Re: [Dnsmasq-discuss] [PATCH] log requests that aren't configured to be forwarded
Simon, I see that you are back and wanted to bring this up again. We are using DNSMasq within AWS to perform DNS whitelisting and I noticed that there is no log line produced when a domain is NOT configured to be forwarded. I think this patch should take care of it and would love to have it considered. Justin On Wed, Jul 19, 2017 at 3:57 PM, Justin Grudzienwrote: > I made a small mistake in the patch. Here is the fix! > > Justin > > > On Wed, Jul 19, 2017 at 3:32 PM, Justin Grudzien > wrote: > >> I made a small update to the patch where it adds the IP address in the >> log message. This will identify the server making the request for the >> domain that is not configured to forward. >> >> Justin >> >> >> On Mon, Jul 17, 2017 at 1:44 PM, Justin Grudzien >> wrote: >> >>> We are running DNSMasq to whitelist domains within AWS. We wanted all >>> domains not in the whitelist to produce a log line to be forwarded to our >>> SIEM. Our goal is to detect people attempting DNS attacks against us. Here >>> is a patch that produces a simple log line if a forwarding is not >>> attempted. >>> >>> I would love this to be added to the main codebase. It is a simple >>> change and will allow others to track non-whitelisted domains. >>> >>> Justin >>> >>> >> > add-logging-for-non-forwarded-domains.patch Description: Binary data ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] [PATCH v2 1/1] do not include stdio.h before dnsmasq.h
> Any news on this one (and the follow up patch)? Apologies for the radio-silence. Patches applied. Cheers, Simon. signature.asc Description: OpenPGP digital signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] [PATCH] Fix broken translations after commit 730c6745
Patch applied, thanks (and your name is in the git-log, even if it's not in the translation..) Cheers, Simon. On 17/07/17 18:53, Chris Novakovic wrote: > On 17/07/2017 18:50, Chris Novakovic wrote: >> Commit 730c6745 makes a number of fixes to typos, among them the >> messages reporting that asynchronous logging is unavailable in Solaris >> and Android in src/dnsmasq.c. This is a gettext-localised string, and >> the corresponding msgids in each of the translations weren't updated to >> reflect the typo fixes, breaking these two translations for all >> localisations. >> >> This commit ports the typo fixes to the affected msgids in po/*.po, >> fixing all translations for these strings. > > I thought it'd be churlish of me to set myself as the Last-Translator > for each localisation, given that I didn't actually do any translating... :) > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] libidn2 issues with underscores on FreeBSD?
Patch tweaked so it's not active with IDN1 either, and applied. Thanks. Simon. On 09/08/17 21:28, Petr Menšík wrote: > Hi Simon, > > this issue was fixed in libidn2 release of version 2.0.3. You workaround > could be disabled for releases with IDN2_VERSION_NUMBER >= 0x0203. > > Attaching small example patch. > > Cheers, > Petr > > Dne 8.7.2017 v 22:27 Simon Kelley napsal(a): >> I considered not passing SRV record names to IDN, but I can forsee >> more subtle problems (We allow _ in hostnames, for instance.) So I've >> fixed this, for some value of "fixed", by not passing any domain name >> being parsed, which has one or more underscores, to IDN. >> >> That seems a reasonable solution. >> >> >> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69a815aa8f4b91570b562a54b43c3d44ac533e06 >> >> Cheers, >> >> Simon >> >> >> >> On 07/07/17 15:12, Petr Menšík wrote: >>> Hi, I was the original contributor of IDN2 support. >>> I have to agree IDN2 does filter underscores out. >>> >>> On Fedora 25: >>> >>> $ idn2 --version >>> idn2 (libidn2) 2.0.2 >>> >>> $ idn2 -l _xmpp-server._tcp.domain.com >>> xmpp-server.tcp.domain.com >>> >>> Not even transitional mode helps >>> >>> $ idn2 -T _xmpp-server._tcp.domain.com >>> xmpp-server.tcp.domain.com >>> >>> But older IDN works fine >>> >>> $ idn --version >>> idn (GNU Libidn) 1.33 >>> >>> $ idn _xmpp-server._tcp.domain.com >>> _xmpp-server._tcp.domain.com >>> >>> I will have have to ask why would it do that. >>> >>> Another question is whether SRV records should be formatted by libidn2 >>> when they will not be displayed to the user. I think it should affect >>> only logs but not served names themselves. >>> >>> Dne 6.7.2017 v 22:51 Matthias Andree napsal(a): Simon, with the release of v2.77, I have switched the FreeBSD port from IDN (which was used up to and including 2.76) to IDN2, and have just received a bug report where SRV records that use underscores are no longer recognized, and the reporter states that disabling the IDN2 option reinstates the expected operation: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220521 Could you check that? It appears we're using libidn2 v2.0.2 in FreeBSD, and previously used libidn 1.33. Thanks. Best regards, Matthias ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >>> >>> ___ >>> Dnsmasq-discuss mailing list >>> Dnsmasq-discuss@lists.thekelleys.org.uk >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >>> >> >> >> ___ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss@lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > > > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] pick authoritative server
On 25/09/17 00:24, Vic wrote: > Hi, Can I select a domain filter or such: > > I send all requests to 8.8.8.8 except for > > mydomain1.org and mydomain2.org -- that goes to my local name servers. > > Yes? How? Yes. Something like: server=/mydomain1.org/ip.address.of.mydomain1.auth.server ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss