems recently. Upgrading OS's own resolver is easier than upgrading all software that have their internal resolvers.
Timo Sirainen, 2010-01-25 20:29:
b) Get some async DNS library from somewhere. I have been looking for that as well recenly, and I stumbled upon the unbound library, part of the unbound project. I know there are a few of them, but I'd prefer to use the system's own resolver. A few reasons that I can think of:
adns seems to be pretty mature and should be available on most systems as a maintained package (I only checked Fedora and debian, though), so
- do external dns resolver libraries support /etc/hosts?
I guees not, but e.g. dnsmasq does, and one should have such a thing running locally, I'd say.
On di, 2010-01-26 at 10:32 +0100, Jakob Hirsch wrote:
Timo Sirainen, 2010-01-25 20:29:
b) Get some async DNS library from somewhere. I have been looking for that as well recenly, and I stumbled upon the unbound library, part of the unbound project. I know there are a few of them, but I'd prefer to use the system's own resolver. A few reasons that I can think of:
adns seems to be pretty mature and should be available on most systems as a maintained package
Adns has no IPv6 support.
Mike.
Hello Timo,
a) Assume "the hang never happens" and just do the blocking lookups. maybe switchable. It's suggested to run a caching dns on every system. In this case a hang realy never happens
Thanks Andreas
-- Andreas Schulze Internetdienste | P532
DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
participants (4)
-
Andreas Schulze
-
Jakob Hirsch
-
Miquel van Smoorenburg
-
Timo Sirainen