Re: [Dnsmasq-discuss] What IP to use for ad/track blocking?
I haven't tried it, but maybe 127.0.0.2 will do the trick. On Feb 11, 2014 4:40 PM, Chris Green c...@isbd.net wrote: I have a few entries in my dnsmasq.conf file to block some tracking sites, as follows:- address=/www.addthis.com/127.0.0.1 address=/googlesyndication.com/127.0.0.1 address=/google-analytics.com/127.0.0.1 address=/googleadservices.com/127.0.0.1 address=/doubleclick.net/127.0.0.1 address=/finder.cox.net/127.0.0.1 However this means that my web server gets the hits instead if the requests are HTTP ones. I.e. if I enter www.addthis.com into the Firefox address it takes me to my local web server's root page. Is there any IP I can put there which will prevent this - i.e. which is a sort of 'do nothing' IP? I've tried 0.0.0.0 but that takes me to the local page in exactly the same way as 127.0.0.1. -- Chris Green ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] flush dhcp lease cache
hello, is it somehow possible (signal, etc) to flush dnsmasq's internal dhcp lease cache? i want to be able to update ip addresses without restarting dnsmasq. So I send a SIGHUP to dnsmasq to reread its host definition files. But althought I've disabled the leasefile (leasefile-ro) and enabled a script to run the machines still get their old addresses. maybe I just don't check how to do this ... thanks in advance, gabriel ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] flush dhcp lease cache
On 07/04/2013 06:46 PM, Simon Kelley wrote: On 04/07/13 12:44, gabriel wrote: hello, is it somehow possible (signal, etc) to flush dnsmasq's internal dhcp lease cache? i want to be able to update ip addresses without restarting dnsmasq. So I send a SIGHUP to dnsmasq to reread its host definition files. But althought I've disabled the leasefile (leasefile-ro) and enabled a script to run the machines still get their old addresses. If you've disabled the leasefile, then the problem is likely to be that the DHCP client is remembering what address it had last, and asking for that address again. dnsmasq will give the client the address is asks for if it's OK (not in use, still on a configured network, etc). You could remove the caches in your hosts too, or configure static addresses for them in dnsmasq. Dnsmasq will force the static address, rather than one a client asks for. i'm testing this with kvm virtual machines, and they keep their old address across destroy/restart. i actually also tried: dhcp_release bridge if mac in order to invalidate these leases. in fact i've configured these hosts through additional hosts file (for static dns) and additional conf file by host-record, txt-record, dhcp-record statements. i want to change these statically configured hosts ip addresses without dnsmasq restart. thanks a lot, gabriel ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] IPv6 prefix delegation
Hi, I currently use dibbler with radvd to advertise a v6 prefix received via prefix delegation. I also use dnsmasq for DNS and DHCPv4. My understanding is that I can replace radvd with dnsmasq. I noticed that recent versions allow advertising of prefixes received via PD (using the constructor parameter of --dhcp-range). The only thing that's missing is a way to obtain the delegated prefix. From what I can tell by reading the manual, dnsmasq is not involved in retrieving the prefix, so I still need to use another client for this. Am I getting this right? If yes, it would be nice to have that feature as well. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Using dhcp-host hostname as address for DNS
My question is whether it would be possible to have a single line config statement for mac-ip-hostname mapping. But I want to have the DNS entries permanently preserved resp. dns mappings without prior dhcp ip negotiation. Actually this means I don't want DNS to be dynamic. so: in /etc/hosts 1.2.3.4 myhost in /etc/dnsmasq.conf dhcp-host=00:11:22:33:44:55,myhost So this means that I can't maintain my hosts in a single file with only one statement? Single statement, not that I know of. Single file, sure. See -A, --address in the man page. in /etc/dnsmasq.conf : dhcp-host=00:11:22:33:44:55,myhost address=/myhost/1.2.3.4 What about the addresses (not the dhcp-host definition(s)) in a separate file: addn-hosts=/path/to/hosts.LAN and a file /path/to/hosts.LAN like # IP-addressHostname 192.168.0.100 Host100 # etc Currently my setup is that way. A seperate hosts file addn-hosts=/etc/dnsmasq.d/hosts.dynamic and my host definitions in dnsmasq.conf.d via dhcp-host. But to avoid them to get out of sync I've written a dhcp-script dhcp-script=/var/netboot/config/dnsmasq.sh to update /etc/dnsmasq.d/hosts.dynamic automatically for dns entries to be static. This appears a little bit cumbersome to me but I don't want to manage two entries for a single host. cheers. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Using dhcp-host hostname as address for DNS
On 07/29/2012 06:39 PM, Simon Kelley wrote: On 26/07/12 13:31, gabriel wrote: Hello. I've just subscribed to this list and have a question to a previous post. But I don't know how to reply on that thread now. The thread in concern started on Fri Jul 20 11:30:02 BST 2012 same subject. My question is whether it would be possible to have a single line config statement for mac-ip-hostname mapping. But I want to have the DNS entries permanently preserved resp. dns mappings without prior dhcp ip negotiation. Actually this means I don't want DNS to be dynamic. Is this somehow configurable? Yes. Put the hostname-IP address mapping in /etc/hosts and the mac_address-hostname mappings in /etc/dnsmasq.conf in dhcp-host lines. so: in /etc/hosts 1.2.3.4 myhost in /etc/dnsmasq.conf dhcp=host=00:11:22:33:44:55,myhost Thanks for your reply. So this means that I can't maintain my hosts in a single file with only one statement? Gabriel ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Dnsmasq hard limit
Greetings, I've been looking at dnsmasq and pushing to my peers as a replacement for a custom distro. The Distro is currently using dnsmasq for dns proxy caching but not as a dhcp daemon. The question that comes up, is if the Hard limit you talk about in the faq is an actual hard limit, or by the use of the flag, one is able to set it to a higher limit. I know that your earlier versions were locked to 100, the default now is 1000, and the verbiage suggests it's settable to anything one could need. I know the idea of dnsmasq is to provide services for the smaller market. However there was a concern that if some one had a medium to large business used our distro, if they had 2000 client machines, it wasn't going to bomb.. (Hardware, memory, disk space, et al aside) Would you mind going thru that, and letting me know your opinion on such, and what the Hard limit is.. Regards Gabriel Dungan gjdu...@dstaftn.net
[Dnsmasq-discuss] dhcp address allocation
hi, a few months ago i found dnsmasq as a comfortable replacement for my dhcp3-server, bind9 with ddns setup. but one thing i am currently missing: the dhcp server from isc tries to provide the same ip address to a client. even if the client disconnects and afterwards connects again to the network the server looks up in the leases file for the outdated ticked an tries to keep its ip. if i didn't got it totally confused this is not the case for dnsmasq - in the sources i found a simple increment for the ip address after some validity and consistency checks were passed. so my question finally is: is it possible to get a similar behaviour of dnsmasq without switching to fixed addresses? actually i use arpwatch to detect new clients on my network and since the ip addresses from the clients permanently change this is not possible anymore. thanks for reply in advance, gabriel -- gpg/pgp schl�ssel (id 0x4BBD6B8F) unter: http://pgpkeys.pca.dfn.de/pks/lookup?search=0x4BBD6B8Fop=vindex signature.asc Description: Digital signature
Re: [Dnsmasq-discuss] patch proposal: getent support for ethers
It needs some clean-up, but something like this has some attractions. The main drawback I can see is that the get_() library calls can all block for arbitrary lengths of time, which leaves the network with no DNS and no DHCP and no TFTP. Worse: gethostbyname() and gethostbyaddr() can possibly attempt to use DNS to get the host info, routing the queries through dnsmasq, which is blocked in the gethost*() call, leading to deadlock. Yes, it can lead to a deadlock. As many configurations on libNSS and PAM. But sysadmins are used to deal with this issues. You can configure timeouts, and you can (must) use the LDAP to resolve hostnames (hosts) before DNS, so you don't have the deadlock. A solution which pulls all the host info from the LDAP database and pushes it into a file which is read by dnsmasq (or the named-pipe variant of this) avoids that pain. Sure it does. But the problem of when trigger a HUP signal to dnsmasq remains. Maybe something like --read-ethers=nss to switch on read-ethers semantics, but via the nss, would be good, if this solution is adopted? Sure. I think a switch is required, and the nss should not be the default. But, only to be clear, the NSS for ether doesn't support enumeration, so you can't extract all information during initialisation. It must query on demand. We also may need compilations flags, because not all architectures support gettent (I think).
Re: [Dnsmasq-discuss] patch proposal: getent support for ethers
Hi, While your method should work, it definitely won't be efficient. Since DHCP is a polling protocol, requests have to be more frequent than updates almost by definition I'm using a LDAP backend to keep all information in one place. We have a small team to deal with many hosts, including remote sites. The goal is to keep all data in a single structure. I'm sure that this information won't change offen. The LDAP was designed to handle a large number of querys. Every ls -l, for example, generates many requests about UID and GID. I accomplished this by making /etc/ethers a pipe connected to a perl script which reads all assignments from the database. Using a named pipe is really a smart move, but (If I understand correctly) you have a daemon or a trigger process to send HUP signal to dnsmasq, right? Why not use this process to recreate the /etc/ethers and than give the signal? I think you could set up something similar for your environment. Sure, that's my plan B. I guess if the number of assignments in the database is far larger than the number of simultaneously connected clients then querying the database per-request might be better than transferring the entire database after each change. Yes, the number is larger, and that exactly my point. To avoid recreate a file with every entry all the time. I think dnsmasq should provide a way of query a information when needed, instead of always store the table itself. We could use a generic external program call, but the getent/libnss is more efficient, has designed for that and is already available. It also features NSCD, a cache mechanism to speed up the process. You could try this method to query SQL DBs. There are nss libs for MySQL, Postgress and sqllite. I don't know if the dbus interface would allow updating individual assignments. I don't know much about dbus, but you also have to consider that the LDAP server may not be in the same machine of the dnsmasq. Thanks and sorry for the late replay, Winckler
Re: [Dnsmasq-discuss] patch proposal: getent support for ethers
Hi again, An addition of DBus methods which allow dhcp-host-like configuration to be supplied would seem to be a winner for this, IMHO. If I understand correctly, this still require that the full database has to be updated to dnsmasq before the lease. My goal is a mechanism that query a backend or a script for the value if not found. It seams to be a different scenario. This is not possible by Dbus interface, is it? Thanks, Winckler
[Dnsmasq-discuss] patch proposal: getent support for ethers
Hi,
I'm new around here, so I'm not sure if this message belongs to this list.
I made a patch for dnsmasq, allowing dynamic query the ether
information using getent calls.
My goal is use dnsmasq in a large cluster deployment (exactly the
original goal of this code), providing DHCP using LDAP as the backend
server.
Many people have asked for a DHCP server with LDAP support, but nobody
make that happen (at least, not with dynamic updates).
Since this is the best DHCP server code on the market (I tried to
implement this using the ISC... not a happy story), I propose a patch.
Just to clarify my plan:
- Store the MAC/IP information on a LDAP server.
- Configure libnss to access this information (yes, libnss provide
infrastructure for the /etc/ethers file)
- Access the data in dnsmasq using getent.
So, no need to link, call or configure LDAP in dnsmasq.
The drawback is the slowdown (I know, this is why dnsmasq read the
ethers file only during the initialization) of nss queries.
So, I'm submitting a draft patch, that adds this support. In my tests,
everything works (with LDAP!).
** I'm a sysadmin, not a C programmer. **
Feel free to change this patch or express how bad I code.
This patch is for the 2.50test3 revision. (Is there a code repository
somewhere?)
Is this a interesting feature? Any chances of something like this to
be included?
If so, we may need a option getent-ethers, or something.
Thanks,
Winckler
diff -ur dnsmasq-2.50test3.orig/src/dhcp.c dnsmasq-2.50test3/src/dhcp.c
--- dnsmasq-2.50test3.orig/src/dhcp.c 2009-06-23 17:02:09.0 -0300
+++ dnsmasq-2.50test3/src/dhcp.c 2009-06-25 17:42:03.0 -0300
@@ -18,6 +18,9 @@
#ifdef HAVE_DHCP
+#include netinet/ether.h
+#include netdb.h
+
struct iface_param {
struct in_addr relay, primary;
struct dhcp_context *current;
@@ -699,6 +702,70 @@
is_addr_in_context(context, config))
return config;
+ /* search the host using getent */
+
+ {
+struct in_addr ip;
+char buffer [1024];
+struct hostent *host;
+char addr[IN6ADDRSZ];
+char buf2[INET6_ADDRSTRLEN];
+
+ /* search for the MAC */
+if (ether_ntohost (buffer, ether_aton(print_mac(buffer, hwaddr, hw_len))) == 0 )
+{
+ /* found! */
+ my_syslog(LOG_INFO, _(MAC found using getent: %s), buffer);
+
+ if (inet_pton (AF_INET, buffer, addr) 0)
+ // address given
+ host = gethostbyaddr (addr, INADDRSZ, AF_INET);
+ else
+// hostname given
+host = gethostbyname2 (buffer, AF_INET);
+
+ ip.s_addr = inet_addr(inet_ntop (host-h_addrtype, host-h_addr, buf2, sizeof (buf2)));
+ //ip.s_addr = inet_ntop (host-h_addrtype, host-h_addr, buf2, sizeof (buf2));
+
+ /* getent stage done. */
+
+ /* search for a suitable config */
+
+ if (context is_same_net(ip, context-start, context-netmask))
+ {
+ /* Create a new config */
+config = whine_malloc(sizeof(struct dhcp_config));
+
+config-flags = CONFIG_FROM_ETHERS | CONFIG_ADDR;
+config-domain = NULL;
+
+config-addr = ip;
+if (host-h_name)
+{
+ config-hostname = whine_malloc(strlen(host-h_name)+1);
+ strcpy(config-hostname, host-h_name);
+ config-flags |= CONFIG_NAME;
+}
+
+config-flags |= CONFIG_NOCLID;
+
+config-hwaddr = whine_malloc(sizeof(struct hwaddr_config));
+memcpy(config-hwaddr-hwaddr, hwaddr, hw_len);
+config-hwaddr-hwaddr_len = hw_len;
+config-hwaddr-hwaddr_type = hw_type;
+config-hwaddr-wildcard_mask = 0;
+config-hwaddr-next = NULL;
+
+
+/* Insert the new config */
+ config-next = configs;
+ configs = config;
+
+return config;
+ }
+}
+ }
+
/* use match with fewest wildcast octets */
for (candidate = NULL, count = 0, config = configs; config; config = config-next)
if (is_addr_in_context(context, config))
Re: [Dnsmasq-discuss] dnsmasq.lease file question
I too have noticed this strange phenomena, and not just in DNSMasq. On almost every DHCP server I have ever used, when I look at the lease file, there is never hardware info for linux boxes. Personally, and my understanding of the underlying mechanics of DHCP is very limited, I thought that all requests for a DHCP address included the mac address, in order for an answer to be directed to the correct machine. Therefore, the DHCP server should already know the hardware address. Why it forgets, and it never gets listed, is beyond me. Maybe someone else could enlighten us :) On Tue, 2007-04-24 at 12:46 -0400, Philippe Faure wrote: Hello, I am running Dnsmasq version 2.2 on a Debian server version 3.1. The Dnsmasq.lease file has the following information stored in it. 1177812457 00:15:e9:a8:e5:28 192.168.0.50 debian-host * 1177928854 00:15:e9:a8:e6:c5 192.168.0.57 carm 01:00:15:e9:a8:e6:c5 1177849379 00:03:2f:3a:f2:e9 192.168.0.54 phil 01:00:03:2f:3a:f2:e9 Why is it that the two windows' boxes have the hardware ID there, while the linux (Ubuntu Feisty, running dhcpcd) only has a *? Is there some setup that I have done properly? if so with the client or server? Do I need to worry about it? thank you Philippe ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] no MX records being returned?
First off, I would like to say, dnsmasq, is an excellent piece of software! Exceptionally fast, and right now, is serving close to 1000 clients over four subnets, who surf the internet as if their lives depend on it. I have only one problem. I have a postfix server, which is using dnsmasq as it's DNS server. The problem is, it doesn't seem to be returning any MX records. when I use the command line at any of my terminals, and issue dig website.com I don't get any MX information. Is there any reason for this behavior? This means that sometimes I have hundreds of mails being defered on our mail server. How can I configure dnsmasq to return MX data that it finds upstream?
Re: [Dnsmasq-discuss] Dnsmasq DHCP Server Doesn't Work
On August 24, 2005 10:48, Simon Kelley wrote:
NO. Read the dnsmasq FAQ. dhcpd bypasses the firewall system and dnsmasq
doesn't, so you could be blocking stuff from dnsmasq and still have a
working dhcpd.
Alright, so I disabled my firewall, and now it works, this confuses me, as I've
not restricted the lan interface in any way
(at least as far as I understand) attached is my firehol configuration, anyone
see where I'm going wrong?
--
Gabriel Devenyi
a...@staticwave.ca
#FIREHOL_LOG_LEVEL=7
lan_ips=192.168.1.1/24
dnat to 192.168.1.2 proto tcp dport 32770
dnat to 192.168.1.2 proto udp dport 32770
transparent_squid 3128 squid root ace inface eth0 src 192.168.1.1/24
interface eth0 lan src ${lan_ips}
policy accept
server all accept
client all accept
interface ppp+ wan src not ${lan_ips} ${UNROUTABLE_IPS}
policy drop
protection strong
server ssh accept
server imaps accept
server ident reject with tcp-reset
server custom skype tcp/32770 udp/32770 default accept
server custom bt tcp/35000:35100 default accept
client all accept
server all drop
router lan2wan inface eth0 outface ppp+
masquerade
route all accept
router wan2lan inface ppp+ outface eth0
route ident reject with tcp-reset
route custom skype tcp/32770 udp/32770 default accept
[Dnsmasq-discuss] Dnsmasq DHCP Server Doesn't Work
Hello Simon, All, I recently tried to configure dnsmasq to handle my DNS and DHCP for a small home LAN, however I was unable to get dnsmasq to provide IP addresses, dispite it being so simple in the configuration. As a result I filed a gentoo bug, and having gone through all the checks it seems as though it may be an issue with dnsmasq itself, rather than my config. http://bugs.gentoo.org/show_bug.cgi?id=101498 contains my config file, as well as some netstat checks we've exhasuted our options, does anyone know what the problem is? Thanks for your time! -- Gabriel Devenyi a...@staticwave.ca
