Re: [Dnsmasq-discuss] Fwd: dnsmasq localise-queries + addn-hosts

2020-03-28 Thread Jake Howard
Hi,

My intention is to have 1 dnsmasq instance, accessible over 2 interfaces 
(listening on all), and have the response to a query differ based on the 
interface, and therefore its incoming IP. From what i've read, that's exactly 
what localise-queries is meant to do, but it doesn't appear to be unless I put 
the entries into /etc/hosts directly.

Thanks,
- Jake Howard

On Sat, 28 Mar 2020, at 17:59, Simon Kelley wrote:
> On 19/03/2020 21:47, Jake Howard wrote:
> > Hello!
> > 
> > Is `localise-queries` meant to work against entries added via 
> > `addn-hosts`? Querying a record returns both IPs, but always in the same 
> > order. The order is correctly fixed when the records are put in 
> > `/etc/hosts` directly.
> 
> 
> Yes, localise-queries works with entries added via addn-hosts, but it
> doesn't have anything to do with the order that records appear, so that
> doesn't address your problem. What are you trying to achieve?
> 
> 
> Simon.
> 
> 
> > 
> > Config:
> > 
> > ```
> > localise-queries
> > no-resolv
> > cache-size=1
> > log-queries
> > log-facility=/var/log/pihole.log
> > local-ttl=2
> > log-async
> > server=8.8.8.8
> > server=8.8.4.4
> > server=1.1.1.1
> > server=1.0.0.1
> > interface=eth0
> > server=/use-application-dns.net/
> > 
> > addn-hosts=/etc/vpn-hosts.conf
> > localise-queries
> > 
> > ```
> > 
> > This is from pihole, but AFAIK that shouldn't make a difference if I'm 
> > modifying the config directly.
> > 
> > Would appreciate some input, or being told i'm wrong!
> > 
> > Thanks,
> > 
> > - Jake Howard
> > 
> > 
> > 
> > 
> > ___
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss@lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> > 
> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] [PATCH 1/1] Allow overriding of ubus service name.

2020-03-28 Thread Simon Kelley
Patch applied, thanks.


Simon.


On 20/03/2020 21:18, Oldřich Jedlička wrote:
> Same as for the dbus, allow specifying ubus service name (namespace) on
> the command line as an optional argument to --enable-ubus option.
> 
> Signed-off-by: Oldřich Jedlička 
> ---
>  man/dnsmasq.8 |  7 +--
>  src/config.h  |  1 +
>  src/dnsmasq.h |  1 +
>  src/option.c  | 14 +++---
>  src/ubus.c|  3 ++-
>  5 files changed, 20 insertions(+), 6 deletions(-)
> 
> diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
> index 2032a37..034e3cf 100644
> --- a/man/dnsmasq.8
> +++ b/man/dnsmasq.8
> @@ -366,10 +366,13 @@ been built with DBus support. If the service name is 
> given, dnsmasq
>  provides service at that name, rather than the default which is 
>  .B uk.org.thekelleys.dnsmasq
>  .TP 
> -.B --enable-ubus
> +.B --enable-ubus[=]
>  Enable dnsmasq UBus interface. It sends notifications via UBus on
>  DHCPACK and DHCPRELEASE events. Furthermore it offers metrics.
> -Requires that dnsmasq has been built with UBus support.
> +Requires that dnsmasq has been built with UBus support. If the service
> +name is given, dnsmasq provides service at that namespace, rather than
> +the default which is
> +.B dnsmasq
>  .TP
>  .B \-o, --strict-order
>  By default, dnsmasq will send queries to any of the upstream servers
> diff --git a/src/config.h b/src/config.h
> index b002560..7d08f7d 100644
> --- a/src/config.h
> +++ b/src/config.h
> @@ -50,6 +50,7 @@
>  #define RANDFILE "/dev/urandom"
>  #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" /* Default - may be 
> overridden by config */
>  #define DNSMASQ_PATH "/uk/org/thekelleys/dnsmasq"
> +#define DNSMASQ_UBUS_NAME "dnsmasq" /* Default - may be overridden by config 
> */
>  #define AUTH_TTL 600 /* default TTL for auth DNS */
>  #define SOA_REFRESH 1200 /* SOA refresh default */
>  #define SOA_RETRY 180 /* SOA retry default */
> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
> index f747868..b47ef74 100644
> --- a/src/dnsmasq.h
> +++ b/src/dnsmasq.h
> @@ -1063,6 +1063,7 @@ extern struct daemon {
>unsigned int duid_enterprise, duid_config_len;
>unsigned char *duid_config;
>char *dbus_name;
> +  char *ubus_name;
>char *dump_file;
>int dump_mask;
>unsigned long soa_sn, soa_refresh, soa_retry, soa_expiry;
> diff --git a/src/option.c b/src/option.c
> index 9ffd7fc..1f698da 100644
> --- a/src/option.c
> +++ b/src/option.c
> @@ -238,7 +238,7 @@ static const struct myoption opts[] =
>  { "caa-record", 1, 0 , LOPT_CAA },
>  { "dns-rr", 1, 0, LOPT_RR },
>  { "enable-dbus", 2, 0, '1' },
> -{ "enable-ubus", 0, 0, LOPT_UBUS },
> +{ "enable-ubus", 2, 0, LOPT_UBUS },
>  { "bootp-dynamic", 2, 0, '3' },
>  { "dhcp-mac", 1, 0, '4' },
>  { "no-ping", 0, 0, '5' },
> @@ -428,7 +428,7 @@ static struct {
>{ 'z', OPT_NOWILD, NULL, gettext_noop("Bind only to interfaces in use."), 
> NULL },
>{ 'Z', OPT_ETHERS, NULL, gettext_noop("Read DHCP static host information 
> from %s."), ETHERSFILE },
>{ '1', ARG_ONE, "[=]", gettext_noop("Enable the DBus interface 
> for setting upstream servers, etc."), NULL },
> -  { LOPT_UBUS, OPT_UBUS, NULL, gettext_noop("Enable the UBus interface."), 
> NULL },
> +  { LOPT_UBUS, ARG_ONE, "[=]", gettext_noop("Enable the UBus 
> interface."), NULL },
>{ '2', ARG_DUP, "", gettext_noop("Do not provide DHCP on this 
> interface, only provide DNS."), NULL },
>{ '3', ARG_DUP, "[=tag:]...", gettext_noop("Enable dynamic address 
> allocation for bootp."), NULL },
>{ '4', ARG_DUP, "set:,", gettext_noop("Map MAC address 
> (with wildcards) to option set."), NULL },
> @@ -1881,7 +1881,15 @@ static int one_opt(int option, char *arg, char 
> *errstr, char *gen_err, int comma
>else
>   daemon->dbus_name = DNSMASQ_SERVICE;
>break;
> -  
> +
> +case LOPT_UBUS: /* --enable-ubus */
> +  set_option_bool(OPT_UBUS);
> +  if (arg)
> + daemon->ubus_name = opt_string_alloc(arg);
> +  else
> + daemon->ubus_name = DNSMASQ_UBUS_NAME;
> +  break;
> +
>  case '8': /* --log-facility */
>/* may be a filename */
>if (strchr(arg, '/') || strcmp (arg, "-") == 0)
> diff --git a/src/ubus.c b/src/ubus.c
> index c7f6b19..5f81287 100644
> --- a/src/ubus.c
> +++ b/src/ubus.c
> @@ -38,7 +38,7 @@ static struct ubus_object_type ubus_object_type =
>UBUS_OBJECT_TYPE("dnsmasq", ubus_object_methods);
>  
>  static struct ubus_object ubus_object = {
> -  .name = "dnsmasq",
> +  .name = NULL,
>.type = _object_type,
>.methods = ubus_object_methods,
>.n_methods = ARRAY_SIZE(ubus_object_methods),
> @@ -94,6 +94,7 @@ void ubus_init()
>return;
>  }
>  
> +  ubus_object.name = daemon->ubus_name;
>ret = ubus_add_object(ubus, _object);
>if (ret)
>  {
> 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] NETLINK_NO_ENOBUFS not defined on old platforms

2020-03-28 Thread Simon Kelley
On 20/03/2020 02:18, Roy Marples wrote:
> On 19/03/2020 22:01, Simon Kelley wrote:
>> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0506a5ed4e56863627c54aedad30ad61221292ef
>>
>>
>>
>> should handle both old kernel header files and old kernels, in any
>> combination.
> 
> I really dislike this approach because it makes the assumption that no
> other symbol will take No 5.

Linux is pretty hot on ABI backwards compatibilty, so I doubt that there
has been any other netlink sockopt with number 5 in the past, or if that
sockopt disappears in the future any other opt would re-use it. Anyone
adding sockopts to a private kernel and picks the next free number,
rather than one at the end of the range or a defined private space needs
their bumps felt: it's obvious that it's going to clash with the
mainline kernel. I could #ifdef all the code if NETLINK_NO_ENOBUFS isn't
defined, and that would only lose us the ability to build against old
headers and still get the fix on a new enough kernel. It's probably not
a big loss, but it addresses a problem that seems unlikely.

Note that the code checks the kernel version, so if you build on old
headers and run on an old kernel, then despite the code assuming sockopt
5, it won't call setsockopt(5) when running on the old kernel.


This code is Linux-only, so what BSD does doesn't count.

Simon.


> 
> Whilst this might be true for generic linux, is it true for customised
> linux?
> Or to put it another way I can point to many examples cross BSD where
> the ioctls differ in number but not name.
> 
> You might take the view "So what? We just support generic linux.".
> 
> I have started to take the hard stance with Arch Linux which shipped
> latest kernel headers and support that on an old LTS kernel. It's not
> maintainable because I've had 3 instances where dhcpcd used to do this
> and then promptly crashed on newer kernels because they had customised
> headers.
> 
> Modern software should not need this hack. Either #ifdef around it or
> require userland headers to define it. Don't hardcode it as it's not
> userlands responsibility to do it.
> 
> See the similar case where OpenBSD removed a ioctl but let it in the
> header - even worse!!
> 
> Roy
> 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Nameserver dot

2020-03-28 Thread Simon Kelley
On 20/03/2020 14:29, William Edwards wrote:
>> This sounds like a bug, doing auth DNS without an auth-server statement
>> is a recent addition, and I probably forgot this effect on secondary
>> servers. Will take a look in the next day or two.
> 
> No worries. What's important to me is that only entries in 'auth-sec-servers' 
> are returned as NS records, being my public DNS servers.
> Thanks,
> William

I just pushed

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=b43585c34baf0c5eb478aa07423da534b2118536

which addresses this.

If --auth-server is a complete configuration

auth-server=dnsmasq.example.com,eth0

then dnsmasq.example.com will appear in the NS RRset and dnsmasq will
act as a nameserver for the domain on queries via eth0

IF instead, there's no interface or address specification, then the
domain will NO LONGER appear in the NS RRset, only the entries in
auth-sec-servers will. Under these circumstances, the only use made of
the domain in auth-server is to fill in the MNAME field in the SOA RR,
so it makes most sense for it to be the name of whichever of the
auth-sec-servers is acting as "primary".

That seems to make sense.

As a workaround, with 2.80, just pick which of your servers is primary
and remove it from the --auth-sec-servers list and add it as
--auth-server. Remember to undo that when you upgrade to 2.81


Cheers,

Simon.





> 
> 
> On 20/03/2020 08:25, William Edwards wrote:
>>
>>> Op 20 mrt. 2020 om 00:23 heeft Simon Kelley  het 
>>> volgende geschreven:
>>>
 On 19/03/2020 17:23, William Edwards wrote:
 Hi,

 I have auth-sec-servers set to:
 'auth-sec-servers=nsauth0.cyberfusion.nl,nsauth1.cyberfusion.be,nsauth2.cyberfusion.nu,nsauth3.cyberfusion.nl'

 These nameservers are shown, but I am also getting back an NS record
 consisting of '.':

 ---
 ;; ANSWER SECTION:
 vlan5.hosts.cyberfusion.space. 600 IN NS nsauth1.cyberfusion.be.
 vlan5.hosts.cyberfusion.space. 600 IN NS .
 vlan5.hosts.cyberfusion.space. 600 IN NS nsauth0.cyberfusion.nl.
 vlan5.hosts.cyberfusion.space. 600 IN NS nsauth2.cyberfusion.nu.
 vlan5.hosts.cyberfusion.space. 600 INNSnsauth3.cyberfusion.nl.
 --

 Where does 'NS .' come from?
>>>
>>> The --auth-server configuration, probably.  What does that look like?
>>
>> I did not specify an ‘auth-server’ directive. I did so, and now, the first 
>> NS record indeed is no longer a dot.
>>
>> This brings me to the next question: how do I prevent dnsmasq from even 
>> showing itself in NS records? dnsmasq will not answer queries to the 
>> internet.
>>
>>>
>>>
>>> Simon.
>>>
>>>

 Met vriendelijke groeten,

 William Edwards
 T. 040 - 711 44 96
 E. wedwa...@cyberfusion.nl



  

 ___
 Dnsmasq-discuss mailing list
 Dnsmasq-discuss@lists.thekelleys.org.uk
 http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

>>>
>>>
>>> ___
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss@lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Fwd: dnsmasq localise-queries + addn-hosts

2020-03-28 Thread Simon Kelley
On 19/03/2020 21:47, Jake Howard wrote:
> Hello!
> 
> Is `localise-queries` meant to work against entries added via 
> `addn-hosts`? Querying a record returns both IPs, but always in the same 
> order. The order is correctly fixed when the records are put in 
> `/etc/hosts` directly.


Yes, localise-queries  works with entries added via addn-hosts, but it
doesn't have anything to do with the order that records appear, so that
doesn't address your problem. What are you trying to achieve?


Simon.


> 
> Config:
> 
> ```
> localise-queries
> no-resolv
> cache-size=1
> log-queries
> log-facility=/var/log/pihole.log
> local-ttl=2
> log-async
> server=8.8.8.8
> server=8.8.4.4
> server=1.1.1.1
> server=1.0.0.1
> interface=eth0
> server=/use-application-dns.net/
> 
> addn-hosts=/etc/vpn-hosts.conf
> localise-queries
> 
> ```
> 
> This is from pihole, but AFAIK that shouldn't make a difference if I'm 
> modifying the config directly.
> 
> Would appreciate some input, or being told i'm wrong!
> 
> Thanks,
> 
> - Jake Howard
> 
> 
> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] SOA serial increase

2020-03-28 Thread Simon Kelley
On 20/03/2020 11:15, William Edwards wrote:
> Hi Simon!
>> If you don't explicitly set the serial, then it should start at the
>> current epoch  time (ie seconds since 1/1/1970) which avoids the problem
>> unless you average more than one new DHCP lease per second.
> After setting 'auth-server', this behaviour has been 'fixed'.
> Without 'auth-server':
> --
> vlan5.hosts.cyberfusion.space. 600 IN    SOA    . . 1 1200 180 1209600 600
> --
> With 'auth-server':
> --
> vlan5.hosts.cyberfusion.space. 600 IN    SOA    
> vlan5.hosts.cyberfusion.space. hostmaster.vlan5.hosts.cyberfusion.space. 
> 1584702843 1200 180 1209600 600
> --
> So this seems like a combination of 1) possibly some room for improvement in 
> docs (there is little mention of serials there at all) and 2) working too 
> late at night.
> William


The forthcoming 2.81 release errors in startup is auth-server is not set
under these circumstances.

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=08933475abd0580cff747e3d1e0db3865207a200


Cheers,

Simon.

> 
> On 20/03/2020 08:18, William Edwards wrote:
>>
>> Op 20 mrt. 2020 om 00:39 heeft Simon Kelley > > het volgende geschreven:
>>
>>> On 19/03/2020 17:28, William Edwards wrote:
 Hello,

 Does dnsmasq increase SOA serial when adding a new DNS record after DHCP
 lease is requested?
>>>
>>> Yes.
>>>

 I am not sure because docs say '--auth-soa' allows for specifying serial.
>>>
>>> It does, but it's optional: dnsmasq will generate one for you. If you do
>>> specify a serial, it will still get incremented after a new DHCP lease
>>> is created.
>>
>> Thanks.
>>
>> I noticed that serial is reset back to 1 when dnsmasq is restarted. This
>> would cause the serial to be lower on dnsmasq than its slaves after a
>> restart, even when DHCP leases are handed out and DNS records are added.
>>
>> Is this intentional behaviour?
>>
>>>
>>>
>>> Cheers,
>>>
>>> Simon.
>>>

 Met vriendelijke groeten,

 William Edwards
 T. 040 - 711 44 96
 E. wedwa...@cyberfusion.nl 





 ___
 Dnsmasq-discuss mailing list
 Dnsmasq-discuss@lists.thekelleys.org.uk
 
 http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

>>>
>>>
>>> ___
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss@lists.thekelleys.org.uk
>>> 
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] : Dns lookup failures if one of the upstream servers are down

2020-03-28 Thread P Elaborate
On Thu, Mar 26, 2020 at 07:39:21AM -0700, Abhishek Patti wrote:
> Hi Everyone
> 
> We are using dnsmasq version 2.80 and have multiple upstream servers
> configured, with all-servers flag set. We noticed that if first upstream
> server fails then we get dns lookup failures even though other upstream
> servers are working fine.


Please elaborate


Long version:
The "it doesn't work as expected" has been seen.
What not yet has been seen in which way that report
can improve dnsmasq.

Most likely is http://www.catb.org/~esr/faqs/smart-questions.html
the way to go.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss