Re: [Dnsmasq-discuss] Can Dnsmasq be told not to advertise a specific prefix via RA?

2018-10-28 Thread Christopher Martin 
Thanks for the suggestion. That does work, although it's a bit messy to
have to advertise a prefix you don't want the clients to use.

Cheers,
Christopher Martin


On Sun, Oct 28, 2018 at 7:41 AM Simon Kelley 
wrote:
>
> Can you also add a dhcp-range for the ULA range, which deprecates it?
>
> Cheers,
>
> Simon.
>
>
> On 27/10/2018 18:17, Christopher Martin wrote:
> > Greetings,
> >
> > Is it possible to prevent Dnsmasq from advertising a specific prefix via
> > router advertisements?
> >
> > Here's my situation. My ISP provides a dynamic IPv6 prefix which, using
> > wide-dhcpv6, ends up assigned to interface bond0. Dnsmasq then
> > advertises the prefix on bond0 out to the LAN. The various hosts on the
> > LAN use it, together with IPv6 privacy extensions, to generate global
> > IPv6 addresses. So far so good.
> >
> > For reference, my config is as follows:
> >
> > dhcp-range=::,constructor:bond0,ra-only,infinite
> >
> > Here's the problem. I also assign a ULA to bond0 (fd00:etc.). Dnsmasq
> > also advertises this prefix to the LAN, but I don't want it to, because
> > then the other hosts on the LAN end up generating addresses based on it,
> > including via IPv6 privacy extensions. Whereas what I want is to
> > manually assign each host its own specific, unchanging and easily
> > remembered ULA, which should also be the source IP used when connecting
> > to various services around the LAN. Too many ULAs cause problems.
> >
> > Is there a way to instruct Dnsmasq to _not_ advertise the ULA prefix,
> > but to continue advertising the global prefix from my ISP? Perhaps this
> > option already exists and I've simply missed it - apologies if that's
> > the case.
> >
> > Thanks very much,
> >
> > Christopher Martin
> >
> > ___
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss@lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Avoid cache clearing on SIGHUP

2018-10-28 Thread Микола Василенко 
Thank you for the answer.

I suppose in this case I should enable inotify support in my Dnsmasq build.

Regards,
Mykola.

вс, 28 окт. 2018 г. в 14:14, Simon Kelley :

> The solution may be use of --hostsdir, which avoids the need for sending
> SIGHUP.
>
>
> Cheers,
>
> Simon.
>
>
> On 28/10/2018 10:55, Микола Василенко wrote:
> > Hi all,
> >
> > Is there any method to avoid DNS cache clearing on SIGHUP? I want only
> > to update host info by sending SIGHUP to dnsmasq daemon. As there are no
> > servers info changed (e.i. resolv.conf, servers conf), I think, there is
> > no need to clear the cache as it is still up to date.
> >
> > Thank in advance.
> >
> > ___
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss@lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Asigning IP DHCP IP by device type.

2018-10-28 Thread Ramses 
Hi everybody,

I have a doubt and I can't found a solution...

Does anybody know, and can day me, if there is any way to configure DNSMasq to 
asign IP depending if device type that requests the IP?

I want to define various IP Ranges to asign the IP depending, by example, if 
the request came from smartphones (Android / IOS) or others.


Regards,

Ramsés

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Can Dnsmasq be told not to advertise a specific prefix via RA?

2018-10-28 Thread Simon Kelley 
Can you also add a dhcp-range for the ULA range, which deprecates it?

Cheers,

Simon.


On 27/10/2018 18:17, Christopher Martin wrote:
> Greetings,
> 
> Is it possible to prevent Dnsmasq from advertising a specific prefix via
> router advertisements?
> 
> Here's my situation. My ISP provides a dynamic IPv6 prefix which, using
> wide-dhcpv6, ends up assigned to interface bond0. Dnsmasq then
> advertises the prefix on bond0 out to the LAN. The various hosts on the
> LAN use it, together with IPv6 privacy extensions, to generate global
> IPv6 addresses. So far so good.
> 
> For reference, my config is as follows:
> 
> dhcp-range=::,constructor:bond0,ra-only,infinite
> 
> Here's the problem. I also assign a ULA to bond0 (fd00:etc.). Dnsmasq
> also advertises this prefix to the LAN, but I don't want it to, because
> then the other hosts on the LAN end up generating addresses based on it,
> including via IPv6 privacy extensions. Whereas what I want is to
> manually assign each host its own specific, unchanging and easily
> remembered ULA, which should also be the source IP used when connecting
> to various services around the LAN. Too many ULAs cause problems.
> 
> Is there a way to instruct Dnsmasq to _not_ advertise the ULA prefix,
> but to continue advertising the global prefix from my ISP? Perhaps this
> option already exists and I've simply missed it - apologies if that's
> the case.
> 
> Thanks very much,
> 
> Christopher Martin
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNSSEC failure for dagjeuitactie.nl

2018-10-28 Thread Simon Kelley 
There's a CNAME at the root of the domain, which is not permissible, and
the root cause of the validation failure.


https://medium.freecodecamp.org/why-cant-a-domain-s-root-be-a-cname-8cbab38e5f5c

gives some reasons why this is not a good idea.

What actually happens is that dnsmasq makes a query for the DS record
for dagjeuitactie.nl and gets back the CNAME, rather than NSEC records
from the parenet proving that the DS doesn't work. It's arguable that
this is not sensible behaviour, but the it's what happens, and it makes
it impossible for dnsmasq to do validation.

The easiest way to fix this is almost certainly to fix the domain.


Cheers,

Simon.



On 26/10/2018 15:05, Willem Bargeman wrote:
> Hi Simon,
> 
> I received a message that the website dagjeuitactie.nl
>  was not working. When I do a dig for this
> domain the status is SERVFAIL.
> 
> dig dagjeuitactie.nl  @127.0.0.1
>  -p 5353
> 
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> dagjeuitactie.nl
>  @127.0.0.1  -p 5353
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30367
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 1452
> ;; QUESTION SECTION:
> ;dagjeuitactie.nl .              IN      A
> 
> ;; Query time: 101 msec
> ;; SERVER: 127.0.0.1#5353(127.0.0.1)
> ;; WHEN: Fri Oct 26 15:50:50 CEST 2018
> ;; MSG SIZE  rcvd: 45
> 
> In the log file I can see the following.
> 
> dnsmasq[5172]: query[A] dagjeuitactie.nl  from
> 127.0.0.1
> dnsmasq[5172]: forwarded dagjeuitactie.nl  to
> 127.0.1.1
> dnsmasq[5172]: validation dagjeuitactie.nl  is
> BOGUS
> 
> A query using the Cloudflare or Google DNS servers is working. 
> The domain name (dagjeuitactie.nl  and
> www.dagjeactie.nl ) is a CNAME
> for dagjeuit-web.queueup.eu .
> Dagjeuitactie.nl is not DNSSEC enabled. However, the
> domain dagjeuit-web.queueup.eu  is
> DNSSEC enabled. However this record is also a CNAME to a AWS server.
> 
> I'm not a DNSSEC expert but is this behavior correct? Is this a failure
> in Dnsmasq or is the domain not configured correctly.
> 
> Thank you!
> 
> Best regards,
> Willem Bargeman
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Avoid cache clearing on SIGHUP

2018-10-28 Thread Simon Kelley 
The solution may be use of --hostsdir, which avoids the need for sending
SIGHUP.


Cheers,

Simon.


On 28/10/2018 10:55, Микола Василенко wrote:
> Hi all,
> 
> Is there any method to avoid DNS cache clearing on SIGHUP? I want only
> to update host info by sending SIGHUP to dnsmasq daemon. As there are no
> servers info changed (e.i. resolv.conf, servers conf), I think, there is
> no need to clear the cache as it is still up to date.
> 
> Thank in advance.
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Avoid cache clearing on SIGHUP

2018-10-28 Thread Микола Василенко 
Hi all,

Is there any method to avoid DNS cache clearing on SIGHUP? I want only to
update host info by sending SIGHUP to dnsmasq daemon. As there are no
servers info changed (e.i. resolv.conf, servers conf), I think, there is no
need to clear the cache as it is still up to date.

Thank in advance.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss