Re: [Dnsmasq-discuss] Two routers, two dnsmasq instances, can they sync?

[Arseniy Skvortsov]

I was going to implement this a year ago, but unfortunately stuck in  
establishing IP connectivity between the subnets.
Providing you have IP connectivity (VPN I assume), you can pull lease file  
from one router to another, convert it to 'hosts' file (don't forget to  
compare lease times in case if one of the clients can fly from one router  
to another quickly :) ) and send SIGHUP to dnsmasq instance for it to  
reread new 'hosts'. Path to the file may be passed as --addn-hosts.


If you wish, I can help with setting things up. Maybe I'll be able to  
finish changes in my subnets after.


Either way, would like to see your success (or fail) story here.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Slow DNSMasq with > 100, 000 entries in additional addresses file

[TheWerthFam]

Using DNSMasq 2.76 on the Openwrt platform with a raspberry pi 3 like device 
for home networking 1GB RAM, dual core 1 GHZ processor).  Additionally I'm 
using the the adblock set of scripts found @ 
(https://github.com/openwrt/packages/tree/master/net/adblock/files) to block 
malware and porn sites. The porn sites list is about 800,000 entries, about 10x 
the number of sites adblock normally uses.  With the full list of malware and 
porn domains loaded,
dnsmasq takes 115M of memory and normally sits around 50% CPU usage with 
moderate browsing usage.  CPU and RAM usage isn't really a problem other
than lookups are slow now. Platform is cc 15.05.1 r49389.

The adblock script takes downloads different lists, creates a file for each 
list in the format:
local=/40def14.codns.com/ local=/944413269.3322.org
local=/domainnottogoto.com/ ... With one entry per line.  The goal is to return 
NXDOMAIN when the local clients use the dnsmasq as the its primary dns server. 
Lists are sorted and with unique entries, so duplicates are limited.

In an effort to address the performance issues I've tried increasing the 
dnsmasq cachesize to 10,000 but that made no change in performance. Also tried 
neg-ttl=3600 with default negative caching enabled with no change - thinking 
that if dnsmasq would cache the no response queries performance would go up.  
This didn't have any noticeable improvement in performance.

Are there dnsmasq setting that will improve the performance?  or should it
be configured differently to achieve this goal?
Perhaps unbound would be better suited?

Cheers
Derek

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Sequential IP doesn't look for unused IPs

[Vladislav Grishenko]

Hi Alec,

 

A bit disagree on that, at up-to-time Asus routers use hashed mac allocations, 
not sequential.

Older ones – did sequential allocation with reuse of expired IP from the very 
start (original udhcpd behavior), and in my practice, it rose issues when the 
same ip was allocated to different interfaces of one particular host, first 
time – as a first lease, second – after a hibernate/sleep. Same code was merged 
into udhcpd@busybox and was fixed into sdbm hash several years ago.

In my opinion, sequential reuse of ip pool does more harm than helps to keep 
the “things” in order.

Best Regards, Vladislav Grishenko

 

From: Dnsmasq-discuss [mailto:dnsmasq-discuss-boun...@lists.thekelleys.org.uk] 
On Behalf Of Alec Robertson
Sent: Sunday, December 25, 2016 4:14 AM
To: dnsmasq-discuss@lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] Sequential IP doesn't look for unused IPs

 

I understand what you’re saying but I was suggesting this should be a feature 
enhancement. All the other routers I have used work the way I have described, 
be it NETGEAR, Asus, Huawei, etc.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] IPv6 on OpenWRT

[Alec Robertson]

Hi all,

I am using dnsmasq on OpenWRT and I have configured the DHCPv6 server and
it is working well with the clients connected to the router. However, the
DNS is not working; IPv6 requests are not successful.

The clients are given the router’s IP for DNS, like they are with IPv4 but
the DNS is not working. How do I configure the DNS servers on dnsmasq
correctly? I am using a 6in4 tunnel via Hurricane Electric.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Sequential IP doesn't look for unused IPs

[Alec Robertson]

Thank you for your reply. It was just really to make it like every other
router I’ve used. It’s not a “problem” as such.

—
Alec Robertson

On 25 December 2016 at 11:03:35, Albert ARIBAUD (albert.arib...@free.fr)
wrote:

(TL;DR: skip to last paragraph of my reply)

Hi Alec,

Le Sat, 24 Dec 2016 18:13:46 -0500
Alec Robertson  a écrit:

> I understand what you’re saying but I was suggesting this should be a
> feature enhancement. All the other routers I have used work the way I
> have described, be it NETGEAR, Asus, Huawei, etc.

Oh, ok. I was misled by the negative form in your message subject, which
I read as pointing a perceived misbehavior as opposed to suggesting a
new one.

So, have I got it right that your point can be summed up as follows:

"1. Right now, dnsmasq's DHCP server feature allocates IP based on
either one of the two following (summarized) strategies:

a) Select the IP based on a hash of the MAC, or

b) Select the oldest free IP available.

2. It is suggested to add a strategy which would be summarized as:

c) Select the lowest free IP."

If so, then I'm sorry about the misunderstanding: while I could have
helped on a perceived or real misbehavior diagnosis, I am not involved
in any part of developing dnsmasq so my feedback on a feature request
would be worthless.

However, I do have a question about this feature request; please bear
with me for a minute there.

I do understand that strategy c above is easily implemented (it's
basically a context-insensitive loop) as opposed to the other two, so
it makes sense to implement that when developing a DHCP server from
scratch, I do not see what benefit it brings to a DHCP server which
already has two allocation options in place. IOW, what does option c
bring that options a or b don't?

Obviously, option c reduces the number of different IPs allocated over
time with respect to option b, as option b goes through the whole
range while option does not. But then, option a also keeps the number
of allocated IPs to a minimum.

There is a difference, though, between options c and a: option c keeps
that minimum set of IPs tight, whereas option a (possibly) spreads the
set over the whole range.

So, the real distinguishing feature of option c is "keep the allocated
IPs as grouped near the range base as possible".

But that's a /characteristic/, not a /benefit/ -- at least, I cannot
see the benefit yet.

So I suspect there is something in the currently available options a
and b which causes an issue in your use of dnsmasq to the point of
making you want to see option c implemented.

Now, this something may actually be solved by implementing option c, or
it may be a symptom of another problem for which there is a better
solution than option c.

As I don't remember having seen a similar request (I might have missed
it, though), I suspect that it is not widely seen as a solution, which
makes me lean toward the "there is a better solution" side, but that's
only a hunch; hence my questioning, to either get rid of a false hunch,
or see it confirm and get to a better solution to your problem.

And for that, we need the problem laid out (as opposed to laying out the
perceived solution)

So the question becomes in fact why is a 'tight low range' IP
allocation strategy needed exactly, or more precisely, what is the
problem that you have which dnsmasq's existing IP allocation strategies
cause, or at least do not solve?

Amicalement,
-- 
Albert.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Two routers, two dnsmasq instances, can they sync?

[Kevin Lyda]

I have two OpenWRT routers which are physically far apart.  One serves
192.168.2, the other serves 192.168.1 and they route between each
other. I'd prefer it if rt1 and rt2 could each manage dhcp on their
respective subnets but I'd like them to have a common view of the
internal DNS.

Is this possible? Is this what server=/192.168.1.1/local.domain/ could
be used for?

Kevin


signature.asc
Description: PGP signature
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Windows ipv6 hostname

[Pali Rohár]

On Monday 26 December 2016 14:50:41 Markus Hartung wrote:
> >For dhcpv6 I have own dnsmasq patches which assign ipv6 address
> >bases on
> >mac address...
> 
> That could be interesting with such patch. Is there any reason it
> haven't been accepted?

See discussion:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q1/010135.html
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q1/thread.html#10135

Simon did not response about it for 11 months... so I do not know.
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q4/010885.html

> What I need is just a way for a given mac-address dnsmasq should be
> informed of the hostname.

Anyway, dnsmasq has already some support for mac-address in DHCPv6...

-- 
Pali Rohár
pali.ro...@gmail.com


signature.asc
Description: This is a digitally signed message part.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Windows ipv6 hostname

[Markus Hartung]

Hello,

On 26 December 2016 10:29:26 GMT+01:00, "Pali Rohár"  
wrote:
>On Friday 23 December 2016 10:39:20 Markus Hartung wrote:
>> Is there a way to flush the lease database in dnsmasq? I have tried
>> removing the line in /var/lib/misc/dnsmasq.leases and restart dnsmasq
>> but my laptop still gets the same IP-address. Or is it that dnsmasq
>> uses the mac-address to generate same IP-address every time?
>
>Removing lease database file when dnsmasq is not running should be 
>enough.
>
>But dhcp client can try to "renew" already assigned IP address and dhcp
>
>client (dnsmasq) can extend this lease if nobody is using requested ip 
>address.
>
>So you should remove both *client* and *server* databases to prevent 
>such situation.
>
>I think it is possible to configure dnsmasq to assign only configured 
>ipv4 address for mac address.
>
>For dhcpv6 I have own dnsmasq patches which assign ipv6 address bases
>on 
>mac address...

That could be interesting with such patch. Is there any reason it haven't been 
accepted? 

What I need is just a way for a given mac-address dnsmasq should be informed of 
the hostname.

BR,
Markus
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Windows ipv6 hostname

[Pali Rohár]

On Friday 23 December 2016 10:39:20 Markus Hartung wrote:
> Is there a way to flush the lease database in dnsmasq? I have tried
> removing the line in /var/lib/misc/dnsmasq.leases and restart dnsmasq
> but my laptop still gets the same IP-address. Or is it that dnsmasq
> uses the mac-address to generate same IP-address every time?

Removing lease database file when dnsmasq is not running should be 
enough.

But dhcp client can try to "renew" already assigned IP address and dhcp 
client (dnsmasq) can extend this lease if nobody is using requested ip 
address.

So you should remove both *client* and *server* databases to prevent 
such situation.

I think it is possible to configure dnsmasq to assign only configured 
ipv4 address for mac address.

For dhcpv6 I have own dnsmasq patches which assign ipv6 address bases on 
mac address...

-- 
Pali Rohár
pali.ro...@gmail.com


signature.asc
Description: This is a digitally signed message part.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss