Re: [Dnsmasq-discuss] Dnsmasq as dhcp relay agent for another dnsmasq server
Hi, Actually you are right. Sorry for that. I am using v2.59 which is Ubuntu Repository I had one question , maybe out of scope, Is it possible to use Coova and Dnsmasq on same host and by turning off coova's DHCP and using Dnsmasq as DHCP Server? Thanks, Prashant On Thursday 31 July 2014 03:02 AM, Simon Kelley wrote: On 29/07/14 11:08, Prashant wrote: Hi, I am trying to use one Dnsmasq to forward dhcp request to other dnsmasq server , But how should I configure it. For relay agent , I tried with, --dhcp-relay=local address,server address* *as mentioned here, http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html But the its saying it is invalid option , even dnsmasq --help is not having such options. What version of dnsmasq do you have? That link gets you the man page for the latest release, if you have an earlier release, it may not have the DHCP relay code. The DHCP relay feature was added quite recently. Cheers, Simon On server side I have following configuration, listen-address=192.168.56.1 dhcp-range=192.168.40.2,192.168.40.254,255.255.255.0,12h dhcp-leasefile=/tmp/dnsmasq.leases Please let me know, in case anything wrong I am doing. Thanks, Prashant ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] [PATCH] Support for reading the ISC dhcp lease file
Hello Simon, thanks for your reply. On Wed, 2014-07-30 at 22:24 +0100, Simon Kelley wrote: On 30/07/14 11:51, Michael Tremer wrote: Hello fellow dnsmasq users, I am working on the free firewall distribution called IPFire (www.ipfire.org) and inside of that distribution, dnsmasq is used as a DNS proxy. For the DHCP services, we use the ISC dhcp daemon. In the past, dnsmasq supported importing the leases from the ISC dhcpd lease file which then was unfortunately removed because the code was unmaintainable. I am not fully aware of the reasons. The reason was very simple. The first versions of dnsmasq were just DNS forwarders, nothing to do with DHCP. Then the ability to read ISC lease files was added, which allowed DHCP-allocated addresses to be added to the DNS. This was a good idea, but a bit of a hack, so instead, long ago, the DHCP server code was added to dnsmasq, with integration with the DNS side. Finally, after plenty of warning, the now redundant ISC-leasefile reading code was removed. Makes perfectly sense. We've seen calls to add this code back before, but the question which I've never seen answered is why it's necessary to use the ISC server and not the built-in dnsmasq one. The DHCP code in dnsmasq is now very mature, and I'm not aware of anything it can't do that the ISC code can, in the niche where dnsmasq is appropriate. If I knew of a good reason to favour the ISC dhcpd over the dnsmasq one, I'd be in a better position to judge if this patch is a good idea. The reason why we use the ISC dhcp server is basically our history. The web user interface is writing configuration files for ISC dhcpd and we didn't really want to rework that when dnsmasq supported DHCP. You are probably right that dnsmasq comes with everything you need. I am not sure about the latest IPv6 developments and if it supports pools and steering some devices identified by their MAC addresses into those pools. Those features are certainly ones that the vast majority of dnsmasq users doesn't need or use. I cannot name *the* reason why ISC dhcp is superior - it isn't. It might have some features that dnsmasq does not have and dnsmasq might have some features that ISC dhcp does not have. My personal reason is that I find the configuration file of the ISC dhcp daemon much better to read/write. dnsmasq is not that intuitive. So there is no major technical reason that springs to mind. It's mainly personal preference. I don't really know if that is sufficient to include the code. It would be a unique feature of dnsmasq that I couldn't find in any of the alternatives. Our workaround was to stick with a very old version of dnsmasq. Now that there are things like DNSSEC and that backporting security fixes it not a pleasant thing to do, I took the old code and made it work with the current master branch. I started with the old code from John Volpe and Simon and cleaned it up step by step. Some things like parsing the date was unnecessarily complicated and I think that the attached patch is much cleaner. It has been tested a lot by our community and is working well. There is also a git branch where you can pull my changes from: http://git.ipfire.org/?p=people/ms/dnsmasq.git;a=shortlog;h=refs/heads/dhcp-lease I would really like to see this included in dnsmasq. There are also various bugs in the bugtrackers of various distributions like Debian and so on. Maybe we can work out the problems and get this merged. It looks like a good basis for adding the feature, but let's decide if it's a good feature to have, first. Good plan. -Michael Cheers, Simon. Best, -Michael ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Documented Redundancy?
On 30/07/14 07:35, Joel Krauska wrote: I've seen a few interesting proposals for running dnsmasq in a redundant way. (running active/passive and trying to keep leases updated atomically, eg. using a db) But I haven't seen an actual implementation documented anywhere. Those concepts mostly 'address' setting up a standby dhcp server, but I'm also interested in a secondary DNS server implementation using dnsmasq, and I can't seem to find detailed documentation on that either. Just in case anyone is wondering 'why' -- machines need package updates and occasional rebooting. I'd very much like to be able to temporarily take down my primary dhcp/dns infra with minimal impact. I've used isc and bind, and frankly it's a PITA to manage and maintain. I really like the simplicity of dnsmasq, but I'd also like some manageable redundancy? Is there a blog post out there that I just can't seem to find? :) If not, I guess I'll have to try to make one myself. Cheers, Joel Krauska I'm not aware of anybody having done this and documented it. The insight that you don't really need redundancy for DHCP, only DNS is a valid one. Maybe it would work to have a secondary dnsmasq configured only for DNS, and make the primary maintain a file in /etc/hosts file format with the DHCP hosts and their addresses. The DHCP script is provided with enough information to maintain a complete lease database, so just the names/addresses would be quite possible. Moving that file from master to slave left as an exercise for the reader :) Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Documented Redundancy?
On 31/07/14 13:23, Simon Kelley wrote: On 30/07/14 07:35, Joel Krauska wrote: I've seen a few interesting proposals for running dnsmasq in a redundant way. (running active/passive and trying to keep leases updated atomically, eg. using a db) But I haven't seen an actual implementation documented anywhere. Those concepts mostly 'address' setting up a standby dhcp server, but I'm also interested in a secondary DNS server implementation using dnsmasq, and I can't seem to find detailed documentation on that either. Just in case anyone is wondering 'why' -- machines need package updates and occasional rebooting. I'd very much like to be able to temporarily take down my primary dhcp/dns infra with minimal impact. I've used isc and bind, and frankly it's a PITA to manage and maintain. I really like the simplicity of dnsmasq, but I'd also like some manageable redundancy? Is there a blog post out there that I just can't seem to find? :) If not, I guess I'll have to try to make one myself. Cheers, Joel Krauska I'm not aware of anybody having done this and documented it. We are working on the idea, and have made progress, but don't have it 100% working yet, and definitely not documented it if anyone wants to dig into the ongoing development, https://github.com/libre-mesh/lime-packages/tree/master/packages/dnsmasq-lease-share The insight that you don't really need redundancy for DHCP, only DNS is a valid one. Our scenario is actually more like master to master sincronization: two or more active DHCP servers on the same (pseudo)link-local. This specific need might only make sense in batman-adv mesh networks, but i guess it could be adapted to the master/slave case the OP is asking about Cheers! Maybe it would work to have a secondary dnsmasq configured only for DNS, and make the primary maintain a file in /etc/hosts file format with the DHCP hosts and their addresses. The DHCP script is provided with enough information to maintain a complete lease database, so just the names/addresses would be quite possible. Moving that file from master to slave left as an exercise for the reader :) Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Estimation of TFTP Server Load Capabilities
On 24/07/14 04:13, Linux Luser wrote: I have a project where I use dnsmasq for netboot installs. Currently, there can be an unlimited number of installs happened at once. At what point (number of TFTP transfers happening in parallel) should I be concerned that I'm overtaxing dnsmasq's TFTP capabilities? Does dnsmasq use threads or multiprocessing for TFTP transfers? In my experience, the limit is unlikely to be dnsmasq, as long as it's not running on a very slow CPU. The problem is that TFTP is a very dumb protocol, and it really doesn't handle packet loss well. Nor does it rate limit well. This means that the normal cause of collapse (ie hosts never complete netboot) is network overload, causing packet loss, causing TFTP sessions to stall. If you have a fast network, it may all be fine, if you don't then changing the TFTP server probably won't help, you need to limit the number of simultaneous transactions. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] With --all-servers option enabled, query failed due to first answer with no answer section
On 24/07/14 08:20, 毕勤 wrote: Well,I just figured out that it might due to the DNS Hijack of China's Great Firewall. The GFW hijack the DNS process and return a fake response pacakge,with the response code=0(means no error) but no Answer RRs(Answer RRs=0).It's obviously unlogical but legalized for resolver. So,may be I should not require this problem to be solved by dnsmasq,I can use iptables to drop that kind of fake response. Be careful, that answer is perfectly sensible. It means that there's some data in the DNS for that name, but not of the type you asked for. For instance if a asked for an IPv6 address ( record) for a host which didn't have an IPv6 address, but it did have an IPv4 address (A record) then I'd get an reply with zero answer RRs and zero error code. This sort of reply is called NODATA. In answer to you original question. Dnsmasq always believes answers it gets if the answer is NXDOMAIN or NODATA because they are common and legitimate answers. It's not generally good to go slower by trying another server when you have am answer already. For your application, it would be quite easy to patch dnsmasq to change the behaviour. I think the problem might be that the GW could then start returning a different valid but wrong answer, and you'd be no further forward. Cheers, Simon. I'm sorry if any bother. Bi Qin On Thu, Jul 24, 2014 at 10:01 AM, 毕勤 lea...@gmail.com wrote: Hi List, I have config multiple dns servers in the config file with -all-servers option enabled.The reason why I did this is to get correct answer from foreign DNS(due to the dns poison of China's Great Firewall) without losing the fast query speed from local(China) DNS. The problem is, when I queried some certain domain( scontent-a.cdninstagram.com .eg),the first answer from local DNS has no answer section(still a dns poison issue) then Dnsmasq accept and take this as the final answer, as it's the first answer.This make the queries for that domain from desktop failed. In the meantime,force to dig that domain with google DNS will give me the correct answer with answer section. I understand that's a correct behavior as described in the Dnsmasq's Manpage for --all-servers option.And I can deal with it with the server=/domain/DNS option to use certain DNS for certain domain as a temporary solution. But could it be more intelligent?When --all-server option enabled,force to Dnsmasq to query from other servers configed if the first answer has no answer section. Which means,Dnsmasq will take the first answer with answer section as result ,rather than the first answer just returned. Thank you! Bi Qin ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Estimation of TFTP Server Load Capabilities
One option here is to use iPXE ( http://www.ipxe.org/ ) to grab the netboot files via HTTP (or some other protocol) instead of relying on TFTP. There's some extra configuration work here, but serving up the 365KB iPXE image to clients via TFTP is a lot less work then serving up the entire kernel/initrd package. On 7/23/2014 11:13 PM, Linux Luser wrote: I have a project where I use dnsmasq for netboot installs. Currently, there can be an unlimited number of installs happened at once. At what point (number of TFTP transfers happening in parallel) should I be concerned that I'm overtaxing dnsmasq's TFTP capabilities? Does dnsmasq use threads or multiprocessing for TFTP transfers? Thanks. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Estimation of TFTP Server Load Capabilities
Thanks guys. That gives me some good things to think about and prepare for. On Jul 31, 2014 12:33 PM, Brian Rak b...@gameservers.com wrote: One option here is to use iPXE ( http://www.ipxe.org/ ) to grab the netboot files via HTTP (or some other protocol) instead of relying on TFTP. There's some extra configuration work here, but serving up the 365KB iPXE image to clients via TFTP is a lot less work then serving up the entire kernel/initrd package. On 7/23/2014 11:13 PM, Linux Luser wrote: I have a project where I use dnsmasq for netboot installs. Currently, there can be an unlimited number of installs happened at once. At what point (number of TFTP transfers happening in parallel) should I be concerned that I'm overtaxing dnsmasq's TFTP capabilities? Does dnsmasq use threads or multiprocessing for TFTP transfers? Thanks. ___ Dnsmasq-discuss mailing listdnsmasq-disc...@lists.thekelleys.org.ukhttp://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss