[Dnsmasq-discuss] dnsmasq AAAA refused when resolving local address if upstream server unavailable

2022-07-22 Thread winter874 
Hi,

I'm using dnsmasq 2.85 on an Ubi Edgerouter, with DHCP hosts setup in 
dnsmasq.d. This is an ipv4 only setup. Here's an example of one of the hosts:
dhcp-host=,set:LAN,192.168.122.2
host-record=tv.home.lan,192.168.122.2,3600

Here is a snippet of dnsmasq.conf, where 1.1.1.1 is a public DNS server:
interface=eth4
cache-size=1000
server=1.1.1.1
no-resolv

My Ubuntu client sends both an A and an  DNS query for tv.home.lan when I 
say ping it. If the router has internet connectivity and can access 1.1.1.1, 
everything works great and I am able to successfully resolve the device over 
LAN. I get a standard query response for A with 192.168.122.2 and an expected 
blank standard query response for  (no error).
Unfortunately, if my internet is down and I can't access 1.1.1.1, what happens 
is that I get a regular response for A but I get a "refused" standard query 
response for . That "refused" response causes programs like ping to hang if 
I say ping tv.home.lan as it keeps trying repeatedly to get a successful  
response from the server. I have to use ping -4 to force only the A request to 
get it to ping successfully. I think dnsmasq refuses me because it's unable to 
resolve the ipv6 request on LAN (as the hosts are ipv4 only) but there is no 
upstream server for it to pass the request along.
My current workaround is to set "local=/lan/" to force dnsmasq to ignore the 
upstream servers entirely when responding to requests for .lan domains. In this 
case if 1.1.1.1 is unavailable I get an IP address for the A request and a 
blank standard query response for , which is what I expect.
All of the requests and responses above were confirmed with Wireshark. I don't 
expect any patches for 2.85 and am unsure if this is fixed in future versions, 
but I would like to know if this is intended behavior or if there is a better 
workaround.
Thanks!___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] With auth-zone enabled, DNS response only provides DHCPv6 IP and ignores IPv4 address/host-record entries

2022-07-22 Thread ryt 51V 
Hi,

I am setting up dnsmasq as a local DHCPv6 server and DNS server.  (I am
keeping my existing DHCPv4 server running on a separate appliance).

I am running into an issue in the following circumstances:

   - auth-zone is enabled
   - For a given device, there is a dhcp-host entry with the device's DUID
   for an IPv6 address.
   - The device is successfully obtaining this IPv6 address.
   - There is an address or host-record entry for the same device's IPv4
   address.

When querying the DNS server for the hostname, only the DHCPv6 IPv6 address
is provided, not the IPv4 address from the address or host-record entry.

This is problematic as I am trying to run a dual-stack network, and so need
both IPv4 and IPv6 addresses readily resolvable.  That said, I am not in
any immediate need of help as using dynamic-host instead of address or
host-record is a suitable workaround.  But it would be helpful to find out
whether I am missing some nuance in the configuration, or whether this is a
bug.

In more detail: Consider the following dnsmasq configuration (private
details have of course been modified)

no-resolv
domain=example.org
#auth-zone=example.org
#auth-server=server.example.org,
dhcp-range=fd00::1000,fd00::,64,1h
dhcp-host=id:00:00:00:01:23:45:67:89:AB:CD:EF:00:00:00, [fd00::10],
Computer1
address=/Computer1.example.org/10.0.0.10
#host-record=Computer1.example.org,10.0.0.10,3600
#dynamic-host=Computer1.example.org, 10.0.0.10,eth0


And assume:

   - The server running dnsmasq has IPv4 10.0.0.1
   - Computer1 has IPv4 10.0.0.10 (either static, or obtained from a
   separate DHCPv4 server)
   - Computer1 is successfully obtaining its IPv6 lease for fd00::10 from
   dnsmasq


(1) In the state above, providing Computer1 has obtained its IPv6 lease
from dnsmasq, dnsmasq will provide both A and  records for Computer1.
For example, using dig:

$ dig @10.0.0.1 +short Computer1.example.org A Computer1.example.org 
10.0.0.10
fd00::10


>From my perspective this is expected behaviour.

(2) Now if you uncomment the auth-zone and auth-server lines, a DNS query
will *only* provide an  record for the IPv6 address, and no A record
for the IPv4 address.
Again, using dig:

$ dig @10.0.0.1 +short Computer1.example.org A Computer1.example.org 
fd00::10


>From my perspective this is unexpected behaviour.  The address line with
the IPv4 address is for the authoritative domain, so I am unsure why it
would not be included.

(3) If you comment out the address line and uncomment the host-record line,
then DNS provides the same result as (2).
Again, this is unexpected behaviour.  The host-record line is for the
authoritative domain.

(4) If you comment out the host-record line and uncomment the dynamic-host
line, then DNS provides the same result as (1).
This is expected behaviour and a suitable workaround to case (2)/(3).
Although it is odd that it's inconsistent with address and host-record
behaviour.

(5) I have also noticed that instead of using dig, one uses a Windows
nslookup, Windows will declare the response as non-authoritative for case
(4), but won't for case (2)/(3).  Additionally if you remove the dhcp-range
and dhcp-host entries, nslookup will receive the IPv4 address but again it
will be marked as non-authoritative.

>From my perspective, the behaviour in (2)/(3) is not correct (nor (5),
though I don't think that will really affect me that much).  The
address/host-record entries are for the domain listed in auth-zone, and so
should be included as authoritative records.
Indeed the dnsmasq man page more explicitly suggests that (3) is incorrect
behaviour for host-record entries.  It says that the authoritative zone is
populated with "IPv4 and IPv6 addresses from /etc/hosts (and --addn-hosts )
and --host-record and --interface-name and ---dynamic-host provided the
address falls into one of the subnets specified in the --auth-zone."
(Explicitly adding a subnet to the auth-zone line makes no difference to
the above tests)

I have tested this with the same results with the following OS and dnsmasq
versions:

   - Raspberry Pi OS Bullseye - dnsmasq 2.85-1 from RPi OS Repo
   - Debian Bullseye -  dnsmasq 2.85-1 from Debian Repo
   - Debian Sid -  dnsmasq 2.86-1.1 from Debian Repo
   - Debain Sid - Latest dnsmasq from the Git repo as of 2022-07-22


Any help appreciated!

Kind regards,

ryt51v
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq & dhcp config options for static ip addresses

2022-07-22 Thread john doe 

On 7/22/2022 10:56 AM, eMyListsDDg wrote:


i want to migrate from a our home win server dns & dhcp services to couple 
raspberry pi's running pihole.


so, on my home win server dhcp service i could easily assign different dns 
servers, etc to a given static address via config options when needed.  i.e., 
customizing various static addresses config options
when the global config options didn't suffice.

is there options to the same with the dnsmasq config files?



Yes, by using 'tag'.

--
John Doe

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq not re-reading resolv file

2022-07-22 Thread Nothing New via Dnsmasq-discuss 
On Thu, Jul 21, 2022 at 12:13:38PM +0100, Tom Cook wrote:
> I have a hard-to-reproduce situation where dnsmasq doesn't re-read the
> configured resolv conf when it changes.  I'm running dnsmasq 2.79.  I
> realise that this is rather behind the times but upgrading it on the
> platform in question is non-trivial; could someone suggest whether
> updating is likely to fix this problem please?
> 

Recent monthly posting: 
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q3/016468.html

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] dnsmasq & dhcp config options for static ip addresses

2022-07-22 Thread eMyListsDDg 


i want to migrate from a our home win server dns & dhcp services to couple 
raspberry pi's running pihole.


so, on my home win server dhcp service i could easily assign different dns 
servers, etc to a given static address via config options when needed.  i.e., 
customizing various static addresses config options 
when the global config options didn't suffice.

is there options to the same with the dnsmasq config files? 



___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss