[Dnsmasq-discuss] Remove DSA-NSEC3-SHA1 & DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624
Google might mangle the patch. Feedback welcomed. RFC 8624 Section 3.1 (https://www.rfc-editor.org/rfc/rfc8624.txt )says: 3 | DSA| MUST NOT| MUST NOT 6 | DSA-NSEC3-SHA1 | MUST NOT| MUST NOT I've added them on this gh repo: 1) Remove DSA-NSEC3-SHA1 DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624: https://raw.githubusercontent.com/cyberstormdotmu/dnsmasq_dnssec_patches/master/0001-Remove-DSA-NSEC3-SHA1-DNSSEC-algorithm-as-this-is-se.patch 2) Remove DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624: https://github.com/cyberstormdotmu/dnsmasq_dnssec_patches/blob/master/0002-Remove-DSA-DNSSEC-algorithm-as-this-is-set-to-status.patch ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Disable EDNS?
Unfortunately I’m dealing with an obnoxious firewall that rejects EDNS packets. DNSMASQ eventually resends without EDNS, but is it possible to disable EDNS entirely or for replies to a specific host? I tried setting the max EDNS packet size to 512 and below but still no luck. (Ideally the firewall would update their code, but that’s not an option unfortunately) Thanks in advance! ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dhcp-script not being called with "del"
On Sun, Feb 23, 2020 at 09:57:20PM +0100, Geert Stappers wrote: > On Sun, Feb 23, 2020 at 08:41:28PM +0100, William Edwards wrote: > > > > Hi, > > > > I have a 'dhcp-script'. It is being called with "add" and "old" upon > > requesting DHCP lease, but when a lease expires, > > it is not called with "del". > > > > To test, I changed lease time to 1 minute and kept an eye on > > /var/lib/misc/dnsmasq.leases . After 1 minute, the lease disappeared > > from /var/lib/misc/dnsmasq.leases (thus expired). > > However, the 'dhcp-script' was not called. > > > > How could I start researching this issue? > > > > Go see what dnsmasq can see from the client. > I might be wrong that starting `dhcp-script` is only triggered by DHCP-event from the DHCP-client. Manual page says only "del" means it has been destroyed It doesn't say what destroys a lease. I was thinking "DHCP release", but I'm not sure about it. However: a network sniff never harms. Regards Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dhcp-script not being called with "del"
On Sun, Feb 23, 2020 at 08:41:28PM +0100, William Edwards wrote: > > Hi, > > I have a 'dhcp-script'. It is being called with "add" and "old" upon > requesting DHCP lease, but when a lease expires, > it is not called with "del". > > To test, I changed lease time to 1 minute and kept an eye on > /var/lib/misc/dnsmasq.leases . After 1 minute, the lease disappeared > from /var/lib/misc/dnsmasq.leases (thus expired). > However, the 'dhcp-script' was not called. > > How could I start researching this issue? > Go see what dnsmasq can see from the client. Regards Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] dhcp-script not being called with "del"
Hi, I have a 'dhcp-script'. It is being called with "add" and "old" upon requesting DHCP lease, but when a lease expires, it is not called with "del". To test, I changed lease time to 1 minute and kept an eye on /var/lib/misc/dnsmasq.leases . After 1 minute, the lease disappeared from /var/lib/misc/dnsmasq.leases (thus expired). However, the 'dhcp-script' was not called. How could I start researching this issue? Met vriendelijke groeten, William Edwards T. 040 - 711 44 96 E. wedwa...@cyberfusion.nl ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Sending user-specified default gateway with RAs
Hello Pali, Thank you for your answer. I am aware RAs are supposed to be sent by routers. I attempted using dnsmasq for RAs, because it seemed easier than getting RAs to be sent from my VRRP address as source address. I have enough information to proceed with dnsmasq configuration. Met vriendelijke groeten, William Edwards T. 040 - 711 44 96 E. wedwa...@cyberfusion.nl - Original Message - From: Pali Rohár (pali.ro...@gmail.com) Date: 02/23/20 12:25 To: William Edwards (wedwa...@cyberfusion.nl) Cc: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Sending user-specified default gateway with RAs On Sunday 23 February 2020 11:41:47 William Edwards wrote: > Question: how do I configure dnsmasq to supply a user-specified default > gateway address in RAs? Hello William! This is not possible as IPv6 gateway (router) address is not present in RA packet structure. If client receives RA packet it expects that sender of RA packet is gateway (router). So if you do not have dnsmasq on your router, you must disable RA in dnsmasq. And enable RA on your real IPv6 router. In IPv6 network it is expected that RA is sent only by IPv6 router. RA means Router Advertisement and only real router should advertise that is router. -- Pali Rohár pali.ro...@gmail.com ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Sending user-specified default gateway with RAs
On Sunday 23 February 2020 11:41:47 William Edwards wrote: > Question: how do I configure dnsmasq to supply a user-specified default > gateway address in RAs? Hello William! This is not possible as IPv6 gateway (router) address is not present in RA packet structure. If client receives RA packet it expects that sender of RA packet is gateway (router). So if you do not have dnsmasq on your router, you must disable RA in dnsmasq. And enable RA on your real IPv6 router. In IPv6 network it is expected that RA is sent only by IPv6 router. RA means Router Advertisement and only real router should advertise that is router. -- Pali Rohár pali.ro...@gmail.com signature.asc Description: PGP signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Sending user-specified default gateway with RAs
Hello, I use dnsmasq to provide DHCP. IPv4 is working well, but I'm struggling to configure IPv6. I use DHCPv6 and Router Advertisements and get a /64 when requesting a DHCP lease, which is according to my configuration. However: the RA contains a default route to the dnsmasq server, but the default gateway should be my router, which is located at another address. I have looked through the documentation carefully, but cannot find any way to supply my own default gateway to RAs. Although I am aware that DHCPv6 is not in charge of supplying the default gateway, I set 'dhcp-option=option6:router' as a test, but dnsmasq refused to start up afterwards. Question: how do I configure dnsmasq to supply a user-specified default gateway address in RAs? Met vriendelijke groeten, William Edwards T. 040 - 711 44 96 E. wedwa...@cyberfusion.nl ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
