The linux libc library does not (yet) support look up of HI records from the DNS. As a workaround for this problem, HIPL provides a DNS proxy that intercepts DNS requests and handles the HI record look up. The proxy intercepts the DNS requests by overwriting itself into /etc/resolv.conf file. Then, the DNS proxy forwards all of the DNS requests to the server that was in the file prior to overwriting it. When the proxy encounters HIP records in DNS or hosts files, it returns them instead of the IP addresses to the caller.
The DNS proxy is single threaded, but asynchronous. It polls for changes in resolv.conf, stores the changes and rewrites itself there. The DNS proxy caches the results of DNS requests to reduce delays. To avoid loosing the mapping between a HIT and the corresponding IP address, the DNS proxy always this information to hipd (using hipconf). It sends this information always because there is chance that hipd was restarted or its state was reset.
The DNS proxy is useful especially for client hosts. However, running the DNS proxy on e.g. a SSH server or IRC server has the benefit that it speeds up logins. The server software will try to resolve the HIT of the client to a hostname and introduces an articifial delay to the client if the HIT was not found. Running DNS proxy at the server avoids this delay.
The DNS proxy tries to find host identities from two places, the "hosts" files or HI records in DNS. The /etc/hip/hosts file can be used to isolate all HITs or LSIs, or they can be overloaded all in the /etc/hosts file. In the case of DNS, the DNS proxy converts the HI records automatically to HITs and returns also LSIs to the application when requested. The DNS proxy handles the LSI conversion through hipd.
The DNS proxy can be run with or without resolvconf (in Ubuntu). The proxy can automatically detect the presence of dnsmasq software. They both occupy by default the same port and dnsproxy attempts always to reconfigure dnsmasq settings automatically. This way, both of them will still be used and they can co-exist in the same host.
The DNS proxy does not yet autodetect other DNS related software running on the same host. For example, it needs some help with ISC bind. You should associate bind explicitly with the IP addresses (or HITs) you want to use. The DNS proxy occupies IP address 127.0.0.53 and as long as bind uses different IP address than DNS proxy, both can co-exist on the same host.
If you encounter a bug with DNS proxy and loose your DNS settings, just try to reconnect your machine to the network. If this does not help, try rebooting your host; in case you're running dnsmasq, dnsproxy repairs then /etc/default/dnsmasq file if DNS proxy crashed for some reason.
The DNS proxy has multiple options that you configure e.g. to DNSPROXY_OPTS variable in /etc/init.d/hipdnsproxy file. Remember to run "/etc/init.d/hipdnsproxy restart" to make the changes effective. For example, including --hip-domain-prefix="hip." can speed up the DNS resolution because it tries to resolve HITs only when the host name begins with the "hip." string. Also, the DNS proxy returns HITs or empty DNS responses to the application as an extra security measure when the prefix matches.
The DNS proxy does not return IP addresses when it finds a HIT for a queried host. If you want to see the IP addresses, try "dig -t any hostname". Intentionally, the DNS proxy does not alter ANY requests for diagnostics and debugging purposes.