[Dnsmasq-discuss] dns-server in opts file doesn't work
Hi, experts: I tried to leverage opts file to modify the recursive dns server IP conveyed in RA. The entry in the opts file is shown below: tag:tag1,option6:dns-server,[2001:4860:4860::] I tcpdumped the outgoing RA message, but the dns server IP is still set to the IPv6 address dnsmasq bound to. However, if I use --dhcp-option=tag:tag1,option6:dns-server,[2001:4860:4860::]” as an option in the CLI, then it worked in the way as expected. Is there anything I did wrong in the opts file? It is still my preferred approach to use opts file. Thanks! Shixiong ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Difference between SLAAC and RA-ONLY mode
Hi, guys: I tried both “slaac” mode and “ra-only” modes with dnsmasq version 2.66. One thing I noticed was, both modes set the same bit value in the RA: M-bit = 0, O-bit = 0, A-bit = 1, L-bit = 1. I am wondering what’s the difference between these two modes then? Would you please shed some light on it? Thanks! Shixiong ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] default lease time for dhcp-host entries ?
On 16/12/13 21:37, Maule Mark wrote: okay, thank you for checking. I just pushed a fix into git for the parsing bug. Cheers, Simon. On Monday, December 16, 2013 3:27 PM, Simon Kelleysi...@thekelleys.org.uk wrote: On 16/12/13 21:00, Maule Mark wrote: As an alternative to a fake tag to remove the empty field, would it work to declare a static dhcp-range in my configuration file to cover the addresses that are managed by the hostsfile? No. As you'd expect, lease times configured for individual hosts override those in dhcp-ranges. I looked at the code, and it looks like the problem is indeed the double comma. ,, gets treated that same as ,0, ie a lease time of zero. That's a bug, but the easiest way for you to work around it is to avoid the double comma. Cheers, Simon. On Monday, December 16, 2013 2:47 PM, Maule Markmark_ma...@yahoo.com wrote: I don't think our client is asking for a lease time. Or if it was, I would also expect it to make the request on the very first DHCPREQUEST, which gets the correct 1h lease. The double comma is to establish a placeholder field where we can plug in an optional tag: field, which we do in certain situations to influence the next dhcp exchange for this id. The program we use to manage this file rigidly expects each line to have the same number of fields if this optional tag exists or not.. I'll try putting a fake tag in that field and see if it solves the 2m lease time issue. On Monday, December 16, 2013 2:28 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 16/12/13 19:36, Maule Mark wrote: I'm seeing an unexptected (to me) behavior when using a dnsmasq hostsfile and dhcp. To start, my interface (pmi_if) is configured with a lease time of 1h (the default), and I have a blank hostsfile. dhcp-leasefile=/var/lib/axiom/dnsmasq_pmi.leases dhcp-hostsfile=/var/lib/axiom/dnsmasq_pmi_hostsfile dhcp-range=172.30.80.0,static,255.255.255.0 dhcp-range=172.30.80.200,172.30.80.240,255.255.255.0 dhcp-lease-max=255 dhcp-option=option:dns-server,172.30.80.1 dhcp-option=option:router,172.30.80.1 dhcp-option=option:ntp-server,172.30.80.1,172.30.80.2,172.30.80.3 dhcp-option=option:default-ttl,50 dhcp-option=option:all-subnets-local,1 dhcp-script=/var/lib/axiom/dhcp-script-pmi.sh dhcp-boot=/pds/pxe/pxelinux.0,172.30.80.1 Clients boot and are assigned dhcp addresses as expected. We have a program in our software stack that looks for heartbeat messages on this pmi_if, and when detected, constructs a hostsfile entry for the client that looks like this: [root@pilot2mailto:root@pilot2 axiom]# cat dnsmasq_pmi_hostsfile 00:21:28:A1:F3:F2,00:21:28:A1:F3:F3,,WN5080020001592690,172.30.80.128 00:21:28:A1:CA:3A,00:21:28:A1:CA:3B,,WN5080020001592691,172.30.80.129 The clients are running udhcpc from busybox. Everything works as expected until the clients get toward the end of their 1h lease period at which point the clients start sending DHCPREQUEST requests. It seems at this point, that the leases granted are now 120s. Here's some syslog output showing the first DHCPREQUEST being sent about 55 minutes into the 1h initial lease. Why did dnsmasq return a lease time of 12s in this case? 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 DHCPREQUEST(pmi_if) 172.30.80.129 00:21:28:a1:ca:3a 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 tags: known, pmi_if 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 DHCPACK(pmi_if) 172.30.80.129 00:21:28:a1:ca:3a WN5080020001592691 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 requested options: 1:netmask, 3:router, 6:dns-server, 12:hostname, 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 requested options: 15:domain-name, 28:broadcast, 42:ntp-server 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 bootfile name: /pds/pxe/pxelinux.0 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 server name: 172.30.80.1 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 next
Re: [Dnsmasq-discuss] Difference between SLAAC and RA-ONLY mode
On 17/12/13 12:29, Shixiong Shang wrote: Hi, guys: I tried both “slaac” mode and “ra-only” modes with dnsmasq version 2.66. One thing I noticed was, both modes set the same bit value in the RA: M-bit = 0, O-bit = 0, A-bit = 1, L-bit = 1. I am wondering what’s the difference between these two modes then? Would you please shed some light on it? There's no difference: slaac and ra-only have exactly the same effect. Reading back the manpage, the description is very confusing and should be re-written. The reason for having two different keywords is that they can be used with and without DHCP dhcp-range = 1234::1, 1234::100, slaac will do RA with MOAL bits all set, and provide DHCPv6 dhcp-range = 1234::1, slaac will do RA with only AL bits set, and not DHCP. It's maybe clearer to be able to be able to write. dhcp-range = 1234::1, ra-only in this case. Cheers, Simon. Thanks! Shixiong ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dns-server in opts file doesn't work
On 17/12/13 12:30, Shixiong Shang wrote: Hi, experts: I tried to leverage opts file to modify the recursive dns server IP conveyed in RA. The entry in the opts file is shown below: tag:tag1,option6:dns-server,[2001:4860:4860::] I tcpdumped the outgoing RA message, but the dns server IP is still set to the IPv6 address dnsmasq bound to. However, if I use --dhcp-option=tag:tag1,option6:dns-server,[2001:4860:4860::]” as an option in the CLI, then it worked in the way as expected. Is there anything I did wrong in the opts file? It is still my preferred approach to use opts file. I can't see any problem with that Just to be sure, you're using --dhcp-optsfile=/path/to/file and the lines in /path/to/file are tag:tag1,option6:dns-server,[2001:4860:4860::] and _not_ dhcp-option=tag:tag1,option6:dns-server,[2001:4860:4860::] and you remebered to restart dnsmasq or send SIGHUP after you altered the file? That covers all the mistakes that people usually make with this. Cheers, Simon. Thanks! Shixiong ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dnsmasq and AD flag forwarding
On 16/12/13 11:13, Tomas Hozza wrote: - Original Message - I can see at least one bug in the code: in the code-path taken to answer a query from the cache, the value of the AD flag is never changed: it simply takes the value that it had in the query. I guess the authenticated status of the data should be cached, and used to provide this information. I'm sure there is nothing wrong with caching the AD flag. However as stated in the --proxy-dnssec documentation, dnsmasq as non-validating resolver should not return the AD flag to clients, unless the --proxy-dnssec option is used. I'm currently deep into work to provide DNSSEC validation in dnsmasq, and all of this code is therefore subject to massive revision in the near future. I'll address the behaviour when dnsmasq is NOT validating itself as part of that work. I can understand that implementing the DNSSEC validation is hard task and requires a lot of time and effort. I can try to come up with a patch for the AD flag forwarding if you could agree with me on what is the correct behaviour here. Also what is the role of --proxy-dnssec option. This is my understanding If dnsmasq gets a query with the DO bit set (ie the client wants security information). Dnsmasq forwards the query as normal, and gets a reply which may have the AD flag set, indicating that the data is validated. However, the reply, complete with AD bit, may be a forgery, so dnsmasq shouldn't return the AD bit to the client, and resets it before sending the reply to the client. For the case that it's known that dnsmasq is always forwarding queries over a trusted channel to a trusted validating nameserver, the user can configure --proxy-dnssec and then the AD bit in the reply will be returned to the client. The relevant bit of standard, according to the dnsmasq source code, is RFC4035 4.6 para 3. This is all somewhat academic, since the dnsmasq doesn't currently cache the value of the AD bit in the reply, so if the answer comes from dnsmasq's cache, the AD bit will not be meaningful. In fact, as a stated in my last reply, the value of the AD bit which the client gets back with an answer from cache is actually the value of the AD bit in the query, which is nonsense. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] default lease time for dhcp-host entries ?
Thanks Simon. Will this work its way into a released version soon? If not, are there canned instructions for how to generate an srpm given a clone of the repo? thanks Mark On Tuesday, December 17, 2013 10:32 AM, Simon Kelley si...@thekelleys.org.uk wrote: On 16/12/13 21:37, Maule Mark wrote: okay, thank you for checking. I just pushed a fix into git for the parsing bug. Cheers, Simon. On Monday, December 16, 2013 3:27 PM, Simon Kelleysi...@thekelleys.org.uk wrote: On 16/12/13 21:00, Maule Mark wrote: As an alternative to a fake tag to remove the empty field, would it work to declare a static dhcp-range in my configuration file to cover the addresses that are managed by the hostsfile? No. As you'd expect, lease times configured for individual hosts override those in dhcp-ranges. I looked at the code, and it looks like the problem is indeed the double comma. ,, gets treated that same as ,0, ie a lease time of zero. That's a bug, but the easiest way for you to work around it is to avoid the double comma. Cheers, Simon. On Monday, December 16, 2013 2:47 PM, Maule Markmark_ma...@yahoo.com wrote: I don't think our client is asking for a lease time. Or if it was, I would also expect it to make the request on the very first DHCPREQUEST, which gets the correct 1h lease. The double comma is to establish a placeholder field where we can plug in an optional tag: field, which we do in certain situations to influence the next dhcp exchange for this id. The program we use to manage this file rigidly expects each line to have the same number of fields if this optional tag exists or not.. I'll try putting a fake tag in that field and see if it solves the 2m lease time issue. On Monday, December 16, 2013 2:28 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 16/12/13 19:36, Maule Mark wrote: I'm seeing an unexptected (to me) behavior when using a dnsmasq hostsfile and dhcp. To start, my interface (pmi_if) is configured with a lease time of 1h (the default), and I have a blank hostsfile. dhcp-leasefile=/var/lib/axiom/dnsmasq_pmi.leases dhcp-hostsfile=/var/lib/axiom/dnsmasq_pmi_hostsfile dhcp-range=172.30.80.0,static,255.255.255.0 dhcp-range=172.30.80.200,172.30.80.240,255.255.255.0 dhcp-lease-max=255 dhcp-option=option:dns-server,172.30.80.1 dhcp-option=option:router,172.30.80.1 dhcp-option=option:ntp-server,172.30.80.1,172.30.80.2,172.30.80.3 dhcp-option=option:default-ttl,50 dhcp-option=option:all-subnets-local,1 dhcp-script=/var/lib/axiom/dhcp-script-pmi.sh dhcp-boot=/pds/pxe/pxelinux.0,172.30.80.1 Clients boot and are assigned dhcp addresses as expected. We have a program in our software stack that looks for heartbeat messages on this pmi_if, and when detected, constructs a hostsfile entry for the client that looks like this: [root@pilot2mailto:root@pilot2 axiom]# cat dnsmasq_pmi_hostsfile 00:21:28:A1:F3:F2,00:21:28:A1:F3:F3,,WN5080020001592690,172.30.80.128 00:21:28:A1:CA:3A,00:21:28:A1:CA:3B,,WN5080020001592691,172.30.80.129 The clients are running udhcpc from busybox. Everything works as expected until the clients get toward the end of their 1h lease period at which point the clients start sending DHCPREQUEST requests. It seems at this point, that the leases granted are now 120s. Here's some syslog output showing the first DHCPREQUEST being sent about 55 minutes into the 1h initial lease. Why did dnsmasq return a lease time of 12s in this case? 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 DHCPREQUEST(pmi_if) 172.30.80.129 00:21:28:a1:ca:3a 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 tags: known, pmi_if 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 DHCPACK(pmi_if) 172.30.80.129 00:21:28:a1:ca:3a WN5080020001592691 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 requested options: 1:netmask, 3:router, 6:dns-server, 12:hostname, 2013-12-16 19:33:42.253+00:00 pilot2 dnsmasq-dhcp[23916]: 208328817 requested options: 15:domain-name, 28:broadcast, 42:ntp-server
Re: [Dnsmasq-discuss] Difference between SLAAC and RA-ONLY mode
Hi, Simon: Thanks a lot for your quick clarification! Just want to make sure I clearly understand what you mean….if the dhcp-range contains a range of IPv6 address, then slaac should enable dhcpv6 + ra; if the dhcp-range contains the single IPv6 address, then slack will only do ra, but not dhcpv6…..Same as ra-only. In other words, how slaac/ra-only set MOAL bits depends on dhcp-range…..Is my understanding correct? Shixiong On Dec 17, 2013, at 11:55 AM, Simon Kelley si...@thekelleys.org.uk wrote: On 17/12/13 12:29, Shixiong Shang wrote: Hi, guys: I tried both “slaac” mode and “ra-only” modes with dnsmasq version 2.66. One thing I noticed was, both modes set the same bit value in the RA: M-bit = 0, O-bit = 0, A-bit = 1, L-bit = 1. I am wondering what’s the difference between these two modes then? Would you please shed some light on it? There's no difference: slaac and ra-only have exactly the same effect. Reading back the manpage, the description is very confusing and should be re-written. The reason for having two different keywords is that they can be used with and without DHCP dhcp-range = 1234::1, 1234::100, slaac will do RA with MOAL bits all set, and provide DHCPv6 dhcp-range = 1234::1, slaac will do RA with only AL bits set, and not DHCP. It's maybe clearer to be able to be able to write. dhcp-range = 1234::1, ra-only in this case. Cheers, Simon. Thanks! Shixiong ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] IPv6 host file syntax
Hi, expert: I am using dnsmasq as DHCPv6 server and I created host file for my IPv6 DHCP range. The first field is DUID calculated by MAC, followed by hostname, and then IPv6 address. 00:03:00:06:fa:16:3e:03:63:36,host-2001-db8-3--1.openstacklocal,2001:db8:3::1 00:03:00:06:fa:16:3e:95:5f:6a,host-2001-db8-3--2.openstacklocal,2001:db8:3::2 00:03:00:06:fa:16:3e:0c:29:d6,host-2001-db8-3--f816-3eff-fe0c-29d6.openstacklocal,2001:db8:3::f816:3eff:fe0c:29d6 However, I cannot find any document to verify whether the above syntax is correct. Would you please clarify? Thanks! Shixiong ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DHCPv6 same host different subnets
I'm confused at to what's happening. You're saying that the client on the physical network associated with 2a01:348:31:2:: gets 2a01:348:31:3::2 allocated? That's very odd. You _should_ be able to have as many dhcp-host lines as you like for a client-id, they're filtered by subnet so only one will be relevant for a particular DHCP request. This may not scale well to IPv6 when a physical interface could easily have multiple addresses on multiple subnets. Is that the problem? Cheers, Simon. On 13/12/13 20:35, Roy Marples wrote: Different physical networks. If it matters both networks are plugged into the router via USB dongles. One goes into a wireless AP and the other into an Ethernet Over Power point. For the curious the box itself only has one physical ethernet port which is plugged into a PPPoE modem. For reference, ISC dhcpd manages to do this fine provided you create dummy host entries for the same ClientID but with different fixed ips on each. Roy Sent from Samsung Mobile Original message From: Simon Kelleysi...@thekelleys.org.uk Date: To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] DHCPv6 same host different subnets On 12/12/13 14:57, Roy Marples wrote: Hi According to this: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q3/007464.html This should work dhcp-host=id:00:01:00:01:XXX,[2a01:348:31:2::2],fred dhcp-host=id:00:01:00:01:XXX,[2a01:348:31:3::2],fred But it fails. I get the last address assigned to the 2a01:348:31:2 subnet request. This is running 2.68 on NetBSD, not tested the above config with earlier versions. What's the server configuration? Are 2a01:348:31:2:: and 2a01:348:31:3:: on different networks, or the same physical network. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] FreeBSD complement to Linux's netlink: route(4) socket
On 12/12/13 20:15, Matthias Andree wrote: Am 09.12.2013 17:58, schrieb Simon Kelley: OK, using this, I've implemented dynamic interface-address discovery for *BSD. Available now in git and as 2.69test1. This is very useful as it stands, since it makes the dynamic DHCPv6 address-range facility using the constructor: keyword work on *BSD. Unfortunately, it doesn't make --bind-dynamic work, and least not in a useful way. The problem is that when new interface addresses come along, dnsmasq has to bind sockets to them at low ports. This is not allowed when running as non-root, and of course dnsmasq drops root once it's started. On Linux, this problem is solved by using process capabilities: the dnsmasq process retains the ability to bind low ports when it gives away the rest of the root privileges. I don'r think there's a direct equivalent to capabilities in *BSD. Is there another way to allow a non-root process to bind low ports? A. There is a system-wide feature that enables certain uid/gids to bind particular tcp or udp ports. http://www.freebsd.org/doc/handbook/mac-portacl.html - check the Example. Note that TrustedBSD/MAC is dubbed experimental. Minimum survival on FreeBSD 9.2: 1. These are preparations the sysadmin would have to make: # kldload mac_portacl # sysctl security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53 2. And that tells dnsmasq to drop privileges to user 53 (I hope it understands UID, else try bind - it has uid 53 on my system): dnsmasq -u 53 [options [...]] B. If you find that too cumbersome due to the global nature, the traditional way would be using a helper process that retains privileges, opens the socket, binds it and passes it and the file descriptor to the unprivileged process. http://www.lst.de/~okir/blackhats/node121.html or http://www.thomasstover.com/uds.html perhaps. The first of these is more attractive: creating a helper process and passing file descriptors is a big re-factor. the -u option doesn't understand uids, but that's easy to fix. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] DHCPv6 default port
Hi, expert: I am using dnsmasq as DHCPv6 server. By default, dnsmasq is bound to port 53. I used --port option to bind it to UDP/547, since this is what my DHCPv6 client sends the query to. However, the dnsmasq never saw the DHCPv6 packets coming in afterwards. Based on tcpdump, I could see DHCPv6 packets hit dnsmasq binding interface, but dnsmasq log didn't report anything. So I am wondering whether the port other than 53 is supported? Thanks! Shixiong ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] How does proxy-dhcp work ?
Hi, I'm trying to setup a dnsmasq adding some pxe-stuff in a network with an uncooperative DHCP-server. Even for this problem dnsmasq has a solution, really the swiss-army-knife for DNS/DHCP stuff ! But I don't unterstand how this works. Perhaps someone could enlighten me. A proxy usually sitzs between server and client and does some magic like filtering or caching. But of both (dhcp-server and dhcp-client) are in the same broadcast-domain (local link whatever you might call it) so the dhcp-server could simply answer the request and dnsmasq would not come into the game. Or is there some logic in the pxe-clients to ask a second time, when the pxe-stuff was missing in the first answer ? I'm slightly confused how this works. cu romal ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Difference between SLAAC and RA-ONLY mode
On 17/12/13 17:34, Shixiong Shang wrote: Hi, Simon: Thanks a lot for your quick clarification! Just want to make sure I clearly understand what you mean….if the dhcp-range contains a range of IPv6 address, then slaac should enable dhcpv6 + ra; if the dhcp-range contains the single IPv6 address, then slack will only do ra, but not dhcpv6…..Same as ra-only. In other words, how slaac/ra-only set MOAL bits depends on dhcp-range…..Is my understanding correct? That's correct. Simon. Shixiong On Dec 17, 2013, at 11:55 AM, Simon Kelleysi...@thekelleys.org.uk wrote: On 17/12/13 12:29, Shixiong Shang wrote: Hi, guys: I tried both “slaac” mode and “ra-only” modes with dnsmasq version 2.66. One thing I noticed was, both modes set the same bit value in the RA: M-bit = 0, O-bit = 0, A-bit = 1, L-bit = 1. I am wondering what’s the difference between these two modes then? Would you please shed some light on it? There's no difference: slaac and ra-only have exactly the same effect. Reading back the manpage, the description is very confusing and should be re-written. The reason for having two different keywords is that they can be used with and without DHCP dhcp-range = 1234::1, 1234::100, slaac will do RA with MOAL bits all set, and provide DHCPv6 dhcp-range = 1234::1, slaac will do RA with only AL bits set, and not DHCP. It's maybe clearer to be able to be able to write. dhcp-range = 1234::1, ra-only in this case. Cheers, Simon. Thanks! Shixiong ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DHCPv6 default port
I think dnsmasq process is bound to the right port, but it is not listening on udp6 part. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:96970.0.0.0:* LISTEN 2103/python tcp6 0 0 2001:db8:3::1:547 :::*LISTEN 2536/dnsmasq tcp6 0 0 fe80::f816:3eff:fe0:547 :::*LISTEN 2536/dnsmasq tcp6 0 0 2001:db8:192:168::1:547 :::*LISTEN 2533/dnsmasq tcp6 0 0 fe80::f816:3eff:fe5:547 :::*LISTEN 2533/dnsmasq udp6 0 0 2001:db8:3::1:547 :::* 2536/dnsmasq udp6 0 0 fe80::f816:3eff:fe0:547 :::* 2536/dnsmasq udp6 0 0 2001:db8:192:168::1:547 :::* 2533/dnsmasq udp6 0 0 fe80::f816:3eff:fe5:547 :::* 2533/dnsmasq Shixiong On Dec 17, 2013, at 1:15 PM, Shixiong Shang sparkofwisdom.cl...@gmail.com wrote: Hi, expert: I am using dnsmasq as DHCPv6 server. By default, dnsmasq is bound to port 53. I used --port option to bind it to UDP/547, since this is what my DHCPv6 client sends the query to. However, the dnsmasq never saw the DHCPv6 packets coming in afterwards. Based on tcpdump, I could see DHCPv6 packets hit dnsmasq binding interface, but dnsmasq log didn't report anything. So I am wondering whether the port other than 53 is supported? Thanks! Shixiong ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] IPv6 host file syntax
On 17/12/13 18:00, Shixiong Shang wrote: Hi, expert: I am using dnsmasq as DHCPv6 server and I created host file for my IPv6 DHCP range. The first field is DUID calculated by MAC, followed by hostname, and then IPv6 address. 00:03:00:06:fa:16:3e:03:63:36,host-2001-db8-3--1.openstacklocal,2001:db8:3::1 00:03:00:06:fa:16:3e:95:5f:6a,host-2001-db8-3--2.openstacklocal,2001:db8:3::2 00:03:00:06:fa:16:3e:0c:29:d6,host-2001-db8-3--f816-3eff-fe0c-29d6.openstacklocal,2001:db8:3::f816:3eff:fe0c:29d6 If you really want to use DUID, then the hex should have id: in front id:00:03:00:06:fa:16:3e:03:63:36,.. but calculating DUIDs is dangerous and fragile. The latest dnsmasq releases allow you to use MAC addresses directly. The IPv6 addresses should have [...] round them .,[2001:db8:3::1] Cheers, Simon. However, I cannot find any document to verify whether the above syntax is correct. Would you please clarify? Thanks! Shixiong ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
