date:20210716

Re: [Dnsmasq-discuss] Regarding: (Dnsmasq-discuss) localise-queries on ipv6 server does not work with ipv4-only hosts

2021-07-16 Thread fda



Am 16.07.2021 um 13:42 schrieb Geert Stappers:

...


All your messages are not helpfull and off topic.

Please consider to use twitter or Facebook in the future

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

2021-07-16 Thread Dominik DL6ER

Hey,

there is some confusion about IPv4/IPv6 addresses and A/ records
here, so I'll clarify a bit: You can make any query (may it be A or
) over IPv4 or IPv6 and there will be no difference (when
"localise-queries" is not used!). This is also the nomenclature used by
the dnsmasq man page.

On Fri, 2021-07-16 at 12:00 +0200, f...@gmx.de wrote:
> > > localise-queries
> > > Return answers to DNS queries from /etc/hosts and --
> > > interface-name
> > > and --dynamic-host which DEPENDS ON THE INTERFACE over which the
> > > query
> > > was received.
> My "interface" has an ipv4 and an ipv6!
>  And im requesting BY ipv6 an ipv4 (as the host has no ipv6) at an
> interface
> which is in 1 of the subnets of the returned host.
> 
> If this should not be supported ("bug") the manpage should be fixed
> and the word "interface" avoided. 

Yes, the man page could be updated to say "address" instead of
"interface" here to be crystal clear on this. It is still not wrong how
it is written.

> > > Currently this facility is limited to IPv4.
> Yes, im asking for an ipv4

No, you are not. You are asking for an A record. This comment refers to
the connection used to make the query.

As I already said above, you can make any query (may it be A or )
over IPv4 or IPv6 and there will be no difference when "localise-
queries" is NOT used. There will, however, be a difference when it is
used but only when asking over IPv4. This is what the man page says and
aligns perfectly with what you observe.

> > What you request would be adding an interface-dependent address
> > lookup:
> > is there any suitable IPv4 address on the same interface. However,a
> > few
> > things need to be clarified in this case: how to handle multiple
> > IPv4
> > addresses on the same interface each of which having a valid
> > record? It
> > is just not possible to localize queries in the same way when it is
> > not
> > clear which IPv4 subnet the client is in.
> 
>  - Dnsmasq know the incomming/destination ip of the request.
>  - At daemon start it build and list with interfaces+all its ipV 4+6
>  - And if an ipv4 sould be returned by ipv6 this list is first used.
> In case it still fails (many subnets at 1 interfce) it could the old
> "return all" method be used
> I dont know dnsmasq source code, but it sound not so hard
> 
> For the multi-subnets exists a workaround to make it fully working:
> assign only 1 IPv4 per IF and move the other IPv4s to "eth0:n" 
> 

Yes, it does not sound hard, but it is not available. This is a request
for a new feature.

> > My advice: There is no advantage in reaching a DNS server
> > internally
> > over IPv6 in a dual-stack network. Ensure your clients query
> > dnsmasq
> > over IPv4 and your problem is solved in both the simplest and also
> > most
> > reliable way.
> I think i dont like it, as i want the DNS be reachable by  v4+v6, eg
> when ipv4 is down.
> Maybe i could use different hostnames for the same device in differen
> subnets. This is not so smart, devices could be switches by vlans.
> And this host in multiple subnets has some cnames

I've seen a lot of networks with interesting configurations. Network
admins tend to take painful ways too often. In like 99% of all cases a
DNS+DHCP server serves the goal better and causes a lot less
maintenance work. Will IPv4 ever be down in your network and IPv6 still
working fine? I somehow doubt this is a realistic threat. You do not
need to prepare for a worst case scenario that will never happen.

As always, this is just advise indented to be helpful to you. I'm not
intending the slightest to tell you how you should do things. I'm
merely pointing into the direction of least pain.

To me this is a new feature requested for dnsmasq (requesting to remove
an existing limitation stated in the man page) and not a bug report.

All developers are reading this mailing list. Feature submissions via
git patches are welcomed also on this list and are known to accelerate
feature realization drastically.

Best,
Dominik

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

2021-07-16 Thread fda



Am 16.07.2021 um 11:24 schrieb Geert Stappers via Dnsmasq-discuss:


Right now there is no "bugreport", at least none that I see.



you quoted my bugreport

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

2021-07-16 Thread fda



Am 16.07.2021 um 10:53 schrieb Dominik DL6ER:



localise-queries
 Return answers to DNS queries from /etc/hosts and --interface-name
and --dynamic-host which DEPENDS ON THE INTERFACE over which the query
was received.


My "interface" has an ipv4 and an ipv6!

And im requesting BY ipv6 an ipv4 (as the host has no ipv6) at an interface

which is in 1 of the subnets of the returned host.


If this should not be supported ("bug") the manpage should be fixed and
the word "interface" avoided.



Currently this facility is limited to IPv4.


Yes, im asking for an ipv4

If im going to eat an pig and travel on a horse im still eating the pig
and not my ride :)



The IPv6
address of the arriving query does not match the subnet of any of the
two A records you defined.

-> "interface" is the wrong description in man

  Hence, dnsmasq is unable to determine what
is the best fit and returns all known A records. This lets the client
chose the one it can reach and seems meaningful.


I noticed it as it does not work! Windows "decides" for 1 IP which is
not in the PCs own subnet and is not reachable..

As i do some ip changes currently, the dnsmasq device and/or router is
not reachable by ipv4, so the results are then wrong.

It seems Windows prefers ipv4 for dns, as the wrong name resolution does
not accout so often



What you request would be adding an interface-dependent address lookup:
is there any suitable IPv4 address on the same interface. However,a few
things need to be clarified in this case: how to handle multiple IPv4
addresses on the same interface each of which having a valid record? It
is just not possible to localize queries in the same way when it is not
clear which IPv4 subnet the client is in.



 - Dnsmasq know the incomming/destination ip of the request.

 - At daemon start it build and list with interfaces+all its ipV 4+6

 - And if an ipv4 sould be returned by ipv6 this list is first used.

In case it still fails (many subnets at 1 interfce) it could the old
"return all" method be used

I dont know dnsmasq source code, but it sound not so hard


For the multi-subnets exists a workaround to make it fully working:
assign only 1 IPv4 per IF and move the other IPv4s to "eth0:n"



My advice: There is no advantage in reaching a DNS server internally
over IPv6 in a dual-stack network. Ensure your clients query dnsmasq
over IPv4 and your problem is solved in both the simplest and also most
reliable way.


I think i dont like it, as i want the DNS be reachable by  v4+v6, eg
when ipv4 is down.

Maybe i could use different hostnames for the same device in differen
subnets. This is not so smart, devices could be switches by vlans. And
this host in multiple subnets has some cnames


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

2021-07-16 Thread Geert Stappers via Dnsmasq-discuss

On Fri, Jul 16, 2021 at 08:53:36AM +, Dominik DL6ER wrote:
> Hey,
> 
> On Fri, 2021-07-16 at 02:22 +0200, f...@gmx.de wrote:
> > If i ask dnsmasq BY ipv6, ALL A recorrd are returned (there is no )
> 
> man dnsmasq explicitly says:
> 
> > localise-queries
> > Return answers to DNS queries from /etc/hosts and --interface-name
> > and --dynamic-host which depend on the interface over which the query
> > was received. If a name has more than one address associated with it,
> > and at least one of those addresses is on the same subnet as the
> > interface to which the query was sent, then return only the address(es)
> > on that subnet. This allows for a server to have multiple addresses in
> > /etc/hosts corresponding to each of its interfaces, and hosts will get
> > the correct address based on which network they are attached to.
> > Currently this facility is limited to IPv4. 
> 
> Emphasis on
> 
> > Currently this facility is limited to IPv4. 
> 
> This is not a bug but actually rather expected behavior. The IPv6
> address of the arriving query does not match the subnet of any of the
> two A records you defined. Hence, dnsmasq is unable to determine what
> is the best fit and returns all known A records. This lets the client
> chose the one it can reach and seems meaningful.
> 
> What you request would be adding an interface-dependent address lookup:
> is there any suitable IPv4 address on the same interface. However,a few
> things need to be clarified in this case: how to handle multiple IPv4
> addresses on the same interface each of which having a valid record? It
> is just not possible to localize queries in the same way when it is not
> clear which IPv4 subnet the client is in.
> 
> My advice: There is no advantage in reaching a DNS server internally
> over IPv6 in a dual-stack network. Ensure your clients query dnsmasq
> over IPv4 and your problem is solved in both the simplest and also most
> reliable way.

My advice:
  See how (IPv4 or IPv6) and what (A versus )
  as totally different things.


Groeten
Geert Stappers

@Original Poster: Feel welcome, feeling shy is also fine.
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

2021-07-16 Thread Geert Stappers via Dnsmasq-discuss

On Fri, Jul 16, 2021 at 08:38:26AM +0200, f...@gmx.de wrote:
> Geert Stappers wrote:
> > On Fri, Jul 16, 2021 at 02:22:05AM +0200, f...@gmx.de wrote:
> > } Hello,
> > }
> > } i have a multi-homed ipv4 ONLY device "Alice". By each subnet it should be
> > } reached by the same name.
> > }
> > } Dnsmasq runs on a ip v4+v6 device "B". In the hosts file is "Alice" with 
> > all
> > } ips and always the same name.
> > }
> > } "localise-queries" is enabled.
> > }
> > }
> > } This works fine as long as i'm asking dnsmasq by ipv4, only the correct
> > } 1 ipv4 record is returned.
> > }
> > } If i ask dnsmasq BY ipv6, ALL A records are returned (there is no )
> > }
> > Please continue, tell what is expected from this mailinglist.
> > 
> 
> 
> I expect from the mailing list that it forwards my bugreport to people
> developing dnsmasq
> 
> "There is a dnsmasq mailing list at
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>  which
> should be the first location for queries, bugreports, suggestions etc."
> 
> What do you exprect from the mailing list?
} What do you expect from a mailing list?

Humans aware of interacting with other humans, humans finding common ground.


Back to where this email thread should about:

Host Alice is IPv4 only, so has no IPv6 address.
Which  record should exist for Alice?


Right now there is no "bugreport", at least none that I see.



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

2021-07-16 Thread Dominik DL6ER

Hey,

On Fri, 2021-07-16 at 02:22 +0200, f...@gmx.de wrote:
> If i ask dnsmasq BY ipv6, ALL A recorrd are returned (there is no )

man dnsmasq explicitly says:

> localise-queries
> Return answers to DNS queries from /etc/hosts and --interface-name
> and --dynamic-host which depend on the interface over which the query
> was received. If a name has more than one address associated with it,
> and at least one of those addresses is on the same subnet as the
> interface to which the query was sent, then return only the address(es)
> on that subnet. This allows for a server to have multiple addresses in
> /etc/hosts corresponding to each of its interfaces, and hosts will get
> the correct address based on which network they are attached to.
> Currently this facility is limited to IPv4. 

Emphasis on

> Currently this facility is limited to IPv4. 

This is not a bug but actually rather expected behavior. The IPv6
address of the arriving query does not match the subnet of any of the
two A records you defined. Hence, dnsmasq is unable to determine what
is the best fit and returns all known A records. This lets the client
chose the one it can reach and seems meaningful.

What you request would be adding an interface-dependent address lookup:
is there any suitable IPv4 address on the same interface. However,a few
things need to be clarified in this case: how to handle multiple IPv4
addresses on the same interface each of which having a valid record? It
is just not possible to localize queries in the same way when it is not
clear which IPv4 subnet the client is in.

My advice: There is no advantage in reaching a DNS server internally
over IPv6 in a dual-stack network. Ensure your clients query dnsmasq
over IPv4 and your problem is solved in both the simplest and also most
reliable way.

Best,
Dominik

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

2021-07-16 Thread fda




Please continue, tell what is expected from this mailinglist.



Groeten
Geert Stappers




I expect from the mailing list that it forwards my bugreport to people
developing dnsmasq

"There is a dnsmasq mailing list at
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
 which
should be the first location for queries, bugreports, suggestions etc."

What do you exprect from the mailing list?


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Regarding: (Dnsmasq-discuss) localise-queries on ipv6 server does not work with ipv4-only hosts

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

8 matches

Site Navigation

Mail list logo

Footer information