Re: [Dnsmasq-discuss] How does DNSMASQ handle large concurrent configure file updating request requests

2015-01-15 Thread Simon Kelley
at 6:10 AM, Simon Kelley si...@thekelleys.org.uk wrote: Dnsmasq checks for incoming network packets and signals in the same event loop, so the maximum delay to DHCP packets will be the time to read a configuration file once, even if you send 1 SIGUSER1 signals, because the code

Re: [Dnsmasq-discuss] no-dhcp-interface and dhcp-range/ra-only

2015-01-14 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 In this context, ra and dhcpv6 are equivalent, ra if provided as a part of the dhcp service, and the access controls (no-dhcp-interface) operate on both. Hence RA is configured with a dhcp-range. This is a possible documentation problem, but it's

Re: [Dnsmasq-discuss] Fritzbox and frequent router advertisments

2015-01-14 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dnsmasq and avahi are reacting to the prefix2003:57:e342:3800:: which is being alternately added to enp1s0 and then 10 seconds later deprecated, then added again deprecated again. Find out what's causing that, and you'll have found the problem.

Re: [Dnsmasq-discuss] How does DNSMASQ handle large concurrent configure file updating request requests

2015-01-14 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dnsmasq checks for incoming network packets and signals in the same event loop, so the maximum delay to DHCP packets will be the time to read a configuration file once, even if you send 1 SIGUSER1 signals, because the code will interleave

Re: [Dnsmasq-discuss] RSA/SHA1-NSEC3-SHA1 signature bug?

2015-01-14 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks for that. Sadly, neither of those domains provoke the crash for me, so it's not that simple. What's the configuration? It's noticable that all the DNSSEC queries are being sent twice to 85.214.20.141, and there's a retry to 213.73.91.35. I

Re: [Dnsmasq-discuss] RSA/SHA1-NSEC3-SHA1 signature bug?

2015-01-12 Thread Simon Kelley
there says that dnsmasq just crashes after a couple of minutes in operation. I didn't experience any crashes here, but it feels like resolving DNS entries takes ages from time to time... That's all of the feedback I got so far. -Michael On Sat, 2015-01-03 at 15:35 +, Simon Kelley wrote

Re: [Dnsmasq-discuss] DHCP for multiple IP ranges with dnsmasq

2015-01-12 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 A couple of things to start with: First, tell us the version of dnsmasq you're using. Second, add log-dhcp to the configuration file, let you clients attempt to get an address, and see what was logged. Amongst other things, all the tags that

Re: [Dnsmasq-discuss] DHCPv6: Problems w/ multiple interfaces that have identical MACs

2015-01-12 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You're well on the trail. In src/network.c in iface_allowed() there's some code /* check whether the interface IP has been added already we call this routine multiple times. */ for (iface = daemon-interfaces; iface; iface = iface-next)

Re: [Dnsmasq-discuss] dns and cisco router in between

2015-01-11 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 There shouldn't be any need to change the dnsmasq configuration at all. It should just work. Cheers, Simon. On 11/01/15 18:32, Rene Stoutjesdijk wrote: Goodday, unitll now i'm using dnsmasq where the clients are on the same interface (and

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

2015-01-10 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OK, that's useful, but not good. The last thing DNSSEC/IPv6 needs is yet another reason why network access which used to work now doesn't. edns-packet-max=1280 seems to be working fine here. Please let me know if you find anything more. Cheers,

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

2015-01-09 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 A backtrace is the most important starting point. A query log _if_ it's query dependent, but that seems unlikely since it doesn't break when forwarding to IPv4. An easy way to reproduce would be great :-) I can do the same tests here, but it's a

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

2015-01-09 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 An interesting observation: my IPv6 connectivity is via a sixXS tunnel. Resolving isc.org through dnsmasq w/DNSSEC to google's IPv6 DNS servers times out, because dnsmasq was never getting a reply to a query for the DNSKEY RRset for org. This reply

Re: [Dnsmasq-discuss] DNS servers to resolve domain name

2015-01-09 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Normally, queries are sent to just one server, but every so often, a query is sent to both servers, to see which on answers first. The server which answers first is used until the next time the test is done. If a query times out, the retry is done

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

2015-01-08 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OK, it's taken some time, but with this insight, I've recoded the relevant stuff to look for the limits of the signed DNS tree from the DNS root down. That's clearly the correct way to do it, and should avoid the original problem here, caused by

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

2015-01-08 Thread Simon Kelley
to do an opkg update for it.) There shouldn't be any non backwards-compatible changes in dnsmasq to bite you. Don't know about other stuff. Cheers, Simon. On Thu, Jan 8, 2015 at 8:34 AM, Simon Kelley si...@thekelleys.org.uk wrote: OK, it's taken some time, but with this insight, I've recoded

Re: [Dnsmasq-discuss] [PATCH] Fix race condition issue in makefile.

2015-01-05 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Applied. Thanks. Simon. On 04/01/15 10:58, Yousong Zhou wrote: When doing rebuild with `make -j32' or the like, a race condition is likely to occur and the following error be emitted when doing parallel build. make[1]: Entering directory

Re: [Dnsmasq-discuss] adjustment for dhcp_release.c

2015-01-05 Thread Simon Kelley
, Simon Kelley si...@thekelleys.org.uk wrote: I think you're right about the problem. The simplest solution would be to add code the dhcp_release to provide the same circuit-id information that the client would. To be honest dhcp_release is a bit of a hack, and making it work in the general

Re: [Dnsmasq-discuss] RSA/SHA1-NSEC3-SHA1 signature bug?

2015-01-03 Thread Simon Kelley
of our users in testing this pre-release. If that would be of any help, I can try setting up a domain that signs its records by using that algorithm. -Michael On Tue, 2014-12-23 at 16:02 +, Simon Kelley wrote: I just looked at this. Simon's stripeyc.at is now working for me. I

Re: [Dnsmasq-discuss] [PATCH] Let the Makefile be aware of changes in COPTS varaible.

2015-01-03 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 That's nice: fixes something that bites me regularly. Patch tweaked to suit my tastes, and fixed up (Need to delete .conf_* when making a new one, md5sum dnsmasq.h not config.h) Please shout of I broke anything. Applied. Cheers, Simon. On

Re: [Dnsmasq-discuss] adjustment for dhcp_release.c

2015-01-03 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I think you're right about the problem. The simplest solution would be to add code the dhcp_release to provide the same circuit-id information that the client would. To be honest dhcp_release is a bit of a hack, and making it work in the general

Re: [Dnsmasq-discuss] Ignore certain returned DNS response?

2014-12-27 Thread Simon Kelley
have been personally using the patch for over a month without problems. On Oct 9, 2014, at 10:48 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 08/10/14 13:13, Glen Huang wrote: Is it possible to ask dnsmasq to ignore DNS responses whose records match a certain list of ip, and keep

Re: [Dnsmasq-discuss] Problems forwarding DNS lookups for local domain

2014-12-27 Thread Simon Kelley
and excerpts from logs where that configuration is misbehaving. It's fine if you don't want to post system-specific stuff to the list, just send it to me direct. Cheers, Simon. On 22/12/14 19:52, Malte Forkel wrote: Am 21.12.2014 um 18:25 schrieb Simon Kelley: After the SIGHUP, dnsmasq will log

Re: [Dnsmasq-discuss] RSA/SHA1-NSEC3-SHA1 signature bug?

2014-12-23 Thread Simon Kelley
, 2014 11:20:35 PM CEST, Simon Kelley si...@thekelleys.org.uk wrote: On 21/10/14 15:24, SiGe wrote: I experienced that problem myself, posted about it on the mailing list a few days ago. At least it happens on my domain that has both a SHA-1 AND 256 hash. I'm experiencing it with the version

Re: [Dnsmasq-discuss] AAAA requests: long delay or SERVFAIL

2014-12-23 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 My guess is that the SERVFAIL is coming from a server upstream of dnsmasq. Unless told to, dnsmasq overlays the DNS information is has locally onto the global DNS a record-at-a-time, not a domain-name at a time. So if dnsmasq knows the IPv4 address

Re: [Dnsmasq-discuss] AAAA requests: long delay or SERVFAIL

2014-12-23 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Try local=/virt/ the extended domain= syntax is broken in some recent dnsmasq releases. Cheers, Simon. On 23/12/14 19:59, martin f krafft wrote: also sprach Simon Kelley si...@thekelleys.org.uk [2014-12-23 18:14 +0100]: My guess

Re: [Dnsmasq-discuss] Problems forwarding DNS lookups for local domain

2014-12-21 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 21/12/14 11:01, Malte Forkel wrote: Hello, I'm trying to convince two instances of dnsmasq to cooperate while their LANs are connected by a bridged OpenVPN connection. Both LANs use the same domain name and subnet. DHCP traffic through

Re: [Dnsmasq-discuss] No cache for CNAME records that point to the host's address

2014-12-21 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Try the dnsmasq git repo, and specifically this commit, which should fix things. Cheers, Simon. http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cbc652423403e3cef00e00240f6beef713142246 On 18/12/14 12:15,

Re: [Dnsmasq-discuss] interface-name and IPv6 temporary addresses

2014-12-17 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I just pushed changes to the git repo to implement this. Michael, please could you seen if it now behaves as you'd like? Cheers, Simon. On 01/12/14 18:49, Michael Gorbach wrote: On Nov 30, 2014, at 11:17 AM, Simon Kelley si

Re: [Dnsmasq-discuss] named dual homed hosts

2014-12-17 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/11/14 20:27, Eric Johansson wrote: my goal is to make all interfaces in a multi-homed host have the same name so users are directed to the right (local network) interface. I have the following line in subnet specific lease files.

Re: [Dnsmasq-discuss] No cache for CNAME records that point to the host's address

2014-12-17 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The deep reason for this is that the architecture of dnsmasq doesn't allow it to return DNS answers with information that comes from upstream _and_ local information. You have defined the address of itavm0002.muc. locally, but the CNAME comes

Re: [Dnsmasq-discuss] Dnsmasq stops resolving addresses after return from suspend and wlan re-assoc

2014-12-15 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Try git now. realpath() is my friend. Cheers, Simon. On 12/12/14 09:11, Toke Høiland-Jørgensen wrote: Simon Kelley si...@thekelleys.org.uk writes: That sounds sensible, I shall continue my tour around the farther reaches of the Unix

Re: [Dnsmasq-discuss] Cannot set edns-packet-max 4096 with DNSSEC enabled

2014-12-15 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I confess I can't come up with a sensible rationalisation for this, but I think it has something to to with the immediately preceding commit in dnsmasq, which adds, this code. + if (header-hb3 HB3_TC) + { + /*

Re: [Dnsmasq-discuss] Dnsmasq stops resolving addresses after return from suspend and wlan re-assoc

2014-12-12 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/12/14 07:17, Toke Høiland-Jørgensen wrote: Simon Kelley si...@thekelleys.org.uk writes: I just pushed code into git which uses inotify to track changes. Dnsmasq should now re-read the file whenever it is closed after being open

Re: [Dnsmasq-discuss] DHCP on TP-LINK TL-MR3020 running OpenWRT

2014-12-11 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 That's difficult to explain, at least at first glance. Could you look in the log for startup of dnsmasq, it will have logged all the configured IP ranges for DHCP. Is there anything which corresponds to the 0.0.0.145 address? Also, the client

Re: [Dnsmasq-discuss] multiple dhcp ranges?

2014-12-11 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/12/14 17:30, AJ Weber wrote: Is there a way to set multiple dhcp ranges (on the same interface and subnet)? For example, can I set: DHCP Range = 192.168.1.20-100 AND 192.168.1.130-254 I realize it's a strange request, but wondering

Re: [Dnsmasq-discuss] Dnsmasq's upper limit for DHCP clients

2014-12-11 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Vikram, Dnsmasq imposes a hard limit on the number of DHCP leases, to avoid DoS attacks. Old releases used to default this to 150, I think. Current releases have the default at 1000. The limit can be changed with the dhcp-lease-max config

Re: [Dnsmasq-discuss] Dnsmasq stops resolving addresses after return from suspend and wlan re-assoc

2014-12-10 Thread Simon Kelley
Hi Toke, I just pushed code into git which uses inotify to track changes. Dnsmasq should now re-read the file whenever it is closed after being open for write, or when it's moved into the parent directory. I'm pretty sure (unless I've done it wrong) that this will fix your problem. Please could

Re: [Dnsmasq-discuss] [PATCH] Fix conntrack when bind-interfaces option is enabled

2014-12-09 Thread Simon Kelley
On 09/12/14 10:18, Hans Dedecker wrote: Make sure dst_addr is assigned the correct address in receive_query when OPTNOWILD is enabled so the assigned mark can be correctly retrieved and set in forward_query when conntrack is enabled. Signed-off-by: Hans Dedecker dedec...@gmail.com Patch

Re: [Dnsmasq-discuss] Cannot override DHCP server-identifier (option 54) ?

2014-12-04 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/12/14 10:04, Benjamin Picardat wrote: Hello, So I dug around a bit in the code, and I think my line in the configuration dhcp-option=tag:eth2,54,192.168.0.10 is ignored because server-identifier is tagged OT_INTERNAL in opttab[]

Re: [Dnsmasq-discuss] interface-name and IPv6 temporary addresses

2014-12-01 Thread Simon Kelley
On 01/12/14 18:49, Michael Gorbach wrote: On Nov 30, 2014, at 11:17 AM, Simon Kelley si...@thekelleys.org.uk wrote: On 29/11/14 19:18, Michael Gorbach wrote: Hi All, I've got a question and potential enhancement request. It looks like right now, the (very useful) interface-name feature

Re: [Dnsmasq-discuss] Vulnerability to hack DNSMASQ?

2014-11-30 Thread Simon Kelley
On 28/11/14 21:44, Michael Rack wrote: Hi! My DNSMASQ Process was open to anyone on the Internet. Since few days, i had many service interruptions, so i did a network-monitoring and found, that DNSMASQ had many connections open. It looks like a DDoS - also it felt for me as one.

Re: [Dnsmasq-discuss] interface-name and IPv6 temporary addresses

2014-11-30 Thread Simon Kelley
On 29/11/14 19:18, Michael Gorbach wrote: Hi All, I've got a question and potential enhancement request. It looks like right now, the (very useful) interface-name feature pulls all (global) addresses from the interface. One of my machines uses IPv6 privacy extensions (known in Linux as

Re: [Dnsmasq-discuss] rebind-protection vs servers-file

2014-11-24 Thread Simon Kelley
On 22/11/14 23:06, Dave Taht wrote: I have been fiddling with improving my internal dns, by creating a file that has all my internal dns servers in it that I can easily copy everywhere. Example serversfile. server=/rossow.r.lupinlodge.org/172.23.143.9

Re: [Dnsmasq-discuss] Trying to get hnetd working, trying to get distributed dns better

2014-11-24 Thread Simon Kelley
On 23/11/14 17:16, Dave Taht wrote: I setup a bunch of picostations running openwrt barrier breaker to try and get hnetd working, some details here: https://plus.google.com/u/0/107942175615993706558/posts/jV9WJyEYGGP Ran into problems also with getting reverse dns to work right. You're

Re: [Dnsmasq-discuss] MX resolving on each request

2014-11-24 Thread Simon Kelley
On 24/11/14 15:02, Christoph Kaminski wrote: Hi it is normal that dnsmasq tries to resolve the MX record on each request to the forwarder? how can I turn it off? It is possible to cache this to? the goal is to make a local caching server what is able 'to survive' some time without any

Re: [Dnsmasq-discuss] Only TFTP boot clients with specific MAC addresses

2014-11-24 Thread Simon Kelley
On 23/11/14 01:09, Synchunk wrote: Hey, I'm trying to create a web interface where you can select which computers should boot using TFTP. Other computers should get a DHCP lease, but then continue to boot normally (without PXE). I went through the mailing list archive and found:

Re: [Dnsmasq-discuss] Ignore certain returned DNS response?

2014-11-19 Thread Simon Kelley
, Simon Kelley si...@thekelleys.org.uk wrote: On 08/10/14 13:13, Glen Huang wrote: Is it possible to ask dnsmasq to ignore DNS responses whose records match a certain list of ip, and keep waiting for another response? The rational behind this is that in China, when querying a domain like

Re: [Dnsmasq-discuss] dnsmasq interaction with Android logcat

2014-11-18 Thread Simon Kelley
Not sure what's happening here, but the use of logwrapper is rather strange. As I understand it that logs whatever the child process send to stdout. But dnsmasq has a proper logging system which is aware of the android logging system and calls __android_log_vprint() (look for ANDROID in src/log.c

Re: [Dnsmasq-discuss] RSA/SHA1-NSEC3-SHA1 signature bug?

2014-10-22 Thread Simon Kelley
On 21/10/14 15:24, SiGe wrote: I experienced that problem myself, posted about it on the mailing list a few days ago. At least it happens on my domain that has both a SHA-1 AND 256 hash. I'm experiencing it with the version currently shipped in the current stable OpenWRT version. So you're

Re: [Dnsmasq-discuss] Ignore certain returned DNS response?

2014-10-14 Thread Simon Kelley
On 10/10/14 03:28, microcai wrote: 在 2014年10月8日 星期三 20:13:33,Glen Huang 写道: Is it possible to ask dnsmasq to ignore DNS responses whose records match a certain list of ip, and keep waiting for another response? The rational behind this is that in China, when querying a domain like

Re: [Dnsmasq-discuss] IPv6 ra-advrouter mode doesn't create the appropriate AAAA records

2014-10-14 Thread Simon Kelley
On 14/10/14 04:09, Nilesh Govindrajan wrote: Hi list, I'm playing with IPv6 after getting a tunnel from HE. I have configured dnsmasq as: domain-needed resolv-file=/etc/resolv.dnsmasq strict-order interface=eth0 interface=lo no-dhcp-interface=lo bind-interfaces expand-hosts

Re: [Dnsmasq-discuss] IPv6 ra-advrouter mode doesn't create the appropriate AAAA records

2014-10-14 Thread Simon Kelley
On 14/10/14 19:33, Nilesh Govindrajan wrote: On Tue, Oct 14, 2014 at 11:19 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 14/10/14 04:09, Nilesh Govindrajan wrote: Hi list, I'm playing with IPv6 after getting a tunnel from HE. I have configured dnsmasq as: domain-needed resolv-file

Re: [Dnsmasq-discuss] Patches: Extend --bridge-interface aliasing to DHCPv6 and Router Advertisements

2014-10-13 Thread Simon Kelley
On 07/10/14 18:28, Neil Jerram wrote: On 03/10/14 16:54, Neil Jerram wrote: I'd like to propose the attached patches, which extend the aliasing concept of the --bridge-interface option to DHCPv6 and Router Advertisement processing. [...] A query: the semantics you've provided for DHCPv6

Re: [Dnsmasq-discuss] incompatibility between dnsmasq and uClibc resolver

2014-10-13 Thread Simon Kelley
On 11/10/14 12:16, Mathias Kresin wrote: Hello, querying dnsmasq from a system which uses uClibc can result in a partly not working name resolution. I'm using dnsmasq 2.71 and uClibc 0.9.33.2 on openWRT 14.07 (mips/x86). The openwrt version of uClibc includes already a lot of fixes from

Re: [Dnsmasq-discuss] dhcp option 43 question

2014-10-09 Thread Simon Kelley
On 06/10/14 16:30, AJ Weber wrote: Try either dhcp-option=vendor:,1,ip.ip.ip.ip or dhcp-option=vendor:,1,http://fqdn:8080/inform Refer --dhcp-option http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html for details OK, so I'm still confused. Is it assumed that if I use

Re: [Dnsmasq-discuss] Android untracked pid on startup

2014-10-09 Thread Simon Kelley
On 08/10/14 16:42, Kyle Manna wrote: Your issue is definitely related to Android's init system. Android has an init system (think extremely crippled systemd or launchd) that launches processes and restarts them when they die if so configured, among many other things. The init system on

Re: [Dnsmasq-discuss] Ignore certain returned DNS response?

2014-10-09 Thread Simon Kelley
On 08/10/14 13:13, Glen Huang wrote: Is it possible to ask dnsmasq to ignore DNS responses whose records match a certain list of ip, and keep waiting for another response? The rational behind this is that in China, when querying a domain like youtube.com or twitter.com, a fake ip is quickly

Re: [Dnsmasq-discuss] DHCPv6 Server for Android

2014-10-06 Thread Simon Kelley
On 05/10/14 14:17, Praveen Sunagar wrote: Hi, I would like to run the DHCPv6 Server on android devices. Please provide us the info to run the dnsmasq for such use case. Please provide all necessary info like configuration and command line arguments etc. There's a makefile for Android

Re: [Dnsmasq-discuss] Patches: Extend --bridge-interface aliasing to DHCPv6 and Router Advertisements

2014-10-06 Thread Simon Kelley
On 03/10/14 16:54, Neil Jerram wrote: Hi all, I'd like to propose the attached patches, which extend the aliasing concept of the --bridge-interface option to DHCPv6 and Router Advertisement processing. Prior to these patches, the effect of the --bridge-interface option is limited to

Re: [Dnsmasq-discuss] Serial loosed after restart

2014-10-06 Thread Simon Kelley
On 06/10/14 10:34, Christian Ruppert wrote: On 10/03/2014 11:02 PM, Simon Kelley wrote: On 30/09/14 10:52, Christian Ruppert wrote: Hi Simon, the related code is indeed really simple. I have no idea how that could happen at all. However, I am no longer able to reproduce it :( It might

Re: [Dnsmasq-discuss] Serial loosed after restart

2014-10-03 Thread Simon Kelley
but no luck. I hope it's really gone now, whatever caused it... I'll keep an eye on it. Thanks! Race between starting NTP and starting dnsmasq? Cheers, Simon. On 09/26/2014 09:45 PM, Simon Kelley wrote: On 26/09/14 09:34, Christian Ruppert wrote: Hi Simon, it's a VM with no real HW-Clock

Re: [Dnsmasq-discuss] [PATCH 1/1] Set conntrack mark before connect() call.

2014-10-03 Thread Simon Kelley
On 30/09/14 13:50, Karl Vogel wrote: SO_MARK has to be done before issuing the connect() call on the TCP socket. --- src/forward.c | 35 ++- 1 files changed, 18 insertions(+), 17 deletions(-) Patch applied. Thanks. Cheers, Simon.

Re: [Dnsmasq-discuss] Shellshock.

2014-09-29 Thread Simon Kelley
On 27/09/14 11:01, Roy Marples wrote: On Friday 26 Sep 2014 21:14:20 Simon Kelley wrote: This is just a heads-up that if you're using the --dhcp-script option in dnsmasq, and the script you're calling is being interpreted by bash, then you're affected by the shellshock bug. The bug allows

Re: [Dnsmasq-discuss] separate resolv.conf for each interface

2014-09-29 Thread Simon Kelley
On 29/09/14 14:07, Moritz Warning wrote: Hi, I have dnsmasq running and configured to hand out different DHCP ranges on two different interfaces. Pretty standard. Now I need to use a different set of DNS servers for each interface. Is that possible? So far I have tried to run two

Re: [Dnsmasq-discuss] Shellshock.

2014-09-27 Thread Simon Kelley
. On Fri, Sep 26, 2014 at 4:14 PM, Simon Kelley si...@thekelleys.org.uk wrote: This is just a heads-up that if you're using the --dhcp-script option in dnsmasq, and the script you're calling is being interpreted by bash, then you're affected by the shellshock bug. The bug allows execution

Re: [Dnsmasq-discuss] Serial loosed after restart

2014-09-26 Thread Simon Kelley
concede it does make my suggestion not viable. I guess that's why the seconds-since-epoch value is used. It's a reasonable assumption that over a reasonable period, DHCP leases won't change more than once a second. Cheers, Simon. On 09/25/2014 11:04 PM, Simon Kelley wrote: On 25/09/14 10

[Dnsmasq-discuss] Shellshock.

2014-09-26 Thread Simon Kelley
This is just a heads-up that if you're using the --dhcp-script option in dnsmasq, and the script you're calling is being interpreted by bash, then you're affected by the shellshock bug. The bug allows execution of arbitrary code contained in the values of environment variables, and there are

Re: [Dnsmasq-discuss] Serial loosed after restart

2014-09-25 Thread Simon Kelley
On 25/09/14 10:39, Christian Ruppert wrote: Hey Guys, I use the auth-zone, auth-sec, auth-peer features and I noticed that dnsmasq looses its actual SOA resp. serial during restarts and thus it started again from the beginning (1). All slaves were rejecting the changes because of that

Re: [Dnsmasq-discuss] NXDOMAIN on AAAA with Debian LXC

2014-09-25 Thread Simon Kelley
Sep 25 16:46:36 dnsmasq[25559]: DHCP test-foo is 10.0.3.123 End. On 24 September 2014 20:38, Simon Kelley si...@thekelleys.org.uk wrote: The problem for people on this list is that we don't (or, at least, I don't) have any knowledge about lxc. If you can give us information about

[Dnsmasq-discuss] Announce: dnsmasq-2.72

2014-09-24 Thread Simon Kelley
Get it from http://thekelleys.org.uk/dnsmasq/dnsmasq-2.72.tar.gz Release notes below. Cheers, Simon. - version 2.72 Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. Add support for ipsets

Re: [Dnsmasq-discuss] IPv6 radvd.conf to dnsmasq.conf

2014-09-24 Thread Simon Kelley
On 22/09/14 21:08, David Utterman wrote: Hello, I need some help converting this radvd.conf to dnsmasq.conf $ cat /etc/radvd.conf interface intern0 { IgnoreIfMissing on; AdvSendAdvert on; MinRtrAdvInterval 30; MaxRtrAdvInterval 60; prefix 2001:470:1:2::/64 {

Re: [Dnsmasq-discuss] NXDOMAIN on AAAA with Debian LXC

2014-09-24 Thread Simon Kelley
with ..foo could not be resolved (3: Host not found). I thought for a while that this might have been: * 288df49 - Fix bug when resulted in NXDOMAIN answers instead of NODATA. (5 days ago) Simon Kelley ...so I rolled the Utopic machine back to the 2.68 package. (I'm not confident

Re: [Dnsmasq-discuss] IPv6 host-record

2014-09-24 Thread Simon Kelley
On 24/09/14 21:25, Ken Bass wrote: I am trying to do statefull DHCPv6. The one item that appears missing is the host-record support. Unless I am missing something, doesn't the host-record need a 'contructor' concept like the dhcp-range support? The following works perfectly:

Re: [Dnsmasq-discuss] 6in4, dhcp srv still offers IPv4. is lan still needed?

2014-09-23 Thread Simon Kelley
On 22/09/14 23:28, glphvgacs wrote: dhcp logs on the client + dnsmasq logs on the srv/router + dnsmasq.conf Mon Sep 22 17:57:06 2014 daemon.warn dnsmasq[832]: overflow: 218 log entries lost It's a pity that the dnsmasq logs seem to have dumped lots of useful lines. Executive summary here

Re: [Dnsmasq-discuss] Global CNAME discussion

2014-09-20 Thread Simon Kelley
On 18/09/14 16:33, Scott Mead wrote: I have an interesting setup. I have 2 DNS servers, A and B. A hosts: .domain1 .domain2 B hosts: .domain3 .domain4 I would like to add a domain to 'A' called .global .global would be what I set all the client's search paths to and

Re: [Dnsmasq-discuss] NODATA-reply on AAAA-CNAME-queries where no A-record exists

2014-09-19 Thread Simon Kelley
On 19/09/14 05:39, 이상은 wrote: Hi, all. I saw below message at dnsmasq-discuss. [Dnsmasq-discuss] NODATA-reply on -CNAME-queries where no A-record exists * Tom's request : http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2011q2/004942.html * Simon's reply :

Re: [Dnsmasq-discuss] [PATCH 2/2] Fix undefined behaviour in masks construction

2014-09-17 Thread Simon Kelley
On 17/09/14 14:05, Richard Genoud wrote: Left shifting int values is a undefined behaviour in C. So we cast explicitly in in_addr_t (uint32_t) the value to be shifted. Both patches applied. Many thanks. Simon. ___ Dnsmasq-discuss mailing list

Re: [Dnsmasq-discuss] No new lease for Option 82 requests until old one times out

2014-09-17 Thread Simon Kelley
On 17/09/14 09:49, Joachim Nilsson wrote: Hi Simon, I've found a little problem with how Option 82 circuit-id/remote-id works. Everything is fine in the below setup until I replace the client with a replacement unit that has a different MAC.

Re: [Dnsmasq-discuss] No new lease for Option 82 requests until old one times out

2014-09-17 Thread Simon Kelley
On 17/09/14 21:47, Simon Kelley wrote: To make this work, you'd need some extra semantics, either explicit or implicit, to enable the old binding to be abandoned. Abandoning a binding is dangerous, since when it granted the lease, the server was promising the client exclusive use of the IP

Re: [Dnsmasq-discuss] NXDOMAIN instead of NODATA-IPv6

2014-09-13 Thread Simon Kelley
On 13/09/14 09:10, e9hack wrote: Hi, I'm using dnsmasq for DHCP and DHCPv6. Name resolution doesn't work on a Windows8 PC for a IPv4 only host on LAN, but it works for IPv4 only hosts on WAN. If I compare the log entries, the answer of an query for a host on LAN is NXDOMAIN and

Re: [Dnsmasq-discuss] Automatic DNSSEC-signing of ressource records

2014-09-11 Thread Simon Kelley
On 11/09/14 14:50, Jeroen van der Ham wrote: Hi, On 22 Aug 2014, at 16:57, Rene Bartsch m...@bartschnet.de wrote: BIND and PowerDNS can sign resource records automatically when run as primary DNS with DNSSEC. Does Dnsmasq support signing resource records automatically in authoritative mode

Re: [Dnsmasq-discuss] Fwd: DS requests should be forwarded to the higher domain

2014-09-11 Thread Simon Kelley
On 10/09/14 22:50, Filippo Valsorda wrote: On Wed, Sep 10, 2014 at 2:05 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 10/09/14 00:34, Filippo Valsorda wrote: DS records are a ugly special case in DNSSEC, and they are kept not by the zone NS but by the one on top of it. So when faced

Re: [Dnsmasq-discuss] Adding Route Information Option to prefixes in RA

2014-09-10 Thread Simon Kelley
On 10/09/14 15:41, Steven Barth wrote: Since this should only happen when RIO and PIO are both /64 (and on-link flag is set for the PIO) my work-around in OpenWrt was to simply not send the RIO when PIO and RIO would be identical which solved the problem for the user. Obviously if RIO and PIO

Re: [Dnsmasq-discuss] Adding Route Information Option to prefixes in RA

2014-09-09 Thread Simon Kelley
Patch applied, with mod to set route priority the same as prefix priority. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Announce: 2.72rc1

2014-09-09 Thread Simon Kelley
I've just released dnsmasq 2.72rc1. I'm hoping to make a 2.72 final release in a week or two, in time to catch the next Debian release, so please, if you can, run this code and report back on any problems. http://thekelleys.org.uk/dnsmasq/release-candidates Cheers, Simon. Changelog: version

Re: [Dnsmasq-discuss] Adding Route Information Option to prefixes in RA

2014-09-06 Thread Simon Kelley
, as the route is always via the same router as the default router. (There's no need to send another patch, I can easily make the change, I just want to ask people if they agree with my reasoning.) Cheers, Simon. On 08/31/2014 01:59 AM, Simon Kelley wrote: In principle, this is fine

Re: [Dnsmasq-discuss] D-Bus method to retrieve current in-memory lease database

2014-09-06 Thread Simon Kelley
On 21/08/14 06:03, Pontus Karlsson wrote: Has any suggestions been made to implement a D-Bus method to retrieve current leases in memory? If not, would this be possible to incorporate if a patch was provided? I'd certainly consider a patch to do that. Cheers, Simon.

Re: [Dnsmasq-discuss] Slow response from dnsmasq 2.59 (IPv4 only) on openWRT

2014-09-06 Thread Simon Kelley
On 21/08/14 10:02, reiner otto wrote: Next is an excerpt from squids cache.log, printing some debug output: 2014/08/21 08:24:47| idnsALookup: buf is 40 bytes for dc80.s290.meetrics.net, id = 0x81de 2014/08/21 08:25:09| idnsRead: FD 6: received 56 bytes from 127.0.0.1. 2014/08/21 08:25:09|

Re: [Dnsmasq-discuss] dhcpv6

2014-09-01 Thread Simon Kelley
On 31/08/14 21:32, Vasiliy Tolstov wrote: Hi. I'm try to debug dhcpv6 messages and can't understand how dnsmasq replies to messges and no listen to 547 port on udp. Does i miss something? It definitely listens on port 547 UDP. Simon. ___

Re: [Dnsmasq-discuss] Adding Route Information Option to prefixes in RA

2014-08-30 Thread Simon Kelley
On 29/08/14 11:48, Ilya Ponetaev wrote: Hi When we use dnsmasq with RA enabled, it's obvious that prefixes announced in RA should be routed through the same router that dnsmasq runs. This patch adds Route Information Option (RFC 4191 ch 2.3) to every announced prefix. In principle, this

Re: [Dnsmasq-discuss] dnsmasq dhcpProxy and PXE next-server not working

2014-08-27 Thread Simon Kelley
# dnsmasq -v Dnsmasq version 2.68 Copyright (c) 2000-2013 Simon Kelley Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack no-ipset auth This software comes with ABSOLUTELY NO WARRANTY. Dnsmasq is free software, and you are welcome to redistribute

Re: [Dnsmasq-discuss] dhcp-range and catch-all address for ipv4

2014-08-27 Thread Simon Kelley
On 25/08/14 13:29, Vasiliy Tolstov wrote: 2014-08-25 16:10 GMT+04:00 Albert ARIBAUD albert.arib...@free.fr: Can you be more precise about what existing options you are referring to, and what type of catch-all you mean to perform? Amicalement, I have many ranges and don't want to specify

Re: [Dnsmasq-discuss] DNSMasq does not resolv *.org domains

2014-08-20 Thread Simon Kelley
@178.63.73.246 DNSKEY . On Mon, 2014-08-18 at 22:03 +0100, Simon Kelley wrote: On 18/08/14 21:37, Conrad Kostecki wrote: Bingo! That seems to be the cause. When I disable dnssec, its working fine. When I enable it again, it’s failing again on *.org domains. Why? Do you have some explanation? Well

Re: [Dnsmasq-discuss] Proxy DHCP KVM Virtualbox

2014-08-18 Thread Simon Kelley
On 18/08/14 04:41, Gregg Stock wrote: Thank you in advance for taking a look at this. I have an interesting problem trying to get a PXE boot system setup. I have a dnsmasq server Alice that handles DNS and DHCP for several networks. I'm trying to add a PXE boot environment and am currently

Re: [Dnsmasq-discuss] DNSMasq does not resolv *.org domains

2014-08-18 Thread Simon Kelley
On 18/08/14 21:37, Conrad Kostecki wrote: Bingo! That seems to be the cause. When I disable dnssec, its working fine. When I enable it again, it’s failing again on *.org domains. Why? Do you have some explanation? Well, if dnssec is enabled in dnsmasq it needs to do load of extra queries to

Re: [Dnsmasq-discuss] [PATCH] Mention name in systemd

2014-08-18 Thread Simon Kelley
On 18/08/14 20:42, Simon Danner wrote: Hello, i think it is weird that the description doesn't include the name, because people who read the log may not know what that lightweight DHCP and caching DNS server is. Thats why i propose to include the name in the description. From

Re: [Dnsmasq-discuss] dnsmasq running on RaspberryPi/ArchLinux slow to relay non-cached queries

2014-08-16 Thread Simon Kelley
On 15/08/14 11:17, Peter Bell wrote: Unless this is a well-recognised phenomenon, I guess that I need to enable dns logging within dnsmasq and study the output - what should I expect to see in the log and what should I be looking for? My guess is that you'll see a query arriving at dnsmasq,

Re: [Dnsmasq-discuss] Locking Down DNS Queries to Correct Servers

2014-08-13 Thread Simon Kelley
, this is a well-known attack, but it's much more specialised than a rogue DHCP server.) Simon. Ben Cundiff Associate Sysadmin X-ES Inc. bcund...@xes-inc.com - Original Message - From: Simon Kelley si...@thekelleys.org.uk To: dnsmasq-disc...@thekelleys.org.uk Sent: Wednesday, July 30

Re: [Dnsmasq-discuss] Dnsmasq not advertising IPv6 Prefix

2014-08-03 Thread Simon Kelley
On 03/08/14 17:00, Alan MacLeod wrote: Hi, I am using the using dnsmasq to replaced bind9, isc dhcp, and radvd for my home network. My router is a Debian Wheezy gateway, running the distribution provided dnsmasq 2.62 with compile time options IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6

Re: [Dnsmasq-discuss] no boot filename received

2014-08-02 Thread Simon Kelley
On 02/08/14 03:11, Mahmood Naderan wrote: I have configured the dnsmasq.conf with the following options | interface=eth2 domain=hpclab expand-hosts dhcp-range=10.0.2.52,10.0.2.100,static dhcp-option=42,0.0.0.0 dhcp-boot=pxelinux.0 enable-tftp

<    4   5   6   7   8   9   10   11   12   13   >