[Dnsmasq-discuss] dhcp-ignore ignoring /etc/ethers entry
Hello,I am trying to use dnsmasq for dhcp service in cobbler provisioning tool. I am dynamically adding new mac address-ip pair to /etc/ethers file. Everything works fine from end to end , that is , it leases ip address to the mac address and the machine gets provisioned with an image. However, when I add --dhcp-ignore=tag:!known entry to dnsmasq.conf, then, the machines that get added in /etc/ethers are getting IGNORED. The documentation says it should consider machines in /etc/ethers as known machines.I do need this dhcp-ignore, because, of the following reasons:1) I do not want my dnsmasq not to lease out ip addresses to unknown machines2) Known machines are dynamically added to /etc/ethers file and i do not want to restart dnsmasq everytime i add a new machine. I am using ubuntu 14.04 and dnsmasq 2.68. If i restart dnsmasq, then, it considers /etc/ethers as known machines and leases out ip address. Any help is appreciated. Thanks,Jay ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNAME or domain to domain transltion?
Would it be fair to assume that there is no trick to this and if so, is there any interest in a feature request for supporting DNAME records? Unfortunately I'm simply a (very grateful) freeloader with no programming skills whatsoever. I have no idea whether implementing this would be something really simple or the opposite. Many thanks, Adrian -Original Message- From: Adrian Lewis [mailto:adr...@alsiconsulting.co.uk] Sent: 11 March 2015 19:06 To: 'dnsmasq-discuss@lists.thekelleys.org.uk' Subject: DNAME or domain to domain transltion? Hi, I've tried to find this out through reading and googling and I can't find any obvious solution so I was hoping someone might know a trick that would help me. I'm trying to do some sort of domain to domain translation so that when a query for the a record of host1.firstdomain.tld is received, dnsmasq does a lookup for host1.seconddomain.tld and returns the IP as if the client had asked for host1.seconddomain.tld. For an individual host this is much the same as a CNAME record but I need to be able to specify the hostname dynamically so that %anything%.firstdomain.tld is a CNAME for %anything%.seconddomain.tld. Wildcards don't help either as this is not a case of %anything%.firstdomain.tld being a CNAME for specifichost.seconddomain.tld. From what I gather, this is what a DNAME record will do although support for this type of record seems a little scarce and dnsmasq doesn't support these directly. The purpose is not nefarious and it is all being done for internal to internal translation. I've not gone into why I need this in any great detail but it's nothing dodgy. The --synth-domain feature suggests that there is some sort of engine to create dynamic replies based on the query but I need the equivalent of: --synth-domain=firstdomain.tld,seconddomain.tld Can anyone help? TIA, Adrian ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNAME or domain to domain transltion?
I had had a lot of hope for DNAMEs, but they were shot down in the ietf years ago. Vestiges survive in bind, at least, but I suspect there is little application support. I would not mind an attempt to resurrect them. Naming in the face of being renumbered all the time by various ipv4 and ipv6 providers is a real PITA. On Mon, Mar 16, 2015 at 6:33 PM, Adrian Lewis adr...@alsiconsulting.co.uk wrote: Would it be fair to assume that there is no trick to this and if so, is there any interest in a feature request for supporting DNAME records? Unfortunately I'm simply a (very grateful) freeloader with no programming skills whatsoever. I have no idea whether implementing this would be something really simple or the opposite. Many thanks, Adrian -Original Message- From: Adrian Lewis [mailto:adr...@alsiconsulting.co.uk] Sent: 11 March 2015 19:06 To: 'dnsmasq-discuss@lists.thekelleys.org.uk' Subject: DNAME or domain to domain transltion? Hi, I've tried to find this out through reading and googling and I can't find any obvious solution so I was hoping someone might know a trick that would help me. I'm trying to do some sort of domain to domain translation so that when a query for the a record of host1.firstdomain.tld is received, dnsmasq does a lookup for host1.seconddomain.tld and returns the IP as if the client had asked for host1.seconddomain.tld. For an individual host this is much the same as a CNAME record but I need to be able to specify the hostname dynamically so that %anything%.firstdomain.tld is a CNAME for %anything%.seconddomain.tld. Wildcards don't help either as this is not a case of %anything%.firstdomain.tld being a CNAME for specifichost.seconddomain.tld. From what I gather, this is what a DNAME record will do although support for this type of record seems a little scarce and dnsmasq doesn't support these directly. The purpose is not nefarious and it is all being done for internal to internal translation. I've not gone into why I need this in any great detail but it's nothing dodgy. The --synth-domain feature suggests that there is some sort of engine to create dynamic replies based on the query but I need the equivalent of: --synth-domain=firstdomain.tld,seconddomain.tld Can anyone help? TIA, Adrian ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -- Dave Täht Let's make wifi fast, less jittery and reliable again! https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Dnsmasq on high load
On 03/15/2015 02:06 PM, Simon Kelley wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/03/15 00:15, Rick Jones wrote: Does dnsmasq make any setsockopt(SO_SNDBUF) settings? Perhaps the SO_SNDBUF has filled thanks to Linux's intra-stack flow-control and an attempt to (non blocking?) send has triggered the EAGAIN? Just guessing, No, it doesn't change the buffer size. I think your guess may be a good one. I wonder some adaptive buffer-size expansion could be created? Presumably, these are transient conditions right? I suppose there are a few choices - one would be to queue the request internally and send it again later. Another would be to simply drop the request outright (non-Linux stacks likely would have done so anyway and not necessarily told the caller). The third would be to tweak the SO_[SND|RCV]BUF explicitly. Under Linux for that to take the administrator will have to have tweaked net.core.[rw]mem_max. Otherwise Linux will silently cap any request above that value. As for how much buffer, I suppose for the SO_SNDBUF decision it would be how much delay is one willing to add. Then figure how many sends could be drained by the NIC in that length of time. If the Linux version is new enough, it may already have fq_codel employed as the default qdisc and there may already be a fair bit of buffering below the socket buffer. If there are UDP receive errors being recorded (ie because dnsmasq wasn't keeping-up with the incoming requests) then the computation would be just how long one might reasonably expect a dnsmasq process to remain blocked by something else and compute from there. Lots of choices and it depends :) rick ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNAME or domain to domain transltion?
On 03/16/15 22:41, Dave Taht wrote: I had had a lot of hope for DNAMEs, but they were shot down in the ietf years ago. Vestiges survive in bind, at least, but I suspect there is little application support. I would not mind an attempt to resurrect them. Naming in the face of being renumbered all the time by various ipv4 and ipv6 providers is a real PITA. I don't get why you said they were shot down. The DNAME record type is standards track with 2 RFCs issued. Starting as RFC 2672 and updated 3 years ago with RFC 6672. As far as I can see they're supported by most of the open source authoritative name servers and recursive resolvers (BIND, NSD / Unbound, Knot, Yadifa, MaraDNS), commercial implementations such as Cisco, Nominum, Microsoft as well as OS resolvers. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNAME or domain to domain transltion?
On Mon, Mar 16, 2015 at 9:18 PM, Brad Smith b...@comstyle.com wrote: On 03/16/15 22:41, Dave Taht wrote: I had had a lot of hope for DNAMEs, but they were shot down in the ietf years ago. Vestiges survive in bind, at least, but I suspect there is little application support. I would not mind an attempt to resurrect them. Naming in the face of being renumbered all the time by various ipv4 and ipv6 providers is a real PITA. I don't get why you said they were shot down. The DNAME record type is standards track with 2 RFCs issued. Starting as RFC 2672 and updated 3 years ago with RFC 6672. As far as I can see they're supported by most of the open source authoritative name servers and recursive resolvers (BIND, NSD / Unbound, Knot, Yadifa, MaraDNS), commercial implementations such as Cisco, Nominum, Microsoft as well as OS resolvers. I stand corrected. Do any applications work with DNAME? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Dave Täht Let's make wifi fast, less jittery and reliable again! https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] [PATCH V2] check bogus-nxdomain even when ip is from --address
On Sun, Mar 15, 2015 at 09:11:58PM +, Simon Kelley wrote:
On 12/03/15 08:29, Chen Wei wrote:
This patch is mainly for blocking malware domains.
Why use a fake address. It seems more sensible to have some syntax
we could re-use that syntax so that
address=/malware.com/#
means return NXDOMAIN for *.malware.com
It is cleaner indeed.
--
Chen Wei
---
src/dnsmasq.h |1 +
src/forward.c |2 ++
src/option.c | 13 ++---
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index de95d0e..c96e074 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -485,6 +485,7 @@ union mysockaddr {
#define SERV_NO_REBIND 2048 /* inhibit dns-rebind protection */
#define SERV_FROM_FILE 4096 /* read from --servers-file */
#define SERV_LOOP 8192 /* server causes forwarding loop */
+#define SERV_NXDOMAIN 16384 /* domain should return NXDOMAIN */
struct serverfd {
int fd;
diff --git a/src/forward.c b/src/forward.c
index 7c0fa8d..471e667 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -162,6 +162,8 @@ static unsigned int search_servers(time_t now, struct
all_addr **addrpp,
{
if (serv-flags SERV_NO_REBIND)
*norebind = 1;
+else if (serv-flags SERV_NXDOMAIN)
+ flags = F_NXDOMAIN;
else
{
unsigned int sflag = serv-addr.sa.sa_family == AF_INET ?
F_IPV4 : F_IPV6;
diff --git a/src/option.c b/src/option.c
index eace40b..ba54a48 100644
--- a/src/option.c
+++ b/src/option.c
@@ -2290,9 +2290,16 @@ static int one_opt(int option, char *arg, char *errstr,
char *gen_err, int comma
else if (strcmp(arg, #) == 0)
{
- newlist-flags |= SERV_USE_RESOLV; /* treat in ordinary way */
- if (newlist-flags SERV_LITERAL_ADDRESS)
- ret_err(gen_err);
+if (option == 'S')
+ {
+newlist-flags |= SERV_USE_RESOLV; /* treat in ordinary way */
+if (newlist-flags SERV_LITERAL_ADDRESS)
+ ret_err(gen_err);
+ }
+else if (option == 'A')
+ {
+newlist-flags |= SERV_NXDOMAIN; /* domain return NXDOMAIN */
+ }
}
else
{
--
1.7.10.4
signature.asc
Description: Digital signature
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
