[hipl-users] Re: How do I kill hipdnsproxy?
- From: Robert Moskowitz <rgm@xxxxxxxxxxxxxxx>
- To: hipl-users@xxxxxxxxxxxxx
- Date: Wed, 31 Dec 2008 08:17:23 -0500
Miika Komu wrote:
Robert Moskowitz wrote:
Hi,
Miika Komu wrote:
Robert Moskowitz wrote:
Hi,
I cp an old resolv.conf into /etc and immediately hipdnsproxy
overlays it.
this exactly is what it should be doing. We decided to implement DNS
interception this way. Dnsproxy is not the only software doing this.
My lab is powered down for the night. Other projects now. But this
begs the question:
According to: http://infrahip.hiit.fi/hipl/manual/ch29.html, dnsproxy
still tries the real DNS for info. Where does it get its nameserver
info? I want it to use my DNS server for its queries; what was in my
resolv.conf before it overlaid it.
dnsproxy reads your /etc/resolv.conf before overwriting it and uses
the original DNS server for the actual queries. However, the DNS
becomes unusable on name server because bind is occupying port 53 and
dnsproxy falls back to port 5000 like this:
I am having problems on client systems, trying to resolve regular sites.
For example 'host www.cnn.com' was getting a server timeout. Now I
should point out that the only nameserver address is an IPv6 address.
Without hipdnsproxy running, host command was working just find.
Though, rather interestingly, for a host that my DNS server was
authorative for, I got the addresses back. For those my DNS server had
to look up (like www.cnn.com), I get the address, then the 'connection
timeout, no servers can be reached'. This on a client and server system....
tools/dnsproxy.py
Dns proxy for HIP started
Port 53 occupied, falling back to port 5000
DNS server is 192.168.1.1
Rewrote resolv.conf
(and dnsproxy restores resolv.conf if you kill it):
Perhaps I am not killing it the right way, as I don't see this happening.
^CException: (4, 'Interrupted system call')
Wants down
resolv.conf restored
The problem would be solved quite easily if it would be possible to
specify a port number in resolv.conf, but unfortunately this is not
the case. I suggested earlier to try to experiment with binding named
to a specific IP address rather than 0.0.0.0. Did you try this?
Not yet. I really don't need hipdnsproxy on the DNS server itself. So I
have killed it there so I can concentrate on getting HIP working with
DNS records rather than HOSTS file entries. Down the road a bit I will
try this again.
My server will be providing a number of key services: DNS, HIP RVS,
RADVD, WiFi AP, perhaps even MIREDO/Teredo. Since every client will have
a HIP connection to it for RVS, it will be interesting to see if DNS
queries will go over the HIP connection to it.
Dnsproxy creates a virtual interface 127.0.0.53 and binds to it. It
might be possible for dnsproxy and named to occupy the same port
assuming they are using different IP addresses.
I understand.
The DNS proxy has some related command line options, perhaps you'll
also find an alternative solution to the problem:
--background
--kill
--server=real_dnsserver_ip
Well it looks like this one could be my ticket if I continue to see
problems resolving names from DNS.
--serverport=real_dnsserver_port
--ip=dnsproxy_bind_ip
--port=dnsproxy_bind_port
Other related posts:
