Re: [Dnsmasq-discuss] About UEFI PXE booting in proxy mode
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Below is the reply I sent to your original mail to me. The reply bounced, seemingly due to a misconfiguration of the MX record for your domain. Hopefully this will get to you via the list. Simon. - - -- I can shed some light on this, but not give you a complete answer. Firstly, your 2-not-working example fails because it's not using PXE. PXE clients do sensible things when the "bootfile name" is set in DHCP replies, which is what dhcp-boot does, but this isn't the complete PXE protocol. Hence example one works. That trick doesn't work for PXE-proxy, since you need the PXE protocol to do proxy. Any configuration without pxe-service enabled will never work for PXE proxy. That explains config 2. Your example 3 - I'm confused why that shouldn't work - the PXE client seems to be making further requests which are bring ignored. Would it be possible for you to get a packet dump of that exchange using tcpdump? Example 4 looks quite hopeful - the client is succerssfully downloading the bootx64.efi file (ignore the error before, that's just testing for the existance of the file. Can you see what's displayed on the client system at this point? On 18/01/17 14:36, Jr-Huang Shiau wrote: > Dear all, I am having the same issue as Juan García-Pardo described > here: > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q4/010931 .html > > On Ubuntu 16.04, I use dnsmasq which is backported from Ubuntu > 16.10: dpkg -l dnsmasq Desired=Unknown/Install/Remove/Purge/Hold | > Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Tri g-pend > > |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) > ||/ Name Version Architecture > Description > +++-==---= > > ii dnsmasq2.76-5 all Small > caching DNS proxy and DHCP/TFTP server > > I configured a PXE server, and disabled the isc-dhcp-server and > tftpd-hpa so that I can test the DHCP proxy function of dnsmasq. > > 1. When the attached config file "1-working-local.conf" is used as > /etc/dnsmasq.conf without DHCP proxy, both PXE or uEFI client boot > successfully. > > 2. When the attached config file "2-not-working-proxy.conf" is used > as /etc/dnsmasq.conf with DHCP proxy, both PXE or uEFI client can > _NOT_ boot successfully. In the log file "2-not-working-proxy.log" > you can see either PXE or uEFI client fails to enter network > booting. > > 3. When the attached config file "3-partial-working-local.conf" is > used as /etc/dnsmasq.conf without DHCP proxy, PXE client can boot > successfully. However, EFI client did not. The log file was > attached as "3-not-working-efi-local.log". > > 4. When the attached config file "4-partial-working-proxy.conf" is > used as /etc/dnsmasq.conf with DHCP proxy, PXE client can > successfully enter network booting, as shown in > "4a-working-pxe-client-proxy.log". However, for EFI network client, > just "bootx64.efi" was downloaded, no other files were downloaded, > as shown in "4b-not-working-efi-client-proxy.log". For comparison, > you can see in "1-working-efi-no-proxy.log", without DHCP proxy, > the clients should download grub config file "grub.cfg" and other > files. > > Therefore it seems there is some uEFI network booting issues, no > matter it's using proxy or not. > > If you need me to do more tests or more info, please let me know. > Thank you very much. > > Steven > > > > ___ Dnsmasq-discuss > mailing list Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCAAGBQJYgUIIAAoJEBXN2mrhkTWiJPkP/1yjXLO6q7UbhvhM0b3Hdwfc v19A39lp4VhL3ujt21+jSdsWwsqPCJcLfkkkW2OCI6niRR40UVPMU3eYvk+Uxc1p LlP/ZJj5ayNUQ1EvuqqJQwRTwdnaYFmgxvR6HhCKXWnEzKK+3x52p273O2B/O9Ld V429G4y7G8Or3UKC4Bk6ww9I/KZ/r0ufTVstWW0nW2wqA9zzf009JofN6yUbJcUN dT1jetjbiiHCgyeFodtm7PVcda/E2uwVr/8ScXQgvqbser78AId6O72FkysLplDd Fo59KWsawqJO8+C/YCKCTXIMp3yFPgcv1KCgBmieR4eEr7RXcu0l4+iEsYvamvsJ MJ1KV6ts2Pt5bA7gszuP2PDNlt+t0K/dnpDaxRcGbyI4lhamqEnzH/wd7FUylcLl U8K7EYwlz7CoQKXqi6qP6EU4qeTyVMQmKoeY907WKt1DZMqWH7Ye9iTvihA+3a95 RqCuEWk3BsrZ/hOEKpeEmVy8cwh4gkrI6elszjmC5rYEvlwRwVezZK9zA/xRdfn+ 7jkE4P08/L5qhtrOCnBCW3+6AbHyRblJGSR/dEB8cSIUdqGXTJpGtxWAQPjgOrzJ Q0iE/2omLUcjgWGvZwZTsm2bWlqC9Lj9jIW00QXCZDo//QgUBVlkUMiO+l6IdggT ctKEAYejg9k832KJt3J0 =OwJE -END PGP SIGNATURE- ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] About UEFI PXE booting in proxy mode
Dear all,I am having the same issue as Juan García-Pardo described here:http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q4/010931.htmlOn Ubuntu 16.04, I use dnsmasq which is backported from Ubuntu 16.10: dpkg -l dnsmasq Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==---= ii dnsmasq2.76-5 all Small caching DNS proxy and DHCP/TFTP server I configured a PXE server, and disabled the isc-dhcp-server and tftpd-hpa so that I can test the DHCP proxy function of dnsmasq. 1. When the attached config file "1-working-local.conf" is used as /etc/dnsmasq.conf without DHCP proxy, both PXE or uEFI client boot successfully. 2. When the attached config file "2-not-working-proxy.conf" is used as /etc/dnsmasq.conf with DHCP proxy, both PXE or uEFI client can _NOT_ boot successfully. In the log file "2-not-working-proxy.log" you can see either PXE or uEFI client fails to enter network booting. 3. When the attached config file "3-partial-working-local.conf" is used as /etc/dnsmasq.conf without DHCP proxy, PXE client can boot successfully. However, EFI client did not. The log file was attached as "3-not-working-efi-local.log". 4. When the attached config file "4-partial-working-proxy.conf" is used as /etc/dnsmasq.conf with DHCP proxy, PXE client can successfully enter network booting, as shown in "4a-working-pxe-client-proxy.log". However, for EFI network client, just "bootx64.efi" was downloaded, no other files were downloaded, as shown in "4b-not-working-efi-client-proxy.log". For comparison, you can see in "1-working-efi-no-proxy.log", without DHCP proxy, the clients should download grub config file "grub.cfg" and other files. Therefore it seems there is some uEFI network booting issues, no matter it's using proxy or not. If you need me to do more tests or more info, please let me know. Thank you very much. StevenJan 14 17:28:11 xenial64 systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server... Jan 14 17:28:11 xenial64 dnsmasq[6343]: dnsmasq: syntax check OK. Jan 14 17:28:11 xenial64 dnsmasq[6355]: started, version 2.76 DNS disabled Jan 14 17:28:11 xenial64 dnsmasq[6355]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify Jan 14 17:28:11 xenial64 dnsmasq[6355]: DNS service limited to local subnets Jan 14 17:28:11 xenial64 dnsmasq-dhcp[6355]: DHCP, IP range 192.168.22.1 -- 192.168.22.3, lease time 10h Jan 14 17:28:11 xenial64 dnsmasq-tftp[6355]: TFTP root is /tftpboot/nbi_img Jan 14 17:28:22 xenial64 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 14 17:28:22 xenial64 systemd[1]: Reached target Host and Network Name Lookups. Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 available DHCP range: 192.168.22.1 -- 192.168.22.3 Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 vendor class: PXEClient:Arch:9:UNDI:003016 Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 DHCPDISCOVER(ens38) 00:0c:29:1d:9a:d1 Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 tags: X64_EFI, ens38 Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 DHCPOFFER(ens38) 192.168.22.3 00:0c:29:1d:9a:d1 Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 requested options: 1:netmask, 2:time-offset, 3:router, 4, 5, Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 requested options: 6:dns-server, 12:hostname, 13:boot-file-size, Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 requested options: 15:domain-name, 17:root-path, 18:extension-path, Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 requested options: 22:max-datagram-reassembly, 23:default-ttl, Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 requested options: 28:broadcast, 40:nis-domain, 41:nis-server, Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 requested options: 42:ntp-server, 43:vendor-encap, 50:requested-address, Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 requested options: 51:lease-time, 54:server-identifier, 58:T1, Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 requested options: 59:T2, 60:vendor-class, 66:tftp-server, 67:bootfile-name, Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 requested options: 97:client-machine-id, 128, 129, 130, 131, Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 requested options: 132, 133, 134, 135 Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 bootfile name: bootx64.efi Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 next server: 192.168.22.254 Jan 14 17:28:37 xenial64 dnsmasq-dhcp[6355]: 1305276272 broadcast response Jan 14 17:28:37 xenial64
Re: [Dnsmasq-discuss] I cannot receive any dns answers from Dnsmasq
The conf' file lacked "bind-interfaces". Sorry for the inconveniance. On 19/01/2017 13:17, Stephane Guedon - EN wrote: > The title says it all. When I make a dig query to dnsmasq, on localhost > or not, ipv4 or v6, Dnsmasq receives the request, treat it, but I don't > receive the answer. > > Request : > > stephane@mirror:/home/stephane dig @127.0.0.1 www.facebook.com > > ; <<>> DiG 9.4.2-P2 <<>> @127.0.0.1 www.facebook.com > ; (1 server found) > ;; global options: printcmd > ;; connection timed out; no servers could be reached > stephane@mirror:/home/stephane > > verbose dnsmasq : > > stephane@mirror:/home/stephane doas dnsmasq -d -R > dnsmasq: started, version 2.76 cachesize 150 > dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN > DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect > no-inotify > dnsmasq-dhcp: DHCP, IP range 10.0.0.20 -- 10.0.255.250, lease time 12h > dnsmasq-dhcp: DHCPv6 stateless on re2 > dnsmasq-dhcp: DHCPv4-derived IPv6 names on re2 > dnsmasq-dhcp: router advertisement on re2 > dnsmasq-dhcp: DHCPv6 stateless on fd00:2016:22:dec::, constructed for re2 > dnsmasq-dhcp: DHCPv4-derived IPv6 names on fd00:2016:22:dec::, > constructed for re2 > dnsmasq-dhcp: router advertisement on fd00:2016:22:dec::, constructed > for re2 > dnsmasq-dhcp: DHCPv6 stateless on 2a06:4000:1576::, constructed for re2 > dnsmasq-dhcp: DHCPv4-derived IPv6 names on 2a06:4000:1576::, constructed > for re2 > dnsmasq-dhcp: router advertisement on 2a06:4000:1576::, constructed for re2 > dnsmasq-dhcp: RTR-ADVERT(re2) fd00:2016:22:dec:: > dnsmasq-dhcp: RTR-ADVERT(re2) 2a06:4000:1576:: > dnsmasq-dhcp: IPv6 router advertisement enabled > ... > dnsmasq: 1 fd00:2016:22:dec::3/26860 /etc/hosts 2a06:4000:1576:: is > mirror.22decembre.eu > dnsmasq: 2 2a06:4000:1576::2/46016 query[] > u38868.mec086b732EDa.sOS.aTLas.RIPE.NEt.22DecEmbre.eU from 2a06:4000:1576::2 > dnsmasq: 2 2a06:4000:1576::2/46016 config > u38868.mec086b732EDa.sOS.aTLas.RIPE.NEt.22DecEmbre.eU is NXDOMAIN > dnsmasq: 3 2a06:4000:1576::2/60217 query[DNSKEY] 22dEceMbre.EU from > 2a06:4000:1576::2 > dnsmasq: 3 2a06:4000:1576::2/60217 config 22dEceMbre.EU is NXDOMAIN > dnsmasq: 4 127.0.0.1/32500 query[A] www.facebook.com from 127.0.0.1 > dnsmasq: 4 127.0.0.1/32500 forwarded www.facebook.com to fd00:2016:22:dec::3 > dnsmasq: 4 127.0.0.1/32500 reply www.facebook.com is > dnsmasq: 4 127.0.0.1/32500 reply star-mini.c10r.facebook.com is > 157.240.11.35 > > This is dnsmasq version 2.76p0 on OpenBSD, but I doubt it is relevant > (yet, further conf' provided any moment). > > When I start another dns daemon (unbound), I get the answers. I think it > is not firewall related. > > > Any idea ? > > Thank you very much for any help. > > > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -- Ce fichier signature.asc ? C'est une signature GPG. Si vous voulez savoir pourquoi j'utilise GPG et pourquoi vous le devriez aussi, vous pouvez lire mon article : http://www.22decembre.eu/2015/03/21/introduction-fr/ signature.asc Description: OpenPGP digital signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] I cannot receive any dns answers from Dnsmasq
The title says it all. When I make a dig query to dnsmasq, on localhost or not, ipv4 or v6, Dnsmasq receives the request, treat it, but I don't receive the answer. Request : stephane@mirror:/home/stephane dig @127.0.0.1 www.facebook.com ; <<>> DiG 9.4.2-P2 <<>> @127.0.0.1 www.facebook.com ; (1 server found) ;; global options: printcmd ;; connection timed out; no servers could be reached stephane@mirror:/home/stephane verbose dnsmasq : stephane@mirror:/home/stephane doas dnsmasq -d -R dnsmasq: started, version 2.76 cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect no-inotify dnsmasq-dhcp: DHCP, IP range 10.0.0.20 -- 10.0.255.250, lease time 12h dnsmasq-dhcp: DHCPv6 stateless on re2 dnsmasq-dhcp: DHCPv4-derived IPv6 names on re2 dnsmasq-dhcp: router advertisement on re2 dnsmasq-dhcp: DHCPv6 stateless on fd00:2016:22:dec::, constructed for re2 dnsmasq-dhcp: DHCPv4-derived IPv6 names on fd00:2016:22:dec::, constructed for re2 dnsmasq-dhcp: router advertisement on fd00:2016:22:dec::, constructed for re2 dnsmasq-dhcp: DHCPv6 stateless on 2a06:4000:1576::, constructed for re2 dnsmasq-dhcp: DHCPv4-derived IPv6 names on 2a06:4000:1576::, constructed for re2 dnsmasq-dhcp: router advertisement on 2a06:4000:1576::, constructed for re2 dnsmasq-dhcp: RTR-ADVERT(re2) fd00:2016:22:dec:: dnsmasq-dhcp: RTR-ADVERT(re2) 2a06:4000:1576:: dnsmasq-dhcp: IPv6 router advertisement enabled ... dnsmasq: 1 fd00:2016:22:dec::3/26860 /etc/hosts 2a06:4000:1576:: is mirror.22decembre.eu dnsmasq: 2 2a06:4000:1576::2/46016 query[] u38868.mec086b732EDa.sOS.aTLas.RIPE.NEt.22DecEmbre.eU from 2a06:4000:1576::2 dnsmasq: 2 2a06:4000:1576::2/46016 config u38868.mec086b732EDa.sOS.aTLas.RIPE.NEt.22DecEmbre.eU is NXDOMAIN dnsmasq: 3 2a06:4000:1576::2/60217 query[DNSKEY] 22dEceMbre.EU from 2a06:4000:1576::2 dnsmasq: 3 2a06:4000:1576::2/60217 config 22dEceMbre.EU is NXDOMAIN dnsmasq: 4 127.0.0.1/32500 query[A] www.facebook.com from 127.0.0.1 dnsmasq: 4 127.0.0.1/32500 forwarded www.facebook.com to fd00:2016:22:dec::3 dnsmasq: 4 127.0.0.1/32500 reply www.facebook.com is dnsmasq: 4 127.0.0.1/32500 reply star-mini.c10r.facebook.com is 157.240.11.35 This is dnsmasq version 2.76p0 on OpenBSD, but I doubt it is relevant (yet, further conf' provided any moment). When I start another dns daemon (unbound), I get the answers. I think it is not firewall related. Any idea ? Thank you very much for any help. -- The file signature.asc is not attached to be read by you. It's a digital signature by GPG. If you want to know why I use it, and why you should as well, you can read my article there: http://www.22decembre.eu/2015/03/21/introduction-en/ signature.asc Description: OpenPGP digital signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss