Re: [Dnsmasq-discuss] dnsmasq stops receiving packets after network restart

2018-09-27 Thread Simon Kelley
On 27/09/18 14:42, Kristian Evensen wrote: > Hi Simon, > > On Wed, Sep 26, 2018 at 7:30 PM Simon Kelley wrote: >> Simplest test is to make whichdevice always return NULL, and see if that >> helps. > > Making whichdevice() always return NULL makes the issue go away.

Re: [Dnsmasq-discuss] No Broadcast Dhcp Offers

2018-09-26 Thread Simon Kelley
On 26/09/18 17:33, Simon Kelley wrote: > On 24/09/18 11:45, gravit...@gmx.com wrote: >> >> Amof, the first and only frames my dongle sends on eth at start, are >> some Dhcp DISCOVER, no arps at all. >> Please note that such Dhcp DISCOVER frames come with the broadca

Re: [Dnsmasq-discuss] dnsmasq stops receiving packets after network restart

2018-09-26 Thread Simon Kelley
On 24/09/18 19:12, Kristian Evensen wrote: > Hello, > > I have some routers running OpenWRT (latest nightly) and that I have > to access remotely (using reverse SSH). When I restart networking > (/etc/init.d/network restart), clients on the LAN can no longer obtain > an IP address using DHCP. If

Re: [Dnsmasq-discuss] No Broadcast Dhcp Offers

2018-09-26 Thread Simon Kelley
On 24/09/18 11:45, gravit...@gmx.com wrote: > > Amof, the first and only frames my dongle sends on eth at start, are > some Dhcp DISCOVER, no arps at all. > Please note that such Dhcp DISCOVER frames come with the broadcast bit > NOT set. > Afaik, that meas my dongle is indeed asking the Dhcp

Re: [Dnsmasq-discuss] TCP DNSSEC request over IPv6 abandoned in v2.79

2018-09-26 Thread Simon Kelley
On 25/09/18 22:15, Chris Staite wrote: > Hi, > > I've recently upgraded my router to an alpha firmware that uses DNSmasq > v2.79. I'm having issues with it performing DNSSEC validation that I didn't > have with the old version of DNSmasq (which I'm not entirely sure which > version it was). >

Re: [Dnsmasq-discuss] Fwd: dig +trace failing

2018-09-19 Thread Simon Kelley
On 19/09/18 13:04, Dominik DL6ER wrote: > Hey Simon, > > On 19.09.2018 13:27, Simon Kelley wrote: >> when rd is not set, never answer >> from the cache, but always forward the query. That would allow dig >> +trace to work. >> >> Does hat seem sensible?

Re: [Dnsmasq-discuss] Seg. fault in cache.c after commt b6f926fb

2018-09-19 Thread Simon Kelley
On 19/09/18 08:59, Kristian Evensen wrote: > Hi Simon, > > Thanks for a quick reply. > > On Wed, Sep 19, 2018 at 12:23 AM Simon Kelley wrote: >> Thanks for the report. The obvious explanation is that whine_malloc() is >> returning NULL, and the code should han

[Dnsmasq-discuss] Duplicate IP detection with fixed IP

2018-09-19 Thread Simon Kelley
On 19/09/18 11:09, Bernard CLABOTS wrote: > Thanks a lot for this answer. > > Indeed, it is a special case as we have a simple two way Request/ACK, > this is also what is seen with some implementations when quickly > unplugging/re-plugging the cable, it is legal AFAIK. > > I also agree on the

Re: [Dnsmasq-discuss] dig +trace failing

2018-09-19 Thread Simon Kelley
The change in question causes dnsmasq to always return SERVFAIL for queries without the "use recursion" bit set. The relevant quote in the reference http://cs.unc.edu/~fabian/course_papers/cache_snooping.pdf is this: Recommendation 2: secondly, and most importantly, non-authoritative requests

Re: [Dnsmasq-discuss] clients of DHCPv6 with constructed IPv6 address range are not notified on address range change

2018-09-18 Thread Simon Kelley
On 18/09/18 23:03, line wrap clean up wrote: > On Tue, Sep 18, 2018 at 11:13:27PM +0200, Andrey Vakhitov wrote: > Hi Simon, > >>> I've set it up as you suggested, initially name resolution seems >>> to work fine. But after some days of operation (and some nightly >>> reconnects) dnsmasq seems to

Re: [Dnsmasq-discuss] clients of DHCPv6 with constructed IPv6 address range are not notified on address range change

2018-09-18 Thread Simon Kelley
On 18/09/18 23:03, line wrap clean up wrote: > Strange thing: sometimes after reconnect I can observe expected behaviour > (like you described it, see log 1), sometimes not (SLAAC-CONFIRM is missing, > see log 2) > > -- log1 > Sep 17 20:22:45 rtr dnsmasq-dhcp[7855]: DHCPv6

Re: [Dnsmasq-discuss] Duplicate IP detection with fixed IP

2018-09-18 Thread Simon Kelley
On 18/09/18 16:59, Bernard CLABOTS wrote: > Hi all, >    I have been trying to replicate an issue of IP conflict on Open-WRT, > the issue is randomly seen, and I expect in real life, it is related to > a de-sync of the lease data base with the actual situation (in case a > switch is between the

Re: [Dnsmasq-discuss] Seg. fault in cache.c after commt b6f926fb

2018-09-18 Thread Simon Kelley
On 18/09/18 11:28, Kristian Evensen wrote: > Hello, > > I recently updated one of my x86-based OpenWRT-routers to the latest > nightly, which bumped dnsmasq to 2.80test6. After the update, I see > that dnsmasq sometimes enters a crash loop. The crash occurs right > startup (SIGSEV), and the

Re: [Dnsmasq-discuss] CERT Vulnerability VU#598349

2018-09-17 Thread Simon Kelley
On 10/09/18 00:19, klondike wrote: > Hi Simon, > > El 08/09/18 a las 19:17, Simon Kelley escribió: >> The question is, should the above configuration be "baked in" to the code? > > Yes. In general it is considered against good practice to provide insane > defa

Re: [Dnsmasq-discuss] clients of DHCPv6 with constructed IPv6 address range are not notified on address range change

2018-09-17 Thread Simon Kelley
On 10/09/18 19:51, Andrey Vakhitov wrote: > Hello Simon & Uwe, > >> unfortunately that problem is seen often with providers in Germany, although >> the large ones no longer >> do it (or allow to disable the disconnect). The problem is that German >> providers automatically >> disconnect the

Re: [Dnsmasq-discuss] WG: clients of DHCPv6 with constructed IPv6 address range are not notified on address range change

2018-09-17 Thread Simon Kelley
On 15/09/18 10:05, Andrey Vakhitov wrote: > Hello Uwe, > >>> My recommendation to the reporter: >>> - Don't use stateful DHCPv6 in Germany, that does not work well. You >>> clients should get the addresses using router advertisements. For static > hosts assign static names in your own domain.

Re: [Dnsmasq-discuss] Support for adding CNAME query result to IPSET

2018-09-14 Thread Simon Kelley
On 13/09/18 10:08, Wojtek Swiatek wrote: > > > Le sam. 8 sept. 2018 à 15:45, Simon Kelley <mailto:si...@thekelleys.org.uk>> a écrit : > > No, that's a different problem. your target name "vpnin.swtk.info > <http://vpnin.swtk.info>" is >

Re: [Dnsmasq-discuss] clients of DHCPv6 with constructed IPv6 address range are not notified on address range change

2018-09-09 Thread Simon Kelley
Dnsmasq doesn't implement RECONFIGURE. It probably should. The main problem, from a quick look at the RFC, is that RECONFIGURE mandates use of security mechanism, and dnsmasq doesn't implement that either! The intention is that address change is a gradual process. The old address gets deprecated

[Dnsmasq-discuss] CERT Vulnerability VU#598349

2018-09-08 Thread Simon Kelley
https://www.kb.cert.org/vuls/id/598349 The essence of this is that an attacker can get a DHCP lease whilst claiming the name "wpad" and thus insert the name wpad.example.com in the local DNS pointing the attacker's machine. The presence of that A record allows control of the proxy settings of any

Re: [Dnsmasq-discuss] How to declare dnsmasq as authoritative for the 10.x subnet?

2018-09-08 Thread Simon Kelley
On 06/09/18 15:36, Wojtek Swiatek wrote: > Hello everyone, > > Following the documentation for auth-zone, I tried to declare my dnsmasq > server as authoritative for the 10.0.0.0/8 zone (I > server several IP sub-ranges in 10.x). Unfortunately, whatever I try I > end up with >

Re: [Dnsmasq-discuss] Support for adding CNAME query result to IPSET

2018-09-08 Thread Simon Kelley
xelem 65536 > Size in memory: 88 > References: 0 > Number of entries: 0 > Members: > > > Cheers, > Wojtek > > > Le mar. 4 sept. 2018 à 01:21, Simon Kelley <mailto:si...@thekelleys.org.uk>> a écrit : > > Are you sure? It seems to work for me.

Re: [Dnsmasq-discuss] Support for adding CNAME query result to IPSET

2018-09-03 Thread Simon Kelley
Are you sure? It seems to work for me. srk@holly:~/dnsmasq/dnsmasq$ src/dnsmasq -d -p 1 --log-queries --ipset=/www.comcast.com/test dnsmasq: started, version 2.80test4 cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack

Re: [Dnsmasq-discuss] Questions on DHCPv6 configuration; having problems getting it to work the way I want

2018-08-31 Thread Simon Kelley
an example? If there isn't such an > option, any chance of adding one in a future release? See above, the problem is the protocol, not the implementation. Cheers, Simon. > > Many thanks, > > Chris >   > > -

Re: [Dnsmasq-discuss] Questions on DHCPv6 configuration; having problems getting it to work the way I want

2018-08-26 Thread Simon Kelley
On 25/08/18 16:58, Chris Jenkins wrote: > I'm trying to setup DNSmasq on my macOS server to do the following (and only > the following): > > - No DNS functionality (handles elsewhere) > > - No DHCP functionality (handled elsewhere) > > - Only DHCPv6 functionality > > 1. Assign

Re: [Dnsmasq-discuss] Go to /etc/hosts for target of a CNAME

2018-08-24 Thread Simon Kelley
If I've understood the situation correctly, the solution is to replicate the CNAME in dnsmasq cname=host.dcpx.org,host.cityname.dcpx.org that way you'll get an answer to the query for host.dcpx.org which a cname to host.cityname.dcpx.org and an A record for host.cityname.dcpx.org from

Re: [Dnsmasq-discuss] [PATCH] Various fixes detected by static analysis

2018-08-21 Thread Simon Kelley
On 21/08/18 21:22, Petr Mensik wrote: > Hi Simon and all others, > > I have tried running dnsmasq under coverity, static analysis tool. It > found some warnings. I have fixed some things. Most obvious error was > inconsistent handling of buffer length of interface names. Buffer size > is IFNAMSIZ

Re: [Dnsmasq-discuss] DNS query random ports

2018-08-21 Thread Simon Kelley
On 10/08/18 13:37, Petr Menšík wrote: > Hello, > > we discovered our dnsmasq were using also privileged source ports when > sending queries. Interesting enough, it has right to do it, because it > has to listen also on privileged port. It never drops such privilege. > > It was fixed in commit

Re: [Dnsmasq-discuss] [PATCH] dhcpv6: fix unaligned access crash on aarch64

2018-08-21 Thread Simon Kelley
Thanks for chasing that down. Your patch will fix it, but I think it's probably better to solve the problem at source, where we copy addresses out of packets, rather than pass unaligned pointers to struct in6_addr around and patch things up at the other end. That stops this coming and biting us

Re: [Dnsmasq-discuss] DNSMASQ failing to return SRV records with loss of communication to a single DNS server

2018-08-17 Thread Simon Kelley
I think that the source of the problem here is > ;; Truncated, retrying in TCP mode. Dnsmasq is forwarding the query via UDP, and getting a reply, but it has the bit set which says "the reply is too big for your UDP packet, try again using TCP." That gets returned to your requester, which

Re: [Dnsmasq-discuss] Ignore DHCP request based on "client name"?

2018-08-08 Thread Simon Kelley
On 08/08/18 13:37, Hugo Segovia wrote: > El Wed, 8 Aug 2018 10:31:01 +0100 > Simon Kelley escribió: >> dhcp-match does a substring match, not a regexp or wildcard one: the * >> character is not special. Your attempts are therefore looking for a >> substring "androi

Re: [Dnsmasq-discuss] subdomains and dhcp

2018-08-08 Thread Simon Kelley
You can do what you want, but there are limitations. You'll need to split your test, stag and prod hosts 1into different IP address ranges. This will probably mean giving them fixed addresses. Then declare the various domains and the subnets associated with them, for example.

Re: [Dnsmasq-discuss] Ignore DHCP request based on "client name"?

2018-08-08 Thread Simon Kelley
: > El Mon, 6 Aug 2018 20:39:53 +0100 > Simon Kelley escribió: >> Use dhcp-match to set a tag based on the existence of the "android" >> substring in the hostname option, and then dhcp-ignore to ignore all >> clients with that tag set. >> >> >>

Re: [Dnsmasq-discuss] Ignore DHCP request based on "client name"?

2018-08-06 Thread Simon Kelley
Use dhcp-match to set a tag based on the existence of the "android" substring in the hostname option, and then dhcp-ignore to ignore all clients with that tag set. Simples! Simon. On 04/08/18 16:32, Hugo Segovia wrote: > Hello! > > First, for "client name" I mean the fourth field in an

Re: [Dnsmasq-discuss] Zone transfer fails without any error

2018-08-04 Thread Simon Kelley
OK, I'm confused about the serial problem. I just tested here, and it works as I described. Could you post you complete config here, or mail it direct to me? Cheers, Simon. On 03/08/18 20:02, Wojtek Swiatek wrote: > > > Le ven. 3 août 2018 à 20:58, Simon Kelley &

Re: [Dnsmasq-discuss] Zone transfer fails without any error

2018-08-03 Thread Simon Kelley
On 03/08/18 18:26, Wojtek Swiatek wrote: > > > Le ven. 3 août 2018 à 19:18, Simon Kelley <mailto:si...@thekelleys.org.uk>> a écrit : > > The serial number is initialised when dnsmasq starts up to the current > time (seconds since 1st Jan 1970). > >

Re: [Dnsmasq-discuss] Zone transfer fails without any error

2018-08-03 Thread Simon Kelley
The serial number is initialised when dnsmasq starts up to the current time (seconds since 1st Jan 1970). This should ensure that it always increases when dnsmasq is restarted. The serial number is also increased by one when /etc/hosts is re-read by sending SIGHUP and when the DHCP lease database

Re: [Dnsmasq-discuss] Zone transfer fails without any error

2018-08-03 Thread Simon Kelley
On 03/08/18 13:16, Wojtek Swiatek wrote: > > > Le ven. 3 août 2018 à 14:06, Simon Kelley <mailto:si...@thekelleys.org.uk>> a écrit : > > > What's the result of doing > > dig @192.168.0.10 <http://192.168.0.10> SOA swtk.info <http://swtk.

Re: [Dnsmasq-discuss] Servfail/bogus with DNSSEC and local unbound TLD

2018-08-03 Thread Simon Kelley
Actually, my previous reply was wrong, you'll need to use the config server=/local.tld/ to make this work. Cheers, Simon. On 03/08/18 14:51, Simon Kelley wrote: > As far as I can tell, the Pihole instructions for configuring Unbound > specify that the local TLD should be conf

Re: [Dnsmasq-discuss] FAQ? dhcp-script does not receive any action for Windows 10 dhcp client

2018-08-03 Thread Simon Kelley
Nicolas's suggestion is a good one. The dhcp-script gets called when the DHCP lease database changes. If the DHCP interaction doesn't update the database, it won't get called. A DHCPINFORM query is the most obvious way in which that could happen. Cheers, Simon. On 02/08/18 09:30, Nicolas

Re: [Dnsmasq-discuss] Zone transfer fails without any error

2018-08-03 Thread Simon Kelley
On 02/08/18 22:15, Wojtek Swiatek wrote: > Hello everyone > > I wanted to set up another DNS server (unfortunately bind as, again > unfortunately, dnsmasq does not support being a secondary server). > > The zone transfer is initiated from the secondary but I see (on that > secondary): > >

Re: [Dnsmasq-discuss] dnsmasq end of cache dump

2018-07-31 Thread Simon Kelley
There's no end-of-dump marker; I guess your application was never envisaged. A patch to add one would be simple. As a woraround: a cache dump always _starts_ with the line time so if you dumped the cache twice, the start of the second dump would serve as a unique marker for the end of the

Re: [Dnsmasq-discuss] Using synth-domain without prefix SEGVs

2018-07-30 Thread Simon Kelley
The prefix optional, so not only should it not crash, but it should do something sensible with such an option. Fix committed. Thanks for the bug report. Cheers, Simon. On 29/07/18 12:39, Andreas Engel wrote: > I recently tried to update my running dnsmasq from 2.78 to 2.79 but it >

Re: [Dnsmasq-discuss] Google's DNS and Insecure DS reply received, do upstream DNS servers support DNSSEC?

2018-07-29 Thread Simon Kelley
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 +dnssec DS myqnapcloud.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58059 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0,

Re: [Dnsmasq-discuss] ubus FTBFS fix

2018-07-29 Thread Simon Kelley
Gah, thanks. I broke the cardinal rule: never commit code you've tweaked and not compiled. I've modified my "dogfood" openWRT build to enable the UBUS code now, so I should pick this stuff up in future. Testing would be great, if you get chance. Cheers, Simon. On 28/07/18 13:32, Kevin

Re: [Dnsmasq-discuss] Question about the behavior of options 66 and 67

2018-07-25 Thread Simon Kelley
"odd" client behaviour. Cheers, Simon. > I’m hoping not, and will explore the use of —dhcp-boot.. > >> On Jul 25, 2018, at 10:11 AM, Simon Kelley wrote: >> >> This dnsmasq configuration is relevant: >> >> --dhcp-no-override >> (IPv4 only

Re: [Dnsmasq-discuss] What is memory usage per cached dns address

2018-07-25 Thread Simon Kelley
A cache entry for one DNS address, on a 64 bit machine, with IPv6 support compiled in, is 100 bytes. A few other datastructures grow in proportion to the cache size, but not by much. If you assumed 128 bytes per cache entry that should be pretty close. That gives memory usage around 62Mb for you

Re: [Dnsmasq-discuss] Question about the behavior of options 66 and 67

2018-07-25 Thread Simon Kelley
This dnsmasq configuration is relevant: --dhcp-no-override (IPv4 only) Disable re-use of the DHCP servername and filename fields as extra option space. If it can, dnsmasq moves the boot server and filename information (from --dhcp-boot) out of their dedicated

Re: [Dnsmasq-discuss] Using DNSSEC validated SSHFP records

2018-07-21 Thread Simon Kelley
On 19/07/18 23:40, Jeff Kopera wrote: > Hi, > > I am wondering if it is possible to use dnsmasq to store SSHFP records > and then make use of them when using ssh with the VerifyHostKeyDNS=yes > option. > > I'm able to get the SSHFP into dnsmasq making use of dns-rr, but when I > run ssh I get

Re: [Dnsmasq-discuss] dnsmasq not responding to DHCPv6 DHCPCONFIRM messages attempting to confirm an unknown lease

2018-07-20 Thread Simon Kelley
One line patch to log DHCPCONFIM failure applied. That seems sensible. Thanks for the suggestion, and apologies for leading you up a blind alley. Cheers, Simon. On 20/07/18 15:43, Michael Marley wrote: > On 2018-07-20 09:01, Michael Marley wrote: > >> Hi, >> >> I have dnsmasq set to be a

Re: [Dnsmasq-discuss] [PATCH] allow multiple Classless Route Options

2018-07-20 Thread Simon Kelley
On 20/07/18 08:55, Roy Marples wrote: > On 19/07/2018 21:34, Simon Kelley wrote: >> This generates multiple instance of the DHCP option 121 in the DHCP >> reply packet, which isn't strictly legal. > > What makes you think it's not legal? > RFC3442 makes no menti

Re: [Dnsmasq-discuss] [PATCH] allow multiple Classless Route Options

2018-07-19 Thread Simon Kelley
This generates multiple instance of the DHCP option 121 in the DHCP reply packet, which isn't strictly legal. You can include an option 121 with as many routes as you want quite easily withouyt patching the code. --dhcp-option=121,127.0.0.1/8,1.2.3.4,192.168.0.0/16,3.4.5.6 Cheers, Simon.

Re: [Dnsmasq-discuss] [PATCH v2 3/3] Document the --help option in the french manual

2018-07-19 Thread Simon Kelley
Patches applied. Many thanks. Cheers, Simon. On 09/07/18 17:27, Olivier Gayot wrote: > The option was already described in the original manual page but was not > replicated in the french translation. > > Reviewed-By: Nicolas Cavallari > --- > man/fr/dnsmasq.8 | 7 +++ > 1 file

Re: [Dnsmasq-discuss] cannot start dnsmasq

2018-06-29 Thread Simon Kelley
It's a bad interaction between two packages and it's proving difficult to get the maintainers for jessie to sort it. The problem is that the format of a file in dns-root-data changed. The simplest solution would be to remove the dns-root-data package from your install. Cheers, Simon. On

Re: [Dnsmasq-discuss] DNSSEC passtrough

2018-06-29 Thread Simon Kelley
Dnsmasq does pass on the do-bit, and return DNSSEC RRs, irrespective of of having DNSSEC validation compiled in or enabled. The thing to understand here is that the cache does not store all the DNSSEC RRs, and dnsmasq doesn't have the (very complex) logic required to determine the set of DNSSEC

Re: [Dnsmasq-discuss] dnsmaq responds with DHCPNACK

2018-06-15 Thread Simon Kelley
Do you have dhcp-authoritative set in the dnsmasq configuration? Simon. On 14/06/18 14:02, Budai Laszlo wrote: > Hello, > > we have an openstack install that uses dnsmasq for dhcp functionality. > we have 2 ndsmasq processes running for each network (on different > openstack network nodes).

Re: [Dnsmasq-discuss] Non-monotonic serial number in log-queries=extra

2018-06-15 Thread Simon Kelley
I guess it would, subject to lots of concurrency worries about atomic updates, etc. The question is, why would you bother? The existing code achieves the aim, which is that the logged id on all lines associated with a query is the same, and it's different from the logged id of any other query.

Re: [Dnsmasq-discuss] Slow resolving

2018-06-12 Thread Simon Kelley
On 17/05/18 04:33, Lars Noodén wrote: > On 05/12/2018 01:47 AM, Simon Kelley wrote: >> On 10/05/18 18:47, Lars Noodén wrote: > [snip]>> As a work around until I get that sorted, what should I set in > the mean >>> time so that dnsmasq does not to forward any DNS quer

Re: [Dnsmasq-discuss] [PATCH] dnsmasq.8: uniform formatting style for options

2018-06-12 Thread Simon Kelley
Great work. Patch applied. Many thanks. Simon. On 07/06/18 22:13, Peter Pöschl wrote: > Hi, > > The following patch on top of current master commit 090856c7e6 causes > consistent formatting for all options: > > * Always use the long option form, except when options are introduced. > > *

Re: [Dnsmasq-discuss] Fwd: [PATCH] Add GetServers call to DBus API

2018-06-12 Thread Simon Kelley
Happy to apply the patch in principle. However the patch as supplied has unrelated changes to do with using the session, rather than system, bus when in debug mode. If that's useful, could it become a separate patch, which also updates the man page for the -d option. If not could it be removed.

Re: [Dnsmasq-discuss] Dnsmasq stops caching for a while on receive of failed or retried lookup?

2018-06-12 Thread Simon Kelley
config file so that's literally all the config other > than defaults applied by dnsmasq > > dnsmasq -v > Dnsmasq version 2.78  Copyright (c) 2000-2017 Simon Kelley > Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 > no-Lua TFTP no-conntrack i

Re: [Dnsmasq-discuss] Reverse IPv6 domain issue

2018-06-12 Thread Simon Kelley
Tracing back through git, that seems to have been broken from birth. Patch applied. Many thanks. Simon. On 09/06/18 00:47, Paul Maddock wrote: > Hi, > > I think I've come across a bug with how the domain is determined for reverse > lookups for IPv6 addresses. Having set a domain config with

Re: [Dnsmasq-discuss] [ip/address association]

2018-06-12 Thread Simon Kelley
Can you explain exactly what you're trying to do? Simon. On 12/06/18 07:05, Michael Mill wrote: > Hi Simon, > > I am not entirely clear on this. Is there a specific variable which > contains the relevant IP/information? (In cache.c) > > Thanks, > Michael. > > On 11/

Re: [Dnsmasq-discuss] [ip/address association]

2018-06-11 Thread Simon Kelley
daemon-namebuff is justa working variable. Look at the cache.c module for name->IP lookups. Simon. On 11/06/18 11:20, Michael Mill wrote: > Good day, > > I see that the daemon/namebuff value stores the relevant domain > information for the query. > I need the IP address associated with this

Re: [Dnsmasq-discuss] DHCPv6 with dnsmasq for automated deployments

2018-06-05 Thread Simon Kelley
> > Alternatively: > Does somebody know of a clean way to administratively expire a lease handed > out by dnsmasq? > Then deployment tooling could forcefully expire an old lease when > reinstalling a node, and after the final reboot in the installed OS. > > Right now, I only know one

Re: [Dnsmasq-discuss] Wildcard CNAMEs - unexpected behaviour.

2018-06-05 Thread Simon Kelley
tative + DHCP entries supposed to work? Yes, but there are rules. Check the man page. Simon. > > thanks > Stephen > > On Sat, 2 Jun 2018 at 18:09 Simon Kelley <mailto:si...@thekelleys.org.uk>> wrote: > > On 29/05/18 23:11, Stephen Howell wrote: >

Re: [Dnsmasq-discuss] DHCPv6 with dnsmasq for automated deployments

2018-06-03 Thread Simon Kelley
I agree that this is an annoying problem. In DHCPv6 even determining the MAC address of a client is a slightly dodgy operation - there are circumstances where it's not possible. That notwithstanding, dnsmasq does it's best, and allows you to configure an address to allocated by MAC address. The

Re: [Dnsmasq-discuss] Two questions about authoritative mode

2018-06-02 Thread Simon Kelley
On 31/05/18 11:50, Raphaël Halimi wrote: > Hi, > > I have two questions about authoritative mode. > > I have a home LAN, with a classic Bind / ISC DHCP / HPA TFTP setup > (started long before dnsmasq ever existed). > > Recently I decided to rent a server to externalize some public services >

Re: [Dnsmasq-discuss] Wildcard CNAMEs - unexpected behaviour.

2018-06-02 Thread Simon Kelley
On 29/05/18 23:11, Stephen Howell wrote: > Hi, > > I'm an occasional sysadmin and I was looking to setup a round-robin > wildcard CNAME for a test project at home. I checked the dnsmasq docs > and saw: > > *--cname* as long as the record name is in the authoritative domain. If > the target of

Re: [Dnsmasq-discuss] dnssec queries with --bogus-priv

2018-06-02 Thread Simon Kelley
Hi Kevin, Can you include the context of these lines? When I query x.y.168.192.in-addr-arpa without --bogus-priv I get SERVFAIL, because Google public DNS returns an unsigned reply to dnssec-query[DS] 168.192.in-addr.arpa but with --bogus-priv I get a local answer which never gets validated,

Re: [Dnsmasq-discuss] upstream server selection algorithm - bug?

2018-06-02 Thread Simon Kelley
Note that trying all servers frequently has no performance hit, apart from the marginal extra bandwidth and upstream load. The original requestor still gets an answer as soon as the fastest server responds. (The parameters controlling this are in src/config.h) Cheers, Simon On 15/05/18

Re: [Dnsmasq-discuss] DHCP failure when changing SSID on same network

2018-06-02 Thread Simon Kelley
On 14/05/18 18:50, Chris Green wrote: > I have a large house and run two Draytek Vigor routers to provide full > coverage. The 'main' router is a Draytek 2860n which has the VDSL > connection to the internet. The second router is a Draytek Vigoer > 2820n which has no WAN connections and just has

Re: [Dnsmasq-discuss] DHCP option 121, handling of interface address

2018-06-02 Thread Simon Kelley
0.0.0.0 as router address in an option-121 is defined in the RFC to mean something different, so substituting it in dnsmasq would be bad. quote RFC 3442 Local Subnet Routes In some cases more than one IP subnet may be configured on a link. In such cases, a host whose IP address is in one

Re: [Dnsmasq-discuss] Upstream DNS server update

2018-06-02 Thread Simon Kelley
It will detect servers coming and going. There's no need to restart. Cheers, Simon. On 14/05/18 10:22, Prasad K wrote: > Hi, > >    Can dnsmasq automatically starting using an upstream DNS server which > was unavailable for a short duration and came back online ?  > > For example :

Re: [Dnsmasq-discuss] Router Advertisement: Prefix-Specific Options?

2018-06-02 Thread Simon Kelley
: > Simon Kelley wrote: > >> Apologies, there's no way to sue the solution I suggested in current >> dnsmasq, it was a possible future enhancement. >> >> On 17/04/18 00:16, Luis Marsano wrote: >>> Yes, I’d expect that to work, though I’d only know after testin

Re: [Dnsmasq-discuss] dnsmasq handling of duplicate hostnames

2018-05-13 Thread Simon Kelley
The current behaviour is deliberate. It's actually the last Mac address to get a DHCP lease which gets the name, and it's to allow a host with multiple interfaces (possibly on multiple networks) to always have it's name associated with a currently-in-use interface. Cheers, Simon. On 12/05/18

Re: [Dnsmasq-discuss] Slow resolving

2018-05-11 Thread Simon Kelley
On 10/05/18 18:47, Lars Noodén wrote: > Watching the packets going in and out of the router, I think the problem > relates to this being on a multi-tenant firewall. That's beyond the > scope of this list. > > As a work around until I get that sorted, what should I set in the mean > time so that

Re: [Dnsmasq-discuss] [PATCH] Warn about the impact of cache-size on performance

2018-05-11 Thread Simon Kelley
On 09/05/18 12:13, Geert Stappers wrote: > --- > man/dnsmasq.8| 2 +- > man/es/dnsmasq.8 | 3 ++- > man/fr/dnsmasq.8 | 3 ++- > 3 files changed, 5 insertions(+), 3 deletions(-) > > Note that this patch contains non-ASCII characters, > those might be mangled during transport ... > They

Re: [Dnsmasq-discuss] [PATCH] Remove upper limit of 10, 000 for cache size

2018-05-11 Thread Simon Kelley
OK, I removed the limit, but added a big logged warning if you exceed it Cheers, Simon. On 09/05/18 13:00, Dominik DL6ER wrote: > [PATCH] Remove upper limit of 10,000 for cache size > > Signed-off-by: Dominik Derigs > --- >  src/option.c | 2 -- >  1 file changed, 2

Re: [Dnsmasq-discuss] No unsolicited RAs on interface that doesn't exist at startup

2018-05-11 Thread Simon Kelley
Patch slightly rearranged and applied. Thanks, Simon. On 10/05/18 21:07, Maarten de Vries wrote: > I noticed that dnsmasq often wasn't sending any unsolicited RAs for me. > > This turned out to happen when the interface (a bridge interface) wasn't > created yet at the time dnsmasq started.

Re: [Dnsmasq-discuss] Slow resolving

2018-05-10 Thread Simon Kelley
It looks like dnsmasq is forwarding the queries to the upstream servers, but never getting any answers, so it never answers the original requestor. If you have other servers in the /etc/resolv.conf of the requestor, then they will be used after the query to dnsmasq has timed out (assuming the

Re: [Dnsmasq-discuss] Slow resolving

2018-05-10 Thread Simon Kelley
It's likely to be a problem with one or more of the upstream servers. I suggest setting the dnsmasq "log-queries" option and then examining what servers the slow query was sent to, and how long they took to reply, or of they didn't reply at all. Cheers, Simon On 10/05/18 07:35, Lars Noodén

Re: [Dnsmasq-discuss] Remove upper limit of 10,000 for cache size

2018-05-10 Thread Simon Kelley
On 09/05/18 10:21, Dominik DL6ER wrote: > Dear Geert and mailinglist members, > >> Thing I wonder about is how the cache size clipping was discovered. > I recently sent a SIGUSR1 to our dnsmasq because a user said that some > queries have continuously been answered NXDOMAIN although they >

Re: [Dnsmasq-discuss] Reponse time is huge for big payload SRV record on dnsmasq servers

2018-05-09 Thread Simon Kelley
s not supported.  Is there anyway we Not sure what you mean by "multiple line" Simon. > can cache the TCP query?? > > Regards > Harish Shetty > > On Wed, May 9, 2018 at 1:42 AM, Simon Kelley <si...@thekelleys.org.uk > <mailto:si...@thekelleys.org.uk>> wrote:

Re: [Dnsmasq-discuss] [PATCH] Remove upper limit of 10, 000 for cache size

2018-05-08 Thread Simon Kelley
The reason for the limit is actually performance: there may be plenty of RAM, but the larger the cache is, the slower it is. This is true for reverse (PTR) queries, which are less optimised than normal forward queries. I accept that the limit may now be too small, but it would be worth doing some

Re: [Dnsmasq-discuss] Reponse time is huge for big payload SRV record on dnsmasq servers

2018-05-08 Thread Simon Kelley
server we are seeing the response  on avg of 100 to > 200 ms. > > Is there anyway we can make DNS query faster in dnsmasq  server, because > it is making our application timeouts. > > Regards > Harish Shetty > > On Mon, May 7, 2018 at 7:03 PM, Simon Kelley <s

Re: [Dnsmasq-discuss] Reponse time is huge for big payload SRV record on dnsmasq servers

2018-05-07 Thread Simon Kelley
That's large enough to need TCP. What I'd expect top happen is that the upstream server returns an answer with the truncated bit setin the header. This answer gets returned by dnsmasq to the original requestor. The original requestor makes a TCP connection to dnsmasq and re-sends the query.

Re: [Dnsmasq-discuss] Fwd: SERVFAIL logging

2018-05-04 Thread Simon Kelley
5353 > is my local unbound, port 53 is dnsmasq). > Thanks. It's not the smoking gun, but it is more data. Cheers, Simon. > Best, > Dominik > > > On 04.05.2018 16:35, Simon Kelley wrote: >> It could certainly be added, and would be useful thing to do. >> >> I'

Re: [Dnsmasq-discuss] SERVFAIL logging

2018-05-04 Thread Simon Kelley
It could certainly be added, and would be useful thing to do. I'm actually more interested in the wrong/strange behaviour you mention, since there's some evidence of this, and it seems to be problems with the answers from upstream servers, but we can't identify which servers are causing the

Re: [Dnsmasq-discuss] 2.79 SOMETIMES fails with SERVFAIL

2018-05-02 Thread Simon Kelley
First question: Are you setting the dnssec-check-unsigned option in your configuration? There's a bug in 2.79 which means that you're using that option even if you don't explictly set it, so that would be an immediate large change from the upgrade. Second question: what happens if you forward

Re: [Dnsmasq-discuss] ubus and metrics

2018-04-26 Thread Simon Kelley
Looking at the patch again, I think there's a problem with the original Ubus patch. Because of where the ubus code is called in log_packet, Ubus broadcasts will be suppressed by --quiet-dhcp. I doubt that's intended behaviour. It should at least be noted the both the UBus and metrics patches are

Re: [Dnsmasq-discuss] ubus and metrics

2018-04-26 Thread Simon Kelley
On 24/04/18 08:30, Julian Kornberger wrote: > On 24.04.2018 01:07, Simon Kelley wrote: >>> Where does the DBUS raise a fatal error if support is missing? I >>> couldn't find anything in the code. >> src/dnsmasq.c: > Ok, I only searched in src/option.c > >>

Re: [Dnsmasq-discuss] ubus and metrics

2018-04-23 Thread Simon Kelley
I edit using emacs, and never see a problem. A massive edit would generate a huge number of spurious changes in the git repository. I use "git blame" quite often and don't want to find that it tells me half the lines were last changed in the great re-tab. Is there any advantage to doing it? c

Re: [Dnsmasq-discuss] ubus and metrics

2018-04-23 Thread Simon Kelley
the DBUS version, it should raise a fatal error if the options is set but the UBus code is not compiled in. Cheers, Simon. On 21/04/18 17:40, Julian Kornberger wrote: > On 20.04.2018 23:04, Simon Kelley wrote: >> 1) Conditional compilation. > HAVE_METRICS has been removed. > &g

Re: [Dnsmasq-discuss] feature request: ipset options

2018-04-23 Thread Simon Kelley
I'm no ipset expert, but it looks to me like you can get this effect anyway, by creating the ipset as type hash:ip and specifying a netmask. http://ipset.netfilter.org/ipset.man.html hash:ip The hash:ip set type uses a hash to store IP host addresses (default) or network addresses. Zero valued

Re: [Dnsmasq-discuss] 2.79 Always return a SERVFAIL

2018-04-23 Thread Simon Kelley
Let's keep this simple: Can you query dnsmasq version 2.78 (works) and 2.79 (doesn't work) using dig, and post the results here. There must be a difference between the two replies which is provoking the problem. Cheers, Simon. On 23/04/18 14:18, B. Cook wrote: > Was running a 2.76 machine

Re: [Dnsmasq-discuss] Large number of clients connecting simultaneously

2018-04-23 Thread Simon Kelley
I don't think there's been any changes to this code in the 2.76 - 2.78 timeframe, so I'd be inclined to look elsewhere for this. The ping function is essentially single-threaded, Before sending a DHCPOFFER, dnsmasq sends a ping to the address to be offered and waits a few seconds for a reply. If

Re: [Dnsmasq-discuss] ubus and metrics

2018-04-20 Thread Simon Kelley
Comments, in no particular order. 1) Conditional compilation. Every HAVE_ doubles the number of combinations of compile-time selections, and increases the chances that some set of selections will fail to compile or be buggy. I'm not sure that HAVE_METRICS passes the test for needing control at

Re: [Dnsmasq-discuss] DNS-over-TLS

2018-04-20 Thread Simon Kelley
On 18/04/18 16:44, Daniel wrote:> Hello, > > In October, 2017 Matt Taggart ask for an updated opinion on supporting > DNS-over-TLS, but didn't receive any responses. > > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q4/011804.html > > Is this something Dnsmasq is interested in

Re: [Dnsmasq-discuss] Router Advertisement: Prefix-Specific Options?

2018-04-16 Thread Simon Kelley
On 16/04/18 14:46, Luis Marsano wrote: > Hi, > >   > > Apologies if this was answered before. > > In router advertisements, is there a way to declare one prefix > deprecated without deprecating the others? > >   > > Here’s my situation. > > I’ve been using the dnsmasq option > >

Re: [Dnsmasq-discuss] Error when declaring multiple cnames to a target in a single line

2018-04-16 Thread Simon Kelley
On 11/04/18 12:30, john doe wrote: > Hi, > > I can no longer declare multiple cnames in a single line with the > current version of Dnsmasq on Debian 9. > > The error I'm getting is: > > Apr 11 13:11:07 dnsmasq[1135]: dnsmasq: syntax check OK. > Apr 11 13:11:07 dnsmasq[1138]: dnsmasq: bad TTL

<    1   2   3   4   5   6   7   8   9   10   >