[Dnsmasq-discuss] CVE-2020-25705 mitigation (SAD DNS)

for CVE-2020-25705 mitigation SAD DNS edns-packet-max=1221 Or would this not even help? (I think my best effort has been enabling DNSSEC in dnsmasq.) Thank you for any advice, and best regards, Jim Alles ___ Dnsmasq-discuss mailing list Dnsmasq-discuss

Re: [Dnsmasq-discuss] blocking txt-record

this time. My dnsmasq instance is pointed there for filtering my home Internet. This threat appears to be extinguished pretty well, anyway. regards, Jim A. On Mon, Mar 6, 2017 at 3:47 PM, Kurt H Maier <k...@sciops.net> wrote: > On Mon, Mar 06, 2017 at 03:21:53PM -0500, Jim Alles wrote:

[Dnsmasq-discuss] blocking txt-record

I am looking into murky waters, and have no knowledge of what is under the surface. So this may need to be categorized under 'ID10T'. Can / should dnsmasq be used to block DNS TXT record retrieval? reference: "DNSMessenger" @ threatpost.com regards, Jim A.

Re: [Dnsmasq-discuss] Spelling fixes for dnsmasq

Careful, we could have a fatal recursion: quible is speeled wrong. (smiley face) .ja. On Thu, Feb 2, 2017 at 8:30 AM, Simon Kelley wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Wow, what a lot of typos! > ​...​ > > > Modulo that, and Neil's quible,

Re: [Dnsmasq-discuss] why does dnsmasq reject lease request?

Hello Will, You would need a wireshark capture to see the issue here, the log does not tell the whole story. It would appear that both DHCP servers are answering the clients's requests. We don't know your network configuration, or how the ISP's 'router' is set up to be able to say for sure. But

Re: [Dnsmasq-discuss] Finding actual DNS server used

Lars, On Sat, Jan 14, 2017 at 7:40 AM, Lars Noodén wrote: > How can I get an already running instance of Dnsmasq to tell which DNS > servers it is using to resolve new queries upstream? > > ​I am not sure that is the most reliable way to get the information you are

Re: [Dnsmasq-discuss] Duplicate IPs assigned to devices with similar MAC (same vendor)

​May we have dnsmasq.conf?​ On Jan 14, 2017 11:56 AM, "Oleg Brodkin" wrote: # dnsmasq --version Dnsmasq version 2.76 Copyright (c) 2000-2016 Simon Kelley # Lease time 48 hours DNSMASQ server has been in our office for last 4-5 years, and mostly no issues with assigning

Re: [Dnsmasq-discuss] ProxyDHCP replies on invalid range

s: > Server IP =10.161.254.158/24 > dhcp-range=10.161.254.0,proxy,255.255.0.0 > > Then I restarted dnsmasq while networking was up, and it still replied to > the DHCP clients, even though it shouldn't, as the /16 network that I > configured is different from the /24 that I was

Re: [Dnsmasq-discuss] DHCP server can not cope with multihomed hosts with same identifier

Access Point (AP), but has some private resources. The guest Wi-Fi has four APs with internet access only. If I do static DHCP assignment for privileged devices that may roam to either network, things get sticky. Peace, Jim Alles out. On Thu, Mar 10, 2016 at 4:32 AM, Arjen Lobregt <arjen.l

Re: [Dnsmasq-discuss] CVE-2015-7547 tcp path mitigation hack

not_ generally be rejected. can you confirm that, and elaborate? Do you think Google's success was based mainly on limiting edns-packet-max? Do you think it is too much to expect dnsmasq to act as a shield for this exposure? Thanks, Jim Alles disclaimer: I do not represent Untangle, and this con

[Dnsmasq-discuss] spaces in hostnames

validation to prevent spaces from being entered. Is there a list or reference to legal hostname characters in an "addn-hosts=" file for dnsmasq.conf? My gratitude to you for being here! Jim Alles ___ Dnsmasq-discuss mailing

Re: [Dnsmasq-discuss] Multiple networks, one dnsmasq

Yan I believe you will need to setup firewall rules. An easy way to do that in my opinion is Untangle's Next Generation FireWall (NGFW). It includes dnsmasq with a GUI for configuration. It can handle the VLAN's http://wiki.untangle.com/index.php/Installation 4 interfaces but 3 NICs with one

Re: [Dnsmasq-discuss] Dnsmasq on high load

Hello, What hardware platform and OS are you using? Also consider ​ adjusting​ ARP ​ neighbor table size due to the number of hosts​ : http://forum.ipfire.org/viewtopic.php?t=9293 On Tue, Mar 10, 2015 at 5:15 AM, Анатолий Мулярский tm1...@gmail.com wrote: Hi list, I'm using dnsmasq as a

Re: [Dnsmasq-discuss] dnasmasq/ntp/shorewall conandrum: can't make clients query locally ...

=10.10.0.0,255.255.0.0,static Works here. Joh Jim Alles wrote: Your DHCP range is not what is required: a pair of start and stop IP addresses. like 10.10.0.2, 10.10.255.254 - look at syslog and see what dnsmasq is complaining about. On Sat, Feb 28, 2015 at 11:53 AM, Johannes Graumann

Re: [Dnsmasq-discuss] dnasmasq/ntp/shorewall conandrum: can't make clients query locally ...

type for the subnet in question. # In this case the netmask is implied (it comes from the network # configuration on the machine running dnsmasq) it is possible to give # an explicit netmask instead. dhcp-range=10.10.0.0,255.255.0.0,static Works here. Joh Jim Alles wrote: Your DHCP range

Re: [Dnsmasq-discuss] dnasmasq/ntp/shorewall conandrum: can't make clients query locally ...

Your DHCP range is not what is required: a pair of start and stop IP addresses. like 10.10.0.2, 10.10.255.254 - look at syslog and see what dnsmasq is complaining about. On Sat, Feb 28, 2015 at 11:53 AM, Johannes Graumann johannes_graum...@web.de wrote: Hello, I'm running a debian firewall

Re: [Dnsmasq-discuss] Can not set lease time to less than 2m

You must have a very small network and very special requirements? From the man pages for dhcp-range: Enable the DHCP server. Addresses will be given out from the range start-addr to end-addr and from statically defined addresses given in *dhcp-host *options. If the lease time is given, then

[Dnsmasq-discuss] DHCP ranges for 'supernetting'

as intended. Is this expected behavior? Is it also true for changing subnets in the class A B RFC1918 address spaces? Thanks for your consideration. Jim Alles ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http

Re: [Dnsmasq-discuss] DHCP ranges for 'supernetting'

On Wed, Feb 11, 2015 at 3:01 PM, Simon Kelley si...@thekelleys.org.uk wrote: I'd expect dnsmasq to start using the larger range, but observe that both DHCP clients and servers try very hard not change the address of any machines that already have an address, or ever had one in the past, so

Re: [Dnsmasq-discuss] Limit DNS queries to the local subnet clients

wouldn't recommend this, as it gives those evil guys a few doors to try to break into. except-interface=WAN interface name (ethN) Peace, Jim Alles ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk

Re: [Dnsmasq-discuss] dnsmasq doesn't provide IP address to udhcpc?

could that equals sign be the problem? you told it there would be a parameter... says that unconditional dhcp-broadcast went into 2.53, which is 3 years old. dhcp-broadcast= causes a segmentation fault. ___ Dnsmasq-discuss mailing list

Re: [Dnsmasq-discuss] Can't ping when using FQDN

On Fri, Nov 8, 2013 at 5:08 AM, Guillaume Betous guillaume.bet...@gmail.com wrote: what kind of local domain name can I use ? I thought the .local was reserved for local networks... Since both .lan and .local can be problematic under certain circumstances (especially public upstream DNS

Re: [Dnsmasq-discuss] dnsmasq queries external dns servers even if dnsmasq is the authorized server for that domain.

by dnsmasq. So I am able to ping my wifi router by it's ipv6 address. I think the auth-zone is enough to disable the external look-up. Jim Alles kb3...@gmail.com , 20-10-2013 3:54: Other possibly useful settings: Sorry to cloud the issue. bogus-priv #blocks private address forwarding

Re: [Dnsmasq-discuss] dnsmasq queries external dns servers even if dnsmasq is the authorized server for that domain.

Just ask it to, There are other methods of specifying this, but this is for a dnsmasq.conf example: local=/example.com/ #private queries are only answered locally Other possibly useful settings: bogus-priv #blocks private address forwarding except-interface=eth? (WAN) domain-needed #blocks

Re: [Dnsmasq-discuss] Give ip for client only if mac and hostname are specific one

On Fri, Oct 18, 2013 at 9:38 AM, Simon Kelley si...@thekelleys.org.uk wrote: First, set a tag if the hostname is correct dhcp-match=set:hostname-ok,12,hostname-to-select then, set a tag if the MAC is correct dhcp-mac=set:mac-ok,00:11:22:33:44:55:66 noob question: What is wrong with:

Re: [Dnsmasq-discuss] requested explanation of undocumented feature

This is exactly what I was looking for - in trying to find how the name of the interface was 'set', my search string didn't match anything here, and my brain ignored everything around BOOTP. Thanks again. On Mon, Oct 14, 2013 at 6:44 PM, richardvo...@gmail.com richardvo...@gmail.com wrote:

[Dnsmasq-discuss] Fwd: requested explanation of undocumented feature

This is exactly what I was looking for - in trying to find how the name of the interface was 'set', my search string didn't match anything here, and my brain ignored everything around BOOTP. Thanks again. On Mon, Oct 14, 2013 at 6:44 PM, richardvo...@gmail.com richardvo...@gmail.com wrote:

[Dnsmasq-discuss] requested explanation of undocumented feature

Hello, I am a relatively new user of dnsmasq, on a debian system, part of the Untangle UTM suite. I was wondering if I could have an explanation of the form: dhcp-range=interface:ethN,192.168.1.100, 192.168.1.200 Is 'interface' in this case a special form of tag:, and where is it set:? I have

Re: [Dnsmasq-discuss] requested explanation of undocumented feature

On Mon, Oct 14, 2013 at 6:48 PM, richardvo...@gmail.com richardvo...@gmail.com wrote: Use tag:interfacenamehere to match against the name of a network interface. So tag:eth0 or tag:wlan0 I don't know where the dhcp-range=interface:ethN,192.168.1.100, 192.168.1.200 came from. It is