Re: [Dnsmasq-discuss] DNSSEC on lookups of *.paypal.com no longer work

2016-05-04 Thread Uwe Schindler 
Hi Simon,

> Well, that's the smoking gun. Dnsmasq is doing the right thing, and your
> upstream server at 212.202.215.1 is broken. I realise that doesn't solve
> the problem, but at least you know where to work now :)
> 
> 
> (the reason dnsmasq is returning SERVFAIL is that there's a
> chain-of-trust from the root that says paypal.com is signed, If the
> answer to the paypal.com query isn't signed, it may be a false answer,
> so it can't be trusted.)

Of course this is the right thing to do!

I will contact the upstream provider and ask them to fix this!

Interestingly, two of their three IPv4 DNS servers have the problem. The 3rd 
one and all three IPv6 DNS servers are working fine. This explains why it 
sometimes worked.

Maybe a good idea is: If a DNSSEC query fails and DNSMASQ knows more servers, 
retry on others, too?

Uwe


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-05-04 Thread Kevin Darbyshire-Bryant 
The mystery is at least partially solved.  It looks like I'd somehow
enabled Remote Routing and Access services within Windows Home Server
for VPN access.  It looks like it tries to grab a few addresses for
potential VPN clients from a DHCP server, that's why I was seeing
'RRAS.Micrsoft'  as a user class for the extra requests.  With RRAS
disabled no extra DHCPv4 requests are received which at least removed
some of the lease duplication/abandonment.

It also appears to have solved the DHCPv6 behaviour too, with the server
now getting the DHCPv6 address assigned by the dhcp-hosts configuration
line.  Why that should be is also a mystery to me.  Oh well, posted here
just in case someone else falls into a similar trap :-)


Kevin



___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-05-04 Thread Simon Kelley 
On 03/05/16 18:48, Kevin Darbyshire-Bryant wrote:
> Hi Simon,
> 
> Thanks for getting back to me.  Kermit is a Windows Home Server box and
> is definitely not net or dual booted.  Here's the relevant 'log dhcp'
> extract from a clean boot of it. 
> 
> dhcp-host=id:00:01:00:01:1b:75:4c:36:e0:3f:49:a1:d4:aa,[::4],Kermit
> dhcp-host=E0:3F:49:A1:D4:AA,192.168.219.4,kermit
> 
> Before booting:
> 
> nslookup kermit
> nslookup: can't resolve '(null)': Name does not resolve
> 
> Name:  kermit
> Address 1: 2001:470:183f:da2b::4 kermit.darbyshire-bryant.me.uk
> Address 2: 192.168.219.4 kermit.darbyshire-bryant.me.uk
> 
> No entries in dhcp.leases.
> 
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
> available DHCP range: 192.168.219.2 -- 192.168.219.253
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
> vendor class: MSFT 5.0
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
> client provides name: Kermit
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
> DHCPREQUEST(br-lan) 192.168.219.4 e0:3f:49:a1:d4:aa
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
> tags: lan, known, br-lan
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
> DHCPACK(br-lan) 192.168.219.4 e0:3f:49:a1:d4:aa kermit
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
> requested options: 1:netmask, 15:domain-name, 3:router, 6:dns-server,
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
> requested options: 44:netbios-ns, 46:netbios-nodetype, 47:netbios-scope,
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
> requested options: 31:router-discovery, 33:static-route,
> 121:classless-static-route,
> Tue May  3 18:40:57 2016 daemo> 
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 

>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
>
> ___
n.info dnsmasq-dhcp[2862]: 1035611837
> requested options: 249, 43:vendor-encap
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 next
> server: 192.168.219.1
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
> broadcast response
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
> size:  1 option: 53 message-type  5
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
> size:  4 option: 54 server-identifier  192.168.219.1
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
> size:  4 option: 51 lease-time  12h
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
> size:  4 option: 58 T1  6h
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
> size:  4 option: 59 T2  10h30m
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
> size:  4 option:  1 netmask  255.255.255.0
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
> size:  4 option: 28 broadcast  192.168.219.255
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
> size:  4 option:  3 router  192.168.219.1
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
> size:  4 option:  6 dns-server  192.168.219.1
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
> size: 23 option: 15 domain-name  darbyshire-bryant.me.uk
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
> size: 33 option: 81 FQDN  03:ff:ff:6b:65:72:6d:69:74:2e:64:61:72:62...
> Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
> size:  4 option: 44 netbios-ns  192.168.219.1
> Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055
> available DHCP range: 2001:470:183f:da2b::2 -- 2001:470:183f:da2b:::
> Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055 vendor
> class: 311
> Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055
> DHCPCONFIRM(br-lan) 00:01:00:01:1b:75:4c:36:e0:3f:49:a1:d4:aa
> Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055
> DHCPREPLY(br-lan) 2001:470:183f:da2b::9f93:7b6a
> 00:01:00:01:1b:75:4c:36:e0:3f:49:a1:d4:aa Kermit
> Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055 tags:
> known, dhcpv6, br-lan
> Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055 sent
> size: 14 option:  1 client-id  00:01:00:01:1b:75:4c:36:e0:3f:49:a1:d4:aa
> Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055 sent
> size: 14 option:  2 server-id  00:01:00:01:1e:b7:72:d8:14:cc:20:be:89:33
> Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055 sent
> size: 29 option: 13 status  0 all addresses still on link
> 
> Only Entry in

Re: [Dnsmasq-discuss] [PATCH] Fix DHCPv4 reply via --bridge-interface alias interface

2016-05-04 Thread Neil Jerram 
Thank you!
Neil

On 03/05/16 23:28, Simon Kelley wrote:
> That seems quite straightforward. Thanks. Patch applied without change.
>
> Cheers,
>
> Simon.
>
>
>
> On 08/04/16 19:27, Neil Jerram wrote:
>> I'm sorry not to have noticed this before now, but I just spotted that
>> DHCPv4 handling via --bridge-interface interfaces was broken between
>> v2.72 and v2.73.  My further analysis and fix are in the attached patch.
>>
>> Regards,
>>  Neil
>>
>>
>>
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Huge hosts file and CPU usage

2016-05-04 Thread Chen Wei 
On Tue, Apr 26, 2016 at 03:43:34PM -0700, Mike Leong wrote:
> I have a blacklist of 1.5 million entries loaded into dnsmasq via "address"
> definitions.  eg:
> address="/bad-site.com/192.168.5.1"

https://github.com/infinet/dnsmasq


> The 1.5 million entries are a list of porn/warze sites collected from
> various blacklists.
> According to top, dnsmasq uses about 200MB of RAM w/ that list loaded.
> I'm noticing high CPU usage w/ that blacklist.  (spikes to about 80% on an
> i7)
> dnsmasq version: 2.62-3+deb7u3  (from debian wheezy)
> Are there any tuning (compiler options, code changes) what would reduce the
> CPU usage?
> I also tried using addn-hosts format but CPU usage was the same.


-- 
Chen Wei

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss