mdnsproxy
Overview
mnsproxy receives DNS requests including local code-based multilingual domain names from the client and converts them to domain names that can be accepted by the multilingualized DNS. In reverse, it returns multilingual domain names included in responses from the DNS to a format that can be recognized by the client side.
Because of this, without modification, the client can use various multilingual domain names. From the DNS server's point of view, because of client + mdnsproxy, the client operates as if it supports multilingual domain names.
However, in order for mdnsproxy to operate correctly, it is necessary for the resolver library of the client to transmit domain names in local encoding as is and does not cause an error. Regretably, many current UNIX resolver libraries are not 8-bit through and they cannot support multilingual domain names even when mdnsproxy is used. In such cases, it is necessary to use the following methods.
Use resolver library for which 8-bit through patch of BIND 8 is applied.
In addition, since mdnsproxy ignores the setting of the environment variable MDN_DISABLE explicitly ,in spite of whether the environment variable MDN_DISABLE is set or not, the conversion of the domain names is performed.
Invoke
The command line format used to start up mdnsproxy is as follows.
$ mdnsproxy[Option...]
Options
mdnsproxy recognizes the following command line options.
-daemon- Activates mdnsproxy as a daemon.
-configconfig-file- Indicates the configuration file. When the command line does is not used to indicate a configuration file, the default configuration file is used. The details of this are explained in the Configuration file.
-logfilelog-file- Specifies the file name for mdnsproxy to output the execution log. Unless otherwise specified, the execution log is output to the log file specified by the configuration file or the default log file.
Configuration file
mdnsproxy configuration information is written in the configuration file. The configuration file can be specified using a command line upon activation of mdnsproxy.
% mdnsproxy -config<config-file>
When the configuration file is not specified by the command
line, the default configuration file is used. The default
configuration file
is /usr/local/etc/mdnsproxy.conf if mDNkit were
installed under /usr/local.
The configuration file is a plain text file and each line of the file (except comment lines that begin with # and blank line) consists of the following simple format.
Keyword value ...
listen
Specifies the network address and port number used by mdnsproxy to receive requests from the client.
listen<address>
<address> is specified using one of the following formats.
<IP address>:<port number> :<port number> <IP address>
When <IP address> is
omitted, 0.0.0.0 (INADDR_ANY) is
used and when <port number> is omitted,
port number 53 is used. When listen itself is
omitted, 0.0.0.0:53 is used
as <address>.
If the client uses a DNS server via mdnsproxy, set the address and port specified here as the DNS server. Many clients cannot change the port number, thus it is recommended that default port number 53 be used as is.
forward
Specifies the original network address and port number of the DNS server used by mdnsproxy to transfer DNS requests and receive responses.
forward<address> [bind4compat]
The format of <address> is the same as the
one for the above listen.
When bind4compat option is specified, the
address and port specified by listen as the
source address is used. This is a function of BIND 4 and it
is assumed that UDP port is used under limited access. If
this option is not specified, 1024 or greater source port is
used.
client-encoding
Specifies the encoding of domain names at the client side.
client-encoding<Encoding>
The encoding of domain names in the DNS query sent by the client is converted to UTF-8 encoding that is used internally. Then normalization (described below) and conversion to server side encoding are performed after which the data is sent to the DNS server. The response from the DNS server is converted back to the original encoding and returned to the client.
The encoding names that can be used here depend on libmdn of
mDNkit and iconv library to be used. Since the encoding
name used differs with the iconv library that is employed,
check the library manual to confirm the encoding names that
can be used. In addition to the encoding provided by iconv,
libdmn supports the following encoding schemes recommended
for multilingual DNS.
The following encoding schemes are supported.
Punycode draft-ietf-idn-punycode-00.txt RACE draft-ietf-idn-race-03.txt DUDE draft-ietf-idn-dude-02.txt
mdn-conf-file
Specifies the configuration file names of libmdn attached to mDNkit.
mdn-conf-file<path>
mdnsproxy uses libmdn attched to mDNkit to perform
multilingual domain-related
processing. mdn-conf-file is used to specify
the file name of the libmdn configuration file.
The file name can be specified by -conf command
line option. When both are specifed, the command line
operation specification takes precedence. If neither are not
specified, the configuration file is loaded
from /usr/local/etc/mdn.conf.
For information on how to describe the libmdn configuration file, refer to Configuration of mDNkit.
log-file
Specifies the file name for mdnsproxy to output the execution log.
log-file<path>
The log file name can also be specified with
the -logfile command line option. When both
are specified, the command line option specification takes
precedence.When neither are specified, the execution log is
output
to /usr/local/var/mdnsproxy/mdnsproxy.log.
Note that the execution log is added to continuously and should be deleted from time to time. When a hangup signal (SIGHUP) is sent to mdnsproxy, it temporarily closes the log file and then reopens it. This is a convenient command when the log file is to be archived.
When syslog is specified
as <path>, log is output for
syslog. When stderr is specified, log is output
for standard error output.
log-level
Sets the log level.
log-level<level>
The following log level values can be specified.
none- No log is recorded. The absence of a log file makes it very difficult to identify the cause of a problem. If at all possible avoid using this level.
fatal- Outputs a log only when a fatal error occurs.
warn- Records warning messages in the log. This is the default used when no log level is specified.
trace- Outputs execution trace messages in the log. This level provides a detailed record of dnsproxy operation, which is helpful in determining the cause of a problem. As it records a large amount of data, it is best not used during normal operation.
When syslog is used to output logs, a fatal error message is output in priority ERR of syslog. In the same way, a warning level error message is output in priority WARNING and a trace message is output in priority DEBUG.
mdn-log-level
Sets the log level of libmdn.
mdn-log-level<level>
mdnsproxy uses libmdn attched to mDNkit to perform
multilingual domain-related
processing. mdn-conf-file is used to specify
the file name of the libmdn configuration
file, mdn-log-level is used to set the log
related to internal processing of libmdn,
and log-level is used
to set processing parts other than the above.
The following five log levels are defined.
fatal(= 0)error(= 1)warning(= 2)info(= 3)trace(= 4)dump(= 5)
syslog-facility
Sets syslog facility.
syslog-facility<facility>
The facility used when the log is output using syslog. When
the log is not output using syslog, it is ignored. (To
output a log using syslog, it is necessary to specify
with log-file
or -logfile command line option.) When it is
omitted, a daemon is used.
user-id
Specifies process owner's user id of mdnsproxy.
user-id<user>
Normally, mdnsproxy must be started up with root permission to use a privileged port, but continued use of root permission is not recommended for security reasons. With this specification, mdnsproxy runs under the specified user's control with a created privileged port before start of service.
var<user> allows you to specify user name or user ID number.
group-id
Specifies process owner's user id of mdnsproxy.
group-id<group>
This resembles the user-id entry, but differs
from it in that it specifies a group in place of the user.
<group> can be specified by a group name or group ID number.
root-directory
Specifies the root directory used with mdnsproxy.
root-directory<path>
This, also, is a security measure. By specifying the root directory used with mdnsproxy access cannot be made outside of this directory. This specification causes mdnsproxy to use chroot() system calls to set the specified directory as the root directory before starting service.
<path> specifies the name of the directory to be used as the root.
allow-access
Sets the access restriction based on the IP address of clients to limit which clients have access to mdnsproxy.
allow-acccess<where> ...
<where> is specified using one of the following formats.
<IP address> <IP address>/<prefix-length>
The first one permits access from a host with a specific IP address. The latter permits access from hosts that has an address prefix specified by <IP address> and <prefix-length>. For example, when the following is specified,
allow-access 192.168.0.0/16
access is permitted from hosts whose upper 16 bits of address (prefix) is 192.168.
More than one entry can be specified. When more than one entry is specified, access is permitted if one of them matches.
When this entry is not specified, access from all hosts is permitted.
log-on-denied
When a connection is rejected by the access restriction set
in allow-access,
whether it is recorded in the log is specified.
log-on-denied<yes-or-no>
yes or no can be specified. When
yes is specified, the rejected connection is recorded in the
log. If not, it is not recorded in the log.
Signal
When a hangup signal (SIGHUP) is sent to mdnsproxy, it temporarily closes the log file and then reopens it. This is to archive the log using the following steps.
- Use the
mvcommand to create a log file under a different name. - Send SIGHUP to mdnsproxy to open the new log file.
