for CVE-2020-25705 mitigation SAD DNS
edns-packet-max=1221
Or would this not even help?
(I think my best effort has been enabling DNSSEC in dnsmasq.)
Thank you for any advice, and
best regards,
Jim Alles
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss
this
time. My dnsmasq instance is pointed there for filtering my home
Internet.
This threat appears to be extinguished pretty well, anyway.
regards,
Jim A.
On Mon, Mar 6, 2017 at 3:47 PM, Kurt H Maier <k...@sciops.net> wrote:
> On Mon, Mar 06, 2017 at 03:21:53PM -0500, Jim Alles wrote:
I am looking into murky waters, and have no knowledge of what is under
the surface.
So this may need to be categorized under 'ID10T'.
Can / should dnsmasq be used to block DNS TXT record retrieval?
reference: "DNSMessenger" @ threatpost.com
regards,
Jim A.
Careful, we could have a fatal recursion:
quible is speeled wrong.
(smiley face)
.ja.
On Thu, Feb 2, 2017 at 8:30 AM, Simon Kelley
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Wow, what a lot of typos!
> ...
>
>
> Modulo that, and Neil's quible,
Hello Will,
You would need a wireshark capture to see the issue here, the log does not
tell the whole story.
It would appear that both DHCP servers are answering the clients's requests.
We don't know your network configuration, or how the ISP's 'router' is set
up to be able to say for sure.
But
Lars,
On Sat, Jan 14, 2017 at 7:40 AM, Lars Noodén wrote:
> How can I get an already running instance of Dnsmasq to tell which DNS
> servers it is using to resolve new queries upstream?
>
> I am not sure that is the most reliable way to get the information you
are
May we have dnsmasq.conf?
On Jan 14, 2017 11:56 AM, "Oleg Brodkin" wrote:
# dnsmasq --version
Dnsmasq version 2.76 Copyright (c) 2000-2016 Simon Kelley
# Lease time 48 hours
DNSMASQ server has been in our office for last 4-5 years, and mostly no
issues with assigning
s:
> Server IP =10.161.254.158/24
> dhcp-range=10.161.254.0,proxy,255.255.0.0
>
> Then I restarted dnsmasq while networking was up, and it still replied to
> the DHCP clients, even though it shouldn't, as the /16 network that I
> configured is different from the /24 that I was
Access Point (AP), but has some private resources. The
guest Wi-Fi has four APs with internet access only.
If I do static DHCP assignment for privileged devices that may roam to
either network, things get sticky.
Peace, Jim Alles out.
On Thu, Mar 10, 2016 at 4:32 AM, Arjen Lobregt <arjen.l
not_ generally be
rejected.
can you confirm that, and elaborate?
Do you think Google's success was based mainly on limiting edns-packet-max?
Do you think it is too much to expect dnsmasq to act as a shield for this
exposure?
Thanks,
Jim Alles
disclaimer: I do not represent Untangle, and this con
validation to prevent spaces from being entered.
Is there a list or reference to legal hostname characters in an
"addn-hosts=" file for dnsmasq.conf?
My gratitude to you for being here!
Jim Alles
___
Dnsmasq-discuss mailing
Yan
I believe you will need to setup firewall rules. An easy way to do
that in my opinion is Untangle's Next Generation FireWall (NGFW). It
includes dnsmasq with a GUI for configuration. It can handle the
VLAN's
http://wiki.untangle.com/index.php/Installation
4 interfaces but 3 NICs with one
Hello,
What hardware platform and OS are you using?
Also consider
adjusting
ARP
neighbor table size due to the number of hosts
:
http://forum.ipfire.org/viewtopic.php?t=9293
On Tue, Mar 10, 2015 at 5:15 AM, Анатолий Мулярский tm1...@gmail.com
wrote:
Hi list,
I'm using dnsmasq as a
=10.10.0.0,255.255.0.0,static
Works here.
Joh
Jim Alles wrote:
Your DHCP range is not what is required: a pair of start and stop IP
addresses. like 10.10.0.2, 10.10.255.254
- look at syslog and see what dnsmasq is complaining about.
On Sat, Feb 28, 2015 at 11:53 AM, Johannes Graumann
type for the subnet in question.
# In this case the netmask is implied (it comes from the network
# configuration on the machine running dnsmasq) it is possible to give
# an explicit netmask instead.
dhcp-range=10.10.0.0,255.255.0.0,static
Works here.
Joh
Jim Alles wrote:
Your DHCP range
Your DHCP range is not what is required: a pair of start and stop IP addresses.
like 10.10.0.2, 10.10.255.254
- look at syslog and see what dnsmasq is complaining about.
On Sat, Feb 28, 2015 at 11:53 AM, Johannes Graumann
johannes_graum...@web.de wrote:
Hello,
I'm running a debian firewall
You must have a very small network and very special requirements?
From the man pages for dhcp-range:
Enable the DHCP server. Addresses will be given out from the range
start-addr to end-addr and from statically defined addresses given in
*dhcp-host *options.
If the lease time is given, then
as
intended.
Is this expected behavior?
Is it also true for changing subnets in the class A B RFC1918 address
spaces?
Thanks for your consideration.
Jim Alles
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http
On Wed, Feb 11, 2015 at 3:01 PM, Simon Kelley si...@thekelleys.org.uk wrote:
I'd expect dnsmasq to start using the larger range, but observe that
both DHCP clients and servers try very hard not change the address of
any machines that already have an address, or ever had one in the
past, so
wouldn't recommend this, as it gives those
evil guys a few doors to try to break into.
except-interface=WAN interface name (ethN)
Peace,
Jim Alles
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk
could that equals sign be the problem? you told it there would be a
parameter...
says that unconditional dhcp-broadcast went into 2.53, which is 3 years old.
dhcp-broadcast= causes a segmentation fault.
___
Dnsmasq-discuss mailing list
On Fri, Nov 8, 2013 at 5:08 AM, Guillaume Betous guillaume.bet...@gmail.com
wrote:
what kind of local domain name can I use ? I thought the .local was
reserved for local networks...
Since both .lan and .local can be problematic under certain circumstances
(especially public upstream DNS
by dnsmasq.
So I am able to ping my wifi router by it's ipv6 address.
I think the auth-zone is enough to disable the external look-up.
Jim Alles kb3...@gmail.com , 20-10-2013 3:54:
Other possibly useful settings:
Sorry to cloud the issue.
bogus-priv #blocks private address forwarding
Just ask it to,
There are other methods of specifying this, but this is for a
dnsmasq.conf example:
local=/example.com/ #private queries are only answered locally
Other possibly useful settings:
bogus-priv #blocks private address forwarding
except-interface=eth? (WAN)
domain-needed #blocks
On Fri, Oct 18, 2013 at 9:38 AM, Simon Kelley si...@thekelleys.org.uk wrote:
First, set a tag if the hostname is correct
dhcp-match=set:hostname-ok,12,hostname-to-select
then, set a tag if the MAC is correct
dhcp-mac=set:mac-ok,00:11:22:33:44:55:66
noob question: What is wrong with:
This is exactly what I was looking for - in trying to find how the name of
the interface was 'set', my search string didn't match anything here, and
my brain ignored everything around BOOTP.
Thanks again.
On Mon, Oct 14, 2013 at 6:44 PM, richardvo...@gmail.com
richardvo...@gmail.com wrote:
This is exactly what I was looking for - in trying to find how the
name of the interface was 'set', my search string didn't match
anything here, and my brain ignored everything around BOOTP.
Thanks again.
On Mon, Oct 14, 2013 at 6:44 PM, richardvo...@gmail.com
richardvo...@gmail.com wrote:
Hello, I am a relatively new user of dnsmasq, on a debian system, part of
the Untangle UTM suite.
I was wondering if I could have an explanation of the form:
dhcp-range=interface:ethN,192.168.1.100, 192.168.1.200
Is 'interface' in this case a special form of tag:, and where is it set:?
I have
On Mon, Oct 14, 2013 at 6:48 PM, richardvo...@gmail.com
richardvo...@gmail.com wrote:
Use tag:interfacenamehere to match against the name of a network
interface. So tag:eth0 or tag:wlan0
I don't know where the dhcp-range=interface:ethN,192.168.1.100,
192.168.1.200 came from.
It is
29 matches
Mail list logo