Re: DNS from a Kernel Extension
Re: DNS from a Kernel Extension
- Subject: Re: DNS from a Kernel Extension
- From: Michael Tuexen <email@hidden>
- Date: Sat, 11 Nov 2006 14:36:11 +0100
Just a note inside...
On Nov 11, 2006, at 3:45 AM, Josh Graessley wrote:
Actually, there are some arguments for doing DNS resolution in the
kernel. One problem we have right now is a number of people write
lame networking code. They perform some sort of dns resolution and
try to connect to the first address they get back. Most
applications want to connect to some name, they don't care what the
address is or even whether it's IPv4 or IPv6. An application should
get back a list of all addresses the name resolves to and attempt
to connect to each of those addresses until it finds one that
works. Most applications just try the first one, or they wait for
the first one to fail before attempting the second one.
The kernel, if it was given a name or a list of addresses could do
some intelligent stuff. In user space, you would need to open a new
socket for each connection attempt. In the kernel, if there was a
connect to name or connect to list, the kernel could start by
sending the first syn to the the first address, wait for some time,
then send the next syn and so on. The kernel could accept the first
syn-ack to come back from any of those initial syns it sent. Once
it got a syn-ack back, it would reject packets from any other
addresses and finish up the three way handshake. The kernel could
apply some smarts to try the best addresses first. An application
wouldn't have to worry about the nitty gritty stuff and we wouldn't
have to waste time creating lots of sockets or writing complicated
code to have multiple sockets attempting simultaneous asynchronous
connects.
This is implemented in SCTP via the sctp_connectx() or sctp_sendx()
calls. But it uses a list of IPv4/IPv6 addresses
which must belong to the same host. FQDN are not supported.
Doing DNS in the kernel would present a number of challenges. DNS
is sort of one level above arp and we do arp in the kernel, so DNS
is too much of a stretch. The problem is that people pollute their
name resolution with all kinds of other crap from the /etc/hosts
file to a variety of directory services plug-ins. Getting access to
that stuff in the kernel is not feasible.
-josh
On Nov 10, 2006, at 6:23 PM, William Kucharski wrote:
On Friday, November 10, 2006, at 06:42PM, Curtis Jones
<email@hidden> wrote:
I have a need for performing DNS resolution (name to address) for
the
use by a kernel extension, and it would be incredibly convenient
if it
could be performed within the kernel. I've looked around endless
header files but haven't found anything helpful.
WHY? This is just wrong on so many levels...
If you ever need to do this type of thing, you need to take a step
back
and figure out why you're trying to this from the KERNEL. I can't
even
really think of one.
The right way to do this is to have a user space process do the DNS
resolution and pass the information to your kernel extension;
better yet would
be for a user space daemon to do both the DNS resolution AND all
network
communication.
William Kucharski
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40apple.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40lurchi.franken.de
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden