Re: [Dnsmasq-discuss] [PATCH] log requests that aren't configured to be forwarded

2017-09-25 Thread Justin Grudzien 
Simon,

I see that you are back and wanted to bring this up again. We are using
DNSMasq within AWS to perform DNS whitelisting and I noticed that there is
no log line produced when a domain is NOT configured to be forwarded. I
think this patch should take care of it and would love to have it
considered.

Justin

On Wed, Jul 19, 2017 at 3:57 PM, Justin Grudzien 
wrote:

> I made a small mistake in the patch. Here is the fix!
>
> Justin
>
>
> On Wed, Jul 19, 2017 at 3:32 PM, Justin Grudzien 
> wrote:
>
>> I made a small update to the patch where it adds the IP address in the
>> log message. This will identify the server making the request for the
>> domain that is not configured to forward.
>>
>> Justin
>>
>>
>> On Mon, Jul 17, 2017 at 1:44 PM, Justin Grudzien 
>> wrote:
>>
>>> We are running DNSMasq to whitelist domains within AWS. We wanted all
>>> domains not in the whitelist to produce a log line to be forwarded to our
>>> SIEM. Our goal is to detect people attempting DNS attacks against us. Here
>>> is a patch that produces a simple log line if a forwarding is not
>>> attempted.
>>>
>>> I would love this to be added to the main codebase. It is a simple
>>> change and will allow others to track non-whitelisted domains.
>>>
>>> Justin
>>>
>>>
>>
>


add-logging-for-non-forwarded-domains.patch
Description: Binary data
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH v2 1/1] do not include stdio.h before dnsmasq.h

2017-09-25 Thread Simon Kelley 
> Any news on this one (and the follow up patch)?


Apologies for the radio-silence. Patches applied.


Cheers,

Simon.





signature.asc
Description: OpenPGP digital signature
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Fix broken translations after commit 730c6745

2017-09-25 Thread Simon Kelley 
Patch applied, thanks

(and your name is in the git-log, even if it's not in the translation..)


Cheers,

Simon.

On 17/07/17 18:53, Chris Novakovic wrote:
> On 17/07/2017 18:50, Chris Novakovic wrote:
>> Commit 730c6745 makes a number of fixes to typos, among them the
>> messages reporting that asynchronous logging is unavailable in Solaris
>> and Android in src/dnsmasq.c. This is a gettext-localised string, and
>> the corresponding msgids in each of the translations weren't updated to
>> reflect the typo fixes, breaking these two translations for all
>> localisations.
>>
>> This commit ports the typo fixes to the affected msgids in po/*.po,
>> fixing all translations for these strings.
> 
> I thought it'd be churlish of me to set myself as the Last-Translator
> for each localisation, given that I didn't actually do any translating... :)
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] libidn2 issues with underscores on FreeBSD?

2017-09-25 Thread Simon Kelley 
Patch tweaked so it's not active with IDN1 either, and applied. Thanks.


Simon.


On 09/08/17 21:28, Petr Menšík wrote:
> Hi Simon,
> 
> this issue was fixed in libidn2 release of version 2.0.3. You workaround
> could be disabled for releases with IDN2_VERSION_NUMBER >= 0x0203.
> 
> Attaching small example patch.
> 
> Cheers,
> Petr
> 
> Dne 8.7.2017 v 22:27 Simon Kelley napsal(a):
>> I considered not passing SRV  record names to IDN, but I can forsee
>> more subtle problems (We allow _ in hostnames, for instance.) So I've
>> fixed this, for some value of "fixed", by not passing any domain name
>> being parsed, which has one or more underscores, to IDN.
>>
>> That seems a reasonable solution.
>>
>>
>> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69a815aa8f4b91570b562a54b43c3d44ac533e06
>>
>> Cheers,
>>
>> Simon
>>
>>
>>
>> On 07/07/17 15:12, Petr Menšík wrote:
>>> Hi, I was the original contributor of IDN2 support.
>>> I have to agree IDN2 does filter underscores out.
>>>
>>> On Fedora 25:
>>>
>>> $ idn2 --version
>>> idn2 (libidn2) 2.0.2
>>>
>>> $ idn2 -l _xmpp-server._tcp.domain.com
>>> xmpp-server.tcp.domain.com
>>>
>>> Not even transitional mode helps
>>>
>>> $ idn2 -T _xmpp-server._tcp.domain.com
>>> xmpp-server.tcp.domain.com
>>>
>>> But older IDN works fine
>>>
>>> $ idn --version
>>> idn (GNU Libidn) 1.33
>>>
>>> $ idn _xmpp-server._tcp.domain.com
>>> _xmpp-server._tcp.domain.com
>>>
>>> I will have have to ask why would it do that.
>>>
>>> Another question is whether SRV records should be formatted by libidn2
>>> when they will not be displayed to the user. I think it should affect
>>> only logs but not served names themselves.
>>>
>>> Dne 6.7.2017 v 22:51 Matthias Andree napsal(a):
 Simon,

 with the release of v2.77, I have switched the FreeBSD port from IDN
 (which was used up to and including 2.76) to IDN2, and have just
 received a bug report where SRV records that use underscores are no
 longer recognized, and the reporter states that disabling the IDN2
 option reinstates the expected operation:
 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220521

 Could you check that?

 It appears we're using libidn2 v2.0.2 in FreeBSD, and previously used
 libidn 1.33.

 Thanks.

 Best regards,
 Matthias



 ___
 Dnsmasq-discuss mailing list
 Dnsmasq-discuss@lists.thekelleys.org.uk
 http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

>>>
>>> ___
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss@lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>
>>
>>
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
> 
> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] pick authoritative server

2017-09-25 Thread Kevin Darbyshire-Bryant 


On 25/09/17 00:24, Vic wrote:
> Hi, Can I select a domain filter or such:
> 
> I send all requests to 8.8.8.8 except for
> 
> mydomain1.org and mydomain2.org -- that goes to my local name servers.
> 
> Yes? How?

Yes.  Something like:

server=/mydomain1.org/ip.address.of.mydomain1.auth.server

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss