Permit to communicate with the resolver using a unix socket
Closed this issue · 4 comments
Hi guys,
it would be great if on the doh-proxy we could set something like this
--upstream-resolver=unix:/tmp/whathever
This way we could communicate with a local dns resolver without rewriting the source IP of the original dns query. Otherwise the log of the dns resolver will report always 127.0.0.1 as source IP or whatever IP was set on the doh-proxy.
In other words it would be great to transform doh-proxy in a transparent proxy.
Any suggestion?
thx!
Hi @madragana,
which recursive resolver supports this? https://docs.python.org/3/library/asyncio-eventloop.html#asyncio.AbstractEventLoop.create_unix_connection could be used, but you would still need to re-create the L3/L4 headers in order to get them though the other side of the socket.
I don't see of any stock usage on top of my head, but if it could be useful, e.g providing it works with some recursors, a PR is welcomed :)
Hi @chantra,
I am playing with PowerDNS https://doc.powerdns.com/md/authoritative/backend-remote/
It has modules to support unix:/ socket and other I/O methods.
My idea dates back to the times in which I was using postfix filters that used communication via a socket
If there is any other idea to avoid a customer IP being rewritten just let me know.
Thanks for the support!
Hi @madragana
I am going to close this task. The request is pretty vendor specific, so I don't think it makes sense to add this in.
If you find a way to cleanly be able to swap the upstream protocol use within doh-proxy, I will happily take it as a PR.