Re: [Dnsmasq-discuss] With --all-servers option enabled, query failed due to first answer with no answer section

2014-07-31 Thread Simon Kelley
On 24/07/14 08:20, 毕勤 wrote: Well,I just figured out that it might due to the DNS Hijack of China's Great Firewall. The GFW hijack the DNS process and return a fake response pacakge,with the response code=0(means no error) but no Answer RRs(Answer RRs=0).It's obviously unlogical but

Re: [Dnsmasq-discuss] Locking Down DNS Queries to Correct Servers

2014-07-30 Thread Simon Kelley
On 29/07/14 17:11, Ben Cundiff wrote: Hi, We have two DHCP/DNS servers running Ubuntu 12.04 and dnsmasq-server 2.590-4ubuntu0.1. The other day, we had a user set up a Windows Server 2012 computer on our development network for testing. This user chose to set up his Windows server as DC,

Re: [Dnsmasq-discuss] Dnsmasq as dhcp relay agent for another dnsmasq server

2014-07-30 Thread Simon Kelley
On 29/07/14 11:08, Prashant wrote: Hi, I am trying to use one Dnsmasq to forward dhcp request to other dnsmasq server , But how should I configure it. For relay agent , I tried with, --dhcp-relay=local address,server address* *as mentioned here,

Re: [Dnsmasq-discuss] How to use dnsmasq as a stateless dhcpv6 server without brodcast its RA messages?

2014-07-19 Thread Simon Kelley
From: Simon Kelley si...@thekelleys.org.uk To: Jian IL Li/China/Contr/IBM@IBMCN, Date: 2014/07/16 04:30 Subject: Re: How to use dnsmasq as a stateless dhcpv6 server without brodcast its RA messages? On 08/07/14 07:40, Jian IL Li wrote: Hi, expert

Re: [Dnsmasq-discuss] Will dnsmasq try the secondary DNS if it gets SERVFAIL from the first?

2014-07-15 Thread Simon Kelley
On 15/07/14 09:22, Chris Green wrote: I am currently using my hosting provider's DNS servers for primary and secondary DNS. They seem to have a problem with one particular TLD I'm currently trying to use (tp-link.com), dnsmasq returns SERVFAIL when I look up that domain. Other DNS servers

Re: [Dnsmasq-discuss] Fwd: dnsmasq : how to configure for pxe over http

2014-07-14 Thread Simon Kelley
On 09/07/14 17:54, D.L.C. Burggraaff wrote: -- Forwarded message -- From: D.L.C. Burggraaff burd...@gmail.com Date: Wed, Jul 9, 2014 at 4:46 PM Subject: dnsmasq : how to configure for pxe over http To: dnsmasq-discuss@lists.thekelleys.org.uk L.S. For days I have been

Re: [Dnsmasq-discuss] Missing pfvar.h on OS X 10.9 and can't compile

2014-07-08 Thread Simon Kelley
Thanks for that. Patch accepted and pushed to git. Cheers, Simon. On 05/07/14 11:04, Chen Yufei wrote: The latest git repository can't compile on OS X 10.9 because missing pfvar.h header file. Some googling leads me to a discussion saying that pfvar is included in 10.7 but removed as

Re: [Dnsmasq-discuss] [PATCH] Wrong DHCPv6 packet originated interface

2014-07-02 Thread Simon Kelley
On 02/07/14 07:30, Lung-Pin Chang wrote: Hi folks, I'm currently using dnsmasq 2.70 (compiled from source) in my Linux environment for IPv6 RA/DHCPv6. The following section is my dnsmasq config: interface=lbr0

Re: [Dnsmasq-discuss] Changing tftp-path / file depending on tag?

2014-07-01 Thread Simon Kelley
On 01/07/14 13:47, Oliver Rath wrote: Hi list, i have a configuration here with 4 NICs. The config exports different tftp-server addresses (dhcp-Byte 128) for correct resolving: -- snip --

Re: [Dnsmasq-discuss] Query regarding --leasefile-ro

2014-07-01 Thread Simon Kelley
On 01/07/14 13:33, Nehal J Wani wrote: That looks sensible. I guess from these questions that you're thinking about storing the lease database just in the custom format, and using --leasefile-ro Right now, libvirt stores all leases for each interface in separate files. That is, one lease

Re: [Dnsmasq-discuss] Query regarding --leasefile-ro

2014-06-30 Thread Simon Kelley
On 30/06/14 10:39, Nehal J Wani wrote: Hi! The man page of dnsmasq (under the section -9, --leasefile-ro), states: When called like this the script should write the saved state of the lease database, in dnsmasq leasefile format, to stdout and exit with zero exit code. Q1. What is the

Re: [Dnsmasq-discuss] Query regarding --leasefile-ro

2014-06-30 Thread Simon Kelley
On 30/06/14 20:46, Nehal J Wani wrote: On Tue, Jul 1, 2014 at 12:27 AM, Simon Kelley si...@thekelleys.org.uk wrote: On 30/06/14 10:39, Nehal J Wani wrote: Hi! The man page of dnsmasq (under the section -9, --leasefile-ro), states: When called like this the script should write the saved state

Re: [Dnsmasq-discuss] old event to dhcp-script on lease expiry

2014-06-27 Thread Simon Kelley
On 27/06/14 08:27, Nehal J Wani wrote: Hi! I am trying to understand whether an 'old' event is generated or not when a lease expires. To experiment this, I used Dnsmasq version 2.72test3-5-gcdb755c I launch dnsmasq like this: sudo /sbin/dnsmasq

Re: [Dnsmasq-discuss] old event to dhcp-script on lease expiry

2014-06-27 Thread Simon Kelley
On 27/06/14 19:40, Nehal J Wani wrote: An old event is not generated when a lease is _renewed_ (ie when the only thing that changes is the expiration time) unless the option leasefile-ro is set. Note that setting leasefile-ro has a bunch of other effects too. When a lease _expires_ (ie the

Re: [Dnsmasq-discuss] Recursive Internal - NonRecursive External

2014-06-24 Thread Simon Kelley
On 23/06/14 18:50, Joel Krauska wrote: I have a DNSserver that I would like to configure as recursive for internal hosts and only respond to queries for locally authoritative zones externally. Any hints as to how I might accomplish this? The DHCP section has the concept of tags to apply

Re: [Dnsmasq-discuss] Understanding the (g)PXE options

2014-06-20 Thread Simon Kelley
On 19/06/14 23:32, ma...@manfbraun.de wrote: Hello ! I am seeing configuration entries like this: dhcp-boot=net:#gpxe,gpxe.pxe and I am asking, what the misterious net is in this line. I am working since days to make some form of network boot going, without success ... This is

Re: [Dnsmasq-discuss] DHCPOFFER rejected?

2014-06-18 Thread Simon Kelley
On 17/06/14 14:43, Bill Johnson wrote: After some experimenting with dnsmasq.conf and some help from Alex S., I discovered that the problem was actually a nine-year-old iptables rule, that was apparently preventing the dhcpoffer reaching the thermostat in good shape. Odd, because this old

Re: [Dnsmasq-discuss] [PATCH] Add support for libnettle with mini-gmp

2014-06-18 Thread Simon Kelley
On 17/06/14 21:19, Andre Heider wrote: Hi, On Tue, Jun 17, 2014 at 8:56 PM, Simon Kelley si...@thekelleys.org.uk wrote: 1) I changed the preprocessor symbol to NO_GMP. That fits with others that _remove_ dependencies. 2) I changed the mechanism so that you can get the correct effect

Re: [Dnsmasq-discuss] [PATCH] Add support for libnettle with mini-gmp

2014-06-17 Thread Simon Kelley
On 14/06/14 21:53, Andre Heider wrote: libnettle can be compiled with --enable-mini-gmp which does not require an external libgmp. To support both variants, fix one header which works everywhere and stop linking against libgmp if HAVE_NETTLE_MINI is in COPTS. --- Hi, OpenWRT supports

Re: [Dnsmasq-discuss] DNSMasq stops working and runs at 100%

2014-06-04 Thread Simon Kelley
On 03/06/14 18:20, Conrad Kostecki wrote: Jun 03 01:11:39 [dnsmasq-dhcp] RTR-ADVERT(tap0) :XX::XX7b:: Jun 03 01:12:00 [dnsmasq-dhcp] RTR-ADVERT(wlp7s0) :XX::XX2a:: Jun 03 01:14:40 [dnsmasq-dhcp] RTR-ADVERT(enp6s0) :XX::XX40:: Jun 03 01:17:24 [dnsmasq-dhcp]

Re: [Dnsmasq-discuss] Why dnsmasq got external DNS requests on one system and not another

2014-05-28 Thread Simon Kelley
On 27/05/14 11:14, Chris Green wrote: I think I have finally fathomed out why my new dnsmasq installation on my desktop machine didn't work whereas an apparently idetical setup on a small server did work. I *think* it's because Network Manager puts a file in /etc/dnsmasq.d that just has one

Re: [Dnsmasq-discuss] dnsmasq and dbus - strange reset behaviour

2014-05-25 Thread Simon Kelley
On 24/05/14 09:43, Nic Ferrier wrote: Simon Kelley si...@thekelleys.org.uk writes: I guess I could try and alter dnsmasq's dbus handling myself to get it to report the servers it's using... but it'll be tricky to get ubuntu to use the new version I guess. Se above, it should be doing

Re: [Dnsmasq-discuss] dnsmasq and dbus - strange reset behaviour

2014-05-23 Thread Simon Kelley
On 22/05/14 22:53, Nic Ferrier wrote: Simon Kelley si...@thekelleys.org.uk writes: On 22/05/14 21:53, Nic Ferrier wrote: So it seems like dnsmasq isn't actually obeying the server set when it's done more than once or something? Can anyone suggest some debugging I could do or what

Re: [Dnsmasq-discuss] dnsmasq and dbus - strange reset behaviour

2014-05-23 Thread Simon Kelley
On 23/05/14 11:31, Nic Ferrier wrote: Simon Kelley si...@thekelleys.org.uk writes: ... which is probably fighting you by making DBus calls which overwrite yours. My understanding is that network-manager supports the sort of split-DNS you want direct from the GUI these days. Well

Re: [Dnsmasq-discuss] dnsmasq not working as DNS server for client machines

2014-05-23 Thread Simon Kelley
On 23/05/14 12:13, Chris Green wrote: interface and 192.168.1.4 by setting the listen address rather than using 'interface='. How do I specify two addresses, do they both go on on listen-address= (comma spearated, space separated?) or do I put on one listen-address= (comma separated, space

Re: [Dnsmasq-discuss] Patch for ioctl(SIOCSARP) issue with Docker + Dnsmasq

2014-05-22 Thread Simon Kelley
On 22/05/14 04:46, Kyle Manna wrote: Hey all, I ran into an issue using dnsmasq within a docker/lxc container. Newer versions of docker drop the NET_ADMIN capability[1] which prevents ioctl(SIOCSARP) call from succeeding for unicast DHCPOFFERs. I've thrown together a quick patch (hack?

Re: [Dnsmasq-discuss] dnsmasq and dbus - strange reset behaviour

2014-05-22 Thread Simon Kelley
On 22/05/14 21:53, Nic Ferrier wrote: I've got ubuntu 14 and I was having a few issues with the OpenVPN support not setting DNS properly. So I thought I'd just use openvpn from the command line. But making it work with ubuntu's package dnsmasq is a bit tricky. They run dnsmasq like this!

[Dnsmasq-discuss] Announce dnsmasq-2.71

2014-05-17 Thread Simon Kelley
I've just released dnsmasq-2.71. This is a pure bugfix release which addresses some DNSSEC problems, and a nasty failure which occurs when dnsmasq is started with the DNS cache size set to zero. If you're running 2.69 or 2.70, you should upgrade. CHANGELOG below. Cheers, Simon

Re: [Dnsmasq-discuss] Setting up dnsmasq on an [x]ubuntu machine - what's the 'right' way to do it?

2014-05-11 Thread Simon Kelley
It would be good to put it somewhere. I'm not sure about the FAQ, which is fairly distrubution-agnostic. Let me think about that. Yes, true, it's pretty Linux (or even ubuntu family) specific. It's dealing with the default 'dnsmasq run by Network Manager' that makes it a bit tricky.

Re: [Dnsmasq-discuss] Setting up dnsmasq on an [x]ubuntu machine - what's the 'right' way to do it?

2014-05-10 Thread Simon Kelley
On 10/05/14 17:07, Chris Green wrote: On Sat, May 10, 2014 at 12:07:59PM +0100, Chris Green wrote: I've been using dnsmasq for quite a while on a small server machine on my home network but that machine is now redundant really and I'd like to save the electricity it's using. So I'm going to

Re: [Dnsmasq-discuss] ra-names without router advertisements

2014-05-04 Thread Simon Kelley
On 03/05/14 19:44, Michael Stilkerich wrote: Hi, I'd like to use dnsmasq as DNS and DHCP(v6) server on my home network. The box running dnsmasq is not the router; the router is a box provided by my internet provider that does router advertisements with the A flag set. The dnsmasq box gets

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

2014-05-01 Thread Simon Kelley
On 30/04/14 18:26, Dave Taht wrote: On Tue, Apr 29, 2014 at 1:57 PM, Phil Pennock cerowrt-devel+p...@spodhuis.org wrote: On 2014-04-29 at 14:22 +0100, Simon Kelley wrote: secure no DS means that the original unsigned answer should be accepted, except that it shouldn't. There's no way

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

2014-04-29 Thread Simon Kelley
On 29/04/14 00:24, Phil Pennock wrote: On 2014-04-28 at 20:32 +0100, Simon Kelley wrote: On 28/04/14 19:56, Dave Taht wrote: I see A and requests for for ds.test-ipv6.com that fail. The root of this failure is that DS ds.test-ipv6.com is broken. DiG 9.8.1-P1 @8.8.8.8 ds ds.test-ipv6

Re: [Dnsmasq-discuss] dnsmasq using 100% cpu on router

2014-04-28 Thread Simon Kelley
Note that this bug appears to be a hard lockup. https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1313393 investigations are continuing. Simon. On 28/04/14 12:18, Kevin Darbyshire-Bryant wrote: On 25/04/2014 09:37, David Joslin wrote: Hi Kevin and thanks for the help.

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

2014-04-28 Thread Simon Kelley
On 28/04/14 19:56, Dave Taht wrote: I see A and requests for for ds.test-ipv6.com that fail. The root of this failure is that DS ds.test-ipv6.com is broken. DiG 9.8.1-P1 @8.8.8.8 ds ds.test-ipv6.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY,

Re: [Dnsmasq-discuss] IPv6-constructor for dhcp-host?

2014-04-28 Thread Simon Kelley
On 28/04/14 22:17, Conrad Kostecki wrote: Hi! Recently, I was using an IPv6 tunnel from Hurricane Electric with a static /48 IPv6-subnet, which was working fine. My ISP (Telekom Deutschland) offers now native IPV6, but its only giving me a dynamic /56 IPv6-subnet. I have to use the

Re: [Dnsmasq-discuss] [Cerowrt-devel] Had to disable dnssec today

2014-04-26 Thread Simon Kelley
On 26/04/14 20:44, Simon Kelley wrote: I plan to see if dnsmasq can be modified to improve this. In the git repo now, the change allows the akamai domain to resolve successfully. Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss

Re: [Dnsmasq-discuss] [Cerowrt-devel] test-ipv6.com vs dnssec

2014-04-25 Thread Simon Kelley
On 25/04/14 19:01, Jim Gettys wrote: More specifically, after boot, most of the time test-ipv6.com reports lots of problems. Then I turned off both dnssec and dnssec-check-unsigned, and restarted dnsmasq; clean bill of health from test-ipv6.com. Then I turned on dnssec only, leaving

Re: [Dnsmasq-discuss] [Cerowrt-devel] more dnssec failures

2014-04-24 Thread Simon Kelley
On 24/04/14 11:49, Aaron Wood wrote: Dnsmasq does the DS query next because the answer to the A query comes back unsigned, so dnsmasq is looking for a DS record that proves this is OK. It's likely that Verisign does that top-down (starting from the root) whilst dnsmasq does it bottom up.

Re: [Dnsmasq-discuss] dnsmasq using 100% cpu on router

2014-04-24 Thread Simon Kelley
On 22/04/14 20:04, David Joslin wrote: Hi I have an Asus rt-n16 router running the Shibby version of the Tomato firmware which includes dnsmasq version 2.69test3. It's in use in a building that frequently has 50+ users on a wireless network and dnsmasq has performed extremely well with very

Re: [Dnsmasq-discuss] Stable releases v. development releases.

2014-04-24 Thread Simon Kelley
On 20/04/14 16:57, Brad Smith wrote: On Sun, Apr 20, 2014 at 11:52:19AM -0400, Weedy wrote: On 18 Apr 2014 05:27, Olaf Westrik weizen...@ipcop-forum.de wrote: On 2014-04-17 23:14, Simon Kelley wrote: Thus far, dnsmasq has not maintained separate stable and development branches. One reason

[Dnsmasq-discuss] Announce: dnsmasq-2.70

2014-04-24 Thread Simon Kelley
I've just released dnsmasq-2.70. This is a small bug-fix release that addresses a couple of problems which have emerged with the 2.69 release. There is no new functionality and anyone running 2.69 should upgrade to 2.70. Release notes below.

Re: [Dnsmasq-discuss] dnsmasq using 100% cpu on router

2014-04-24 Thread Simon Kelley
, Simon Kelley si...@thekelleys.org.uk wrote: On 22/04/14 20:04, David Joslin wrote: Hi I have an Asus rt-n16 router running the Shibby version of the Tomato firmware which includes dnsmasq version 2.69test3. It's in use in a building that frequently has 50+ users on a wireless network

Re: [Dnsmasq-discuss] IPv6 dhcp/ra-issue

2014-04-23 Thread Simon Kelley
On 21/04/14 14:28, Oliver Rath wrote: Hi list, Im trying to give my network-computers IPv6-Addresses constructed from ppp0. In my config I get from my provider i.e. these (dynamic) IPv4 and IPv6-addresses: # ifconfig ppp0 ppp0: flags=4305UP,POINTOPOINT,RUNNING,NOARP,MULTICAST mtu 1492

Re: [Dnsmasq-discuss] [Cerowrt-devel] more dnssec failures

2014-04-23 Thread Simon Kelley
On 23/04/14 16:42, Dave Taht wrote: I will argue that a better place to report dnssec validation errors is the dnsmasq list. On Wed, Apr 23, 2014 at 8:31 AM, Aaron Wood wood...@gmail.com wrote: Wed Apr 23 15:13:05 2014 daemon.info dnsmasq[29719]: query[A]

Re: [Dnsmasq-discuss] [Cerowrt-devel] more dnssec failures

2014-04-23 Thread Simon Kelley
On 23/04/14 18:29, Dave Taht wrote: On Wed, Apr 23, 2014 at 10:18 AM, Aaron Wood wood...@gmail.com wrote: On Wed, Apr 23, 2014 at 6:44 PM, Robert Bradley robert.bradl...@gmail.com wrote: ; DiG 9.8.1-P1 +cd @8.8.8.8 a e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net snip rest of NOERROR

Re: [Dnsmasq-discuss] dnsmasq's AdvRouterAddr On equivalent

2014-04-17 Thread Simon Kelley
On 15/04/14 23:31, Jorge Schrauwen wrote: Hey All, I had a bit of trouble getting ra to work on OpenBSD but manually compiling 2.69 seems to have done the trick. (Yay!) I was porting over my old radvd.conf from linux and I have this option set AdvRouterAddr On. I cannot seem to find the

Re: [Dnsmasq-discuss] Segfault in DNSSEC code

2014-04-17 Thread Simon Kelley
On 17/04/14 05:13, Wang Jian wrote: Will this conflict with ipset fix (which related to DNSSEC) days ago? No, both should be applied. Cheers, Simon. 2014-04-17 5:24 GMT+08:00 Simon Kelley si...@thekelleys.org.uk: On 15/04/14 22:39, Manish Singh wrote: I've run across a segfault

[Dnsmasq-discuss] Stable releases v. development releases.

2014-04-17 Thread Simon Kelley
Thus far, dnsmasq has not maintained separate stable and development branches. One reason for this is that there's been a pretty strong policy of backwards-compatibility, so the penalty for upgrading to the latest release is low: we've almost certainly not broken your config, or changed behaviour.

Re: [Dnsmasq-discuss] Segfault in DNSSEC code

2014-04-16 Thread Simon Kelley
On 15/04/14 22:39, Manish Singh wrote: I've run across a segfault in the DNSSEC code when resolving a domain, when DNSSEC builtin but turned off: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f3d178fe700 (LWP 10762)] 0x00407e26 in extract_name

Re: [Dnsmasq-discuss] dnssec and local caching dns in fedora and network manager

2014-04-14 Thread Simon Kelley
On 13/04/14 21:24, Dave Taht wrote: interesting long thread over at the fedora project this weekend: https://lists.fedoraproject.org/pipermail/devel/2014-April/197755.html I'm quite a long way through it already. The main takehome seems to be that captive portals are even more broken in the

Re: [Dnsmasq-discuss] DHCPNAK

2014-04-13 Thread Simon Kelley
On 11/04/14 05:11, Павел Юрьев wrote: Hello! Sorry for not correct English. I have a question for you on the DHCPNAK. I need to send it immediately after starting the server. In turn, I made it a separate function and call directly from dhcp.c. But faced with the problem: according to the

Re: [Dnsmasq-discuss] dns regex

2014-04-13 Thread Simon Kelley
On 12/04/14 00:07, Darren Breeze ML wrote: Hi I am trying to map the various google sites around the world back to a single google site (nosslsearch.google.com http://nosslsearch.google.com/ ) is there a way currently with dnsmasq to map the various regional google sites

Re: [Dnsmasq-discuss] ipset action doesn't work in 2.69

2014-04-13 Thread Simon Kelley
(c) 2000-2014 Simon Kelley Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC Running 'git-buildpackage --git-debian-tag=v2.69 --git-upstream-tag=v2.69' in git tree, I get a binary which doesn't work # /usr/sbin/dnsmasq

Re: [Dnsmasq-discuss] Does DNSSEC require nettle and gmp, or nettle with gmp?

2014-04-09 Thread Simon Kelley
On 09/04/14 15:51, Dave Taht wrote: My heart bleeds for the openssl folk and openssl derived application users right now. More investment into creating, maintaining and improving core crypto libraries is desperately needed to hold our civilization together. +1 Don't underestimate the

[Dnsmasq-discuss] Announce: dnsmasq-2.69

2014-04-09 Thread Simon Kelley
Dnsmasq-2.69 is here. http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.69.tar.gz and (new) a signature http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.69.tar.gz.sign Many thanks to all who've contributed this major milestone. Most are mentioned in the CHANGELOG, but it's also necessary to thank

Re: [Dnsmasq-discuss] Announce: dnsmasq-2.69

2014-04-09 Thread Simon Kelley
On 09/04/14 21:32, Dave Reisner wrote: On Wed, Apr 09, 2014 at 09:13:33PM +0100, Simon Kelley wrote: Dnsmasq-2.69 is here. http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.69.tar.gz and (new) a signature http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.69.tar.gz.sign Hi Simon, Thanks

Re: [Dnsmasq-discuss] DHCPv6 hostname resolving

2014-04-07 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/04/14 21:28, Quintus wrote: Hi Simon, I think you may well be right. What happens if you look up the _address_, ie dig -x 2001:4dd0:ff00:8918:1:f858:930c:267b ; DiG 9.9.2-P2 -x

Re: [Dnsmasq-discuss] Per entry TTL override

2014-04-07 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/04/14 12:38, Olivier Mauras wrote: How much does a cache miss cost. Why bother tuning the TTLs and _still_ risking that you've made them too long and something breaks. Caching is an optimisation. If an optimisation can lead to

Re: [Dnsmasq-discuss] Using DNSMasq as a DNS sinkhole server

2014-04-05 Thread Simon Kelley
On 03/04/14 20:27, Egil Aspevik Martinsen wrote: Hi, I want to setup my Raspberry PI as a DNS sinkhole server using DNSMASQ. Does anyone have experience with using DNSMASQ for this purpose? The DNS sinkhole lists are relatively large (currently the list from www[DOT]malware-domains[DOT]com

Re: [Dnsmasq-discuss] dnssec on android?

2014-04-03 Thread Simon Kelley
On 03/04/14 02:37, Dave Taht wrote: It looks like there will be some issues getting dnssec on on android by switching to dnsmasq: https://code.google.com/p/android/issues/detail?id=65510 What is dnsmasq's behavior on how/when to switch to tcp? If the client uses UDP to query dnsmasq,

Re: [Dnsmasq-discuss] PTR records with auth-zone and auth-server

2014-04-03 Thread Simon Kelley
On 03/04/14 08:22, Craig McQueen wrote: I'm using dnsmasq 2.68. It's mostly working, however I'm having a few troubles with PTR records when using auth-zone and auth-server. If I use these options, then: * PTR look-up of IP addresses defined by interface-name=example.lan,br0 return an

Re: [Dnsmasq-discuss] Per entry TTL override

2014-04-03 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/14 22:32, Olivier Mauras wrote: On Mon, 2014-03-31 at 12:59 +0200, Olivier Mauras wrote: Hello, Is it thinkable to allow a per entry TTL override system ? I have actually two different needs that i'd like to discuss. First

Re: [Dnsmasq-discuss] mixing synth-domain and auth-domain does not appear to work for me.

2014-04-03 Thread Simon Kelley
On 03/04/14 08:35, David Beveridge wrote: On Thu, Apr 3, 2014 at 6:38 AM, Simon Kelley si...@thekelleys.org.uk wrote: On 02/04/14 21:24, Simon Kelley wrote: This is, I think, just an oversight. synth-domain certainly generates Locally defined DNS records which is what the auth-zone

Re: [Dnsmasq-discuss] Fwd: mixing synth-domain and auth-domain does not appear to work for me.

2014-04-03 Thread Simon Kelley
On 03/04/14 08:14, David Beveridge wrote: Prefix length has to be greater than or equal to 64, is that what you mean? It's about implementation convenience. C doesn't provide a integer data type larger than 64 bits for doing masking. of the address-part. Fair enough. So I have a copy of

Re: [Dnsmasq-discuss] DHCPv6 hostname resolving

2014-04-02 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/14 18:08, Quintus wrote: Hi Albert, Am 02.04.2014 17:59, schrieb Albert ARIBAUD: ra-names enables a mode which gives DNS names to dual-stack hosts which do SLAAC for IPv6. I am aware of the ra-names option, but as far as I

Re: [Dnsmasq-discuss] mixing synth-domain and auth-domain does not appear to work for me.

2014-04-02 Thread Simon Kelley
On 02/04/14 11:46, David Beveridge wrote: So I have a few static hosts defined in /etc/hosts and I want to serve authoritative records for them. I also have some machines which get address via dhcp and slaac which I want to publish using synth-domain. Each option works alone, but when I mix

Re: [Dnsmasq-discuss] mixing synth-domain and auth-domain does not appear to work for me.

2014-04-02 Thread Simon Kelley
On 02/04/14 21:24, Simon Kelley wrote: This is, I think, just an oversight. synth-domain certainly generates Locally defined DNS records which is what the auth-zone is specified to contain. Actually, there is a reason. It doesn't in general make sense to include the records created

Re: [Dnsmasq-discuss] Does DNSSEC require nettle and gmp, or nettle with gmp?

2014-04-01 Thread Simon Kelley
On 01/04/14 19:14, Nathan Dorfman wrote: With such superior understanding, shouldn't you be adding OpenSSL support to dnsmasq yourself? That way you can deal with their byzantine API and the resulting bugs, and Simon can instead do something actually worthwhile. But don't do that before the

Re: [Dnsmasq-discuss] Running a script after a resolution request

2014-03-28 Thread Simon Kelley
On 28/03/14 13:26, Ronaldo Zacarias Afonso wrote: On 03/24/2014 06:08 PM, Simon Kelley wrote: On 24/03/14 19:39, Ronaldo Zacarias Afonso wrote: Hi everybody, I'd like to know if it is possible to configure dnsmasq to execute a script after a name resolution request. The ideia

Re: [Dnsmasq-discuss] Announce: dnsmasq-2.69rc1

2014-03-25 Thread Simon Kelley
On 24/03/14 23:29, sven falempin wrote: Yes it logs better when i launch with --dnssec-check-unsigned can i put these in the configuration file like bogus-priv : Yes, the set of --long-option and config-file keywords is identical, apart from a few which make no sense, like --version.

Re: [Dnsmasq-discuss] Does DNSSEC require nettle and gmp, or nettle with gmp?

2014-03-25 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/03/14 14:43, Alex Xu wrote: I'm writing the Gentoo ebuild for dnsmasq 2.69rc1 (https://bugs.gentoo.org/show_bug.cgi?id=504154), and I was wondering if dnsmasq requires nettle and gmp, or actually nettle[gmp]. The latter builds nettle

Re: [Dnsmasq-discuss] Announce: dnsmasq-2.69rc1

2014-03-24 Thread Simon Kelley
On 24/03/14 17:45, sven falempin wrote: openbsd 5.4: pkg_add libnettle (ew) [make] $ ./src/dnsmasq --version Dnsmasq version 2.69rc1 Copyright (c) 2000-2014 Simon Kelley Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack no-ipset auth

Re: [Dnsmasq-discuss] IPv6 configuration question

2014-03-24 Thread Simon Kelley
On 24/03/14 17:44, John Newlin wrote: Is it required to set a global ipv6 address on the interface that dnsmasq is serving in order for ipv6 information requests to work? It is. Currently this system works by requesting a DP and IA from the upstream dhcpv6 server, setting the WAN port

Re: [Dnsmasq-discuss] Cache improvements

2014-03-24 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/03/14 11:07, Olivier Mauras wrote: Hello, I wondering what would be the effort, and if there'd actually be any interest for some dnsmasq cache improvements. Two things i'd love to see: - Cache size in memory instead of lines I'd

Re: [Dnsmasq-discuss] Stats improvement

2014-03-24 Thread Simon Kelley
PM, Simon Kelley si...@thekelleys.org.uk wrote: On 24/03/14 11:25, Olivier Mauras wrote: Hello, I was wondering what would be the effort, and if there'd actually be any interest for some dnsmasq statistics improvements. (Yes i'm splitting dicussions ^^) For monitoring/graph purposes

Re: [Dnsmasq-discuss] Announce: dnsmasq-2.69rc1

2014-03-22 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/03/14 21:41, Toke Høiland-Jørgensen wrote: Please run it if you can, and report any problems. If you can configure DNSSEC and test that, all the better. Installed and running. Fine so far :) Packages available at:

Re: [Dnsmasq-discuss] Polling of hosts file

2014-03-20 Thread Simon Kelley
frequent failures into infrequent and difficult to diagnose failures. Cheers, Simon. On Wed, 2014-03-19 at 09:07 +, Simon Kelley wrote: On 19/03/14 04:04, Franco Broi wrote: Hi Just wondering why dnsmasq doesn't poll the hosts file for changes like it does for resolv.conf? Polling

Re: [Dnsmasq-discuss] configurable 'quiet-dhcp' option

2014-03-20 Thread Simon Kelley
On 18/03/14 06:44, Shantanu Gadgil wrote: Hello, Would it be possible make the 'quiet-dhcp' have configurable sub-options? My scenario is that I have a dnsmasq running in each of my subnets. (about 7 different subnets) I have enabled PXE booting for only servers under my jurisdiction :)

Re: [Dnsmasq-discuss] Polling of hosts file

2014-03-19 Thread Simon Kelley
On 19/03/14 04:04, Franco Broi wrote: Hi Just wondering why dnsmasq doesn't poll the hosts file for changes like it does for resolv.conf? Polling files is dangerous. You can get race conditions where the update time changes but the file is still in the process of being written. Polling

Re: [Dnsmasq-discuss] Reverse lookups not working in authoritative mode

2014-03-13 Thread Simon Kelley
On 13/03/14 01:01, Franco Broi wrote: On Wed, 2014-03-12 at 17:29 +, Simon Kelley wrote: On 12/03/14 11:09, Franco Broi wrote: Sorry about the top posting, useless MS webmail. The reason I need the authoritative dns is because I'm in a regional office of a big company. It's

Re: [Dnsmasq-discuss] Reverse lookups not working in authoritative mode

2014-03-12 Thread Simon Kelley
. ___ From: Simon Kelley [si...@thekelleys.org.uk] Sent: Wednesday, March 12, 2014 5:45 AM To: Franco Broi; dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Reverse lookups not working in authoritative mode On 12/03/14 10:27, Franco Broi wrote: Not sure

Re: [Dnsmasq-discuss] Setting dns domain name through dhcpv6

2014-03-08 Thread Simon Kelley
On 07/03/14 21:42, Tom Hendrikx wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I'm using dnsmasq 2.66 to provide my local network with ipv4 dhcp, and ipv6 information requests (ip addressing is handled by my router). I'm able to to provide clients with a dns-server and such

Re: [Dnsmasq-discuss] dnsmasq, NetworkManager and VPNs

2014-03-06 Thread Simon Kelley
On 06/03/14 01:39, Tony Breeds wrote: Hi All, I'm a new user of dnsmasq and I can't see an easy way to do what I want to do. My situation is (probably not that uncommon) I need to connect to a work VPN and while I'm connected to said VPN I need to query work's DNS servers for

Re: [Dnsmasq-discuss] Dnsmasq cache does not fetch new value after cache expired for some record

2014-03-05 Thread Simon Kelley
On 05/03/14 03:39, 胡文峰 wrote: It is repeatable! but I could not found the pattern! I didn't find any problem in the last few days, but now it happened again! The DNS api.m.duoku.com is a CNAME, and the upstream returned the CNAME to my local dnsmasq: Is it correct for the

Re: [Dnsmasq-discuss] DHCP errors with vlans and multiple subnets

2014-03-04 Thread Simon Kelley
eastgaterouter daemon.info http://daemon.info/ dnsmasq-dhcp[9848]: 321826932 sent size: 4 option: 3 router 10.10.10.1 On 3 March 2014 13:31, Simon Kelley si...@thekelleys.org.uk mailto:si...@thekelleys.org.uk wrote: First stage is to set log-dhcp in your configuration, which will add

Re: [Dnsmasq-discuss] IPV6 Prefix Delegation (IA_PD)

2014-03-02 Thread Simon Kelley
On 27/02/14 10:46, Tsachi wrote: Hi all, I might be wrong, but from what I understand from the man (and the code), dnsmasq does not support replying to IA_PD (prefix delegation) requests. You're right, though this may change in the future. Deployed as a router, I have a case which I am

Re: [Dnsmasq-discuss] Recursive DNS on dnsmasq

2014-02-28 Thread Simon Kelley
On 25/02/14 21:34, Matthias Andree wrote: Am 25.02.2014 21:50, schrieb Simon Kelley: I agree that this is definitely a packaging issue rather than an upstream one. Unfortunately, as Debian packager for dnsmasq as well as maintainer, I'm still on the hook! There's an open bug against

Re: [Dnsmasq-discuss] dhcp-broadcast not

2014-02-24 Thread Simon Kelley
On 21/02/14 09:07, Nikita N. wrote: All the clients are quite common, and in use all around the world, if there was a general problem with this, we'd probably have heard about it by now. Hi, well you are hearing it now :) True, but it's not clear what to do about it. The modification to

Re: [Dnsmasq-discuss] IP assigning for wrong network

2014-02-24 Thread Simon Kelley
On 22/02/14 22:58, Tamas Papp wrote: On 02/20/2014 06:12 PM, Simon Kelley wrote: On 19/02/14 23:03, Tamas Papp wrote: hi All, Feb 19 23:49:48 workhorse dnsmasq-dhcp[6678]: DHCPINFORM(eth-clients) 10.0.1.233 70:54:d2:1b:18:59 Feb 19 23:49:48 workhorse dnsmasq-dhcp[6678]: DHCPACK(eth

Re: [Dnsmasq-discuss] It's possible to prevent names from DHCP being resolved whilst keeping then on the leases

2014-02-24 Thread Simon Kelley
On 23/02/14 00:35, klondike wrote: Hi guys, This is yet another dnsmasq question, involving the Gothemburg Hackerspace. After getting localised queries to work (thanks a lot for the hint) I'm trying to get networks reosanably isolated whilst still using (if possible) the same daemon.

[Dnsmasq-discuss] New DNSSEC test release.

2014-02-24 Thread Simon Kelley
I just pushed out a new 2.69 test release, which completes the DNSSEC feature-set with NSEC3 secure denial of existence. Thanks go to Messrs Hunt, Gieben and Mekking for guiding me through that swamp. If you're interested in DNSSEC, please give this a spin.

Re: [Dnsmasq-discuss] IP assigning for wrong network

2014-02-20 Thread Simon Kelley
On 19/02/14 23:03, Tamas Papp wrote: hi All, Feb 19 23:49:48 workhorse dnsmasq-dhcp[6678]: DHCPINFORM(eth-clients) 10.0.1.233 70:54:d2:1b:18:59 Feb 19 23:49:48 workhorse dnsmasq-dhcp[6678]: DHCPACK(eth-clients) 10.0.1.233 70:54:d2:1b:18:59 vweiszfeiler-pc Feb 19 23:49:51 workhorse

Re: [Dnsmasq-discuss] Dnsmasq 2.68 not assign IPv6 address, error -- no addresses available

2014-02-19 Thread Simon Kelley
On 19/02/14 07:46, Da Zhao Y Yu wrote: I found the root cause about this issue. I changed the host file, and wrapped the ipv6 address with [], as below: fa:16:3e:25:f4:31,host-2001-2011-0-f104--3.openstacklocal,*[2001:2011:0:f104::3], * then client can got the targeted IPv6 address. Ah,

Re: [Dnsmasq-discuss] serving EFI and traditional BIOS at the same time

2014-02-19 Thread Simon Kelley
On 19/02/14 14:15, Olaf Hering wrote: On Tue, Feb 18, Olaf Hering wrote: On Tue, Feb 18, Olaf Hering wrote: How should the config look like to offer PXE to old and new VM types at the same time? At least the separation appears to work like that: dhcp-match=x86PC, option:client-arch, 0

[Dnsmasq-discuss] New DNSSEC test release.

2014-02-11 Thread Simon Kelley
I've just tagged 2.69test8, which has some significant fixes to the DNSSEC code. One thing to note: I've also completely changed the way the trust anchors are specified, from DNSKEYS to DS records. If you're using the trust-anchors.conf file I supply, this should be transparent, but if you

Re: [Dnsmasq-discuss] I love this little gem !

2014-02-11 Thread Simon Kelley
On 09/02/14 00:34, Elsie Buck wrote: I just ran across http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2014q1/008009.html which is exactly what I want to do at my home. Why you ask? Well, I have 5 computers (one for each room), 2 file servers, 2 media players and 2 laptops. Not real

Re: [Dnsmasq-discuss] Always Ignore Client Identifier

2014-02-11 Thread Simon Kelley
On 08/02/14 17:42, Linux Luser wrote: dhcp-ignore-clid might just work for the long-term. But I ended up playing around a bit more and I've managed to isolate the part of my config that I believe triggers the problem. Maybe this can be fixed without a dhcp-ignore-clid option? When I set a

Re: [Dnsmasq-discuss] New DNSSEC test release.

2014-02-11 Thread Simon Kelley
On 11/02/14 12:10, Jan-Piet Mens wrote: One thing to note: I've also completely changed the way the trust anchors are specified, from DNSKEYS to DS records. Very nice and, yes, it works. :) All that's left I wish, I wish. NSEC3 is still lurking. is to find a way to obtain those securely

Re: [Dnsmasq-discuss] Debugging

2014-02-11 Thread Simon Kelley
On 11/02/14 15:12, Brian Rak wrote: Is there any way to get additonal debugging information out of dnsmasq? I'm running into an issue where I'm seeing 'DHCPDISCOVER(eth0) X Y no address available', but it's not particularly clear to me why this is happening. Is there a way to log the contents

<    5   6   7   8   9   10   11   12   13   14   >