DNS proxy server in scheme

Written to implement "split horizon" DNS, to allow easy use of firewalls which do IP forwarding. Essentially, you need a "politician's" DNS server, which gives different answers depending on who's asking. Particularly, for external domains to work within such a firewall, you need to have a DNS server which will special-case the externally hosted sites and point them at the internal machines which implement the services.

It could doubtless be used for other things, too.

I am not in an expert on DNS, and may have got many important things wrong. I have not tried putting this on the public internet, and wouldn't suggest you do either.

This code is made available under the GPL.

It's in my standard library; download and install that to get it.

Start it like this:

  (require (lib "dns.ss" "jk"))

  (make-dns-proxy-server 'port 53
                         'forwardee '("" 53)	; DNS server goes here
                         'answers   '(("[a-zA-Z0-9.]*mydomain\\.org" ((a in) ""))
                                      ("[a-zA-Z0-9.]*otherdomain\\.com" ((a in) ""))

NEW: it also has just about enough functionality to do zeroconf (a.k.a. Apple's Rendezvous). This is linux (probably unix, actually, but not tested on other *n*ces) specific as it uses a C extension to set up multicast sockets. Run it like this:

 (require (lib "dns.ss" "jk"))

 'port      5353
 'multicast #t
 'answers   '(("_http._tcp.local"      ((ptr in) "bbiki._http._tcp.local"))
              ("wiki._http._tcp.local" ((srv in) (0 0 8380 "bert.local"))
                                   ((txt in) ("style=loose" "manner=brusque")) )
              ("bert.local"           ((a in) ""))
which "publishes" a wiki at

It requires PLT scheme. I used version 205; other versions may work. I run it under debian GNU/linux.

John Kozak me fecit
Last modified: Sat Oct 25 11:18:03 BST 2003