Re: DNS from a Kernel Extension
Re: DNS from a Kernel Extension
- Subject: Re: DNS from a Kernel Extension
- From: Josh Graessley <email@hidden>
- Date: Fri, 10 Nov 2006 18:45:18 -0800
Actually, there are some arguments for doing DNS resolution in the
kernel. One problem we have right now is a number of people write
lame networking code. They perform some sort of dns resolution and
try to connect to the first address they get back. Most applications
want to connect to some name, they don't care what the address is or
even whether it's IPv4 or IPv6. An application should get back a list
of all addresses the name resolves to and attempt to connect to each
of those addresses until it finds one that works. Most applications
just try the first one, or they wait for the first one to fail before
attempting the second one.
The kernel, if it was given a name or a list of addresses could do
some intelligent stuff. In user space, you would need to open a new
socket for each connection attempt. In the kernel, if there was a
connect to name or connect to list, the kernel could start by sending
the first syn to the the first address, wait for some time, then send
the next syn and so on. The kernel could accept the first syn-ack to
come back from any of those initial syns it sent. Once it got a syn-
ack back, it would reject packets from any other addresses and finish
up the three way handshake. The kernel could apply some smarts to try
the best addresses first. An application wouldn't have to worry about
the nitty gritty stuff and we wouldn't have to waste time creating
lots of sockets or writing complicated code to have multiple sockets
attempting simultaneous asynchronous connects.
Doing DNS in the kernel would present a number of challenges. DNS is
sort of one level above arp and we do arp in the kernel, so DNS is
too much of a stretch. The problem is that people pollute their name
resolution with all kinds of other crap from the /etc/hosts file to a
variety of directory services plug-ins. Getting access to that stuff
in the kernel is not feasible.
-josh
On Nov 10, 2006, at 6:23 PM, William Kucharski wrote:
On Friday, November 10, 2006, at 06:42PM, Curtis Jones
<email@hidden> wrote:
I have a need for performing DNS resolution (name to address) for the
use by a kernel extension, and it would be incredibly convenient
if it
could be performed within the kernel. I've looked around endless
header files but haven't found anything helpful.
WHY? This is just wrong on so many levels...
If you ever need to do this type of thing, you need to take a step
back
and figure out why you're trying to this from the KERNEL. I can't
even
really think of one.
The right way to do this is to have a user space process do the DNS
resolution and pass the information to your kernel extension;
better yet would
be for a user space daemon to do both the DNS resolution AND all
network
communication.
William Kucharski
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40apple.com
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden