[Dnsmasq-discuss] host in subnet LAN cannot resolve name in outer LAN
Hello,
I am trying to build a subnet where dnsmasq is the DHCP/DNS server.
This
seems like a very common case but I cannot find any information on
solving
the problem. TL;DR the hosts in the subnet LAN cannot resolve hosts in
the
outer LAN, although they can ping them by ip and of course also resolve
names in the internet at large.
The top level network is 192.168.46.0/24, consisting of a black box
router
connected to the internet at large and connected to local hosts via
WIFI.
Under this are three hosts (more, but these are the relevant ones).
Newton
is a laptop running Linux Mint, home46 is a Raspberry Pi running
Raspbian,
and home52 is another Rpi which is the head node for the subnet, which
is
192.168.52.0/24. This subnet is implemented with ethernet.
Newton, home46, home52 all connect to the router via wifi. So far this
is a very standard home network and these hosts can ping each other
using
names such as newton.local, home46.local, and home52.local. I know very
well
that .local is a terrible choice for a TLD, but the router is in charge
of
this. Changing out the router is a different topic for a different
time.
I believe that this subnet uses mDNS to map between names and
ip addresses on the subnet.
router
|
(192.168.46.0/24, this is .local)
| ||
newton home46 |
| (wlan0)
home52
| (eth0)
|
-- (192.168.46.0/24, this is .52.lan)
| | |
rpi0 rpi1 rpi2
home52 is the interesting host. It runs dnsmasq to provide DHCP and DNS
services to rpi0, rpi1, and rpi2 on the interface eth0. There are
iptables
rules which route traffic between wlan0 and eth0 on home52.
Everything works and rpi0, rpi1, rpi2 can all ping each other by name
as well as hosts in the internet at large, e.g. www.google.com.
rpi0,rpi1,rpi2
can also ping hosts newton and home46, but ONLY by ip address, not by
name. If I "ping newton.local" from rpi2 I get the following in the
dnsmasq log on home52, from systemctl status dnsmasq:
home52 dnsmasq[851]: query[SOA] local from 192.168.52.100
home52 dnsmasq[851]: forwarded local to 8.8.4.4
home52 dnsmasq[851]: forwarded local to 8.8.8.8
home52 dnsmasq[851]: forwarded local to 192.168.46.1
and of course all of this is wrong.
So how can I get dnsmasq to serve hosts in the subnet with names from
the outer net? Note: I want the hosts in the subnet to be zeroconf --
they must not know anything about the outer net. Suggestions about
modifying
their /etc/hosts file are not useful and in any case the ip addresses
in the outer subnet are subject to change after rebooting, since they
are all provided by DHCP from the router.
dnsmasq.conf:
# Use interface eth0
interface=eth0
# Explicitly specify the address to listen on
listen-address=192.168.52.1
# Bind to the interface to make sure we aren't sending things
elsewhere
bind-interfaces
# don't forward unqualified names (e.g. myserver)
domain-needed
# won't forward some non-routed addresses
bogus-priv
# won't forward requests for the intranet subdomain
local=/52.lan/
# append the domain (below) to all hosts
domain=52.lan
# Assign IP addresses between 192.168.52.50 and 192.168.52.150
# with a 12 hour lease time
dhcp-range=192.168.52.50,192.168.52.150,12h
# Forward DNS requests to the local DNS and then Google DNS
server=192.168.52.1
server=8.8.8.8
server=8.8.4.4
# Use the /etc/ethers file to specify static mappings
# read-ethers
# log DNS queries, for debugging
log-queries
---
/etc/hosts file
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 home52
192.168.52.1 home52.52.lan
-
commands to set up iptables
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT \
-m state --state ESTABLISHED,RELATED
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Problem with TFTP in dnsmasq
On Wed, Jun 09, 2021 at 12:53:40PM +, Brown, Aaron M. wrote: > From: Geert Stappers ; Sent: Wednesday, June 9, 2021 03:58 > > > And which permissions has file 'test.txt'? > > The file test.txt is 755 as well. Acknowledge > > Please explicite that the filename is 'test.txt' for the tftp GET. > > ( not '/tftp/test.txt' ) > > I just verified to be sure. Yes, I'm using the command tftp> GET test.txt > I've also tried variations like tftp> GET "test.txt" just to be sure > (even knowing they'd probably throw invalid command errors). Ack > >> Anyone have any ideas? > > >Only a wild guess: > >Dnsmasq process has NOT the privelege to send. > > >I don't know if such thing exists, but I'm thinking "capabilities". > >Capabilities as in > >https://manpages.debian.org/buster/manpages/capabilities.7.en.html > > Wild guess or not, I'll dig into this today, thank you for a possible lead! Further option: Tell how and where dnsmasq is started. Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Problem with TFTP in dnsmasq
On Wed, Jun 09, 2021 at 06:02:55PM +0200, john doe wrote: > On 6/9/2021 2:31 PM, Brown, Aaron M. wrote: > > > I'll assume that you have an other DHCP serverdishing out IP addresses. > > > > I do and proxyDHCP is going to be my only option. > > > > > If you want Dnsmasq to provide dhcp and PXE booting, you might > > > want to remove 'proxy' from the above range. > > > > I mean, sure, but I'm not even to the point of worrying about PXE > > booting. I can't get a basic GET from the TFTP server which is the > > issue. If the TFTP server isn't working, then nothing else down the > > chain of PXE is going to work. I guess what I'm saying is, I'm not > > worried about configuring up dhcpProxy and PXE yet since TFTP isn't > > even operating correctly (and I don't know why). > > > > My understanding is that, in 'proxy' mode, dnsmasq will only provide PXE > related stuff so tftp as such will never work. > > Can't you manage to find a way to test without 'proxy' to see how it goes? It is something worth to explore ... Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Problem with TFTP in dnsmasq
On 6/9/2021 2:31 PM, Brown, Aaron M. wrote: I'll assume that you have an other DHCP serverdishing out IP addresses. I do and proxyDHCP is going to be my only option. If you want Dnsmasq to provide dhcp and PXE booting, you might want to remove 'proxy' from the above range. I mean, sure, but I'm not even to the point of worrying about PXE booting. I can't get a basic GET from the TFTP server which is the issue. If the TFTP server isn't working, then nothing else down the chain of PXE is going to work. I guess what I'm saying is, I'm not worried about configuring up dhcpProxy and PXE yet since TFTP isn't even operating correctly (and I don't know why). My understanding is that, in 'proxy' mode, dnsmasq will only provide PXE related stuff so tftp as such will never work. Can't you manage to find a way to test without 'proxy' to see how it goes? -- John Doe ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Problem with TFTP in dnsmasq
> Please, more respect for yourself. > You are doing great. Do known that you detected that you are stuck. > It was you who made the step to ask mankind for help. I was being silly, but thank you for the kind words. > And which permissions has file 'test.txt'? The file test.txt is 755 as well. > Please explicite that the filename is 'test.txt' for the tftp GET. > ( not '/tftp/test.txt' ) I just verified to be sure. Yes, I'm using the command tftp> GET test.txt I've also tried variations like tftp> GET "test.txt" just to be sure (even knowing they'd probably throw invalid command errors). >> Anyone have any ideas? >Only a wild guess: >Dnsmasq process has NOT the privelege to send. >I don't know if such thing exists, but I'm thinking "capabilities". >Capabilities as in >https://manpages.debian.org/buster/manpages/capabilities.7.en.html Wild guess or not, I'll dig into this today, thank you for a possible lead! amb -Original Message- From: Geert Stappers Sent: Wednesday, June 9, 2021 03:58 To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Problem with TFTP in dnsmasq On Tue, Jun 08, 2021 at 08:54:45PM +, Brown, Aaron M. wrote: > Hello all, > > I'm having trouble getting dnsmasq and tftp to work and I'm tearing my > hair out. I'm hoping someone can potentially hit me with the clue by > four and point out what dumb thing I'm missing. Please, more respect for yourself. You are doing great. Do known that you detected that you are stuck. It was you who made the step to ask mankind for help. Short: Be kind enough to respond to this posting. > In the bigger scope, I'm trying to get PXE booting setup on a server, > but at the moment before I even get to anything more complicated, I'm > struggling just to get TFTP to work. I have set up my > /etc/dnsmasq.conf file as the following: > > interface=bond0 > port=0 > enable-tftp > tftp-root=/tftp > log-dhcp > dhcp-range=,proxy > dhcp-no-override > > dnsmasq is up and running without errors. I put a simple file in /tftp > called "test.txt". The /tftp directory has been set to 755 permissions. And which permissions has file 'test.txt'? > I then go to client computer and using a tftp client attempt to GET > the test.txt file but it times out without retrieving the file. Please explicite that the filename is 'test.txt' for the tftp GET. ( not '/tftp/test.txt' ) > There is no firewall running when I do this on either server or client > and I can ping from both client and server to each other. Acknowledge. > On the server, I see in a tcpdump of port 69 that the client is making > RRQ requests. When I look at the status of the dnsmasq service I see: > > Jun 08 16:13:46 dnsmasq-tftp[258381]: failed sending > /tftp/test.txt to > > There's a similar message in /var/log/syslog as well for dnsmasq-tftp > failing to send the file. > I've been pouring over the docs/man pages and the sample .conf file, > but I'm clearly not understanding what I'm missing. It is surely an interresting problem. > Anyone have any ideas? Only a wild guess: Dnsmasq process has NOT the privelege to send. I don't know if such thing exists, but I'm thinking "capabilities". Capabilities as in https://manpages.debian.org/buster/manpages/capabilities.7.en.html > I've searched the web for similar problems, but I haven't been able to > find anything that resembles my situation. Usually people seem to have > issues after this point with what TFTP is passing out, not just > getting TFPT up and running. :-) Acknowledge on "your question is very valid". Otherwise I would have ignored it. Backgrond information at http://www.catb.org/~esr/faqs/smart-questions.html > Server OS: Ubuntu 20.04 Server > Client OS: Ubuntu 20.04 Desktop > > Aaron M Brown > Engineering College Computing > Desktop Administrator > NI1013A - 419.530.8022 Groeten Geert Stappers P.S. Dnsmasq tftp works for me ... -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Problem with TFTP in dnsmasq
> I'll assume that you have an other DHCP serverdishing out IP addresses. I do and proxyDHCP is going to be my only option. >If you want Dnsmasq to provide dhcp and PXE booting, you might want to remove >'proxy' from the above range. I mean, sure, but I'm not even to the point of worrying about PXE booting. I can't get a basic GET from the TFTP server which is the issue. If the TFTP server isn't working, then nothing else down the chain of PXE is going to work. I guess what I'm saying is, I'm not worried about configuring up dhcpProxy and PXE yet since TFTP isn't even operating correctly (and I don't know why). amb -Original Message- From: john doe Sent: Wednesday, June 9, 2021 03:25 To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Problem with TFTP in dnsmasq On 6/8/2021 10:54 PM, Brown, Aaron M. wrote: > Hello all, > > I'm having trouble getting dnsmasq and tftp to work and I'm tearing my hair > out. I'm hoping someone can potentially hit me with the clue by four and > point out what dumb thing I'm missing. > > In the bigger scope, I'm trying to get PXE booting setup on a server, but at > the moment before I even get to anything more complicated, I'm struggling > just to get TFTP to work. I have set up my /etc/dnsmasq.conf file as the > following: > > interface=bond0 > port=0 > enable-tftp > tftp-root=/tftp > log-dhcp > dhcp-range=,proxy > From (1): "Dnsmasq supports PXE "proxy-DHCP", in this case another DHCP server on the network is responsible for allocating IP addresses, and dnsmasq simply provides the information given in --pxe-prompt and --pxe-service to allow netbooting. This mode is enabled using the proxy keyword in --dhcp-range." I'll assume that you have an other DHCP serverdishing out IP addresses. > dhcp-no-override > > dnsmasq is up and running without errors. I put a simple file in /tftp called > "test.txt". The /tftp directory has been set to 755 permissions. > If you want Dnsmasq to provide dhcp and PXE booting, you might want to remove 'proxy' from the above range. HTH. 1) https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html -- John Doe ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Patch with option to filter A records
Dropping the patch file as attachment.
On 6/5/2021 18:20, Trey Sis wrote:
For some reason I didn't receive all mails from the list in my inbox, so
I'll reply to this mail. Also sorry if I mess something up. I haven't
used a mailing list in over two decades.
On 6/5/2021 17:37, Geert Stappers via Dnsmasq-discuss wrote:
On Sat, Jun 05, 2021 at 03:34:59PM +0200, Trey Sis wrote:
Is there any chance for such a patch to make it into official
dnsmasq? Are pull-requests on github acted on? That would be my
preferred method, otherwise I will post the patch here.
Cheers,
Treysis
Patch:
>From bd22a36f76e35a0dc6c8be8996056318fec96e5e Mon Sep 17 00:00:00 2001
From: treysis
Date: Sat, 5 Jun 2021 15:27:26 +0200
Subject: [PATCH] Add option to filter A record requests
---
src/dnsmasq.h | 3 ++-
src/option.c | 3 +++
src/rfc1035.c | 11 +++
3 files changed, 16 insertions(+), 1 deletion(-)
That patch did not apply cleanly. With some manual work it did apply.
Except to see the reworked version here soon.
Hopefully is Author left intact. (I'm about to `git send-email` a patch
that is not mine ).
And the original patch lacks update of the manual page,
it is where I chip in.
Cheers
Geert Stappers
P.S.
https://git-send-email.io/ for instructions on email patches.
See "Linux kernel development all over the place" in it.
Thanks for the tip. I'll have a look at that for future use. The patch
probably didn't apply because I just copy it here. The source
code is a bit inconsistent in using a mix of spaces and tabs for
indentation. Tabs probably got lost when copying.
Thanks also for taking care of the manpage! Happy to see this hopefully
land in upstream :)
Cheers,
Treysis
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
From 57c7fcb0b3caccae7376f71ab1a9ae74f0e7f6d9 Mon Sep 17 00:00:00 2001
From: treysis
Date: Sat, 5 Jun 2021 15:27:26 +0200
Subject: [PATCH] Add option to filter A record requests
---
src/dnsmasq.h | 3 ++-
src/option.c | 3 +++
src/rfc1035.c | 11 +++
3 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index b27737b..2fec7d1 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -272,7 +272,8 @@ struct event_desc {
#define OPT_LOG_DEBUG 62
#define OPT_UMBRELLA 63
#define OPT_UMBRELLA_DEVID 64
-#define OPT_LAST 65
+#define OPT_FILTER_A 65
+#define OPT_LAST 66
#define OPTION_BITS (sizeof(unsigned int)*8)
#define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
diff --git a/src/option.c b/src/option.c
index cacfaa6..43dc3cb 100644
--- a/src/option.c
+++ b/src/option.c
@@ -171,6 +171,7 @@ struct myoption {
#define LOPT_DYNHOST 362
#define LOPT_LOG_DEBUG 363
#define LOPT_UMBRELLA 364
+#define LOPT_FILTER_A 365
#ifdef HAVE_GETOPT_LONG
static const struct option opts[] =
@@ -347,6 +348,7 @@ static const struct myoption opts[] =
{ "dynamic-host", 1, 0, LOPT_DYNHOST },
{ "log-debug", 0, 0, LOPT_LOG_DEBUG },
{ "umbrella", 2, 0, LOPT_UMBRELLA },
+{ "filter-a", 0, 0, LOPT_FILTER_A },
{ NULL, 0, 0, 0 }
};
@@ -530,6 +532,7 @@ static struct {
{ LOPT_DUMPMASK, ARG_ONE, "", gettext_noop("Mask which packets to
dump"), NULL },
{ LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script
when lease expiry changes."), NULL },
{ LOPT_UMBRELLA, ARG_ONE, "[=]", gettext_noop("Send Cisco Umbrella
identifiers including remote IP."), NULL },
+ { LOPT_FILTER_A, OPT_FILTER_A, NULL, gettext_noop("Filter all A requests."),
NULL },
{ 0, 0, NULL, NULL, NULL }
};
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 9bc5ef2..1043773 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1843,6 +1843,17 @@ size_t answer_request(struct dns_header *header, char
*limit, size_t qlen,
}
}
+ /* filter A forwards */
+ if (qtype == T_A && option_bool(OPT_FILTER_A))
+ {
+ /* return a null reply */
+ ans = 1;
+ if (!dryrun)
+ log_query(F_CONFIG | F_IPV6 | F_NEG, name, , NULL);
+ break;
+ }
+ /* end of filtering A */
+
if (!ans)
return 0; /* failed to answer a question */
}
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Problem with TFTP in dnsmasq
On Tue, Jun 08, 2021 at 08:54:45PM +, Brown, Aaron M. wrote: > Hello all, > > I'm having trouble getting dnsmasq and tftp to work and I'm tearing > my hair out. I'm hoping someone can potentially hit me with the clue > by four and point out what dumb thing I'm missing. Please, more respect for yourself. You are doing great. Do known that you detected that you are stuck. It was you who made the step to ask mankind for help. Short: Be kind enough to respond to this posting. > In the bigger scope, I'm trying to get PXE booting setup on a server, > but at the moment before I even get to anything more complicated, I'm > struggling just to get TFTP to work. I have set up my /etc/dnsmasq.conf > file as the following: > > interface=bond0 > port=0 > enable-tftp > tftp-root=/tftp > log-dhcp > dhcp-range=,proxy > dhcp-no-override > > dnsmasq is up and running without errors. I put a simple file in /tftp > called "test.txt". The /tftp directory has been set to 755 permissions. And which permissions has file 'test.txt'? > I then go to client computer and using a tftp client attempt to GET > the test.txt file but it times out without retrieving the file. Please explicite that the filename is 'test.txt' for the tftp GET. ( not '/tftp/test.txt' ) > There is no firewall running when I do this on either server or client > and I can ping from both client and server to each other. Acknowledge. > On the server, I see in a tcpdump of port 69 that the client is making > RRQ requests. When I look at the status of the dnsmasq service I see: > > Jun 08 16:13:46 dnsmasq-tftp[258381]: failed sending > /tftp/test.txt to > > There's a similar message in /var/log/syslog as well for dnsmasq-tftp > failing to send the file. > I've been pouring over the docs/man pages and the sample .conf file, > but I'm clearly not understanding what I'm missing. It is surely an interresting problem. > Anyone have any ideas? Only a wild guess: Dnsmasq process has NOT the privelege to send. I don't know if such thing exists, but I'm thinking "capabilities". Capabilities as in https://manpages.debian.org/buster/manpages/capabilities.7.en.html > I've searched the web for similar problems, but I haven't been able > to find anything that resembles my situation. Usually people seem to > have issues after this point with what TFTP is passing out, not just > getting TFPT up and running. :-) Acknowledge on "your question is very valid". Otherwise I would have ignored it. Backgrond information at http://www.catb.org/~esr/faqs/smart-questions.html > Server OS: Ubuntu 20.04 Server > Client OS: Ubuntu 20.04 Desktop > > Aaron M Brown > Engineering College Computing > Desktop Administrator > NI1013A - 419.530.8022 Groeten Geert Stappers P.S. Dnsmasq tftp works for me ... -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Problem with TFTP in dnsmasq
On 6/8/2021 10:54 PM, Brown, Aaron M. wrote: Hello all, I'm having trouble getting dnsmasq and tftp to work and I'm tearing my hair out. I'm hoping someone can potentially hit me with the clue by four and point out what dumb thing I'm missing. In the bigger scope, I'm trying to get PXE booting setup on a server, but at the moment before I even get to anything more complicated, I'm struggling just to get TFTP to work. I have set up my /etc/dnsmasq.conf file as the following: interface=bond0 port=0 enable-tftp tftp-root=/tftp log-dhcp dhcp-range=,proxy > From (1): "Dnsmasq supports PXE "proxy-DHCP", in this case another DHCP server on the network is responsible for allocating IP addresses, and dnsmasq simply provides the information given in --pxe-prompt and --pxe-service to allow netbooting. This mode is enabled using the proxy keyword in --dhcp-range." I'll assume that you have an other DHCP serverdishing out IP addresses. > dhcp-no-override > dnsmasq is up and running without errors. I put a simple file in /tftp called "test.txt". The /tftp directory has been set to 755 permissions. If you want Dnsmasq to provide dhcp and PXE booting, you might want to remove 'proxy' from the above range. HTH. 1) https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html -- John Doe ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
