On 24/11/2022 02:40, zhangjiangyu via Dnsmasq-discuss wrote:
Hi,
On 24/11/2022 06:22, Simon via Dnsmasq-discuss wrote:
On 23/11/2022 02:56, zhangjiangyu via Dnsmasq-discuss wrote:
Hi,
On 23/11/2022 07:21, Simon via Dnsmasq-discuss wrote:
The main argument for this seems to be a security
Oho, that makes sense. 'ujail' sure is poorly documented, isn't it? I'm
just finding an old lwn.net article on it, and basically nothing on the
OpenWrt wiki or forum. Maybe ask over on OpenWrt, see if one of the devs
there can point us to better docs.
Also, maybe report this as a bug on the
On 24/11/2022 19:22, Dominik Derigs wrote:
Hey Simon,
We observed a few cache oddities with the current release-
candidate of dnsmasq and have been able to pin this down to the
use of the new use-stale-cache option. The issue happens with
cached content being served when the actual domain
it has something to do with openwrt's ujail (seccomp) I believe, probably
to avoid symlink attacks? i.e. file works, symlink does not work.
On Sat, Nov 26, 2022 at 2:19 PM Eric Fahlgren
wrote:
> I can't imagine that dnsmasq would even know that the file it was opening
> was a symlink. I'd
I can't imagine that dnsmasq would even know that the file it was opening
was a symlink. I'd suspect ownership or permissions. The dnsmasq process
in OpenWrt is run as the 'dnsmasq' user, so maybe 'chown dnsmasq:dnsmasq
/etc/safe-search/enabled/*' or some variant would resolve your issue.
On
Patch tweaked and applied.
Given the rate of good changes coming in, I'm not going to make the
final 2.88 release this weekend. Let's give it a few more days to settle.
Cheers,
Simon.
On 25/11/2022 13:11, Petr Menšík wrote:
When looking what this change did, I have noticed mark_servers()
On 23.11.2022 06:47:27, Feng Shao wrote:
There are a bunch of machines in our lab, and we normally don't have
DNS records configured for them, only accessing by IP. In order to ssh
to them with key auth, I have a config in my .ssh/config like
Host *.mylab
User root
IdentityFile
Another option would be running BIND on an alternate socket, use
nsupdate to add the addresses.
DNSMASQ to redirect *.mylab to the BIND instance or BIND can be run in
authoritative (for tld: "mylab.") & access restricted recursing on
socket 53.
On 11/26/22 07:55, Geoff Back wrote:
Hello,
Hello,
How about adding:
alias labssh='ssh -i ~/.ssh/id_rsa.work'
to your shell profile (.bashrc or whatever)? Then you can just do
'labssh ' and the alias expansion makes ssh use the
appropriate ID file.
Regards,
Geoff.
Geoff Back
What if we're all just characters in someone's nightmares?
Thanks for the reply Petr.
Let me explain more about the motivation: I am a developer and our testers
test the code on various environments, including VMs on cloud and k8s
worker nodes from cloud providers. These machines and IPs are not
provisioned/allocated by dnsmasq. For cost reason, these
10 matches
Mail list logo