Re: [Dnsmasq-discuss] Is it possible to merge host names on two Dnsmasq instances?
Thank you so much for bringing VLAN trunking to my attention. I’ve successfully set it up on the router and the AP, with one Dnsmasq instance to rule them all! It’s a really elegant solution. Regards, Glen > On Oct 2, 2021, at 2:59 PM, Paul Fertser wrote: > > Hi Glen, > >> On Wed, Sep 29, 2021 at 10:16:00AM +0800, Glen Huang wrote: >> it seems impossible for the router to take over guest WiFi’s DHCP, >> since it’s based on AP’s interfaces > > Just make the wired link between your router and the AP trunking, on > the AP bridge main and guest SSIDs to different VLANs, and on the > router serve all the VLANs with a single dnsmasq instance. > > HTH > -- > Be free, use free (http://www.gnu.org/philosophy/free-sw.html) software! > mailto:fercer...@gmail.com ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Is it possible to use different upstream DNS servers for different interfaces?
Hi, I have two interfaces on my router, one for home and the other for office. I’d like for clients from home and office to use different upstream DNS servers. I know I can use two Dnsmasq instances to achieve that, but that prevents the two types of clients to access each other by host names that they announce to the Dnsmasq DHCP. It seems the “server” option is the one that I should pay attention to, but its interface/IP parameter only specify the source interface/IP to query from. I wonder if it’s something possible with Dnsmasq? If not, is there a workaround? Regards, Glen ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Is it possible to merge host names on two Dnsmasq instances?
Thanks for the quick reply. This is a good idea. However, some of the devices use unqualified names as their host names and I have no control over them, and it seems I wouldn't be able to differentiate them in this way. Regards, Glen > On Sep 29, 2021, at 10:56 AM, Andrew Miskell wrote: > > > >> On Sep 28, 2021, at 9:16 PM, Glen Huang > <mailto:hey...@gmail.com>> wrote: >> >> Hi, >> >> I have a router and a dump AP that are connected with a wire. The router has >> two interfaces, one is for LAN (192.168.1.1/24) and the other for WAN. The >> AP also has two interfaces, one is for LAN (192.168.1.2/24), the other for >> guest WiFi (192.168.2.1/24). (It actually also has a LAN WiFi, but it >> shouldn’t be relevant in this case.) >> >> Dnsmasq runs both on the router and the AP. On the router, it provides DHCP >> and DNS, combined, for LAN. On the AP, only DHCP is enabled for the guest >> WiFi interface to provide 192.168.2.0/24 for clients. >> >> My question is that with this setup, LAN clients won’t be able to resolve >> host names on the guest WiFi, since the router Dnsmasq is not cognizant of >> them, and it seems impossible for the router to take over guest WiFi’s DHCP, >> since it’s based on AP’s interfaces, so is there a way to automatically >> “merge" the host names on both Dnsmasq instances? If not, what would be an >> elegant setup to make it work? >> >> Regards, >> Glen >> ___ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss@lists.thekelleys.org.uk >> <mailto:Dnsmasq-discuss@lists.thekelleys.org.uk> >> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss > > Assuming that the guest WiFi names are using a different domain name, e.g. > guests.home.net <http://guests.home.net/> then the main LAN, e.g. home.net > <http://home.net/>. > > On the router DNSMasq create an entry that tells it to send requests for > anything in guest.home.net <http://guest.home.net/> to the DNSMasq instance > on the AP. You can also do the reverse AP DNSMasq instance to allow guests to > lookup names in the home.net <http://home.net/> domain. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Is it possible to merge host names on two Dnsmasq instances?
Hi, I have a router and a dump AP that are connected with a wire. The router has two interfaces, one is for LAN (192.168.1.1/24) and the other for WAN. The AP also has two interfaces, one is for LAN (192.168.1.2/24), the other for guest WiFi (192.168.2.1/24). (It actually also has a LAN WiFi, but it shouldn’t be relevant in this case.) Dnsmasq runs both on the router and the AP. On the router, it provides DHCP and DNS, combined, for LAN. On the AP, only DHCP is enabled for the guest WiFi interface to provide 192.168.2.0/24 for clients. My question is that with this setup, LAN clients won’t be able to resolve host names on the guest WiFi, since the router Dnsmasq is not cognizant of them, and it seems impossible for the router to take over guest WiFi’s DHCP, since it’s based on AP’s interfaces, so is there a way to automatically “merge" the host names on both Dnsmasq instances? If not, what would be an elegant setup to make it work? Regards, Glen ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Ignore certain returned DNS response?
Hey Simon, Is the patch good for merging? I have been personally using the patch for over a month without problems. On Oct 9, 2014, at 10:48 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 08/10/14 13:13, Glen Huang wrote: Is it possible to ask dnsmasq to ignore DNS responses whose records match a certain list of ip, and keep waiting for another response? The rational behind this is that in China, when querying a domain like youtube.com or twitter.com, a fake ip is quickly returned, fooling dnsmasq to discard the genuine response that comes after it. Luckily the returned fake ips are of a limited set. So it’s relatively easy to distinguish such bogus responses. Sigh. Now if Twitter and Youtube did DNSSEC signatures, such silly games would no longer be possible. I can’t find an option which does this in the man page. So this might be a feature request. I guess it should work like the bogus-nxdomain option, but instead of treating the ip as nxdomain, dnsmasq would ignore it, and keep wait for another response. I’m willing to take a stab at this feature (it could take some time though, since I’m not familiar with the internels of dnsmasq). But before doing so, I want to make sure that I didn’t missing any option that already does that and this feature does belong to dnsmasq. There's no way to do this in the current dnsmasq releases, but I'd certainly consider a patch to implement it. You're right that the code can be modelled on bogus-nxdomain. You can use code like that in check_for_bogus_wildcard() to detect the bad answer (the option-parsing code would be identical) the check needs to be called from near the start of reply_query() and should just return from that function if bogus answer is detected. Cheers, Simon. Thank you. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Ignore certain returned DNS response?
Hi Simon, Your heads up was of tremendous help. Here is the patch I created. It implements a “ignore-address” option for the feature in question. Tested in China's network environment, should be working. Let me know if it looks good to you. (also just out of curiosity, why leave those trailing spaces in the code? I did flow the coding style of dnsmasq though) ignore-address.patch Description: Binary data On Oct 9, 2014, at 10:48 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 08/10/14 13:13, Glen Huang wrote: Is it possible to ask dnsmasq to ignore DNS responses whose records match a certain list of ip, and keep waiting for another response? The rational behind this is that in China, when querying a domain like youtube.com or twitter.com, a fake ip is quickly returned, fooling dnsmasq to discard the genuine response that comes after it. Luckily the returned fake ips are of a limited set. So it’s relatively easy to distinguish such bogus responses. Sigh. Now if Twitter and Youtube did DNSSEC signatures, such silly games would no longer be possible. I can’t find an option which does this in the man page. So this might be a feature request. I guess it should work like the bogus-nxdomain option, but instead of treating the ip as nxdomain, dnsmasq would ignore it, and keep wait for another response. I’m willing to take a stab at this feature (it could take some time though, since I’m not familiar with the internels of dnsmasq). But before doing so, I want to make sure that I didn’t missing any option that already does that and this feature does belong to dnsmasq. There's no way to do this in the current dnsmasq releases, but I'd certainly consider a patch to implement it. You're right that the code can be modelled on bogus-nxdomain. You can use code like that in check_for_bogus_wildcard() to detect the bad answer (the option-parsing code would be identical) the check needs to be called from near the start of reply_query() and should just return from that function if bogus answer is detected. Cheers, Simon. Thank you. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Ignore certain returned DNS response?
Is it possible to ask dnsmasq to ignore DNS responses whose records match a certain list of ip, and keep waiting for another response? The rational behind this is that in China, when querying a domain like youtube.com or twitter.com, a fake ip is quickly returned, fooling dnsmasq to discard the genuine response that comes after it. Luckily the returned fake ips are of a limited set. So it’s relatively easy to distinguish such bogus responses. I can’t find an option which does this in the man page. So this might be a feature request. I guess it should work like the bogus-nxdomain option, but instead of treating the ip as nxdomain, dnsmasq would ignore it, and keep wait for another response. I’m willing to take a stab at this feature (it could take some time though, since I’m not familiar with the internels of dnsmasq). But before doing so, I want to make sure that I didn’t missing any option that already does that and this feature does belong to dnsmasq. Thank you. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
