I now have a functional set up. Exactly what was the issue with the
pihole derivative of dnsmasq, is still not not entirely clear.
I suspect that the compiled in options used in the pihole derivative
differ from the set compiled into the Debian/raspbian version of
dnsmasq, that I matched when I compiled the version of dnsmasq2.80.
dnsmasq very usefully reports the compiled in options with the -v flag.
The pihole derivative has lost that rather useful feature, so exactly
what options it has been complied with is hard to tell.
The config we have eventually arrived at gives correct behaviour for
both versions of dnsmasq and the pihole derivative.
However what is also clear is that the issue was not related to dnsmasq
in any way, so sorry for disturbing the list.
Harry
On 01/01/2020 21:54, Harry Moyes wrote:
On 01/01/2020 16:30, Geert Stappers wrote:
On Wed, Jan 01, 2020 at 03:36:33PM +0000, Harry Moyes wrote:
I have a Raspberry Pi configured with two dummy interfaces in
addition to
the default Ethernet interface.
I have a workable configuration on the pi with unbound and NSD on the
two
virtual interfaces, and dnsmasq on the Ethernet and loopback interfaces.
Workable that is with this package loaded. (present default raspbian
default
install)
dnsmasq/stable,now2.76-5+rpt1+deb9u1 all[installed] dnsmasq-
base/stable,now2.76-5+rpt1+deb9u1 armhf [installed,automatic]
and this config fragment:
Why only a fragment?
Brevity ?
netadmin@namepi:/etc/dnsmasq.d $ ls
01-pihole.conf 02-pihole.conf README
netadmin@namepi:
This config is the standard config installed by pihole-FTL
netadmin@namepi:/etc/dnsmasq.d $ cat 01-pihole.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.
#
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT
UPDATE #
# #
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
# /etc/pihole/setupVars.conf #
# #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
###############################################################################
addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list
localise-queries
no-resolv
cache-size=10000
log-queries
log-facility=/var/log/pihole.log
local-ttl=2
log-async
netadmin@namepi:
netadmin@namepi:/etc/dnsmasq.d $ cat 02-pihole.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# This file contains additional directives for pihole-FTL #
# to integrate with the unbound and NSD nameservers also active on this
Pi #
# #
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
# /etc/pihole/setupVars.conf #
###############################################################################
bind-interfaces
listen-address=172.25.25.146
listen-address=127.0.0.1
server=192.168.55.9
no-dhcp-interface=eth0
no-dhcp-interface=dummy0
no-dhcp-interface=dummy1
netadmin@namepi:
This config works with the standard raspbian package.
netadmin@namepi:/etc/dnsmasq.d $ dnsmasq -v
Dnsmasq version 2.76 Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua
TFTP conntrack ipset auth DNSSEC loop-detect inotify
This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.
netadmin@namepi:/etc/dnsmasq.d $
It allows three nameservers to co-exist in the same Pi on three separate
interfaces. Nameserving functions correctly.
My problem is that pihole-FTL does not work with this configuration.
even though the interface and port are free, it errors out and refuses
to bind. In effect it's ignoring the bind-interfaces directive, trying
to bind port 53 on all interfaces, and erroring out, even though the
interface and port it is assigned to is available.
I'm trying to establish if this change in behaviour has occurred in
mainline dnsmasq, or in the pihole-FTL fork.
bind-interfaces
listen-address=172.25.25.146
} listen-address=127.0.0.1
} server=192.168.55.9
no-dhcp-interface=eth0
no-dhcp-interface=dummy0
no-dhcp-interface=dummy1
This setup is fully functional and does all I ask.
**However**
I'm actually trying to run pihole-FTL on the Pi, rather than dnsmasq
directly, which I'm told, includes a locally derived version of
dnsmasq 2.8.
Hopefully is 2.8 a typo. Because dnsmasq is meanwhile at version 2.80
It is a typo. The code for pihole-FTL is derived from dnsmasq 2.80
That derivative version appears to ignore the bind-interfaces
directive, and
thus fails to bind the name server ports, even though the specified
interfaces are free.
That seems to be the problem. But I fail to see what the problem is.
Most likely due incomplete information on the desired configuration.
The developers of that derivative are convinced that functionally their
derivative imports 2.8 in its entirety,simply adds additional monitoring
hooks.
I'm obviously not expecting assistance with the pihole-FTP but I'd
really
appreciate any hints of changes intentional or otherwise, that may
affect
the behaviour of "mainline" dnsmasq with respect its behaviour
binding the
wildcard interface, that may have taken place between 2.76 and 2.8 to
try to
understand where the change in behaviour comes from.
I'm pretty much convinced I need to build and test a mainline version of
dnsmasq 2.8 from source, to localise where the issue is coming from,
but I thought I'd respectfully ask here in case someone here can
point me in
the right direction.
I've built a version of dnsmasq v 2.80. It presently does not have the
correct compile options ATM. I'm trying to work out how to configure the
correct compile options.
Euh?
Please be aware that your right direction hasn't to be my right
direction.
Advice: Make a follow-up posting which describes the wanted
configuration, plus working and NON-working parts.
Groeten
Geert Stappers
Harry
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss