date:20211011

Re: [Dnsmasq-discuss] unittests

2021-10-11 Thread Dominik Derigs

Hey Petr,

On Tue, 2021-10-12 at 04:40 +0200, Petr Menšík wrote:
> Hi Dominik,
> 
> those tests look great. Something like that is exactly what I had
> on
> mind for dnsmasq itself. Would you mind if I borrow few things
> and try
> to make some dnsmasq-only parts, not dependent on pihole?

Go ahead and take what is useful! Just pointing out that you'll
want to look at out development branch (not yet merged to master)
because tests were recently improved to run a locally running
powerDNS authoritative server + recursor. This is set up here:

https://github.com/pi-hole/FTL/blob/development/test/pdns/setup.sh

DNS records are tested to resolve as expected, e.g., here:

https://github.com/pi-hole/FTL/blob/24af7889588f2567705ba100a4cfd9bee62b6ef2/test/test_suite.bats#L268-L357

On Tue, 2021-10-12 at 04:40 +0200, Petr Menšík wrote:
> Just curious. Why do you support linking only to static
> libraries? Is
> pihole project opposed to be eventually packages as a normal
> distribution package?

Yes, we do not want to get packaged into distro packets because
this would maybe pin users to extremely old versions and would
drastically increase workload on our side when we'd have to
backport security fixes instead just shipping the most recent
version all the time to users. All libraries are compiled
statically so you can just take the binary and run it on every
compatible processor. May it be Raspbian, Armbian or whatever
else on an SoC. We even have seen users running this on embedded
Linux smart plugs (yes, WiFi plugs). Furthermore, the same x86_64
binary will work on all distributions so we don't have to
provide/compile multiple versions for Fedora, Debian/Ubuntu and
all their versions with different library versions. With our
approach, only the processor architecture needs to match. Then
one and the same binary will run everywhere.
The x86_64-musl binary statically bundles musl-libc instead of
gnu-libc (at the expense of being even larger) to work even when
glibc is not available (like on alpine systems often used inside
docker).

This allows us to do things like quick fixes on dedicated branch
and just having users to run

pihole checkout ftl some_branch

to get the fitting binary generated by the CI. No local compiling
necessary (it would take ages to compile SQLite3 from source on a
Raspberry Pi, at least one hour I'd say).

On Tue, 2021-10-12 at 04:40 +0200, Petr Menšík wrote:
> I had to modify CMakeLists.txt, when I had all
> devel libraries needed. It would not even compile.

That's interesting. When following
https://docs.pi-hole.net/ftldns/compile/, it should work. But
I'll admit that I stopped using Fedora some time ago because it
was repeatedly showing annoying bugs on my hardware, so the steps
over there may be outdated.

On Tue, 2021-10-12 at 04:40 +0200, Petr Menšík wrote:
> Though it seems
> amazing to find my own commits in a project I never contributed
> directly.

We are preserving authorship on the commits imported for the
embedded dnsmasq. 

On Tue, 2021-10-12 at 04:40 +0200, Petr Menšík wrote:
> Do you use some kind of container or dedicated VM to run these
> tests?

Yes, they run in a docker container providing everything that is
needed (incl. precompiled static binaries to speed up the
process). This containers also contain all the auxiliary stuff
needed to run the tests (such as bats or said powerDNS).

The docker container scripts for the various architectures are
here:

https://github.com/pi-hole/docker-base-images/tree/master/ftl-build

On Tue, 2021-10-12 at 04:40 +0200, Petr Menšík wrote:
> Do you rely just on github services to run those tests?

No, running them on Github Actions is even a rather recent
addition (master doesn't have it yet). We also run all the test
on CircleCI. We started with Travis CI but the free plan was
closed down pretty much so we'd be queued forever as we have
independent jobs for architectures x86_64-musl, x86_64, x86_32,
armv8a, armv7hf, armv6hf, armv5te, armv4t, aarch64. In they run
in parallel, compiling + testing the generated binaries takes
about 2 minutes. When they sequentially, this can take up to 20
minutes and longer. CircleCI just started doing the same (only
one job in parallel), hence we decided to test Github Actions as
well now. Eventually, we will switch to using Github Actions only
as it turns out to be very powerful yet free.

On Tue, 2021-10-12 at 04:40 +0200, Petr Menšík wrote:
> I admit those
> checks run on every PR looks quite neat, I would love to run
> something
> similar also for dnsmasq. Once we had some tests to run, it might
> be
> possible to run them on all new commits just similar way.

The first question is what infrastructure is used for tests. I'm
not sure how this would fit together with the self-hosted Gitweb
on Simon's server. But tests could be meant to run locally
*before* committing only instead of running a second time on some
CI that also spits out ready-to-use binaries.

Don't hesitate to ask if any questions come up.

Re: [Dnsmasq-discuss] [PATCH] DHCPv6 - network booting 'address in use'

2021-10-11 Thread Petr Menšík

Could I make a point to this change those changes again for a
recorsideration, please?

Cheers,
Petr

On 9/22/21 16:33, Petr Menšík wrote:
>
> I made error in patch2. Fixed it and added patch3, adding support for
> client-arch also for IPv6.
>
> I have used following configuration for dnsmasq on libvirt network:
>
> log-dhcp
> port=0
> interface=host0
>
> dhcp-sequential-ip
> dhcp-range=::,static
> dhcp-match=ipxe,175
> # dhcpv6s for Client System Architecture Type (61)
> dhcp-match=set:efi6,option6:61,0007
> dhcp-match=set:efi6,option6:61,0009
> dhcp-match=set:efi6,option6:61,0011
> dhcp-userclass=set:ipxe6,iPXE
> dhcp-vendorclass=set:efi6,PXEClient
> # Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE 
> chainloader
> dhcp-option=tag:efi6,tag:!ipxe6,option6:bootfile-url,tftp://[2620:dead:beef:4::1]/shimx64.efi
>
> enable-tftp
> tftp-root=/tftproot # use /var/lib/tftproot as alternative, tftp-server 
> package
>
> # Use static allocated only, replace with MAC of your client VM
> dhcp-host=52:54:00:06:57:c3,tag:dhcpv6,netboot.test,[2620:dead:beef:4::d1],[2620:dead:beef:4::d2],[2620:dead:beef:4::d3],120
>
> It requires radvd running on the the same host, because I think dnsmasq 
> itself cannot provide this combination.
> Interface has to broadcast those flags: AdvSendAdvert on; AdvManagedFlag on;
>
> Now create a new VM using libvirt (virt-manager), no disk image.
> I used EFI bios, but I expect any TianoCore firmware powered machine would
> behave the same. Leave IPv4 booting not working, it is tried first. Then IPv6 
> is tried.
> In combination with radvd, it would require two addresses.
> One for plain IP address, the second for obtaining also boot url and 
> parameters.
> Depending on their order, it may boot even without a change. Sometimes.
> It should boot always after those patches, increasing reliability of DHCP 
> assignments.
>
> Cheers,
> Petr
> On 9/20/21 11:55, Harald Jensas wrote:
>> On 9/17/21 21:16, Petr Menšík wrote:
>>> Hi Harald, Simon,
>>>
>>> I made an alternative change, which I think has similar output. I
>>> think the use of DHCP6UNSPEC is suspicious itself and does not have
>>> any good error code assigned by RFC 8415, because it should not
>>> result in an error. I have tried to add also MUST require from the
>>> RFC, refusing off-link requests with NotOnLink error. Not yet tested
>>> it myself, I have no IPv6 booting environment available (yet). That
>>> is in patch1.
>>>
>>> Patch2 is just bunch of const changes, reduction of repeated status
>>> code filling into dedicated function. Should not change behaviour,
>>> just reduces few lines and some cosmetic changes.
>>>
>>
>> Thanks Petr!
>>
>> I did a couple of IPv6 network boot tests using your patches and can
>> confirm that it works as expected.
>>
>>
>> -- 
>> Harald
>>
>>
>>
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> -- 
> Petr Menšík
> Software Engineer
> Red Hat, http://www.redhat.com/
> email: pemen...@redhat.com
> PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Re: pxe-service entries in dnsmasq conf seem to fail non-proxy EFI boot

2021-10-11 Thread Petr Menšík

Okay, sorry for omitting others.

On 10/9/21 11:49, Shrenik Bhura wrote:
> Adding Alkis and Jigish back to the thread via cc.
>
> On Sat, 9 Oct 2021 at 15:18, Shrenik Bhura 
> wrote:
>
> Hey Petr,
>
> I have read your post a few times but am only partially able to
> understand everything. It may be my lack of knowledge of the inner
> workings of all things involved. I shall give it a go again later
> and even try the patch. But where do you want me to apply the
> patch - on the master branch or on your pxe-services branch (
> https://github.com/InfrastructureServices/dnsmasq/tree/pxe-services
> ) ?
>
That patch is against master from Simon's official repository. I have
rebased that branch on github, the change is already there. You can just
try that branch code as it is. That patch were more for Simon, because
he does not merge remote branches directly.
>
>
> Meanwhile, from a novice point of view and from what I know works
> in dnsmasq, I have this query -
>
> Could dnsmasq not be made to ignore the pxe-service lines or
> bypass the corresponding logic from the ltsp-dnsmasq.conf when
> 1. is_tag_set("proxy") == "False" i.e ignore these lines -
> 
> pxe-service=tag:proxy,tag:!ipxe-ok,X86PC,"undionly.kpxe",ltsp/undionly.kpxe
> 
> pxe-service=tag:proxy,tag:!ipxe-ok,X86-64_EFI,"snponly.efi",ltsp/snponly.efi
> pxe-service=tag:proxy,tag:ipxe-ok,X86PC,"ltsp.ipxe",ltsp/ltsp.ipxe
> pxe-service=tag:proxy,tag:ipxe-ok,X86-64_EFI,"ltsp.ipxe",ltsp/ltsp.ipxe
>
My change attempts to do exactly that. Current released code enables
special handling when pxe-service is present in configuration. Without
any relation about required tags for it. I have tried to modify it to
require matching pxe-service to be found for current request. In a case
any service does not match, it should fallback to classic DHCP. Could
you try how much I were successful? This should work on my pxe-services
branch.
>
>
> 2. and when is_tag_set("rpi") == "False" i.e. ignore this line or
> bypass corresponding logic -
> pxe-service=tag:rpi,X86PC,"Raspberry Pi Boot   ",unused
> when dnsmasq is processing a request in /non-proxy mode/ and the
> request is from /X86-64_EFI clients/?
>
Again, should work with my change. You should use a number to set a
type, with 0 being order to boot from local disk instead.

pxe-service=tag:rpi,X86PC,"Raspberry Pi Boot   ",0

Note other pxe-services should not match rpi tag, so only above is
offered to RPi.

pxe-service=tag:proxy,tag:!rpi,tag:!ipxe-ok,X86PC,"undionly.kpxe",ltsp/undionly.kpxe
pxe-service=tag:proxy,tag:!rpi,tag:!ipxe-ok,X86-64_EFI,"snponly.efi",ltsp/snponly.efi
pxe-service=tag:proxy,tag:!rpi,tag:ipxe-ok,X86PC,"ltsp.ipxe",ltsp/ltsp.ipxe
pxe-service=tag:proxy,tag:!rpi,tag:ipxe-ok,X86-64_EFI,"ltsp.ipxe",ltsp/ltsp.ipxe

>
> If possible, then everything would just work as expected for all
> scenarios - *(BIOS or UEFI or RPI) and proxy*, *(BIOS or UEFI or
> RPI) and non-proxy*.
> It may be possible to handle this just within dnsmasq.
>
In ipxe.efi you have sent there seems to be missing support for menus
defined by pxe-service (and option 43). That is a reason why pxe-service
and pxe-prompt is there. If you don't need those menus, I would suggest
using tags for dhcp-match=set:efi,option:client-arch,7 instead and using
just pure dhcp-boot or dhcp-option=option:bootfile-name. Those should
work more reliably and contrary to pxe-service should work also on IPv6.

I were not successful booting with ipxe.efi built you sent and
pxe-service=*,X86-64_EFI,*. It just did not work on my Lenovo laptop or
brother's Dell. I don't have more machines to test EFI. pcbios mode
worked fine with menus, their support is enabled in ipxe bios builds by
default.

>
> Please do consider this if not already done so.
>
I have had trouble with proxy mode and I am not sure what is its
purpose. Do you know when proxy mode should be used? When is it
required? It seems to be related to pxe-service, which I think does not
work reliably on EFI. Should it be possible to offer PXEClient
next-server and it would ask that server via pxe 4011 port? Do you need
it somewhere in a real world?

Would this config work instead, without any pxe-service enabled?

# Specify the boot filename for each tag, relative to tftp-root.
# If multiple lines with tags match, the last one is used.
# See: https://www.syslinux.org/wiki/index.php?title=PXELINUX#UEFI
dhcp-vendorclass=set:pxe,PXEClient
dhcp-boot=tag:!rpi,tag:!ipxe-ok,tag:pxe,tag:X86PC,ltsp/undionly.kpxe
dhcp-boot=tag:!rpi,tag:!ipxe-ok,tag:pxe,tag:X86-64_EFI,ltsp/snponly.efi
dhcp-boot=tag:!rpi,tag:ipxe-ok,ltsp/ltsp.ipxe

It does not rely on option 43 PXE menus support, just plain old DHCP
boot file. Requires dnsmasq to be the (authoritative?) DHCP server on
the network.

Hope that helps.

Cheers,
Petr

>
> Thanks,
> Shrenik
>
> On Sat, 9 Oct 2021 at 03:43, Petr Menšík  wrote:
>
> I

Re: [Dnsmasq-discuss] How to provide DHCP for WiFi hotspot?

2021-10-11 Thread Alex Morris

On Mon, 11 Oct 2021, at 21:22, Chris Green wrote:
>
> Do I just need to add a DHCP range line such as:-
>
> dhcp-range=10.42.0.100,10.42.0.200
>
> to /etc/dnsmasq.conf to get IP addresses for systems that connect to
> the WiFi hotspot or is there more needed?
>

Depends what you want the clients to do.

If you just want the clients to have IP addresses and be able to talk to each 
other within the same subnet, then that should suffice.

If you want the clients to also be able to communicate with other networks, 
e.g. the Internet, then you may wish to consider also specifying options 3 and 
6.

-- 
Alex

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] How to provide DHCP for WiFi hotspot?

2021-10-11 Thread Chris Green

I am running dnsmasq on my xubuntu 21.04 laptop, I haven't changed the
configuration from default at all yet.

I have a WiFi hotspot configuration that brings up the WiFi as a
server with IP confuguration:-
inet 10.42.0.1  netmask 255.255.255.0  broadcast 10.42.0.255

Do I just need to add a DHCP range line such as:-

dhcp-range=10.42.0.100,10.42.0.200

to /etc/dnsmasq.conf to get IP addresses for systems that connect to
the WiFi hotspot or is there more needed?

-- 
Chris Green

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

2021-10-11 Thread john doe


On 10/11/2021 7:41 PM, OMair Siddiquii wrote:

   1.  I stopped DNSMASQ service.
   2.  I ran "dnsmasq --max-ttl=30"
   3.  Got this error "dnsmasq: bad command line options: try --help"
   4.  Tried to manually add max-ttl= in dnsmasq.conf
   5.  Got this error "Starting dnsmasq:
dnsmasq: bad option at line 56 of /etc/dnsmasq.conf [FAILED]"



What output do you get if you do:

$ dnsmasq --version

--
John Doe

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] truely filter AAAA

2021-10-11 Thread Geert Stappers via Dnsmasq-discuss


Previous-Subject: Re: [Dnsmasq-discuss] Bug while using address=//::
In-Reply-To: <787c6505417aa8b8047df15c616fc3cbd117f9b5.ca...@dl6er.de>

On Mon, Oct 11, 2021 at 07:39:07PM +0200, Dominik Derigs wrote:
> Hey Petr and Simon,
> 
> On Mon, 2021-10-11 at 12:59 +0200, Petr Menšík wrote:
> > I cannot consider current implementation of filter-a and filter-
> >  useful.
> 
> I did not look into the code before and was naively assuming it
> would be in fact per-domain and not kill-'em-all style.
> 
> And yes, I do agree it should be like --filter-a=/example.com/
> Maybe this option could simply be syntactic sugar for
> 
> server=/example/#
> address=/example.com/::
> 
> but with a real  filter instead of forcing it to ::
> 
> Best,
> Dominik
> 

Message-ID: <20211008121343.gb25...@aepfle.de>
References: <29bd427d00f21492cb400a00daa31...@riseup.net>
  <644f4340-1615-4302-c107-48361afe1...@thekelleys.org.uk>
In-Reply-To: <644f4340-1615-4302-c107-48361afe1...@thekelleys.org.uk>
On Fri, Oct 08, 2021 at 02:13:43PM +0200, Olaf Hering wrote:
> On Thu, Oct 07, Simon Kelley wrote:
> 
> > --filter-A and --filter- options, these drop IPv4 and IPv6 ANSWERS,
> 
> Did you consider an option to filter them per interface or server?
> Like server=/${dnsdomain}/${ip}/no-{A,}
> 
> 
> Olaf
> 

Manual of dnsmasq, latest git pull, has: 

   --server=[/[]/[domain/]][[#]][@][@[#]]
  Specify IP address of upstream servers  directly.  Setting
  this  flag  does not suppress reading of /etc/resolv.conf,
  use --no-resolv to  do  that.  If  one  or  more  optional
  domains  are  given,  that  server  is used only for those
  domains and they are  queried  only  using  the  specified
  server.  ...

New syntax could be

  --server=[/[]/[domain/]][[#]][/no-{A,}][@][@[#]]


when filtered dropping gets implement.




Regards
Geert Stappers
Another person not found of --filter-  (a.k.a.  kill 'm all)
-- 
Silence is hard to parse



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

2021-10-11 Thread OMair Siddiquii

  1.  I stopped DNSMASQ service.
  2.  I ran "dnsmasq --max-ttl=30"
  3.  Got this error "dnsmasq: bad command line options: try --help"
  4.  Tried to manually add max-ttl= in dnsmasq.conf
  5.  Got this error "Starting dnsmasq:
dnsmasq: bad option at line 56 of /etc/dnsmasq.conf [FAILED]"


From: Dnsmasq-discuss  on 
behalf of Matus UHLAR - fantomas via Dnsmasq-discuss 

Sent: Monday, October 11, 2021 9:25 PM
To: dnsmasq-discuss@lists.thekelleys.org.uk 

Subject: Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

On 11.10.21 16:01, OMair Siddiquii wrote:
>Even after upgrading to version 2.85 it didn't work.

what exactly does "didn't work" mean?
does dnsmasq still refuse to start?
do you have any error message?
did you try to stop it before starting?


>On 11.10.21 13:13, OMair Siddiquii wrote:
>>I am trying to add the max-ttl= parameter within the DNSMASQ config file
>> but unfortunately when I'm starting the dnsmasq service it fails to start
>> the dnsmasq process.  I am following the document mention in the link
>> below.  I am using DNSMASQ version 2.48 "Dnsmasq version 2.48  Copyright
>> (C) 2000-2009 Simon Kelley".  I also tried version 2.85 but it didnt work
>> either.  I would really appreciate any help.

>that's very old and very buggy version.
>according to the changelog, --max-ttl parameter was added in 2.53


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Bug while using address=//::

2021-10-11 Thread Dominik Derigs

Hey Petr and Simon,

On Mon, 2021-10-11 at 12:59 +0200, Petr Menšík wrote:
> I cannot consider current implementation of filter-a and filter-
>  useful.

I did not look into the code before and was naively assuming it
would be in fact per-domain and not kill-'em-all style.

And yes, I do agree it should be like --filter-a=/example.com/
Maybe this option could simply be syntactic sugar for

server=/example/#
address=/example.com/::

but with a real  filter instead of forcing it to ::

Best,
Dominik


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

2021-10-11 Thread john doe


On 10/11/2021 6:01 PM, OMair Siddiquii wrote:

Even after upgrading to version 2.85 it didn't work.




Please provide the following:
- Line that is not working
- Output of error message

--
John Doe

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

2021-10-11 Thread Matus UHLAR - fantomas via Dnsmasq-discuss


On 11.10.21 16:01, OMair Siddiquii wrote:

Even after upgrading to version 2.85 it didn't work.


what exactly does "didn't work" mean?
does dnsmasq still refuse to start?
do you have any error message?
did you try to stop it before starting?



On 11.10.21 13:13, OMair Siddiquii wrote:

I am trying to add the max-ttl= parameter within the DNSMASQ config file
but unfortunately when I'm starting the dnsmasq service it fails to start
the dnsmasq process.  I am following the document mention in the link
below.  I am using DNSMASQ version 2.48 "Dnsmasq version 2.48  Copyright
(C) 2000-2009 Simon Kelley".  I also tried version 2.85 but it didnt work
either.  I would really appreciate any help.



that's very old and very buggy version.
according to the changelog, --max-ttl parameter was added in 2.53



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

2021-10-11 Thread OMair Siddiquii

Even after upgrading to version 2.85 it didn't work.


From: Dnsmasq-discuss  on 
behalf of Matus UHLAR - fantomas via Dnsmasq-discuss 

Sent: Monday, October 11, 2021 7:23 PM
To: dnsmasq-discuss@lists.thekelleys.org.uk 

Subject: Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

On 11.10.21 13:13, OMair Siddiquii wrote:
>I am trying to add the max-ttl= parameter within the DNSMASQ config file
> but unfortunately when I'm starting the dnsmasq service it fails to start
> the dnsmasq process.  I am following the document mention in the link
> below.  I am using DNSMASQ version 2.48 "Dnsmasq version 2.48  Copyright
> (C) 2000-2009 Simon Kelley".  I also tried version 2.85 but it didnt work
> either.  I would really appreciate any help.

that's very old and very buggy version.
according to the changelog, --max-ttl parameter was added in 2.53

upgrade.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

2021-10-11 Thread Matus UHLAR - fantomas via Dnsmasq-discuss


On 11.10.21 13:13, OMair Siddiquii wrote:

I am trying to add the max-ttl= parameter within the DNSMASQ config file
but unfortunately when I'm starting the dnsmasq service it fails to start
the dnsmasq process.  I am following the document mention in the link
below.  I am using DNSMASQ version 2.48 "Dnsmasq version 2.48  Copyright
(C) 2000-2009 Simon Kelley".  I also tried version 2.85 but it didnt work
either.  I would really appreciate any help.


that's very old and very buggy version.
according to the changelog, --max-ttl parameter was added in 2.53

upgrade.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

2021-10-11 Thread OMair Siddiquii

Hi,

I am trying to add the max-ttl= parameter within the DNSMASQ config file but 
unfortunately when I'm starting the dnsmasq service it fails to start the 
dnsmasq process. I am following the document mention in the link below. I am 
using DNSMASQ version 2.48 "Dnsmasq version 2.48  Copyright (C) 2000-2009 Simon 
Kelley". I also tried version 2.85 but it didnt work either. I would really 
appreciate any help.

https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
Man page of DNSMASQ - 
thekelleys.org.uk
NAME dnsmasq - A lightweight DHCP and caching DNS server. SYNOPSIS dnsmasq 
[OPTION]... DESCRIPTION dnsmasq is a lightweight DNS, TFTP, PXE, router 
advertisement and DHCP server. It is intended to provide coupled DNS and DHCP 
service to a LAN.
thekelleys.org.uk
Thanks.
Regards,
Omair S.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

2021-10-11 Thread Petr Menšík

Please ensure path in dnsmasq.service points to installed path. It
usually points to /usr/sbin/dnsmasq, which should not be where dnsmasq
built from source should be installed.

systemctl cat dnsmasq | grep ^Exec

Use systemctl edit dnsmasq to change path.

On Debian, /etc/init.d/dnsmasq is used to start dnsmasq. At top of that
file,

DAEMON=/usr/sbin/dnsmasq uses full path to dnsmasq. I guess you would
need to change it to /usr/local/sbin/dnsmasq.

Please report outputs of these commands:

dnsmasq --version
which dnsmasq

Regards,

Petr

On 10/11/21 05:33, E wrote:
>> What’s the systemd unit file for dnsmasq look like?
> I did not touch any systemd file.
>
> Ok. here's another attempt
>
>
> # mv /etc/dnsmasq.conf /tmp/dnsmasq.conf
>
> # apt remove --purge -y dnsmasq
>
> # mkdir wtf
>
> # cd wtf
>
> /wtf# git clone http://thekelleys.org.uk/git/dnsmasq.git
>
> /wtf# cd dnsmasq
>
> /wtf/dnsmasq# make
>
> /wtf/dnsmasq# make install
> make[1]: Entering directory '.../wtf/dnsmasq/src'
> make[1]: 'dnsmasq' is up to date.
> make[1]: Leaving directory '.../wtf/dnsmasq/src'
> install -d /usr/local/sbin
> install -d /usr/local/share/man/man8
> install -m 644 man/dnsmasq.8 /usr/local/share/man/man8
> install -m 755 src/dnsmasq /usr/local/sbin
>
> /wtf/dnsmasq# cd ~
>
> # rm -r wtf
>
> # mv /tmp/dnsmasq.conf /etc/dnsmasq.conf
>
> # service dnsmasq restart
> Failed to restart dnsmasq.service: Unit dnsmasq.service not found.
>
> # dnsmasq --conf-file=/etc/dnsmasq.conf
> dnsmasq: unsupported option at line 12 of /etc/dnsmasq.conf
>
>
> W T F
>
> Reverting!
>
> # apt install dnsmasq
>
> # service dnsmasq restart
> Job for dnsmasq.service failed because the control process exited with
> error code
>
> # vi /etc/dnsmasq.conf
> (replace filter- to #filter-)
>
> # service dnsmasq restart
>
> #
>
>
> TLDR: W T F ! !
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Bug while using address=//::

2021-10-11 Thread Petr Menšík

Hi Dominik,

I cannot consider current implementation of filter-a and filter-
useful. On discussion with you, we agreed there are cases where
filtering IS useful. But I think it always should be possible only for
selected domains, where it brings any advantage.

Current form does not allow that, it always filters everything or
nothing. It is not helpful IMHO. Unless domain filter is added, I think
it is more appropriate to filter access on link layer and just don't
offer any IPv6 addresses at all. Or offer addresses just to selected
hosts via DHCPv6. Which does not require any change in dnsmasq.

Current implementation solves only demands of mr. E, but he never
explained why it is useful and in which cases. Why does his network need
it when others do not?

I guess we could still support --filter-=/./, but I would like
domain to be mandatory for those filterings.

Cheers,
Petr

On 10/10/21 19:36, Dominik Derigs wrote:
> On Sun, 2021-10-10 at 17:32 +0200, Treysis wrote:
>> Why was this needed?
> It is worth exploring the mailing list archive. Only two weeks
> ago, we have seen valid use cases for an option to filter .
>
> See, e.g.
>
> https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015709.html
> https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015711.html
>
> Best,
> Dominik
>
-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

2021-10-11 Thread john doe


On 10/11/2021 12:30 PM, Paul Fertser wrote:

Hi E,

On Mon, Oct 11, 2021 at 02:53:40AM -0700, E wrote:

Advice: Go for a good walk
Then, at a healthy stress level,


I _am_ fine. I just getting tired of unusable DNS service.


You're probably fine, but I have to note your behaviour is annoying.


# whereis dnsmasq
dnsmasq: /usr/sbin/dnsmasq /etc/dnsmasq.d /etc/dnsmasq.conf
/usr/local/sbin/dnsmasq /usr/share/dnsmasq
/usr/share/man/man8/dnsmasq.8.gz



Where is the results of renaming /usr/sbin/dnsmasq and using the service script 
afterward?


I didn't rename anything.


So what exactly makes you think that when you start dnsmasq via
systemd unit file it's going to execute /usr/local/sbin/dnsmasq rather
than /usr/sbin/dnsmasq ? If you check the unit file you'll almost
certainly see it hardcoding the binary in /usr/sbin.



The first step would be to start manually the executable that you have
built to confirm that the feature that you want is there.
When everything works from the command line, one option would be to
modify the service script with that new path.

--
John Doe

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

2021-10-11 Thread Matus UHLAR - fantomas via Dnsmasq-discuss


On 11.10.21 02:53, E wrote:

This is webmail, not a client.


webmail is a client too.


Many email clients such as Mozilla Thunderbird are spying nowadays.
Mozilla telemetry, Windows 10 spying, you name it.


you can in many cases (mozilla) turn that off.
You also can have telemetry in webmail and your browser.

Still, your webmail should fill References: or at least In-Reply-To:
headers.



# whereis dnsmasq
dnsmasq: /usr/sbin/dnsmasq /etc/dnsmasq.d /etc/dnsmasq.conf
/usr/local/sbin/dnsmasq /usr/share/dnsmasq
/usr/share/man/man8/dnsmasq.8.gz


are /usr/sbin/dnsmasq and /usr/local/sbin/dnsmasq different binaries?
If so, that may be your problem.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

2021-10-11 Thread Paul Fertser

Hi E,

On Mon, Oct 11, 2021 at 02:53:40AM -0700, E wrote:
> > Advice: Go for a good walk
> > Then, at a healthy stress level,
> 
> I _am_ fine. I just getting tired of unusable DNS service.

You're probably fine, but I have to note your behaviour is annoying.

> # whereis dnsmasq
> dnsmasq: /usr/sbin/dnsmasq /etc/dnsmasq.d /etc/dnsmasq.conf
> /usr/local/sbin/dnsmasq /usr/share/dnsmasq
> /usr/share/man/man8/dnsmasq.8.gz
> 
> 
> > Where is the results of renaming /usr/sbin/dnsmasq and using the service 
> > script afterward?
> 
> I didn't rename anything.

So what exactly makes you think that when you start dnsmasq via
systemd unit file it's going to execute /usr/local/sbin/dnsmasq rather
than /usr/sbin/dnsmasq ? If you check the unit file you'll almost
certainly see it hardcoding the binary in /usr/sbin.

-- 
Be free, use free (http://www.gnu.org/philosophy/free-sw.html) software!
mailto:fercer...@gmail.com

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

2021-10-11 Thread E

> Advice: Go for a good walk
> Then, at a healthy stress level,

I _am_ fine. I just getting tired of unusable DNS service.


> answer to 
> https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q4/015815.html

I did that already, didn't I? Please elaborate.


> Karma bonus points for using an email programm that adds 'In-Reply-To: ' 
> header.

This is webmail, not a client.
Many email clients such as Mozilla Thunderbird are spying nowadays.
Mozilla telemetry, Windows 10 spying, you name it.


-

> Your output included “which” not “where” (whereis?).

Sorry, I just not aware of the difference of "which" and "where"
command!

# where dnsmasq
-bash: where: command not found

# whereis dnsmasq
dnsmasq: /usr/sbin/dnsmasq /etc/dnsmasq.d /etc/dnsmasq.conf
/usr/local/sbin/dnsmasq /usr/share/dnsmasq
/usr/share/man/man8/dnsmasq.8.gz


> Where is the results of renaming /usr/sbin/dnsmasq and using the service 
> script afterward?

I didn't rename anything.
I just run git, make, make install and that's it. I did not modify any
system config or anything, except /etc/dnsmasq.conf.


> “dnssec-check-unsigned=no”.  Referring to dnsmasq.conf.example from the 
> source repository, the option is just set not “=no” or yes

Interesting - because this my handwritten config file is working for
many years now.
What is "not "=no"? Is it "yes" or yes?


> I also wonder if simply commenting out the offending line

# vi /etc/dnsmasq.conf
(change dnssec-check-unsigned=no and dnssec-no-timecheck to
#dnssec-check-unsigned=no and #dnssec-no-timecheck)

# dnsmasq

# ps aux|grep dnsmasq
nobody 0:00 dnsmasq

Yes it worked, but I'd like to keep above 2 options active so this is
not an option to me. Also, the service still fail to startup:

# service dnsmasq restart
Job for dnsmasq.service failed because the control process exited with
error code


> “=path-to/“ entries that I suspect don’t exist in a directory called “path-to”

You mean these? Those are my personal blackhole.

addn-hosts=/{redacted-for-internet-privacy}/hosts_for_blocking.txt
conf-file=/{redacted-for-internet-privacy}/alias_for_blocking_by_ipv4_cidr.conf


> I do wonder why your --version output doesn’t show the compile time options

Here's full:

# dnsmasq --version
Dnsmasq version 2.87test4-1-g37a70d3  Copyright (c) 2000-2021 Simon
Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN
DHCP DHCPv6 no-Lua TFTP no-conntrack ipset no-nftset auth no-cryptohash
no-DNSSEC loop-detect inotify dumpfile

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.



If this is the problem of installing process, what _exactly_ is the
steps
to

override git version(unstable latest which has  option) onto the
Debian 11's stable channel version of dnsmasq?


(just my opinion: I just want to block some  results
if the response-IPv6 is in CIDRv6 O, P, Q, R, S, T, U, V, W, X, Y or Z.
However the dnsmasq only support IPv4-blocking-by-CIDRv4 and not v6)

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

2021-10-11 Thread Geert Stappers via Dnsmasq-discuss

On Mon, Oct 11, 2021 at 12:14:18AM -0700, E wrote:
> Here's my build log if this helps.
>
     big snip 


Advice: Go for a good walk

Then, at a healthy stress level,
answer to  
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q4/015815.html

Karma bonus points for using an email programm that adds 'In-Reply-To: ' header.



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

2021-10-11 Thread Mufasa

A few things still outstanding and more observations.

From Geert Stappers:

@E  Consider to subscribe to this mailinglist
Fixing your email program so it honors 'In-Reply-To: ‘
would also solve a problem you are emmitting.

Doing this would make it easier to reply to your messages.  As is, I’m manually 
updating the reply to line to be the mailing list and not sending mail directly 
to you only (removing the CC because I use reply not reply all).

Also from Geert:

>What does "where dnsmasq" say?
>Are you actually running the binary you just built?

That information is indeed missing.

A subtle, but correct observation.  Your output included “which” not “where” 
(whereis?).  I believe the goal was show all the copies of dnsmasq are on your 
system, not just the default run by the current shell’s PATH by priority of 
that environmental variable.

From me:

Where is the results of renaming /usr/sbin/dnsmasq and using the service script 
afterward?  I assume the error message would have changed and the mv command 
would have been in the latest command list.  I still find using the git 
compiled version of dnsmasq and the package version concurrently installed into 
system locations as dirty and believe you have a package installed dnsmasq 
binary on the system.

For the compiled dnsmasq running in your PATH, its complaining about line 12 
which you have as “dnssec-check-unsigned=no”.  Referring to 
dnsmasq.conf.example from the source repository, the option is just set not 
“=no” or yes.  I also wonder if simply commenting out the offending line would 
get your manual command line run to work.

Also noteworthy that this config doesn’t appear to be based on the example 
configuration with comments.  Several lines raise an eyebrow and look like 
copied and pasted examples from web searching that weren’t updated—particularly 
the “=path-to/“ entries that I suspect don’t exist in a directory called 
“path-to”.

I have an automated build setup that takes HEAD of dnsmasq into a fresh ubuntu 
docker container along with my configuration file.  I do wonder why your 
--version output doesn’t show the compile time options like mine does.  This 
would help if you use options that are required to be compiled in.

dnsmasq --version
Dnsmasq version UNKNOWN  Copyright (c) 2000-2021 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN 
DHCP DHCPv6 no-Lua TFTP no-conntrack ipset no-nftset auth no-cryptohash 
no-DNSSEC loop-detect inotify dumpfile

-Daniel

> On Oct 11, 2021, at 12:58 AM, E  wrote:
> 
> Now that's what I need. Thanks for another useful reply.
> 
> 
> # vi /usr/local/etc/dnsmasq.conf
> ( No File - I did not use this. I use only /etc/dnsmasq.conf )
> 
> # vi /etc/dnsmasq.conf
> 
> --- --- --- --- ---
> interface=lo
> listen-address=127.0.0.1
> bind-interfaces
> ## testver
> server=1.2.3.4#53
> server=1.2.3.4#53
> server=1.2.3.4#53
> server=1.2.3.4#53
> rev-server=1.2.3.4/24,1.2.3.4
> bogus-priv
> cache-size=1337
> dnssec-check-unsigned=no
> dnssec-no-timecheck
> domain-needed
> filterwin2k
> min-cache-ttl=1337
> neg-ttl=1337
> dns-forward-max=1337
> no-poll
> no-resolv
> stop-dns-rebind
> addn-hosts=path-to/path-to.txt
> conf-file=path-to/path-to.conf
> filter-
> --- --- --- --- ---
> 
> # dnsmasq --version
> Dnsmasq version 2.87test4-1-g37a70d3
> 
> # dnsmasq
> dnsmasq: unsupported option at line 12 of /etc/dnsmasq.conf
> 
> # sed '12!d' /etc/dnsmasq.conf
> dnssec-check-unsigned=no
> 
> # service dnsmasq restart;systemctl status dnsmasq.service
> Job for dnsmasq.service failed because the control process exited with
> error code.
> bad option at line 24 of /etc/dnsmasq.conf
> 
> # sed '24!d' /etc/dnsmasq.conf
> filter-
> 
> # dpkg --list|grep dnsmasq
> ii  dnsmasq   2.85-1
> all  Small caching DNS proxy and DHCP/TFTP server
> ii  dnsmasq-base  2.85-1
> amd64Small caching DNS proxy and DHCP/TFTP server
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

2021-10-11 Thread Hamish Moffatt


On 11/10/21 17:58, E wrote:

--- --- --- --- ---
interface=lo
listen-address=127.0.0.1
bind-interfaces
## testver
server=1.2.3.4#53
server=1.2.3.4#53
server=1.2.3.4#53
server=1.2.3.4#53
rev-server=1.2.3.4/24,1.2.3.4
bogus-priv
cache-size=1337
dnssec-check-unsigned=no
dnssec-no-timecheck
domain-needed
filterwin2k
min-cache-ttl=1337
neg-ttl=1337
dns-forward-max=1337
no-poll
no-resolv
stop-dns-rebind
addn-hosts=path-to/path-to.txt
conf-file=path-to/path-to.conf
filter-
--- --- --- --- ---

# dnsmasq --version
Dnsmasq version 2.87test4-1-g37a70d3

# dnsmasq
dnsmasq: unsupported option at line 12 of /etc/dnsmasq.conf



Line 12 of your config is dnssec-check-unsigned=no , nothing to do with 
filter-.




Hamish


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

2021-10-11 Thread E

Here's my build log if this helps.


:~# mkdir ok

:~# cd ok

:~/ok# git clone http://thekelleys.org.uk/git/dnsmasq.git
Cloning into 'dnsmasq'...
warning: redirecting to https://thekelleys.org.uk/git/dnsmasq.git/
remote: Enumerating objects: 11964, done.
remote: Counting objects: 100% (11964/11964), done.
remote: Compressing objects: 100% (9465/9465), done.
remote: Total 11964 (delta 9064), reused 3115 (delta 2438)
Receiving objects: 100% (11964/11964), 3.93 MiB | 6.99 MiB/s, done.
Resolving deltas: 100% (9064/9064), done.

:~/ok# make install
make: *** No rule to make target 'install'.  Stop.

:~/ok# cd dnsmasq

:~/ok/dnsmasq# make
make[1]: Entering directory '/userHome/ok/dnsmasq/src'
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
cache.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
rfc1035.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
util.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
option.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
forward.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
network.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
dnsmasq.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
dhcp.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
lease.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
rfc2131.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
netlink.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
dbus.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
bpf.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
helper.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
tftp.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
log.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
conntrack.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
dhcp6.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
rfc3315.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
dhcp-common.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
outpacket.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
radv.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
slaac.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
auth.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
ipset.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
pattern.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
domain.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
dnssec.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
blockdata.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
tables.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
loop.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
inotify.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
poll.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
rrfilter.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
edns0.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
arp.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
crypto.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
dump.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
ubus.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
metrics.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
hash-questions.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
domain-match.c
cc -Wall -W -O2   -DVERSION='"2.87test4-1-g37a70d3"' -c
nftset.c
cc  -o dnsmasq cache.o rfc1035.o util.o option.o forward.o network.o
dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o helper.o
tftp.o log.o conntrack.o dhcp6.o rfc3315.o dhcp-common.o outpacket.o
radv.o slaac.o auth.o ipset.o pattern.o domain.o dnssec.o blockdata.o
tables.o loop.o inotify.o poll.o rrfilter.o edns0.o arp.o crypto.o
dump.o ubus.o metrics.o hash-questions.o domain-match.o nftset.o
make[1]: Leaving directory '/userHome/ok/dnsmasq/src'

:~/ok/dnsmasq# make install
make[1]: Entering directory '/userHome/ok/dnsmasq/src'
make[1]: 'dnsmasq' is up to date.
make[1]: Leaving directory '/userHome/ok/dnsmasq/src'
install -d /usr/local/sbin
install -d /usr/local/share/man/man8
install -m 644 man/dnsmasq.8 /usr/local/share/man/man8
install -m 755 src/dnsmasq /usr/local/sbin

:~/ok/dnsmasq# cd ~

:~# rm -r ok

:~#

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

2021-10-11 Thread E

Now that's what I need. Thanks for another useful reply.


# vi /usr/local/etc/dnsmasq.conf
( No File - I did not use this. I use only /etc/dnsmasq.conf )

# vi /etc/dnsmasq.conf

--- --- --- --- ---
interface=lo
listen-address=127.0.0.1
bind-interfaces
## testver
server=1.2.3.4#53
server=1.2.3.4#53
server=1.2.3.4#53
server=1.2.3.4#53
rev-server=1.2.3.4/24,1.2.3.4
bogus-priv
cache-size=1337
dnssec-check-unsigned=no
dnssec-no-timecheck
domain-needed
filterwin2k
min-cache-ttl=1337
neg-ttl=1337
dns-forward-max=1337
no-poll
no-resolv
stop-dns-rebind
addn-hosts=path-to/path-to.txt
conf-file=path-to/path-to.conf
filter-
--- --- --- --- ---

# dnsmasq --version
Dnsmasq version 2.87test4-1-g37a70d3

# dnsmasq
dnsmasq: unsupported option at line 12 of /etc/dnsmasq.conf

# sed '12!d' /etc/dnsmasq.conf
dnssec-check-unsigned=no

# service dnsmasq restart;systemctl status dnsmasq.service
Job for dnsmasq.service failed because the control process exited with
error code.
bad option at line 24 of /etc/dnsmasq.conf

# sed '24!d' /etc/dnsmasq.conf
filter-

# dpkg --list|grep dnsmasq
ii  dnsmasq   2.85-1
all  Small caching DNS proxy and DHCP/TFTP server
ii  dnsmasq-base  2.85-1
amd64Small caching DNS proxy and DHCP/TFTP server

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

2021-10-11 Thread Neal P. Murphy

Good. The binary *claims* to support the options.

Try 'od -c /etc/dnsmasq.conf' to see if there are any 'alien' characters in the 
config file (like '\r' or formfeed, etc.)

And try 'dnsmasq --filter-' to see if it works from the command line. If 
this fails, dnsmasq is likely to be the source of the problem.

You might even try '--filter-aaa' and/or '--filter-a' to see if there's a case 
sensitivity problem.

N


On Sun, 10 Oct 2021 19:13:10 -0700
E  wrote:

> Thanks for your reply!
> 
> > dnsmasq --help | grep -i filter to see if the option exists.  
> 
> # dnsmasq --help | grep -i filter
> -f, --filterwin2k  Don't forward
> spurious DNS requests from Windows hosts.
> --filter-A Don't include
> IPv4 addresses in DNS answers.
> --filter-  Don't include
> IPv6 addresses in DNS answers.
> --stop-dns-rebind  Stop DNS
> rebinding. Filter private IP ranges when resolving.
> --connmark-allowlist-enable[=]   Enable filtering
> of DNS queries with connection-track marks
> 
> It does exist (and it should be - I pulled git & make & make install it)
> 
> # which dnsmasq
> /usr/local/sbin/dnsmasq
> 
> # dnsmasq --version
> Dnsmasq version 2.87test4-1-g37a70d3
> 
> # dnsmasq
> dnsmasq: unsupported option at line 12 of /etc/dnsmasq.conf
> 
> # service dnsmasq restart
> Job for dnsmasq.service failed because the control process exited with
> error code
> 
> # systemctl status dnsmasq.service
> ]: bad option at line 24 of /etc/dnsmasq.conf
> 
> 
> :'(
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

2021-10-11 Thread Geert Stappers via Dnsmasq-discuss

On Mon, Oct 11, 2021 at 02:40:31PM +1100, Hamish Moffatt wrote:
> On 11/10/21 14:33, E wrote:
> > # dnsmasq --conf-file=/etc/dnsmasq.conf
> > dnsmasq: unsupported option at line 12 of /etc/dnsmasq.conf
> 
> What does "where dnsmasq" say?
> Are you actually running the binary you just built?
 
That information is indeed missing.


 
> > W T F
> Why so rude?

Quoting http://www.catb.org/~esr/faqs/smart-questions.html
section "How To Answer Questions in a Helpful Way"

   Be gentle. Problem-related stress can make people seem rude or stupid
   even when they're not.


Groeten
Geert Stappers

@E  Consider to subscribe to this mailinglist
Fixing your email program so it honors 'In-Reply-To: '
would also solve a problem you are emmitting.
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] unittests

Re: [Dnsmasq-discuss] [PATCH] DHCPv6 - network booting 'address in use'

Re: [Dnsmasq-discuss] [PATCH] Re: pxe-service entries in dnsmasq conf seem to fail non-proxy EFI boot

Re: [Dnsmasq-discuss] How to provide DHCP for WiFi hotspot?

[Dnsmasq-discuss] How to provide DHCP for WiFi hotspot?

Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

[Dnsmasq-discuss] truely filter AAAA

Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

Re: [Dnsmasq-discuss] Bug while using address=//::

Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

Re: [Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

[Dnsmasq-discuss] How to Add max-ttl in DNSMASQ

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

Re: [Dnsmasq-discuss] Bug while using address=//::

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

[Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

Re: [Dnsmasq-discuss] filter-AAAA is breaking dnsmasq

27 matches

Site Navigation

Mail list logo

Footer information