DNSFCPD
[/?]
[/LARGEUDP[+|-]]
[/LOCALHOST[+|-]]
[/DECIMAL[+|-]]
[/IMPLICITALL0[+|-]]
[/IMPLICITALL1[+|-]]
[/IP6ADDR[+|-]]
[/CACHE number]
[/UDPPROXYSOCKETS number]
[/TCPPROXYSOCKETS number]
[/TCPSERVERSOCKETS number]
[/TTLPOSITIVEMAX number]
[/TTLEMPTYMAX number]
[/TTLEMPTYDEFAULT number]
[/TTLNEGATIVEMAX number]
[/TTLNEGATIVEDEFAULT number]
[/SERVERIP address]
[/SERVERPORT port]
[/CLIENTIP address]
[/CLIENTPORT port]
DNSFCPD is a caching proxy server dæmon that forwards queries to a set of DNS proxy servers. It does not perform resolution. It expects the servers that it queries to perform resolution on behalf of it and its clients. It simply caches record sets and passes along queries.
DNSFCPD determines the the proxy servers that it should forward to from configuration files which it reads at runtime. If a file named "Proxies\@domain" relative to its working directory exists and can be opened for reading, its contents are used as the list of proxy servers for that domain and all of its subdomains. The list comprises a set of IP addresses in big-endian dotted-decimal text form, one per line.
At minimum, DNSFCPD requires a set of proxy servers for the root of the namespace tree. These IP addresses are listed in the file "Proxies\@".
Note: DNS administrators should ensure that they do not include in any configuration file the IP address on which DNSFCPD is listening, or the IP addresses on which any forwarding proxy DNS servers upstream of it (i.e. closer to the DNS client) are listening. Doing so will cause a proxy loop.
DNSFCPD concentrates several query streams from multiple DNS clients into a single query stream, eliminating duplicated queries sent by more than one client simultaneously and queries whose answers are already in its cache. One use for DNSFCPD is to concentrate the DNS traffic over an expensive, congested, or slow link, such as a dial-up connection.
DNSFCPD regards the entire domain name namespace for "domain" and below as being in the bailiwick of the servers listed in "Proxies\@domain". These servers have effective control over that portion of the namspace as seen by all clients of DNSFCPD. One should not forward queries to servers that one has no reason to trust, therefore. It is recommended that one only instruct DNSFCPD to forward to resolving proxy servers within one's own organisation or to someone with whom one has contracted for provision of proxy DNS service.
If one is using DNSFCPD to concentrate DNS traffic over an expensive link, and one does not control both ends of the link, one should arrange to obtain access to resolving proxy servers owned by the organisation at the other end of the link, and instruct DNSFCPD to use them. (ISPs, for example, will provide resolving proxy DNS servers for use by their dial-up customers.)
DNSFCPD expects to be a client of other proxy servers, which of course provide recursion by their very nature. For the benefit of DNS proxy servers whose authors have not yet realised that the RD bit is superfluous it sets the RD bit to 1 in all queries that it transmits.
DNSFCPD will discard all DNS/UDP traffic from clients that it does not recognize as authorized. See client authorization for details, and note that client authorization is not a substitute for proper IP address choice and router configuration.
DNSFCPD will …
The remaining queries, properly formatted ones with only one question that are asking about Internet-class data, it will answer from its cache, issuing back-end queries as necessary to populate that cache.
DNSFCPD would be invoked under RUNSVC, the Service Manager in the OS/2 Command Line Utilities version 2.2, with a run file similar to:
program %APPS%\JdeBP\IU\bin\DNSFCPD.exe chdir %_BOOT%:\Config\Apps\JdeBP\IU\DNS\ argument DNSFCPD argument /serverip:127.0.0.8