Re: [Dnsmasq-discuss] selecting log queries

2018-03-08 Thread Geert Stappers 
On Thu, Mar 08, 2018 at 09:28:41PM -0800, John Pearson wrote:
> On Thu, Mar 8, 2018 at 12:09 PM, Geert Stappers wrote:
> > On Thu, Mar 08, 2018 at 11:03:53AM -0800, John Pearson wrote:
> > >  ... I meant that in this case collector.githubapp.com &
> > > api.github.com are also domains that I didn't directly request.
> > > They were requested by the page when I went to github.com if that
> > > makes sense.
> >
> > So all requests came from the same webbrowser.
> > Try to understand why the requests should be marked different.
> > Then try to understand why a name server should log them differently.
> 
> Yeah all the requests came from the browser. I can't immediately think of
> how parse out an implicit request versus the page itself querying more
> domains.

OK,  continue your pursuit of "what is the webbrowser doing" with
a tool like mitmproxy   https://mitmproxy.org/ 


Good luck with it. Make it possible that people can read in the discussion 
order,
place responses _below_ previous post.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] selecting log queries

2018-03-08 Thread John Pearson 
Yeah all the requests came from the browser. I can't immediately think of
how parse out an implicit request versus the page itself querying more
domains.

On Thu, Mar 8, 2018 at 12:09 PM, Geert Stappers 
wrote:

> On Thu, Mar 08, 2018 at 11:03:53AM -0800, John Pearson wrote:
> > On Thu, Mar 8, 2018 at 12:55 AM, Geert Stappers wrote:
> > > On Wed, Mar 07, 2018 at 06:09:21PM -0800, John Pearson wrote:
> > > >
> > > > What I'm trying to do: grep log files for domains intentionally asked
> > > > for.
> > >
> > > Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 10.1.0.163
> > > Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 127.0.0.1
> > > Mar  7 18:06:07 dnsmasq[29158]: query[A] collector.githubapp.com from
> 10.1.0.163
> > > Mar  7 18:06:07 dnsmasq[29158]: query[A] api.github.com from
> 10.1.0.163
> > >
> >
> > Thanks Geert. I meant that in this case collector.githubapp.com &
> > api.github.com are also domains that I didn't directly request. They
> were
> > requested by the page when I went to github.com if that makes sense.
>
> So all requests came from the same webbrowser.
> Try to understand why the requests should be marked different.
> Then try to understand why a name server should log them differently.
>
>
> Groeten
> Geert Stappers
> --
> Leven en laten leven
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] selecting log queries

2018-03-08 Thread Geert Stappers 
On Thu, Mar 08, 2018 at 11:03:53AM -0800, John Pearson wrote:
> On Thu, Mar 8, 2018 at 12:55 AM, Geert Stappers wrote:
> > On Wed, Mar 07, 2018 at 06:09:21PM -0800, John Pearson wrote:
> > >
> > > What I'm trying to do: grep log files for domains intentionally asked
> > > for.
> >
> > Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 10.1.0.163
> > Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 127.0.0.1
> > Mar  7 18:06:07 dnsmasq[29158]: query[A] collector.githubapp.com from 
> > 10.1.0.163
> > Mar  7 18:06:07 dnsmasq[29158]: query[A] api.github.com from 10.1.0.163
> >
> 
> Thanks Geert. I meant that in this case collector.githubapp.com &
> api.github.com are also domains that I didn't directly request. They were
> requested by the page when I went to github.com if that makes sense.
 
So all requests came from the same webbrowser.
Try to understand why the requests should be marked different.
Then try to understand why a name server should log them differently.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] addn-hosts vs host-record

2018-03-08 Thread Simon Kelley 


On 08/03/18 20:01, Donald Muller wrote:
> 
> 
>> -Original Message-
>> From: Simon Kelley 
>> Sent: Thursday, March 8, 2018 11:06 AM
>> To: Donald Muller 
>> Subject: Re: [Dnsmasq-discuss] addn-hosts vs host-record
>>
>>
>>
>>
>>> What is the difference between addn-hosts and host-record? Are the
>>> same records created for both?
>>>
>>
>> Not necessarily. A name/address pair in a hosts file creates a A/ record
>> and a PTR record to do address->name mapping. Depending on the setting of
>> --expand-hosts, it may do the same for a name composed of a simple name
>> and the contents of the dnsmasdq --domain setting.
>>
>> host-record just creates a simple A or  record.
>>
>>
>> Cheers,
>>
>> Simon.
> 
> HI Simon,
> 
> According to the man pages a host-record also creates a PTR record.
> 
>>From the man page - Add A,  and PTR records to the DNS.
> 

Ah, indeed. Apologies for winging it. The man page tells the truth, and
also mentions the expand-hosts issue. That's the answer you're looking for.

Cheers,

Simon.


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] addn-hosts vs host-record

2018-03-08 Thread Donald Muller 


> -Original Message-
> From: Simon Kelley 
> Sent: Thursday, March 8, 2018 11:06 AM
> To: Donald Muller 
> Subject: Re: [Dnsmasq-discuss] addn-hosts vs host-record
> 
> 
> 
> 
> > What is the difference between addn-hosts and host-record? Are the
> > same records created for both?
> >
> 
> Not necessarily. A name/address pair in a hosts file creates a A/ record
> and a PTR record to do address->name mapping. Depending on the setting of
> --expand-hosts, it may do the same for a name composed of a simple name
> and the contents of the dnsmasdq --domain setting.
> 
> host-record just creates a simple A or  record.
> 
> 
> Cheers,
> 
> Simon.

HI Simon,

According to the man pages a host-record also creates a PTR record.

>From the man page - Add A,  and PTR records to the DNS.

Thanks
Don

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] selecting log queries

2018-03-08 Thread John Pearson 
Thanks Geert. I meant that in this case collector.githubapp.com &
api.github.com are also domains that I didn't directly request. They were
requested by the page when I went to github.com if that makes sense.

On Thu, Mar 8, 2018 at 12:55 AM, Geert Stappers 
wrote:

> On Wed, Mar 07, 2018 at 06:09:21PM -0800, John Pearson wrote:
> >
> > What I'm trying to do: grep log files for domains intentionally asked
> for.
>
> Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 10.1.0.163
> Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 127.0.0.1
> Mar  7 18:06:07 dnsmasq[29158]: query[A] collector.githubapp.com from
> 10.1.0.163
> Mar  7 18:06:07 dnsmasq[29158]: query[A] api.github.com from 10.1.0.163
>
>
> Groeten
> Geert Stappers
> --
> Leven en laten leven
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmasq dhcp-optsdir remove options problem

2018-03-08 Thread Simon Kelley 
Found the problem. Patch here.

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4f7bb57e9747577600b3d385e0e3418ec17e73e0


Thanks for reporting this.


Cheers,

Simon.


On 07/03/18 15:38, Lindgren Fredrik wrote:
> OK.
> 
> 
> Here are the config options I use in case it has any impact
> 
> 
> dnsmasq.conf:
> 
> port=0
> no-resolv
> no-poll
> interface=eq-mgmt
> bind-interfaces
> no-hosts
> dhcp-range=10.243.0.50,10.243.255.254,255.255.0.0,10m
> dhcp-option=3
> dhcp-option=12
> dhcp-option=option:ntp-server,10.243.0.2,10.243.0.3
> enable-tftp
> tftp-root=/var/tftpboot
> tftp-secure
> dhcp-script=/bin/echo
> log-dhcp
> dhcp-optsdir=/etc/dnsmasq.d/opts/
> 
> 
> Adding/removing line "option:router,10.243.0.1" to option file in the
> opts dir.
> 
> 
> Br,
> Fredrik
> 
> 
> *Från:* Dnsmasq-discuss
>  för Simon Kelley
> 
> *Skickat:* den 7 mars 2018 13:43
> *Till:* dnsmasq-discuss@lists.thekelleys.org.uk
> *Ämne:* Re: [Dnsmasq-discuss] Dnsmasq dhcp-optsdir remove options problem
>  
> OK, sounds like there may be a bug. I'll try and reproduce this in the
> next day or two.
> 
> Cheers,
> 
> Simon.
> 
> On 07/03/18 11:39, Lindgren Fredrik wrote:
>> I'm doing verification after removal in same way as when I add it, hence
>> debug output from dnsmasq process and dhcpdump capture
>> 
>> 
>> /Fredrik
>> 
>> 
>> 
>> *Från:* Dnsmasq-discuss
>>  för Andy Hawkins
>> 
>> *Skickat:* den 7 mars 2018 11:13
>> *Till:* dnsmasq-discuss@lists.thekelleys.org.uk
>> *Ämne:* Re: [Dnsmasq-discuss] Dnsmasq dhcp-optsdir remove options problem
>>  
>> Hi,
>> 
>> In article
>> ,
>>    Lindgren Fredrik wrote:
>>> What I did to test this was to add "option:router,10.243.0.1" to a new opti=
>>> on file.
>>>
>>> Which is re-read by dnsmasq
>>>
>>>
>>> I start a dhclient that I'm testing with, output in console of dnsmasq indi=
>>> cate that router entry is part of response (also seen in dhcpdump of packag=
>>> e)
>>>
>>> I stop the dhclient and remove the config file with this option and send SI=
>>> GHUP to pid for dnsmasq
>>>
>>> Then start the dhclient again and still see the router entry being sent.
>> 
>> When you say "still see the router entry being sent" are you just checking
>> the resulting IP configuration on the client, or are you actually capturing
>> the DHCP response with Wireshark or similar?
>> 
>> If you haven't captured the actual response on the wire, that'd be my next
>> step to see if it's the client that's somehow remembering the information.
>> 
>> Andy
>> 
>> 
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> Dnsmasq-discuss Info Page
>> 
>> lists.thekelleys.org.uk
>> A list for discussion about the dnsmasq DNS and DHCP server.
>> Configuration, bugs and development. To control spam, only subscribers
>> are allowed to post to the list.
>> 
>> 
>> 
>> 
>> 
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] lame response

2018-03-08 Thread Donald Muller 
> -Original Message-
> From: Dnsmasq-discuss 
> On Behalf Of Donald Muller
> Sent: Wednesday, March 7, 2018 12:23 PM
> To: dnsmasq-discuss@lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] lame response
> 
> 
> 
> > -Original Message-
> > From: Dnsmasq-discuss
> > 
> > On Behalf Of Yeah
> > Sent: Monday, March 5, 2018 12:01 PM
> > To: dnsmasq-discuss@lists.thekelleys.org.uk
> > Subject: Re: [Dnsmasq-discuss] lame response
> >
> > On Fri, Mar 02, 2018 at 05:36:03PM +, Donald Muller wrote:
> > > 2 computers on the same network. One running Windows server 2012
> > > R2 with Microsoft DNS and DHCP and the other one a QNAP NAS running
> > > dnsmasq. Both connected to the same switch and both versions of DNS
> > > pointing to the same upstream DNS server which is my router which is
> > > not running DNS but just forwards the requests to my ISP DNS servers.
> > > The network is 1GB and there is not a lot of N/W traffic. A nslookup
> > > of www.microsoft.com using dnsmasq takes 40 seconds. The same
> lookup
> > > using the Microsoft DNS takes less than a second.
> >
> > Nslookup --->  Name Server  ---x--> Next Name Server.
> >
> >
> > Move to x and do testing/checking/measuring there.
> >
> > Find out why  Next Name Server is so lame in responding when Name
> > Server is dnsmasq.
> > Or find out what Name Server on MS Window 2012 is caching/lying/making
> > up.
> >
> >
> > See also http://www.catb.org/~esr/faqs/smart-questions.html
> >
> 
> Your suggestion prompted me dig deeper. I tried what you suggested and on
> checking the next name server there was no 40 second lag which points me
> back to dnsmasq. I tried to use debug on the nslookup that comes with the
> NAS but it is crippled. The only options you can use as name and server. So I
> switched to using nslookup on Win10. I put it into debug and D2 mode and
> executed a lookup using www.microsoft.com against dnsmasq. I have
> attached the debug info. As you can see a request for an (A) record was sent
> using www.microsoft.com.djmuller.com. This request to dnsmasq timed out.
> After the timeout a second request was sent for an () record. This also
> timed out. Further requests were sent without .djmuller.com and received
> replies. When the same was executed against a Microsoft DNS server the
> same series of requests were made. However instead of the MS DNS not
> replying on the queries that had .djmuller.com on them it responded with
> NXDOMAIN. Debug file attached.
> 
> So I think I have run into two issues. The first is nslookup on the NAS which 
> is
> a busybox version. I think the retries are set high which is causing the 40
> second timing. Since it won't accept any options there is nothing I can do 
> with
> it. So as far as I am concerned the 40 second issue is closed. The second is
> that on certain queries dnsmasq is not responding. Below is my DNS config
> for dnsmasq. Is there an option I have set or one that I don't have set that 
> is
> causing this behavior?
> 
> domain-needed
> domain=djmuller.com
> no-hosts
> addn-
> hosts=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-
> hosts.conf
> expand-hosts
> local-service
> bogus-priv
> filterwin2k
> resolv-
> file=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-
> resolv.conf
> stop-dns-rebind
> rebind-localhost-ok
> no-poll
> clear-on-reload
> mx-host=djmuller.com,djmuller.com,50
> mx-target=mail.djmuller.com
> cache-size=1000
> conf-file=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-
> adservers.conf# List of servers that will return 
> no-domain
> rebind-domain-ok=/plex.direct/
> 
> Thanks
> Don

Did more testing and when I change the nameservers from my router (which should 
be doing pass through only) to my ISP DNS servers dnsmasq no longer timed out. 
So it looks like there are some things that the router doesn't like and doesn't 
respond on.

As far as I am concerned this issue is solved.

Don

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] selecting log queries

2018-03-08 Thread Geert Stappers 
On Wed, Mar 07, 2018 at 06:09:21PM -0800, John Pearson wrote:
> 
> What I'm trying to do: grep log files for domains intentionally asked for.

Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 10.1.0.163
Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 127.0.0.1
Mar  7 18:06:07 dnsmasq[29158]: query[A] collector.githubapp.com from 10.1.0.163
Mar  7 18:06:07 dnsmasq[29158]: query[A] api.github.com from 10.1.0.163


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss