[Dnsmasq-discuss] Not sure how to configure dnsmasq via dbus and cli tools

2014-08-13 Thread samlt 

Hello,

I'm not sure how to use the dnsmasq dbus interface via dbus-send or
qdbus (which I've read should be easier).

I've no previous experience with dbus, so I may be missing something
entirely obvious to you.

$ qdbus --system
...
 uk.org.thekelleys.dnsmasq

$ qdbus --system uk.org.thekelleys.dnsmasq
Error: org.freedesktop.DBus.Error.AccessDenied Rejected send message, 2
matched rules; type=method_call, sender=:1.504 (uid=1000 pid=22569
comm=qdbus --system  uk.org.thekelleys.dnsmasq )
interface=org.freedesktop.DBus.Introspectable member=Introspect
error name=(unset) requested_reply=0
destination=uk.org.thekelleys.dnsmasq (uid=0 pid=21250
comm=/usr/sbin/dnsmasq --no-resolv --keep-in-foreground)

$ sudo qdbus --system uk.org.thekelleys.dnsmasq
Error: org.freedesktop.DBus.Error.NoReply
Did not receive a reply. Possible causes include: the remote application
did not send a reply, the message bus security policy blocked the reply,
the reply timeout expired, or the network connection was broken.


The thing is that I'm not even sure my problem is directly related to
dnsmasq. When I lookup for the Rejected error above, I find stuffs
about consolekit, but I though consolekit functionnality was now offered
by systemd (superseded by systemd according to wikipedia). So I am
kind of lost.

Help appreciated!

background: I'm using dnsmasq with network manager(nm)on fedora 20. And
when I connect to some VPN I'd like to add something like:
server=/myvpn.domain/1.2.3.4
To dnsmasq config.

Thanks:)



___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Locking Down DNS Queries to Correct Servers

2014-08-13 Thread Simon Kelley 
On 01/08/14 19:31, Ben Cundiff wrote:
 Thanks for the reply. To clarify, would the no-resolv option prevent
 the server running dnsmasq from referencing its own /etc/resolv.conf,
 or would that also effect the behavior of clients?

Just the server.

 I don' think it's
 possible the rogue DHCP server provided any of our other servers wtih
 a DHCP lease-- none of our servers with dnsmasq have the
 isc-dhcp-client package installed, and the Windows server was set up
 on a separate VLAN from any of our servers. Would there be another
 way that the unauthorized DHCP/DNS server could have answered queries
 for our domain? Thanks again,

the rogue DHCP server could affect the clients' idea of their upstream
server without giving them a lease, via replies to DHCPINFO requests. If
it didn't do that, it's difficult to see how it could answer queries
sent to the correct server. (Actually, this is a well-known attack, but
it's much more specialised than a rogue DHCP server.)

Simon.

 
 Ben Cundiff Associate Sysadmin X-ES Inc. bcund...@xes-inc.com
 
 - Original Message -
 
 From: Simon Kelley si...@thekelleys.org.uk To:
 dnsmasq-disc...@thekelleys.org.uk Sent: Wednesday, July 30, 2014
 4:30:15 PM Subject: Re: [Dnsmasq-discuss] Locking Down DNS Queries to
 Correct Servers
 
 
 Your config doesn't include
 
 no-resolv
 
 so dnsmasq will be reading /etc/resolv.conf looking for servers
 there, as well as the ones you've defined. If a DHCP client on the
 machine got a DHCP lease from the rogue server, it could have put the
 DNS server address from that DHCP lease in /etc/resolv.conf That
 would get queries NOT in *.example.com sent to the rogue server.
 
 
 Cheers,
 
 Simon.
 
 
 
 ___ Dnsmasq-discuss
 mailing list Dnsmasq-discuss@lists.thekelleys.org.uk 
 http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
 
 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss