date:20170321

Re: [Dnsmasq-discuss] No more random source port

2017-03-21 Thread Albert ARIBAUD

Bonjour,

Le Tue, 21 Mar 2017 14:30:28 +0200
Risto Suominen  a écrit:

> Zyxel doesn't have a problem with same source port:
> 
> https://www.dropbox.com/s/wxdl480hwr39j12/dns-03.pcap?dl=1
> 
> Same commands as in pcap-01.
>
> Risto

I can't see why your dnsmasq would only use one port. This would be the
behavior for -Q0 (or -Q45807, but your dnsmasq does not have this option
in its command line.

Did you check apparmor or SELinux?

Amicalement,
-- 
Albert.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Limiting the number of IP addressess in DNS reply

2017-03-21 Thread Michal Taborsky

Hello everyone,

we are using dnsmasq with local hosts file, which lists all servers
providing a given service. So the hosts file looks something like this:

172.26.1.245 service1
172.26.1.246 service1
172.26.1.247 service1
172.26.1.248 service1
172.26.1.249 service2
...

In this case, dnsmasq returns a list of IP addresses when you query for
service1 and the list is randomized (or shifted by one apparently, which is
OK), so it serves as a primitive load balancer too, because the apps will
pick the first one. All is well.

But the problem arises, when there are many servers, that provide service1.
Because dnsmasq returns all of the IPs, the response does not fit into a
UDP packet (I assume) and some of the client apps have problem with that.
For example, dig will work, but will print at the beginning:
;; Truncated, retrying in TCP mode.

As I wrote, some apps, that we have little control over, cannot cope with
that. Now the question:

Can dnsmasq be made to return only a limited number of addresses? Three
would be enough, as long as they would be more or less randomly distributed
in each request.

Thanks for any ideas, how to solve this.

Michal
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Blacklist selection per dhcp-host?

2017-03-21 Thread Art Greenberg

I am currently using addn-hosts for DNS blacklisting.  All of the dhcp
client machines on my network use static assignment via dhcp-host
entries in the config file.  Running dnsmasq version 2.48 on Centos 6
(yes, I'm aware its old but that seems to be the most recent version in
the Centos 6 repo).

On a few dhcp client machines, the blacklist causes problems because the
user of those machines depends upon vendor websites that link to domains
in the blacklist.  Because I obtain the blacklists from third parties,
editing them isn't a great option (assuming I could even figure out
which entries to remove).  So for those client machines, I am using the
"net:" facility with dhcp-options to force them to use a different DNS
server, that being my router which in turn points to the ISP's DNS
servers.  This is not a very satisfactory work-around, as those clients
aren't able to resolve addresses internal to my network.

Is there a way to disable/enable (or select) a blacklist on a per
dhcp-client basis?  Can dnsmasq be configured to listen for DNS queries
on two network interfaces and apply the blacklist to only one of them? 
Or run two instances of dnsmasq on two different network interfaces, and
only one of them respond to DHCP requests?

I can install a newer version of dnsmasq if needed.

Thanks.

-- 
Art Greenberg
a...@artg.tv

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

2017-03-21 Thread Risto Suominen

Hi,

2017-03-21 16:23 UTC+02.00, /dev/rob0 :
>
> Did you ever show us the contents of this --conf-dir?  It could have
> a file with "query-port".
> --
Good point. I forgot. I did check it, though, and the directory was empty.

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

2017-03-21 Thread /dev/rob0

On Mon, Mar 20, 2017 at 09:22:55PM +0200, Risto Suominen wrote:
> 2017-03-20 21:05 UTC+02.00, Albert ARIBAUD :
> >
> > You said the command line did not change. Which is it exactly? I 
> > usually do a "cat /proc//cmdline | tr '\0' '\n' 
> > to make sure I see the real command line of the running dnsmasq.
> >
> /usr/sbin/dnsmasq
> --no-resolv
> --keep-in-foreground
> --no-hosts
> --bind-interfaces
> --pid-file=/var/run/NetworkManager/dnsmasq.pid
> --listen-address=127.0.1.1
> --cache-size=0
> --conf-file=/dev/null
> --proxy-dnssec
> --enable-dbus=org.freedesktop.NetworkManager.dnsmasq
> --conf-dir=/etc/NetworkManager/dnsmasq.d

Did you ever show us the contents of this --conf-dir?  It could have 
a file with "query-port".
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

2017-03-21 Thread Risto Suominen

Zyxel doesn't have a problem with same source port:

https://www.dropbox.com/s/wxdl480hwr39j12/dns-03.pcap?dl=1

Same commands as in pcap-01.

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

2017-03-21 Thread Risto Suominen

Hi Albert,

2017-03-21 0:03 UTC+02.00, Albert ARIBAUD :
>
> Source IP is not the same in both pcaps. 1st pcap queries 8.8.8.8 and
> 192.168.1.1 from 192.168.1.33, while 2nd pcap queries are from
> 192.168.1.100. Can you clarify your network setup?
>
IP is differerent, but MAC is the same. I'm currently using Zyxel
router (pcap 1), because it's working. With TP-Link router (pcap 2) I
don't reach the Internet, because of the DNS problem.

So, I simply plugged my computer to different routers. In both cases
the router's DHCP server gave me IP and DNS addresses, Zyxel:
192.168.1.33 and 8.8.8.8 (its own address is 192.168.1.1). TP-Link:
192.168.1.100 and 192.168.1.1 (its own address).

Possibly the problem with TP-Link depends on this behaviour
(forwarding DNS requests). (NAT routers typically allocate random
ports internally for forwarded requests.)

I might change Zyxel's setup so that it gives me its own address as
DNS, to see how it behaves in that situation. In TP-Link I have not
found a way to do the opposite.

Risto

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No more random source port

[Dnsmasq-discuss] Limiting the number of IP addressess in DNS reply

[Dnsmasq-discuss] Blacklist selection per dhcp-host?

Re: [Dnsmasq-discuss] No more random source port

Re: [Dnsmasq-discuss] No more random source port

Re: [Dnsmasq-discuss] No more random source port

Re: [Dnsmasq-discuss] No more random source port

7 matches

Site Navigation

Mail list logo

Footer information