Navigation
- Projects
- Tools
- Vocalis Frankfurt
- Ps 50,15
While merging two large enterprise networks I wrote the following patch to enhance the functionality of DJBDNS dnscache. Problem was to implement dynamic NAT with DNS payload inspection (Cisco can do some intriguing things there) while having multiple interconnect points. The modified software kept the nameservers within each network from “learning” the DNAT addresses from nameservers in the other network.
The patched dnscache acts as if it were authoritative for all answers. It replaces the NS records within responses with new nameservers. All responses have the AA-bit set. ANY-queries are not cached. I can delegate zones to this server. It effectively keeps other nameservers from bypassing the cache.
insert patch here...