Re: [Dnsmasq-discuss] dhcp-range with ipv6 vlan not working?
On 11/04/2024 22:09, Robert Sharp wrote: Again, you may be better off avoiding issues by using a maximum prefix length of 64. Kind regards, Buck I managed to get a /64 prefix for the vlan and everything works fine. Thanks. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dhcp-range with ipv6 vlan not working?
On 11/04/2024 10:20, Buck Horn via Dnsmasq-discuss wrote: On 10.04.24 23:51, Robert Sharp wrote: I have set up dnsmasq to provide dhcpv6 addresses for my network using a /64 prefix delegated to the LAN interface (enp3s0) using dhcpcd. Everything works fine, so I am now trying to extend ipv6 to a vlan I have set up for my wifi clients. Again, dhcpcd has obtained and delegated another prefix to the vlan only this time its a /68 for some reason. I can't comment on dnsmasq's implementation details, but in general, you won't have much joy using a /68 prefix. While it is true that IPv6 routing decisions are based on arbitrary prefix lengths of 0 to 128, quite a few RFCs require the interface id to be 64 bit wide - to name just a few: RFC3972 (CGAs), RFC4291 (Addressing Architecture), RFC4193 (ULAs), RFC7136 (Significance of IPv6 Interface Identifiers). E.g. the latter states: > For all unicast addresses, except those that start with the binary > value 000, Interface IDs are required to be 64 bits long. If > derived from an IEEE MAC-layer address, they must be constructed > in Modified EUI-64 format. Other RFCs often refer above and adhere to it, even if their proposed algorithm could be adopted to deal with shorter interface ids (e.g. RFC7217). This pretty much makes 64bit interface ids a de-facto standard. Using prefix lengths larger than 64 would thus be likely to result in inability to calculate such 64bit interface identifiers. Independent of your chosen DHCPv6 sever, you should probably consider to use a different prefix length. If you would want to be able to semantically use some portions of the interface id to identify a logical subnet from your DHCPv6 assigned addresses, you may be able to use a /64 and adjust dnsmasq's dhcp-range accordingly. Depending on your router's configuration options, you may still be able to use a /68 for routing decisions (like vlan isolation). However, note that when advertising a /64 prefix, clients using NDP/SLAAC to join your network (like Androids only ever do) would use the full 64bit for self-assigning their interface id (but using a /68 may stop them from joining your network, when they only support SLAAC's default /64 prefix). Again, you may be better off avoiding issues by using a maximum prefix length of 64. Kind regards, Buck That sounds like a good explanation so now all I need to do is figure out how to get dhcpcd to allocate the /64 prefix I was expecting, and that is not for this list. Thanks, I will post again if that makes no difference. Robert ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] dhcp-range with ipv6 vlan not working?
I have set up dnsmasq to provide dhcpv6 addresses for my network using a /64 prefix delegated to the LAN interface (enp3s0) using dhcpcd. Everything works fine, so I am now trying to extend ipv6 to a vlan I have set up for my wifi clients. Again, dhcpcd has obtained and delegated another prefix to the vlan only this time its a /68 for some reason. At the moment I have a dhcp-range command for the ipv4 addresses on the vlan working as expected, but the ipv6 version does nothing. This is the relevant config: # IPv4 leases dhcp-range=192.168.0.64,192.168.0.127,24h dhcp-range=vlan0,10.86.216.128,10.86.216.248,255.255.255.0,24h #IPv6 enable-ra dhcp-range=::1,::400,constructor:enp3s0,ra-names,24h dhcp-range=vlan0,::1,::400,constructor:vlan0,ra-names,24h A client attached to the vlan gets an ipv4 address as expected but not an ipv6. The logs appear to suggest that the context for the vlan never gets created? DHCP, IP range 10.86.216.128 -- 10.86.216.248, lease time 1d DHCP, IP range 192.168.0.64 -- 192.168.0.127, lease time 1d DHCPv6, IP range ::1 -- ::400, lease time 1d, template for enp3s0 DHCPv4-derived IPv6 names on enp3s0 router advertisement on enp3s0 DHCPv6, IP range ::1 -- ::400, lease time 1d, template for vlan0 DHCPv4-derived IPv6 names on vlan0 router advertisement on vlan0 DHCPv6, IP range 2001:8b0:1cde:f020::1 -- 2001:8b0:1cde:f020::400, lease time 1d, constructed for enp3s0 DHCPv4-derived IPv6 names on 2001:8b0:1cde:f020::, constructed for enp3s0 router advertisement on 2001:8b0:1cde:f020::, constructed for enp3s0 IPv6 router advertisement enabled What I would expect is the last few lines repeated for vlan0 with its own prefix but they are not. I think these lines are generated by dhcpv6.c at line 830, so perhaps either construct_worker is not called for the vlan interface, for some reason, or it is but it ends up executing the else statement at line 834 because somewhere it was decided not to "do RA". Or I could be looking in completely the wrong place. I would welcome any help trying to sort this out. Best wishes, Robert Sharp ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DHCPv6 Not Working on Linux 6.6.13
On 02/03/2024 18:07, Robert Sharp wrote: On 02/03/2024 16:29, Simon Kelley wrote: I think you probably need start and end addresses in the dhcp range dhcp-range=::1,::400,constructor:enp3s0,24h without a range of addresses, dnsmasq can't lease addresses and will only do stateless DHCPv6 and RA. There's loads more information out there that will help if you set --log-dhcp in your dnsmasq config and look in the syslog. That will tell you is dnsmasq has managed to construct an actual dhcp range from the address on enp3s0 and allow you to see if it's getting SOLICIT packets and what it's doing in response. The output from ip addr show dev enp3s0 would be useful too. Look at the address, prefix length and lifetimes. Simon. Thanks, Simon. I will try both of your suggestions. At least the --log-dhcp should get me further if the end address does not work. Robert Just to say that adding the end address fixed the problem. Thanks for your help. Robert ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DHCPv6 Not Working on Linux 6.6.13
On 02/03/2024 16:29, Simon Kelley wrote: I think you probably need start and end addresses in the dhcp range dhcp-range=::1,::400,constructor:enp3s0,24h without a range of addresses, dnsmasq can't lease addresses and will only do stateless DHCPv6 and RA. There's loads more information out there that will help if you set --log-dhcp in your dnsmasq config and look in the syslog. That will tell you is dnsmasq has managed to construct an actual dhcp range from the address on enp3s0 and allow you to see if it's getting SOLICIT packets and what it's doing in response. The output from ip addr show dev enp3s0 would be useful too. Look at the address, prefix length and lifetimes. Simon. Thanks, Simon. I will try both of your suggestions. At least the --log-dhcp should get me further if the end address does not work. Robert ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] DHCPv6 Not Working on Linux 6.6.13
I have been using Dnsmasq for many years and I am now trying to include ipv6. Unfortunately, I cannot seem to get DHCPv6 to work, which I believe I need in order to be able to look up hosts using DNS. My ISP has allocated me with a /48 prefix and I am using dhcpcd to delegate a /64 prefix to the LAN interface. This all seems to work fine. My dnsmasq.conf settings are: -- filterwin2k domain-needed bogus-priv #ipv6 stuff enable-ra dhcp-range=::1,constructor:enp3s0,24h dhcp-host=fc:aa:14:c8:9c:3e,hadrian,[::5] except-interface=ppp0 except-interface=enp4s0 interface=enp3s0 expand-hosts bind-interfaces domain=osburn-sharp.ath.cx local=/osburn-sharp.ath.cx/ no-resolv server=127.0.0.1#553 address=... cname=... dhcp-range=192.168.0.64,192.168.0.127,24h read-ethers bogus-nxdomain=212.82.32.48 dhcp-option=252,"\n" dhcp-option=121,... dhcp-option=3,192.168.0.1 mx-host=... I have included everything but truncated some entries where the info is unlikely to be relevant. Some things are historical and probably could be removed but they are not the issue. I have tried various combinations of dhcp-range and dhcp-host and I have tried it without the enable-ra. I have a firewall in place that allows ipv6 on 546/7, which is needed anyway for the ISP side to work. I log dropped packets. I do have a rule for accepting broadcast packets for dhcpv4 but I am not sure if it is needed, given that 67/8 are open anyway: - -A INPUT -i enp3s0 -p udp -m addrtype --src-type UNSPEC --dst-type BROADCAST --dport 67 -j ACCEPT -A In-from-main-lan -i enp3s0 -s 192.168.0.0/24 -p tcp -m multiport --dports 53,67,68,123 -j ACCEPT - The dhcpcd on a client logs that it is soliciting a DHCPv6 lease but all I get is either a SLAAC address or just local link if I have disabled slaac. Using tcpdump I can see the dhcpv6 requests on the router's LAN interface but there is no response. There are no dropped packets either. Using lsof I cannot see that dnsmasq is listening on 547 but then I cannot see it listening for DHCPv4 either. My instinct suggests a routing problem? I know this can cause packets to simply disappear. The DHCPv6 request appears to be multicast to ff08. The routing table on the router is: - 2001:8b0:17a2::/64 dev enp3s0 proto dhcp metric 1002 pref medium unreachable 2001:8b0:17a2::/48 dev lo proto dhcp metric 1001 pref medium fe80::203:97ff:fe41:c000 dev ppp0 proto kernel metric 256 pref medium fe80::b47c:2ce7:fc94:2eb0 dev ppp0 proto kernel metric 256 pref medium fe80::/64 dev enp3s0 proto kernel metric 256 pref medium fe80::/64 dev enp4s0 proto kernel metric 256 pref medium default via fe80::203:97ff:fe41:c000 dev ppp0 proto ra metric 1006 pref medium I don't have multicast forwarding enabled but I dont think that is relevant. I am not doing anything explicit with the ipv6 routes - as I understand it, they sort themselves out? I would be very grateful if anyone can help. I have been searching google for clues for weeks now to little avail. If you need any more info I can provide it. Thanks, Robert Sharp ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Web interface for DNSmasq
Thanks for the links. I am looking at dnsmasq-gui as a possibility, as the other one is specific to back/white listing URLs to control web access. My primary interest is managing the list of DHCP reservations. Will test this out after I finish reading the php. Yes Bind is an option, but I've used dnsmasq successfully for years now and it has served my network well. OpenWRT GUI is an interesting approach. I'm just looking for an efficient web alternative to short-cut the ssh / sudo / nano steps. Sure, manual works, but everything else on my SDN is managed by GUI. Unfortunately the SDN vendor's software, while offering dnsmasq as a dns/dhcp option, provides no supporting GUI either. Also doesn't provide for redundant dns servers. So I've been running dnsmasq in a VM, and am planning to sort out fail-over in the good old fashioned way! :) I saw a reference (have not re-found it yet) that someone had repackaged the webmin dnsmasq module as a tar. At this juncture I appear to be successful getting webmin module installer to download the module from github but the installer throws an error that it's not a valid tar. I'll investigate later to see if the solution is as simple as tar'ing the file myself. If anyone has see a post about this or has experienced this error, any input is helpful. I'll post what I find later. Tx, Robert On 8/8/2019 7:00 AM, dnsmasq-discuss-requ...@lists.thekelleys.org.uk wrote: -- Message: 1 Date: Wed, 7 Aug 2019 17:29:03 -0400 From: "Robert Shelton (NexusNet)" To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: [Dnsmasq-discuss] Web interface for DNSmasq Message-ID: <926de109-390e-df62-284b-7b6daa344...@nexusnet.us> Content-Type: text/plain; charset=utf-8; format=flowed I am looking for a web interface for DNSmasq. I found and successfully installed webmin only to discover that the DNSmasq module appears to be old and currently unavailable. Can anyone point me to a solution - need not be webmin, although that looks like a nice/useful admin tool that I'd be happy to use for DNS admin. Thanks, Robert -- Message: 2 Date: Thu, 8 Aug 2019 08:45:42 +0200 From: john doe To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Web interface for DNSmasq Message-ID: Content-Type: text/plain; charset=utf-8 On 8/7/2019 11:29 PM, Robert Shelton (NexusNet) wrote: I am looking for a web interface for DNSmasq. I found and successfully installed webmin only to discover that the DNSmasq module appears to be old and currently unavailable. Can anyone point me to a solution - need not be webmin, although that looks like a nice/useful admin tool that I'd be happy to use for DNS admin. The following URLs are untested: https://github.com/SloCompTech/dnsmasq-gui https://github.com/TimJuni/webdnsmasq OpenWrt uses Dnsmasq and can be configured using the GUI. An other approach is to edit, for example, '/etc/dnsmasq.conf' manually but you still need to remember the command to put in the file. You can do that in Webmin by editing the file directly even if there is no support for Dnsmasq. P.S. If you insist on using the GUI, you might consider Bind. -- John Doe ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Dnsmasq-discuss Digest, Vol 171, Issue 12
Thanks for the links. I am looking at dnsmasq-gui as a possibility, as the other one is specific to back/white listing URLs to control web access. My primary interest is managing the list of DHCP reservations. Will test this out after I finish reading the php. Yes Bind is an option, but I've used dnsmasq successfully for years now and it has served my network well. OpenWRT GUI is an interesting approach. I'm just looking for an efficient web alternative to short-cut the ssh / sudo / nano steps. Sure, manual works, but everything else on my SDN is managed by GUI. Unfortunately the SDN vendor's software, while offering dnsmasq as a dns/dhcp option, provides no supporting GUI either. Also doesn't provide for redundant dns servers. So I've been running dnsmasq in a VM, and am planning to sort out fail-over in the good old fashioned way! :) I saw a reference (have not re-found it yet) that someone had repackaged the webmin dnsmasq module as a tar. At this juncture I appear to be successful getting webmin module installer to download the module from github but the installer throws an error that it's not a valid tar. I'll investigate later to see if the solution is as simple as tar'ing the file myself. If anyone has see a post about this or has experienced this error, any input is helpful. I'll post what I find later. Tx, Robert On 8/8/2019 7:00 AM, dnsmasq-discuss-requ...@lists.thekelleys.org.uk wrote: Send Dnsmasq-discuss mailing list submissions to dnsmasq-discuss@lists.thekelleys.org.uk To subscribe or unsubscribe via the World Wide Web, visit http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss or, via email, send a message with subject or body 'help' to dnsmasq-discuss-requ...@lists.thekelleys.org.uk You can reach the person managing the list at dnsmasq-discuss-ow...@lists.thekelleys.org.uk When replying, please edit your Subject line so it is more specific than "Re: Contents of Dnsmasq-discuss digest..." Today's Topics: 1. Web interface for DNSmasq (Robert Shelton (NexusNet)) 2. Re: Web interface for DNSmasq (john doe) -- Message: 1 Date: Wed, 7 Aug 2019 17:29:03 -0400 From: "Robert Shelton (NexusNet)" To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: [Dnsmasq-discuss] Web interface for DNSmasq Message-ID: <926de109-390e-df62-284b-7b6daa344...@nexusnet.us> Content-Type: text/plain; charset=utf-8; format=flowed I am looking for a web interface for DNSmasq. I found and successfully installed webmin only to discover that the DNSmasq module appears to be old and currently unavailable. Can anyone point me to a solution - need not be webmin, although that looks like a nice/useful admin tool that I'd be happy to use for DNS admin. Thanks, Robert -- Message: 2 Date: Thu, 8 Aug 2019 08:45:42 +0200 From: john doe To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Web interface for DNSmasq Message-ID: Content-Type: text/plain; charset=utf-8 On 8/7/2019 11:29 PM, Robert Shelton (NexusNet) wrote: I am looking for a web interface for DNSmasq. I found and successfully installed webmin only to discover that the DNSmasq module appears to be old and currently unavailable. Can anyone point me to a solution - need not be webmin, although that looks like a nice/useful admin tool that I'd be happy to use for DNS admin. The following URLs are untested: https://github.com/SloCompTech/dnsmasq-gui https://github.com/TimJuni/webdnsmasq OpenWrt uses Dnsmasq and can be configured using the GUI. An other approach is to edit, for example, '/etc/dnsmasq.conf' manually but you still need to remember the command to put in the file. You can do that in Webmin by editing the file directly even if there is no support for Dnsmasq. P.S. If you insist on using the GUI, you might consider Bind. -- John Doe -- Subject: Digest Footer ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -- End of Dnsmasq-discuss Digest, Vol 171, Issue 12 **** -- Robert E Shelton | Managing Partner | NexusNet, LLC | 152 Hinsons Ford Rd, Amissville VA 20106 | (703) 895-3402 ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Web interface for DNSmasq
I am looking for a web interface for DNSmasq. I found and successfully installed webmin only to discover that the DNSmasq module appears to be old and currently unavailable. Can anyone point me to a solution - need not be webmin, although that looks like a nice/useful admin tool that I'd be happy to use for DNS admin. Thanks, Robert ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] IPv6 host registration in DNS
Hi Maik, Thanks for the hint. The thing is that my FB has native IPv6 connectivity, i.e. it receives a prefix from the provider (which changes now and then, e.g. after disconnect). So IMHO there is no need to assign ULA addresses via DHCP. The clients already configure themselves correctly via SLAAC. According to the dnsmasq manpage: If a dhcp-range is only being used for stateless DHCP and/or SLAAC, then the address can be simply :: --dhcp-range=::,constructor:eth0 That's what I've used. So AFAIU the clients now configure themselves and only ask dnsmasq (via DHCPv6) for information about the DNSv6 server. However, I don't know if dnsmasq will add to its DNS the hostnames of clients requesting DNS information via DHCP only (and not getting assigned any address). By the way: What did you set in the IPv6 address settings of your FB ("Heimnetzübersicht" -> "Netzwerkeinstellungen" -> "IPv6-Adressen")? Best regards, Robert On 17 Sep 2017, at 15:46, Maik Weidemann wrote: Hi Robert, I use this parameter for IPv6 with a FB: enable-ra ra-param=high,60,7200 dhcp-range=fd00:cafe:beef:1:0050::,fd00:cafe:beef:1:F000::,64,2h Best regards, Maik Am 16.09.2017 um 14:50 schrieb Robert N: Hello all, I'm trying to replace the DNS/DHCP of my FritzBox home router with dnsmasq. For IPv4 everything seems to work fine, i.e. when clients request an IPv4 address, dnsmasq registers their hostnames, so name resolution for local machines works. But it does not seem to work for IPv6. I want the clients to do SLAAC but still dnsmasq should serve records for local hosts if asked for. If I understood correctly, then dnsmasq will only register the hostnames for which it receives a DHCP request. Does this require the hosts to request an IP address? Or will the hostnames be added to DNS also if just the DNS server information is requested? So I probably should configure what is called stateless DHCPv6: no-resolv server=8.8.8.8 server=8.8.4.4 server=2001:4860:4860:: server=2001:4860:4860::8844 domain=home.example.net local=/home.example.net/ domain-needed bogus-priv expand-hosts stop-dns-rebind enable-ra ra-param=high read-ethers dhcp-option=option6:dns-server,[fd00::] dhcp-option=option6:domain-search,home.example.net dhcp-range=::,constructor:lan,ra-names,ra-stateless # This will tell DHCP clients to not ask for proxy information # Some clients, like Windows 7, will constantly ask if not told NO # https://wiki.openwrt.org/doc/howto/dhcp.dnsmasq#log_continuously_filled_with_dhcpinformdhcpack dhcp-option=252,"\n" log-async=10 log-dhcp However, I don't get dnsmasq to return records for local hostnames. Is this configuration basically correct? Or am I missing something? Best regards, Robert ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] IPv6 host registration in DNS
Hello all, I'm trying to replace the DNS/DHCP of my FritzBox home router with dnsmasq. For IPv4 everything seems to work fine, i.e. when clients request an IPv4 address, dnsmasq registers their hostnames, so name resolution for local machines works. But it does not seem to work for IPv6. I want the clients to do SLAAC but still dnsmasq should serve records for local hosts if asked for. If I understood correctly, then dnsmasq will only register the hostnames for which it receives a DHCP request. Does this require the hosts to request an IP address? Or will the hostnames be added to DNS also if just the DNS server information is requested? So I probably should configure what is called stateless DHCPv6: no-resolv server=8.8.8.8 server=8.8.4.4 server=2001:4860:4860:: server=2001:4860:4860::8844 domain=home.example.net local=/home.example.net/ domain-needed bogus-priv expand-hosts stop-dns-rebind enable-ra ra-param=high read-ethers dhcp-option=option6:dns-server,[fd00::] dhcp-option=option6:domain-search,home.example.net dhcp-range=::,constructor:lan,ra-names,ra-stateless # This will tell DHCP clients to not ask for proxy information # Some clients, like Windows 7, will constantly ask if not told NO # https://wiki.openwrt.org/doc/howto/dhcp.dnsmasq#log_continuously_filled_with_dhcpinformdhcpack dhcp-option=252,"\n" log-async=10 log-dhcp However, I don't get dnsmasq to return records for local hostnames. Is this configuration basically correct? Or am I missing something? Best regards, Robert ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Unseen cache limit?
Hi, I wonder if there is some sort of internal limit on caching? I set cache-size=5, restarted dnsmasq and the limit according to the caching service is 1 # kill -10 10150; tail -n5 /var/log/messages | egrep 'cache size' Jun 1 19:18:41 dnsmasq1 dnsmasq[10150]: cache size 1, 0/2660 cache insertions re-used unexpired cache entries. Thanks for your attention to this matter, Robert ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Fritzbox and frequent router advertisments
Hi, I using a Fritzbox and a dualstack internet connection (Deutsche Telekom). Fritzbox is providing router advertisments with rfc5006 dns. Fritzbopx is running stateless dhcpv6 with IA_P but no IA_NA. I have running dnsmasq 2.72 on Fedora 21. My Mac and Linux boxes are happy, but my Windows machines are very unhappy. VPN tunnels on these Windows machines are extremly unrealiable, when dnsmasq is running. If I stop dnsmasq, everything is ok. In my logs I see lot's of these, and I'm unsure if this might be the problem. Looks like dnsmasq is frequently contructing and deconstructing the network interface ? Avahi seems to think the interface is going up and down. But why ? The address does not change ? cu romal Jan 14 20:27:28 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:4d00:: Jan 14 20:27:28 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e341:b300:: Jan 14 20:27:28 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) fde7:831a:b4ef:1:: Jan 14 20:27:28 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:3800:: old prefix Jan 14 20:27:28 zerberus dnsmasq-dhcp[10775]: DHCPv6 stateless on 2003:57:e342:3800::, constructed for enp1s0 Jan 14 20:27:28 zerberus dnsmasq-dhcp[10775]: router advertisement on 2003:57:e342:3800::, constructed for enp1s0 Jan 14 20:27:28 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:4d00:: Jan 14 20:27:28 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:3800:: Jan 14 20:27:28 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e341:b300:: Jan 14 20:27:28 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) fde7:831a:b4ef:1:: Jan 14 20:27:28 zerberus avahi-daemon[501]: Registering new address record for 2003:57:e342:3800:20d:b9ff:fe36:6884 on enp1s0.*. Jan 14 20:27:38 zerberus dnsmasq-dhcp[10775]: router advertisement on 2003:57:e342:3800::, old prefix for enp1s0 Jan 14 20:27:38 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:4d00:: Jan 14 20:27:38 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e341:b300:: Jan 14 20:27:38 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) fde7:831a:b4ef:1:: Jan 14 20:27:38 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:3800:: old prefix Jan 14 20:27:38 zerberus avahi-daemon[501]: Withdrawing address record for 2003:57:e342:3800:20d:b9ff:fe36:6884 on enp1s0. Jan 14 20:27:38 zerberus avahi-daemon[501]: Registering new address record for 2003:57:e342:3800:20d:b9ff:fe36:6884 on enp1s0.*. Jan 14 20:27:38 zerberus dnsmasq-dhcp[10775]: DHCPv6 stateless on 2003:57:e342:3800::, constructed for enp1s0 Jan 14 20:27:38 zerberus dnsmasq-dhcp[10775]: router advertisement on 2003:57:e342:3800::, constructed for enp1s0 Jan 14 20:27:38 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:4d00:: Jan 14 20:27:38 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:3800:: Jan 14 20:27:38 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e341:b300:: Jan 14 20:27:38 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) fde7:831a:b4ef:1:: Jan 14 20:27:48 zerberus avahi-daemon[501]: Withdrawing address record for 2003:57:e342:3800:20d:b9ff:fe36:6884 on enp1s0. Jan 14 20:27:48 zerberus dnsmasq-dhcp[10775]: router advertisement on 2003:57:e342:3800::, old prefix for enp1s0 Jan 14 20:27:48 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:4d00:: Jan 14 20:27:48 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e341:b300:: Jan 14 20:27:48 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) fde7:831a:b4ef:1:: Jan 14 20:27:48 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:3800:: old prefix Jan 14 20:27:48 zerberus avahi-daemon[501]: Registering new address record for 2003:57:e342:3800:20d:b9ff:fe36:6884 on enp1s0.*. Jan 14 20:27:48 zerberus dnsmasq-dhcp[10775]: DHCPv6 stateless on 2003:57:e342:3800::, constructed for enp1s0 Jan 14 20:27:48 zerberus dnsmasq-dhcp[10775]: router advertisement on 2003:57:e342:3800::, constructed for enp1s0 Jan 14 20:27:48 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:4d00:: Jan 14 20:27:48 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:3800:: Jan 14 20:27:48 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e341:b300:: Jan 14 20:27:48 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) fde7:831a:b4ef:1:: Jan 14 20:27:58 zerberus dnsmasq-dhcp[10775]: router advertisement on 2003:57:e342:3800::, old prefix for enp1s0 Jan 14 20:27:58 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:4d00:: Jan 14 20:27:58 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e341:b300:: Jan 14 20:27:58 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) fde7:831a:b4ef:1:: Jan 14 20:27:58 zerberus dnsmasq-dhcp[10775]: RTR-ADVERT(enp1s0) 2003:57:e342:3800:: old prefix Jan 14 20:27:58 zerberus avahi-daemon[501]: Withdrawing address record for 2003:57:e342:3800:20d:b9ff:fe36:6884 on enp1s0. Jan 14 20:27:58 zerberus
[Dnsmasq-discuss] AVM Fritzbox, DUalstack ISP and dnmasq
Hi, I'm not sure if this can't be done or if I am just confused. My ISP (Deutsche Telekom AG) provides dual stack connectivty with one IPv6 and /53 ipv6. Both are dynamic, so if I reconnect my DSL I might / will get different IPs and prefixes. As the DNS and DHCP integrated into the router are crap (no manuel dns entries, no dhcp options, no pxe possible, ...) I want to use dnsmaq. IPV4 is easy. Disabling DHCPv4 in the Fritzbox and done. IPv6 is different. I can disable the DHCPv6 service in the router. By doing so I can choose the options in the router advertismment: - none - O - O M Enabling DHCPv6 in the router provides the following choices: - none - IA_PD - IA_PD and IA-NA but enabling the routers DHCPv6 ALWAYS puts the routers address into the DNS-server option: aaargh. My question: which is the canonical way ? Setting a dhcpv6-range in dnsmasq is impossible, as the prefix might change. Constructing a dhcpv6-range needs a dhcpv6 on the router for the IA_PD, but this also enables the routers dns-option. Any ideas ? Any hints ? cu romal ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] How does proxy-dhcp work ?
Hi, I'm trying to setup a dnsmasq adding some pxe-stuff in a network with an uncooperative DHCP-server. Even for this problem dnsmasq has a solution, really the swiss-army-knife for DNS/DHCP stuff ! But I don't unterstand how this works. Perhaps someone could enlighten me. A proxy usually sitzs between server and client and does some magic like filtering or caching. But of both (dhcp-server and dhcp-client) are in the same broadcast-domain (local link whatever you might call it) so the dhcp-server could simply answer the request and dnsmasq would not come into the game. Or is there some logic in the pxe-clients to ask a second time, when the pxe-stuff was missing in the first answer ? I'm slightly confused how this works. cu romal ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Dnsmasq dns/dhcp with multiple subnet - lease file issue
Hi Simon, Thanks for the reply! Sorry I didn't clarify, each subnet is on its own nic on the dnsmasq server. The storage subnet is an isolate non-routed network. So the storage subnet clients do get a ip from dhcp but the mac, lease, and hostname never get populated to the dnsmasq.leases file only the app subnet clients do. Btw, my current dnsmasq server is on ver 2.48 on centos6.3. As for dhclient sending host name, is it possible to have, for example, a subdomin added to the hostname? I tried to send node.str but dnmasq ignores anything after node\. Again really appreciate the help! Robert Sent from my iPhone On Sep 9, 2013, at 3:33 AM, Simon Kelley si...@thekelleys.org.uk wrote: On 08/09/13 14:09, Robert Tsai wrote: Hi, I am having issues with dnsmasq with dns/dhcp with multple subnets. I have two subnets , one named app and the other storage. Both subnet clients get ips through dhcp but only the app subnet client's lease gets propagated to /var/lib/dnsmasq.leases. The storage subnet client's lease never gets written to that file. I'm assuming that both subnets are on the same physical network adapator. A client (as identified by MAC address) can't have two leases at once. My guess is that the first lease achieved is on the storage subnet, and that gets deleted when the same client gets another lease. It's worth looking in the system log to see what happening, and also worth setting --log-dhcp to get more information there. One way around this is to configure the DHCP clients to send different client-IDs for the two subnets, they'll be treated as two different leases for two different clients. Also if I have a client server that needs to have both subnets and sends its host-name from dhclient, will dnsmasq add both host-name to the lease file? Any help on this would be appreciated. Below are the options that are set for dhcp and dns. No. A hostname is only ever associated with one DHCP lease. Cheers, Simon. Thanks, Robert addn-hosts=/etc/dnsmasq.d/dhcp_qa_hosts bogus-priv domain=app.domain.net,10.10.123.201,10.10.123.240 domain=str.domain.net,10.10.133.201,10.10.133.240 domain-needed expand-hosts log-dhcp log-queries dhcp-option=option:dns-server,10.10.123.5 dhcp-range=app,10.10.123.201,10.10.123.240,12h,app.domain.net dhcp-option=net:app,121,10.10.120.0/24,10.10.123.241,10.10.121.0/24,10.10.123.241 dhcp-range=storage,10.10.133.201,10.10.133.240,12h,str.domain.net dhcp-option=net:storage,3 dhcp-option=net:storage,121,10.10.130.0/24,10.10.133.241 dhcp-option=net:app,option:router,10.10.123. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Dnsmasq dns/dhcp with multiple subnet - lease file issue
I understand. If the storage subnet clients get a DHCP lease, but the leases never appear in dnsmasq.leases file, then they may well be getting a DHCP lease from another DHCP server on that network. You really need to check the logs to see if the clients are talking to dnsmasq, or another DHCP server that's there accidentally. Ah great! We are using VMWare VCloud and on our isolate network they had dhcp turned on. I can the request from the client in dnsmasq.log but their dhcp server was the one assigning the IP. Sorry for overlook on that. Its now working properly. However, I do have domain= set with the following: domain=app.domain.net,10.10.123.201,10.10.123.240 domain=str.domain.net,10.10.133.201,10.10.133.240 and I did have the domain set after the range as well dhcp-range=app,10.10.123.201,10.10.123.240,12h,app.domain.net dhcp-range=storage,10.10.133.201,10.10.133.240,12h,str.domain.net -Robert On Mon, Sep 9, 2013 at 6:12 AM, Simon Kelley si...@thekelleys.org.ukwrote: On 09/09/13 14:07, Robert Tsai wrote: Hi Simon, Thanks for the reply! Sorry I didn't clarify, each subnet is on its own nic on the dnsmasq server. The storage subnet is an isolate non-routed network. So the storage subnet clients do get a ip from dhcp but the mac, lease, and hostname never get populated to the dnsmasq.leases file only the app subnet clients do. Btw, my current dnsmasq server is on ver 2.48 on centos6.3. I understand. If the storage subnet clients get a DHCP lease, but the leases never appear in dnsmasq.leases file, then they may well be getting a DHCP lease from another DHCP server on that network. You really need to check the logs to see if the clients are talking to dnsmasq, or another DHCP server that's there accidentally. As for dhclient sending host name, is it possible to have, for example, a subdomin added to the hostname? I tried to send node.str but dnmasq ignores anything after node\. Again really appreciate the help! Check the --domain dnsmasq config option - you can associate domains with subnets. Cheers, Simon. Robert Sent from my iPhone On Sep 9, 2013, at 3:33 AM, Simon Kelleysi...@thekelleys.org.uk** wrote: On 08/09/13 14:09, Robert Tsai wrote: Hi, I am having issues with dnsmasq with dns/dhcp with multple subnets. I have two subnets , one named app and the other storage. Both subnet clients get ips through dhcp but only the app subnet client's lease gets propagated to /var/lib/dnsmasq.leases. The storage subnet client's lease never gets written to that file. I'm assuming that both subnets are on the same physical network adapator. A client (as identified by MAC address) can't have two leases at once. My guess is that the first lease achieved is on the storage subnet, and that gets deleted when the same client gets another lease. It's worth looking in the system log to see what happening, and also worth setting --log-dhcp to get more information there. One way around this is to configure the DHCP clients to send different client-IDs for the two subnets, they'll be treated as two different leases for two different clients. Also if I have a client server that needs to have both subnets and sends its host-name from dhclient, will dnsmasq add both host-name to the lease file? Any help on this would be appreciated. Below are the options that are set for dhcp and dns. No. A hostname is only ever associated with one DHCP lease. Cheers, Simon. Thanks, Robert addn-hosts=/etc/dnsmasq.d/**dhcp_qa_hosts bogus-priv domain=app.domain.net,10.10.**123.201,10.10.123.240 domain=str.domain.net,10.10.**133.201,10.10.133.240 domain-needed expand-hosts log-dhcp log-queries dhcp-option=option:dns-server,**10.10.123.5 dhcp-range=app,10.10.123.201,**10.10.123.240,12h,app.domain.**nethttp://app.domain.net dhcp-option=net:app,121,10.10.**120.0/24,10.10.123.241,10.10.** 121.0/24,10.10.123.241http://10.10.120.0/24,10.10.123.241,10.10.121.0/24,10.10.123.241 dhcp-range=storage,10.10.133.**201,10.10.133.240,12h,str.**domain.nethttp://str.domain.net dhcp-option=net:storage,3 dhcp-option=net:storage,121,10**.10.130.0/24,10.10.133.241http://10.10.130.0/24,10.10.133.241 dhcp-option=net:app,option:**router,10.10.123. __**_ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.**thekelleys.org.ukDnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.**uk/mailman/listinfo/dnsmasq-**discusshttp://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss __**_ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.**thekelleys.org.ukDnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.**uk/mailman/listinfo/dnsmasq-**discusshttp://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss
Re: [Dnsmasq-discuss] Can I set up dnsmasq to act as a local caching recursive DNS server?
I've been advised that my URIBL query traffic may be aggregated with many others and that I need to use a local caching recursive DNS server. This isn't a problem for me, because my mail server is also an authoritative NS server, and it runs BIND named. I only run dnsmasq in SOHO settings. This looks like a simple solution. I've looked at unbound, which seems to be easy to set up the same way. I've found a simpler solution which seems to work - I've used the OpenDNS nameserver addresses in my resolv.conf. Their website state OpenDNS is the largest and most reliable _recursive_ DNS service It appears that the previous problems with typo correction etc have been sorted out. I no longer get error messages about URIBL queries. Would this be suitable for a SOHO network? I'd be interested to hear comments. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Can I set up dnsmasq to act as a local caching recursive DNS server?
I am having difficulties with lookups by spamassassin - I'm getting these messages:URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. I've been advised that my URIBL query traffic may be aggregated with many others and that I need to use a local caching recursive DNS server. Is dnsmasq able to do this? I've been using it for quite a few years and am not keen to switch to something else. TIA Robert S ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] DHCP for Multiple Subnets
Hello, I have been implementing dnsmasq on one host to serve multiple subnets. So far I have DNS configured and it is working perfectly. However for DHCP I am having difficulty in assigning a scope for each subnet. There are 3 subnets that I am trying to configure it for. However the host I have Dnsmasq running on only has one NIC. My dnsmasq has an IP address of 192.168.14.12 and my intention is to have it serve DHCP for subnets 192.168.13.0, .14.0 and .15.0 The gateway for each of these is .254 so basically I'm wondering if for example a DHCP request comes from 192.168.13.254 it should acknowledge with an offer of an IP address in the 13.0 subnet. From looking through the documentation and other configuration examples I understand tagging might be of assistance. However I'm not quite sure how this works. I've gotten as far as this and I'm unsure what to do next: dhcp-range=set:snet13,192.168.13.100,192.168.13.250,12h dhcp-range=set:snet14,192.168.14.100,192.168.14.250,12h dhcp-range=set:snet15,192.168.15.50,192.168.15.100,12h Is what I am trying to achieve actually possible or is it necessary for each subnet to have its own interface? Many thanks in advance, Robert ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DHCP for Multiple Subnets
- Original Message - From: Simon Kelley si...@thekelleys.org.uk To: dnsmasq-discuss@lists.thekelleys.org.uk Sent: Wednesday, 29 May, 2013 10:50:40 AM Subject: Re: [Dnsmasq-discuss] DHCP for Multiple Subnets On 29/05/13 10:42, Robert Sweetnam wrote: Hello, I have been implementing dnsmasq on one host to serve multiple subnets. So far I have DNS configured and it is working perfectly. However for DHCP I am having difficulty in assigning a scope for each subnet. There are 3 subnets that I am trying to configure it for. However the host I have Dnsmasq running on only has one NIC. My dnsmasq has an IP address of 192.168.14.12 and my intention is to have it serve DHCP for subnets 192.168.13.0, .14.0 and .15.0 The gateway for each of these is .254 so basically I'm wondering if for example a DHCP request comes from 192.168.13.254 it should acknowledge with an offer of an IP address in the 13.0 subnet. From looking through the documentation and other configuration examples I understand tagging might be of assistance. However I'm not quite sure how this works. I've gotten as far as this and I'm unsure what to do next: dhcp-range=set:snet13,192.168.13.100,192.168.13.250,12h dhcp-range=set:snet14,192.168.14.100,192.168.14.250,12h dhcp-range=set:snet15,192.168.15.50,192.168.15.100,12h Is what I am trying to achieve actually possible or is it necessary for each subnet to have its own interface? Many thanks in advance, Robert Are your subnets all in the same broadcast-domain (ie the piece of virtual wire attached to eth0) or are they different physical networks connected via routers to the eth0 wire? Cheers, Simon. Hi Simon, They are the latter. That is they are different physical networks connected via routers. Best regards Robert ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DHCP for Multiple Subnets
- Original Message - From: Simon Kelley si...@thekelleys.org.uk To: Robert Sweetnam li...@fsck.eu Cc: dnsmasq-discuss@lists.thekelleys.org.uk Sent: Wednesday, 29 May, 2013 11:13:06 AM Subject: Re: [Dnsmasq-discuss] DHCP for Multiple Subnets On 29/05/13 10:57, Robert Sweetnam wrote: Are your subnets all in the same broadcast-domain (ie the piece of virtual wire attached to eth0) or are they different physical networks connected via routers to the eth0 wire? Cheers, Simon. Hi Simon, They are the latter. That is they are different physical networks connected via routers. In that case you need something called a DHCP-helper or DHCP-relay which runs on a machine which does have an interface on the physical network. Normally it runs on the router, but it doesn't have to. The DHCP-helper receives the where am I broadcast from the client, tags it with the address of the interface in which it was received (which solves you original problem) and sends it on to the DHCP server for address allocation. Most dedicated routers include this function: you just have to configure the address of the machine running dnsmasq. If your router can't do it, but you have a machine on each network running Linux (either the router or another machine) then http://www.thekelleys.org.uk/dhcp-helper/ will do the trick. You don't need any extra configuration in dnsmasq, beyond providing suitable dhcp-ranges. Cheers, Simon. Thanks for the very quick response Simon. I will give that a try. Many thanks again, Robert ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Strange resolution when ipv6 ipv4 dual stack is used
I've noticed an odd problem with resolution when ipv6 / ipv4 dual stack is being used. I use Ubuntu 12.10 which in turn uses dnsmasq 2.63. The problem arose in a virtualbox guest with virtualbox version 4.2.8. The guest OS is FreeBSD 9.1. I have the FreeBSD guest installed in a VM that uses vbox's NAT. This makes the host's DNS resolver available to the guest as its DNS. The host's DNS in this case is dnsmasq, which is the default in Ubuntu. When I let DHCP set the resolv.conf in the guest, I get incorrect results for queries. If I set resolv.conf to specify the LAN's, my ISP's, or 8.8.8.8 DNS there is no problem. The error that I get is this: Mar 2 22:24:07 test sm-mta[689]: gethostby*.gethostanswer: asked for test IN , got type A The guest OS seems to be asking for ipv4 resolution, but dnsmasq is answering with ipv6. Any ideas as to why this is happening? ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] dhcp-range for ipv6
Hi, I simply don't get it: ifconfig em1: flags=4163UP,BROADCAST,RUNNING,MULTICAST mtu 1500 inet 192.168.0.220 netmask 255.255.255.0 broadcast 192.168.0.255 inet6 fe80::92fb:a6ff:fe83:4b46 prefixlen 64 scopeid 0x20link inet6 2001:6f8:1d27:0:92fb:a6ff:fe83:4b46 prefixlen 64 scopeid 0x0global ether 90:fb:a6:83:4b:46 txqueuelen 1000 (Ethernet) RX packets 37993 bytes 5283029 (5.0 MiB) RX errors 0 dropped 8741 overruns 0 frame 0 TX packets 18842 bytes 4102652 (3.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 1 collisions 0 Feb 17 18:36:29 gutenberg dnsmasq[4275]: started, version 2.65 cachesize 150 Feb 17 18:36:29 gutenberg dnsmasq[4275]: compile time options: IPv6 GNU-getopt DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack Feb 17 18:36:29 gutenberg dnsmasq-dhcp[4275]: DHCP, IP range 192.168.0.20 -- 192.168.0.150, lease time 12h Feb 17 18:36:29 gutenberg dnsmasq-dhcp[4275]: DHCPv6 stateless on 2001:6f8:10ea:: Feb 17 18:36:29 gutenberg dnsmasq-dhcp[4275]: DHCPv4-derived IPv6 names on 2001:6f8:10ea:: Feb 17 18:36:29 gutenberg dnsmasq-dhcp[4275]: SLAAC on 2001:6f8:10ea:: prefix valid 2h from the config-file: dhcp-range=2001:6f8:10ea::,ra-stateless,ra-names dhcp-option=option6:dns-server,[fd00::92fb:a6ff:fe83:4b46],[fe80::92fb:a6ff:fe83:4b46] And I keep getting these: Feb 17 18:37:01 gutenberg dnsmasq-dhcp[4275]: no address range available for DHCPv6 request via em1 Any ideas why this is failing ? Originally I wanted to distribute the dns-information to some machines, but this does not seem to work without an dhcp-range ? cu romal ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Take a Stand for the Girl Who Stood Up: Nominate Malala for the Nobel Peace Prize
Hey, I just signed the petition quot;Take a Stand for the Girl Who Stood Up: Nominate Malala for the Nobel Peace Prizequot; and wanted to see if you could help by adding your name. Our goal is to reach 200,000 signatures and we need more support. You can read more and sign the petition here: https://www.change.org/petitions/take-a-stand-for-the-girl-who-stood-up-nominate-malala-for-the-nobel-peace-prize?share_id=eAHxkQNCfFutm_source=share_petitionutm_medium=email Thanks! Robert You#x27;re receiving this message because Robert Stanton sent you an email through Change.org#x27;s petition sharing tool. If you believe you have received this message in error, respond directly to Robert Stanton at fars...@gmail.com. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] File System Access by Dnsmasq
Normal0 falsefalsefalseEN-US X-NONEX-NONE Hi Justin Simon, Thanks for your responses. I am already using the no-resolv option and the ls -la /proc/pid/fd gives me only sockets and pipes apart from the log and lease files. Not sure what is waking up the disks then. Maybe the NAS is not smart enough to know that dnsmasq accesses the files on the USB mount and just wakes up the disks for any file system access. Cheers, Robert Original-Nachricht Datum: Sun, 8 Aug 2010 13:38:11 -0500 Von: Justin McAteer jus...@jmcateer.com An: Robert Pollai rap.nosp...@gmx.net CC: dnsmasq-discuss@lists.thekelleys.org.uk Betreff: Re: [Dnsmasq-discuss] File System Access by Dnsmasq You can find all opened files by dnsmasq using the fd directory in the proc filesystem ls -la /proc/pid/fd or by using the command lsof Thanks, Justin McAteer On Sat, Aug 7, 2010 at 2:40 AM, Robert Pollai rap.nosp...@gmx.net wrote: Hi, I am running dnsmasq on a NAS from Synology. The NAS puts its disks into standby if they are not needed and I want to move all files accessed by dnsmasq to a USB flash drive, so that dnsmasq wonrsquo;t wake up the disks. So far I have done that for the log file and lease file by adding the following two lines to the configuration file: dhcp-leasefile=/volumeUSB1/dnsmasq/dnsmasq.lease log-facility=/volumeUSB1/dnsmasq/dnsmasq.log But still the disks seem to wake up when I switch one a device that fetches an IP via DHCP. Are there any other files that dnsmasq accesses, directly or through the operating system? Is the configuration file accessed regularly or only on startup? Thanks for your support, regards, Robert ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] File System Access by Dnsmasq
Hi, I am running dnsmasq on a NAS from Synology. The NAS puts its disks into standby if they are not needed and I want to move all files accessed by dnsmasq to a USB flash drive, so that dnsmasq won’t wake up the disks. So far I have done that for the log file and lease file by adding the following two lines to the configuration file: dhcp-leasefile=/volumeUSB1/dnsmasq/dnsmasq.lease log-facility=/volumeUSB1/dnsmasq/dnsmasq.log But still the disks seem to wake up when I switch one a device that fetches an IP via DHCP. Are there any other files that dnsmasq accesses, directly or through the operating system? Is the configuration file accessed regularly or only on startup? Thanks for your support, regards, Robert
[Dnsmasq-discuss] Dnsmasq for Synology DiskStations
Hi, I have prepared a package that allows the installation of dnsmasq on various NAS models from Synology. It allows installation and start/stop via the Synology DiskStation Manager. The configuration still needs to be done by editing the config file. I created a tiny website for this: http://syndsnmasq.the-ninth.com It would be interesting to add a web frontend for the configuration and therefore I wanted to ask if anything like that already exists for dnsmasq? Thanks and regards, Robert Original-Nachricht Datum: Mon, 8 Feb 2010 18:57:32 -0600 Von: richardvo...@gmail.com richardvo...@gmail.com An: Simon Kelley si...@thekelleys.org.uk CC: dnsmasq-discuss@lists.thekelleys.org.uk Betreff: Re: [Dnsmasq-discuss] Simple question how to give multiple names to one host? On Mon, Feb 8, 2010 at 3:59 PM, Simon Kelley si...@thekelleys.org.uk wrote: Chris G wrote: On Sun, Feb 07, 2010 at 08:16:42PM +, Simon Kelley wrote: Chris G wrote: I have a dnsmasq.conf file with the following at the end:- dhcp-host=chris,192.168.1.4 How do I get 192.168.1.4 to have some other names as well (for apache2 virtual hosting)? Equally simple answer: cname=some other name,chris You can have as many CNAMEs as you like for the primary name. Brilliant, thanks, it just wasn't very easy to find in the dnsmasq man page. I've added a pointer to --cname on the section on --dhcp-host. It might also be worthwhile using the word alias in the description of --cname, because that's one of the most common search terms (AFAICT). Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Dnsmasq for Synology DiskStations
Hi, Sorry, I mistyped the URL. It is http://syndnsmasq.the-ninth.com. Regards, Robert Original-Nachricht Datum: Tue, 09 Feb 2010 10:48:36 +0100 Von: Robert Pollai rap.nosp...@gmx.net An: dnsmasq-discuss@lists.thekelleys.org.uk Betreff: [Dnsmasq-discuss] Dnsmasq for Synology DiskStations Hi, I have prepared a package that allows the installation of dnsmasq on various NAS models from Synology. It allows installation and start/stop via the Synology DiskStation Manager. The configuration still needs to be done by editing the config file. I created a tiny website for this: http://syndsnmasq.the-ninth.com It would be interesting to add a web frontend for the configuration and therefore I wanted to ask if anything like that already exists for dnsmasq? Thanks and regards, Robert Original-Nachricht Datum: Mon, 8 Feb 2010 18:57:32 -0600 Von: richardvo...@gmail.com richardvo...@gmail.com An: Simon Kelley si...@thekelleys.org.uk CC: dnsmasq-discuss@lists.thekelleys.org.uk Betreff: Re: [Dnsmasq-discuss] Simple question how to give multiple names to one host? On Mon, Feb 8, 2010 at 3:59 PM, Simon Kelley si...@thekelleys.org.uk wrote: Chris G wrote: On Sun, Feb 07, 2010 at 08:16:42PM +, Simon Kelley wrote: Chris G wrote: I have a dnsmasq.conf file with the following at the end:- dhcp-host=chris,192.168.1.4 How do I get 192.168.1.4 to have some other names as well (for apache2 virtual hosting)? Equally simple answer: cname=some other name,chris You can have as many CNAMEs as you like for the primary name. Brilliant, thanks, it just wasn't very easy to find in the dnsmasq man page. I've added a pointer to --cname on the section on --dhcp-host. It might also be worthwhile using the word alias in the description of --cname, because that's one of the most common search terms (AFAICT). Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Dnsmasq not answering DHCP requests
Hi Richard, Thanks for your reply! Is dnsmasq running on the router where the old DHCP software was? A separate computer? Connected how to the network? (e.g. dnsmasq is wired to the router, clients are a mix of wired and wireless) The previous DHCP server was a router appliance from Linksys. Dnsmasq I run on a NAS from Synology (DS408) with an PPC processor running Linux. I compiled dnsmasq there myself. The NAS is wired to the router and all clients I tested so far are wired to the router as well. What OS? Could be a firewall/packet filtering issue on either the dnsmasq computer or the router. (e.g. router firewall is configured to accept DHCP requests but not bridge them to the rest of the network) I also tested a client that is connected directly to the NAS via a switch, So there is no firewall between. The firewall on the NAS is disabled. Make sure that dnsmasq owns port 67 on its machine by running netstat -l with dnsmasq running and again with dnsmasq stopped. I did that and dnsmasq has port 67 (shown as bootps) and also 53 (shown as domain) for DNS. I tested DNS and it works for machines I have in my /etc/hosts (after I commented no-hosts out of the config file). The DNS does not work for the names I put in via the dhcp-host entries. Kind regards, Robert Original-Nachricht Datum: Fri, 5 Feb 2010 16:46:45 -0600 Von: richardvo...@gmail.com richardvo...@gmail.com An: rap.nosp...@gmx.net CC: dnsmasq-discuss@lists.thekelleys.org.uk Betreff: Re: [Dnsmasq-discuss] Dnsmasq not answering DHCP requests On Fri, Feb 5, 2010 at 3:24 PM, rap.nosp...@gmx.net wrote: Hi, I am new to dnsmasq and want to replace my routers DHCP with it. So I just tried to create my first setup but unfortunately it seems that dnsmasq is not answering DHCP requests, my clients requests are timing out. I would appreciate any hints on what I could have done wrong or generally on how to approach/debug the issue. Is dnsmasq running on the router where the old DHCP software was? A separate computer? Connected how to the network? (e.g. dnsmasq is wired to the router, clients are a mix of wired and wireless) What OS? Could be a firewall/packet filtering issue on either the dnsmasq computer or the router. (e.g. router firewall is configured to accept DHCP requests but not bridge them to the rest of the network) Make sure that dnsmasq owns port 67 on its machine by running netstat -l with dnsmasq running and again with dnsmasq stopped. Here is my config file: - file start - # Configuration file for dnsmasq. # dhcp-range=192.168.0.100,192.168.0.150,12h dhcp-leasefile=/var/packages/dnsmasq/target/leases/dnsmasq.leases dhcp-authoritative no-resolv no-hosts server=(ip deleted) server=(ip deleted) server=(ip deleted) dhcp-option=option:router,192.168.0.1 dhcp-host=(mac deleted),adam,192.168.0.100 dhcp-host=(mac deleted),eva,192.168.0.101 - file end - Kind regards, Robert ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Dnsmasq not answering DHCP requests
Hi Richard, This sounds as if some other DNS and DHCP server programs are running. Or perhaps dnsmasq is running and owns the ports, but is reading from a different configuration file (path can be specified on the command-line, there's also a compiled-in default). I verified that when I stop dnsmasq, the ports disappear from netstat -l. When I start dnsmasq they come back. So it looks like dnsmasq has them. I start it via the following command in a script: /volume1/@appstore/dnsmasq/bin/dnsmasq -C /volume1/@appstore/dnsmasq/etc/dnsmasq.conf For testing purposes I now added logging: /volume1/@appstore/dnsmasq/bin/dnsmasq -C /volume1/@appstore/dnsmasq/etc/dnsmasq.conf --log-facility=/volume1/@appstore/dnsmasq/log/dnsmasq.log --log-dhcp I get the following output: Feb 6 23:13:08 dnsmasq[17719]: started, version 2.52 cachesize 150 Feb 6 23:13:08 dnsmasq[17719]: compile time options: IPv6 GNU-getopt no-DBus no-I18N DHCP TFTP Feb 6 23:13:08 dnsmasq-dhcp[17719]: DHCP, IP range 192.168.0.100 -- 192.168.0.150, lease time 12h Feb 6 23:13:08 dnsmasq[17719]: using nameserver 195.202.128.2#53 Feb 6 23:13:08 dnsmasq[17719]: using nameserver 195.202.128.3#53 Feb 6 23:13:08 dnsmasq[17719]: using nameserver 62.40.128.2#53 Feb 6 23:13:08 dnsmasq[17719]: read /etc/hosts - 2 addresses This shows that it reads the correct config file (it has DHCP and the name servers). Still, when I start ipconfig /renew on a Windows client after disabling the DHCP server in the router the request times out. I already put in dhcp-authoritative in the config file to get dnsmasq to take over everything from the old DHCP server immediately. So right now I am a bit clueless. I will leave the DHCP in the router switched of and dnsmasq running overnight, maybe the client needs more time to realize that the old DHCP server is gone. Of course any further advise is greatly appreciated. Kind regards, Robert Original-Nachricht Datum: Sat, 6 Feb 2010 11:35:54 -0600 Von: richardvo...@gmail.com richardvo...@gmail.com An: Robert Pollai robert.pol...@gmx.at CC: dnsmasq-discuss@lists.thekelleys.org.uk Betreff: Re: [Dnsmasq-discuss] Dnsmasq not answering DHCP requests On Sat, Feb 6, 2010 at 1:53 AM, Robert Pollai robert.pol...@gmx.at wrote: Hi Richard, Thanks for your reply! Is dnsmasq running on the router where the old DHCP software was? A separate computer? Connected how to the network? (e.g. dnsmasq is wired to the router, clients are a mix of wired and wireless) The previous DHCP server was a router appliance from Linksys. Dnsmasq I run on a NAS from Synology (DS408) with an PPC processor running Linux. I compiled dnsmasq there myself. The NAS is wired to the router and all clients I tested so far are wired to the router as well. What OS? Could be a firewall/packet filtering issue on either the dnsmasq computer or the router. (e.g. router firewall is configured to accept DHCP requests but not bridge them to the rest of the network) I also tested a client that is connected directly to the NAS via a switch, So there is no firewall between. The firewall on the NAS is disabled. Make sure that dnsmasq owns port 67 on its machine by running netstat -l with dnsmasq running and again with dnsmasq stopped. I did that and dnsmasq has port 67 (shown as bootps) and also 53 (shown as domain) for DNS. I tested DNS and it works for machines I have in my /etc/hosts (after I commented no-hosts out of the config file). The DNS does not work for the names I put in via the dhcp-host entries. This sounds as if some other DNS and DHCP server programs are running. Or perhaps dnsmasq is running and owns the ports, but is reading from a different configuration file (path can be specified on the command-line, there's also a compiled-in default). How are you starting dnsmasq? Does it behave differently if you run it from a root command-line instead of through init scripts? Kind regards, Robert -Original Message- From: richardvo...@gmail.com [mailto:richardvo...@gmail.com] Sent: 05 February 2010 23:47 To: rap.nosp...@gmx.net Cc: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Dnsmasq not answering DHCP requests On Fri, Feb 5, 2010 at 3:24 PM, rap.nosp...@gmx.net wrote: Hi, I am new to dnsmasq and want to replace my routers DHCP with it. So I just tried to create my first setup but unfortunately it seems that dnsmasq is not answering DHCP requests, my clients requests are timing out. I would appreciate any hints on what I could have done wrong or generally on how to approach/debug the issue. Is dnsmasq running on the router where the old DHCP software was? A separate computer? Connected how to the network? (e.g. dnsmasq is wired to the router, clients are a mix of wired and wireless) What OS? Could be a firewall/packet filtering issue on either the dnsmasq computer
Re: [Dnsmasq-discuss] Suppressing default route DNS server options
Sigh, as is often the case I find the solution shortly after I ask for help. The winning config line in the OpenWRT /etc/config/dhcp was config dhcp lan option dhcp_option 3 6 Both Vista and my printer appear to be happy with that config. --bob On Jan 4, 2010, at 7:25 PM, Robert Olson wrote: Hi - I've been trying a number of things to keep dnsmasq from sending the DHCP options for default route and DNS server. I'm using an OpenWRT router as a DHCP server wireless bridge for a small standalone network of computers (3-4 systems set up to run a shared MS Access database, web viewer, etc for a dog show scoring setup). It works like a champ, except that when the site has wireless Internet access and the systems are attached via wired network to the router. In this case the default route and DNS settings interfere with Internet access on the hosts. I can manually override the routes on the hosts, but I'd much rather stay hands off. I've tried using -O 3, -O 6, to suppress; this works OK on my MacOS XP boxes, but MS Vista appears to reject the DHCP as invalid (you get an error on an ipconfig /renew and never get an address), and it seemed to confuse the heck out of my network-enabled Brother printer. Is there another way to do this that may work better? Best would be to just have it not emit those options at all I think. This is dnsmasq 2.47 as included in OpenWRT Kamikaze (8.09.1, r16278). Thank you for any recommendations, and my apologies if this is a FAQ. I've been poking around a lot and haven't seen this directly addressed that I could find. --bob ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] MAN Page Link Broken? and redundancy question
Hello, First, it appears (at least to me) that as of right now the link to the online version of the MAN page simply leads to a blank page (http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html). Can anyone else confirm? Second, I tried looking through the mailing list and other pages but I have (what I hope) a simple question about configuring dnsmasq: I have the software running (very well I might add) on a Marvell Sheevaplug. I ideally would like to have two of these inexpensive devices running to provide redundancy. Is there a way to configure two concurrently running instances of dnsmasq (one each on a physically separate device) for the same DHCP scope so that if one instance fails the other takes over? I saw this can be done with the ISC DHCP daemon but I like dnsmasq better :-) Thanks in advance for any help and thanks for your work on this application. Bob Boerner
Re: [Dnsmasq-discuss] MAN Page Link Broken? and redundancy question
Hi Richard, Thanks for the quick response. I am in fact using a separate router as the gateway. I like the idea of splitting the pool, but that brings up a follow-on question...what about static reservations I have set? Can I simply have them on both? That also brings up yet another question...is it 'wrong' to have static reservations assigned to addresses that are within the normal scope? I know best practice is to have them designated outside, but I am trying to replace a Windows box in an environment where people have been assigning static reservations within the regular DHCP scope for years. I don't want to have to redo everything. Thanks again for the help. On Fri, Sep 4, 2009 at 12:23 PM, richardvo...@gmail.comrichardvo...@gmail.com wrote: On Fri, Sep 4, 2009 at 3:08 PM, Robert Boernerrobert.boer...@gmail.com wrote: Hello, First, it appears (at least to me) that as of right now the link to the online version of the MAN page simply leads to a blank page (http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html). Can anyone else confirm? I have the same result (no content on that page). Second, I tried looking through the mailing list and other pages but I have (what I hope) a simple question about configuring dnsmasq: I have the software running (very well I might add) on a Marvell Sheevaplug. I ideally would like to have two of these inexpensive devices running to provide redundancy. Is there a way to configure two concurrently running instances of dnsmasq (one each on a physically separate device) for the same DHCP scope so that if one instance fails the other takes over? I saw this can be done with the ISC DHCP daemon but I like dnsmasq better :-) You could split the address pool into two and configure half on each. Then during normal operations there will be a race to offer an address, the client will accept only one. If one fails, the other will continue offering addresses. If one runs out of addresses, the other continues to work fine. The only problem would be if one fails and the other runs out of addresses. Are you using the dnsmasq machines as the gateway, or another router? That could become pretty important if you want redundancy (you actually have to transfer the address of the failed unit). Thanks in advance for any help and thanks for your work on this application. Bob Boerner ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Cache Time Threshold
On Wed, 09 Apr 2008 19:36:20 +0100 Simon Kelley si...@thekelleys.org.uk wrote: My take on this is that the DNS admin set the Time-to-live, and it shouldn't be over-ridden. If the DNS admin wanted a longer time, they would have set it. Even if you get away with extending the TTL for most domains, eventually you'll find one which breaks. dnsmasq could have a keep-alive cache, which updates cache entries as they expire for a maximum time. Obviously set to something low, 1-10 keep-alive cache entries should be sufficient for most uses, without ever using an expired ttl. ie: --keep-alive-cache-count=3 and --keep-alive-cache-time=3600 would keep the last 3 cached dns requests up to date for up to 1 hour past the last request for that entry. -- Robert A.M. Diamond dead...@gmail.com http://robshouse.no-ip.info Anything created must necessarily be inferior to the essence of the creator. -- Claude Shouse Einstein's mother must have been one heck of a physicist. -- Joseph C. Wang
Re: [Dnsmasq-discuss] Cache Time Threshold
Thanks for the bright idea :) It ain't perfect, but I made a patch to dnsmasq-2.41 that adds a pos-ttl option. Basically the same as neg-ttl, but it enforces a minimum ttl. Unfortunately, I could only get it to work *after* the first query, so clients will get the real ttl to begin with, then the remaining pos-ttl the Nth time. This should at least serve your purpose, since it forces dnsmasq to keep the record in catch for pos-ttl seconds. Keep in mind I haven't really tested it out, but I was confident enough to plop the patch into my set-up. Setting pos-ttl to 0 in the command line options, or in the dnsmasq.conf file should revert dnsmasq back to the original behaviour. I recommend pos-ttl=300 (ie: 5 minutes), but setting it as high as 86400 (1 day) shouldn't present any problems for most uses. If someone feels like it, I think you would need to modify the ttl in the p variable to change the ttl of the first request. -- Robert A.M. Diamond dead...@gmail.com http://robshouse.no-ip.info Your manuscript is both good and original, but the part that is good is not original and the part that is original is not good. -- Samuel Johnson diff -ur dnsmasq-2.41/src/dnsmasq.h dnsmasq-2.41-pos-ttl/src/dnsmasq.h --- dnsmasq-2.41/src/dnsmasq.h 2008-02-01 16:42:35.0 -0500 +++ dnsmasq-2.41-pos-ttl/src/dnsmasq.h 2008-04-07 23:29:57.0 -0400 @@ -541,7 +541,7 @@ int max_logs; /* queue limit */ int cachesize, ftabsize; int port, query_port; - unsigned long local_ttl, neg_ttl; + unsigned long local_ttl, neg_ttl, pos_ttl; struct hostsfile *addn_hosts; struct dhcp_context *dhcp; struct dhcp_config *dhcp_conf; diff -ur dnsmasq-2.41/src/option.c dnsmasq-2.41-pos-ttl/src/option.c --- dnsmasq-2.41/src/option.c 2008-02-07 15:40:55.0 -0500 +++ dnsmasq-2.41-pos-ttl/src/option.c 2008-04-07 23:35:37.0 -0400 @@ -91,6 +91,7 @@ #define LOPT_MATCH 281 #define LOPT_BROADCAST 282 #define LOPT_NEGTTL283 +#define LOPT_POSTTL284 #ifdef HAVE_GETOPT_LONG static const struct option opts[] = @@ -191,6 +192,7 @@ {dhcp-match, 1, 0, LOPT_MATCH }, {dhcp-broadcast, 1, 0, LOPT_BROADCAST }, {neg-ttl, 1, 0, LOPT_NEGTTL }, +{pos-ttl, 1, 0, LOPT_POSTTL }, { NULL, 0, 0, 0 } }; @@ -290,6 +292,7 @@ { -t, --mx-target=host_name, gettext_noop(Specify default target in an MX record.), NULL }, { -T, --local-ttl=time, gettext_noop(Specify time-to-live in seconds for replies from /etc/hosts.), NULL }, { --neg-ttl=time, gettext_noop(Specify time-to-live in seconds for negative caching.), NULL }, + { --pos-ttl=time, gettext_noop(Specify the minimum time-to-live in seconds for all dns caching.), NULL }, { -u, --user=username, gettext_noop(Change to this user after startup. (defaults to %s).), CHUSER }, { -U, --dhcp-vendorclass=id,class, gettext_noop(Map DHCP vendor class to tag.), NULL }, { -v, --version, gettext_noop(Display dnsmasq version and copyright information.), NULL }, @@ -1395,10 +1398,13 @@ case 'T': /* --local-ttl */ case LOPT_NEGTTL: /* --neg-ttl */ +case LOPT_POSTTL: /* --pos-ttl */ { int ttl; if (!atoi_check(arg, ttl)) option = '?'; + else if (option == LOPT_POSTTL) + daemon-pos_ttl = (unsigned long)ttl; else if (option == LOPT_NEGTTL) daemon-neg_ttl = (unsigned long)ttl; else diff -ur dnsmasq-2.41/src/rfc1035.c dnsmasq-2.41-pos-ttl/src/rfc1035.c --- dnsmasq-2.41/src/rfc1035.c 2008-02-01 16:48:18.0 -0500 +++ dnsmasq-2.41-pos-ttl/src/rfc1035.c 2008-04-08 00:12:03.0 -0400 @@ -687,6 +687,7 @@ goto cname_loop; } + if ((daemon-pos_ttl 0) (cttl daemon-pos_ttl)) cttl = daemon-pos_ttl; cache_insert(name, addr, now, cttl, name_encoding | F_REVERSE); found = 1; } @@ -705,7 +706,10 @@ ttl = find_soa(header, qlen); } if (ttl) - cache_insert(NULL, addr, now, ttl, name_encoding | F_REVERSE | F_NEG | flags); +{ + if ((daemon-pos_ttl 0) (ttl daemon-pos_ttl)) ttl = daemon-pos_ttl; + cache_insert(NULL, addr, now, ttl, name_encoding | F_REVERSE | F_NEG | flags); +} } } else @@ -752,6 +756,7 @@ { if (!cname_count--) return 0; /* looped CNAMES */ + if ((daemon-pos_ttl 0) (attl daemon-pos_ttl)) attl = daemon-pos_ttl; newc = cache_insert(name, NULL, now, attl, F_CNAME | F_FORWARD); if (newc cpp) { @@ -779,6 +784,7 @@ private_net(addr.addr.addr4)) return 1; + if ((daemon-pos_ttl 0) (attl daemon-pos_ttl)) attl = daemon-pos_ttl; newc = cache_insert(name, addr, now, attl, flags | F_FORWARD); if (newc cpp) { @@ -806,7 +812,9 @@ pointing at this, inherit its TTL */ if (ttl || cpp) { - newc = cache_insert(name, NULL, now, ttl ? ttl : cttl
Re: [Dnsmasq-discuss] The simplest setup to preserve IPs
On Tue, 01 Apr 2008 18:38:49 +0200 Michal Sawicz mic...@sawicz.net wrote: I've tried with dhclient -H explicitly, and anyway dnsmasq reports that it won't assign the hostname, cause the IP doesn't match the hostname. On my dhcp client -H means use the hostname that the dhcp server provided. Also, on my client, -h hostname means send the hostname TO the dhcp server. You need the client to send a hostname to the server. My best guess is that the client does NOT send the hostname TO the server. It currently accepts a hostname sent BY the server to the client. Sorry for the dumb down ramble above, don't intend to be rude or nothing, but years of internet use have made my written speech callous at best ^.~ -- Robert A.M. Diamond dead...@gmail.com http://robshouse.no-ip.info There are more dead people than living, and their numbers are increasing. -- Eugene Ionesco
Re: [Dnsmasq-discuss] dnsmasq not offering dhcp
On Mon, 24 Mar 2008 11:53:22 -0600 Solomon White solomon.wh...@comcast.net wrote: I'm trying to get dnsmasq set up as the DNS / DHCP provider for my home LAN. It's working for DNS, but I'm not getting DHCP offers when I send discover requests. ... Sounds to me like this filtering of dhcp requests is going down in the kernel space. Check /proc/sys/net for options to the kernel that may need turning on/off. As a side note (might help in this case), my kernel echo's martian packets (ie: packets which should not be sent to a particular interface, but end up there). dhcp requests always generate martian logs on my network. Maybe you have pf set-up to drop these martian, like in this pesuedo example if (in-iface == eth0) (src/dst ip != 192.168.1.1) ; then drop fi Maybe you just have some strict settings turned on in /proc/sys that drop broadcast packets, or martian packets. -- Robert A.M. Diamond dead...@gmail.com http://robshouse.no-ip.info Mr. Scorpio says productivity is up 2% and it's all because of my motivational techniques, like donuts and the possibility of more donuts to come. -- Homer Simpson You Only Move Twice
[Dnsmasq-discuss] Why not add md5's?
Was working on a series of script to auto-check websites for updates of important and world/internet accessible servers I'm running on my box. During the process I noticed dnsmasq's website doesn't have any md5sums (or other forms of data verification; ie: sha1sum, pgp sigs). Don't know if others are interested in having this, but it shouldn't be hard to automate the process on the website :) -- Robert A.M. Diamond dead...@gmail.com http://robshouse.no-ip.info This is a country where people are free to practice their religion, regardless of race, creed, color, obesity, or number of dangling keys...
[Dnsmasq-discuss] dnsmasq listening on 0.0.0.0
I know that dnsmasq likes to do it's ip filtering in the user-space, but I'd rather be able to specify ip's for it to bind to, that show up in netstat. Maybe I'm just a little anal about that stuff, but it just doesn't look right to me :) (Yahp, I've even added iptables rules in my never ending effort to be crazy ^.~) http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2007q2/001322.html Shows some options to get the dns server part binding to an ip via the kernel. The dhcp server will still look like it's listening on all ip's (as will the dns forwarder; and possibly tftp server?). $ netstat -anlpA inet snip udp 0 0 127.0.0.1:53 0.0.0.0:* 30768/dnsmasq udp 0 0 192.168.1.1:530.0.0.0:* 30768/dnsmasq udp 0 0 0.0.0.0:670.0.0.0:* 30768/dnsmasq udp 0 0 0.0.0.0:5353 0.0.0.0:* 30768/dnsmasq [Internet interface ip]:5353 is where forwarded dns queries get sent back to. I'd like 0.0.0.0:67 to show 192.168.1.1:67 and 0.0.0.0:5353 to show a.x.y.z:5353 (a.x.y.z being my internet/external ip). There was a patch somewhere in this list, that has been added to the code a few versions back that allowed multiple instances of dnsmasq to bind to 0.0.0.0. I'd just prefer if there was a 'listen-dns; listen-dnsforward; listen-dhcp' (and maybe a 'listen-tftp') option that couples with 'bind-interface' to give my desired results. I'm going to be doing some looking over the code in an effort to include this functionality in a patch, but if someone else has done the work already, or if I've somehow missed an available option in my conf file please let me know :) -- Robert A.M. Diamond dead...@gmail.com http://robshouse.no-ip.info What if everything is an illusion and nothing exists? In that case, I definitely overpaid for my carpet. -- Woody Allen, Without Feathers
[Dnsmasq-discuss] warning: setting capabilities failed: Operation not permitted on startup
I'm having a few problems with networking (most things work OK but I can't update my antivirus and I can't ping their server). I've noticed recently that I'm getting the above in my syslog: Aug 20 08:45:58 mypc dnsmasq[8702]: started, version 2.31 cachesize 150 Aug 20 08:45:58 mypc dnsmasq[8702]: compile time options: IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N Aug 20 08:45:58 mypc dnsmasq[8702]: DHCP, IP range 192.168.2.2 -- 192.168.2.40, lease time 12h Aug 20 08:45:58 mypc dnsmasq[8702]: warning: setting capabilities failed: Operation not permitted Aug 20 08:45:58 mypc dnsmasq[8702]: running as root Aug 20 08:45:58 mypc dnsmasq[8702]: reading /etc/resolv.conf Aug 20 08:45:58 mypc dnsmasq[8702]: using nameserver 203.17.154.31#53 Aug 20 08:45:58 mypc dnsmasq[8702]: using nameserver 203.17.154.34#53 Aug 20 08:45:58 mypc dnsmasq[8702]: using nameserver 192.168.2.1#53 Aug 20 08:45:58 mypc dnsmasq[8702]: ignoring nameserver 127.0.0.1 - local interface Aug 20 08:45:58 mypc dnsmasq[8702]: read /etc/hosts - 11 addresses My /etc/dnsmasq.conf: domain-needed bogus-priv domain=mydomain.com.au dhcp-range=192.168.2.2,192.168.2.40,12h dhcp-host=00:48:54:90:1f:b0,192.168.2.22 [etc] My startup options: --dhcp-option=3,192.168.2.1 I'm running gentoo on kernel 2.6.16-gentoo-r7. Is this message of any significance?
Re: [Dnsmasq-discuss] Re: Looking for 2 DNS Servers in Toronto, Canada which allow Recursive Query
kwon wrote: The best suggestion I can make from Los Angeles is to try using the servers from your prior ISP. My former ISP had gone out of business. :-0 Another possible alternative is NSLOOKUP.EXE, asking for NS records for providers in your area. If you can't find NSLOOKUP.EXE, I can Email it to you; 96Kb zipped. Is NSLOOKUP.EXE a Windows program? Please do send me NSLOOKUP.EXE to “kwon at ac1.dyndns.org”. Thanks! ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss just my $0.02... but I just pointed my dnsmasq daemon to 65.39.196.215 and was able to use it without any problems... and I don't use them as an ISP. what type of dns query are you attempting that is causing the refused to do a recursive search error? -rob ** N O T I C E ** The information contained in this transmission is intended for the exclusive use of the addressee(s) and may contain information that is privileged, confidential, and/or protected from disclosure. If you are not the intended recipient, do not disseminate, distribute or copy this communication. If you have received this transmission in error, please immediately reply to the sender and then delete it. Thank you for your compliance.