MainInclusionDnsMasq

Requirements

  1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/d/dnsmasq; available for all supported archictecutres

  2. Rationale:.

    • Dependency of libvirt-bin.

  3. Security:

    • No current CVE entries.

    • No current Secunia history.

    • No binaries running as root or suid/sgid. Runs the dnsmaaq daemon as the dnsmasq user.
    • Due to the nature of this package it listens for incoming and outgoing DNS requests on port 53.
    • No source code review taken.

    • I (SorenHansen) believe the software is in use in many embedded environments (OpenWRT, for instance), so is widely deployed, and quite well tested.

  4. Quality assurance:

    • Due to the nature of the package it requires manual configuration.
    • No debconf questions are asked.

    • Debian bugs nothing critical.

    • Maintenance in Debian is vigorous.

    • Upstream is vigorous.

    • No upstream bug tracker.
    • No special hardware is required.

  5. Standards compliance:

  6. Dependencies:

    • gettext libdbus-1-dev gawk netbase adduser
    • All in main.

dnsmasq was designed to provide dns and dhcp services to a smallish lan in a network topology with a clear "upstream" sense as is exactly the case for virtual networks in libvirt's world.

Maybe it's easier to explain what would need to be done to not use dnsmasq, but only what we have in main now:

  • Both dhcp3-server and bind9 would need to be configured in order to fully replace dnsmasq.
  • Every application that needs dnsmasq would need to be patched to write out configuration files and start an instance of both dhcp3-server and bind9 instead of dnsmasq.
  • Something would need to monitor resolv.conf for changes, poke those into bind9 and have it reload its configuration.
  • Something would need to extract information from the dhcp leases file and poke it into bind's database, and have it reload its configuration.

Reviewers

MIR bug: https://bugs.edge.launchpad.net/ubuntu/+source/dnsmasq/+bug/190905

ChuckShort

MainInclusionDnsMasq (last edited 2008-08-06 16:31:41 by localhost)