, however, is to keep the difference between our fork and
dnsmasq minimal. Even with all the stuff we do on top, the diff between our
fork and the main project is less than 100 lines and the vast majority of
patches to this mailing list applies cleanly right away.
Best
ds like a good idea.
Best,
Dominik
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
which is sourced through dnsmasq.h
dnsmasq cannot be compiled within these projects.
The attached patch fixes this.
Best,
Dominik
From 776cdcdad6c8164593804d2b0a3f063923385e7e Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Thu, 7 Oct 2021 09:30:31 +0200
Subject: [PATCH] dnsmasq.h has to be inc
ambert wrote:
> Is this a bug
I guess so and it is likely linked to
On Wed, 2021-09-22 at 12:29 +0200, Jean-Philippe Lambert wrote:
> dnsmasq: warning: no upstream servers configured
Best,
Dominik
___
Dnsmasq-discuss mailing list
Dns
ver receives a reply, hence, considers all
of them as dead.
Best,
Dominik
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
ed two independent
files but serve DHCP and DNS from a single source of knowledge.
Best,
Dominik
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
g the line to server=/fritz.box/192.168.0.1 restores the
> previous handling. However, according to the dnsmasq manpage "-
> -local is a synonym for --server to make configuration files
> clearer in this case."
Best,
Dominik
From 57461836c48deda17c468ae3c2033d0cc3dc34ec Mon Sep 17 00:00:0
dded in another project. There is no unittest library
whatsoever involved. The tests simply run on a compiled binary.
You can find everything here if you're curious:
https://github.com/pi-hole/FTL/tree/master/test
Best,
Dominik
___
Dnsmasq-discuss maili
elation with a domain that is early
requested and has a TTL of 12 hours (entirely hypothetical at
this point).
> Currently I'm using this version:
>
> commit 1176cd58c90fc37bf98a6f774b26fc1adc8fd8e9
> Fix regression in --rebind-domain-ok in 2.86
Does it show the error
and then ANY + underscores
following thereafter. I see the man page wording could be
improved.
Happy New Year!
Best,
Dominik
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
scourse.pi-hole.net/t/dnsmasq-warn-reducing-dns-packet-size/51803/31
Best,
Dominik
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
ake a look (I don't want to break any other features).
The patch isn't highly optimized but prepared for readability.
Best,
Dominik
From 763f46948844eab25859e7ab72816733be3e533c Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Fri, 19 Nov 2021 10:59:25 +0100
Subject: [PATCH] Don't accept queries
cause setup.icloud.com is a CNAME pointing to setup.fe.apple-
> dns.net
As Geert already mentioned, dnsmasq is neither meant nor designed
to post-process replies from upstream DNS server.
Best,
Dominik
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@list
solved in both the simplest and also most
reliable way.
Best,
Dominik
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
pful to you. I'm not
intending the slightest to tell you how you should do things. I'm
merely pointing into the direction of least pain.
To me this is a new feature requested for dnsmasq (requesting to remove
an existing limitation stated in the man page) and not a bug report.
All developers are rea
t ends up in REFUSED, and
4. send us the generated log file
Maybe it reveals something of interest.
Best,
Dominik
On Fri, 2021-07-23 at 10:58 +0530, sunil rathod wrote:
>
> Hello Simon, I still see the problem after removing interface from
> server= config. I restarted dns
Yes, strict-order applies to all server configuration, regardless
where it was defined.
> > 2)
> >
> > can i have multiple ignore-address= ?
> >
> >
Yes.
> >
> > --
> >
> > Regards
> > Justin He
Best,
Dominik
&g
interface (see other PR for details).
Instead, it only adds logging for which interface is actually
used when a different was configured.
I personally prefer the other fix as this one would be a mere
bandaid and not fixing the actual issue.
Best,
Dominik
From 33605d70b01f0ae2c60112d12c437620328655
issues.
This already has proven helpful when resolving a VLAN induced
issue (2 hops away) here:
https://discourse.pi-hole.net/t/dnsmasq-warn-ignoring-query-from-non-local-network/52346/14?u=dl6er
Best,
Dominik
From 9f4df221c014bb7ee8492a5bd8996dc7529cb1e6 Mon Sep 17 00:00:00 2001
From: Dominik
orking once an
alias interface is specified (even if valid).
Best,
Dominik
[resubmission of rebased patches, original submission in
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q4/015938.html]
From cc07a92ba26c3d9b3142a97e1c750fdb1a09e6e5 Mon Sep 17 00:00:00 2001
From: Dominik Der
`
(currently `4096`) to ensure fragmentation will never happen, but
I don't think we really want to do this given the steady growth
in DNSSEC-enabled zones (see trend graphs on
https://stats.dnssec-tools.org).
Best,
Dominik
From 1113ef0c3102adb9106a21a8c1c97137fa21cd32 Mon Sep 17 00:00:00 2001
From:
two values. Hence, I still find it meaningful to
reduce the number.
Otherwise, I perfectly agree with you on that 1232 is some
guesswork and that there will be no ultimate answer.
Best,
Dominik
On Tue, 2022-01-11 at 11:52 +0100, Petr Menšík wrote:
> I doubt that small difference matters. 1280 or 1
client information
somewhere upstream when ECS is used in lower DNS layers in our
local network. Some upstream servers, for instance, Google DNS,
even refuse to answer when ECS contains a 192.168.0.0/16 address.
Best,
Dominik
From cb72bf20ce317a8d4c727d7818b2e20b33832eae Mon Sep 17 00:00:00 2001
Dear Simon,
Second resubmission of my patches.
They still apply cleanly to current master.
Best,
Dominik
Forwarded Message
From: Dominik Derigs
To: dnsmasq-discuss@lists.thekelleys.org.uk
, Simon Kelley
Subject: [PATCH] Addressing hostsdir shortcomings
Date: Sat, 08 Jan 2022
93f597e943283124af2e39620e748635cc6a04d6 Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Thu, 3 Feb 2022 16:12:16 +0100
Subject: [PATCH] Extend server to accept hostnames for upstream resolver
Signed-off-by: DL6ER
---
man/dnsmasq.8 | 4 +++
src/config.h | 3 +++
src/option.c | 69
)
Best,
Dominik
From eba5c590bc98b3cd5ca54ff59f654cb9da1aee8c Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Fri, 19 Nov 2021 10:08:01 +0100
Subject: [PATCH] Log server port when forwarding upstream
Signed-off-by: DL6ER
---
src/cache.c | 8 ++--
src/dnsmasq.h | 1 +
src/forward.c | 10
20326 8 2
SF IC config
Best,
Dominik
From be26a63372b18bd0dd567c4a40ed285e292fe7d5 Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Sat, 18 Dec 2021 10:08:01 +0100
Subject: [PATCH 1/2] Fix header of cache dump. The width of the host and
a
lled before running
read_hostsfile() to insert new stuff. I added MOVE_FROM and
DELETE to inotify_add_watch() so we catch if a file was removed.
In this case, we only remove old entries.
Issue 3 is fixed by adding a loop over cache_find_by_name() in
add_hosts_entry() to check possible multiple recor
try[DS] microsoft.net
to 127.0.0.1
This is added by this patch implementing it in the same way as
used already when logging "dnssec-query" in the code.
Best,
Dominik
From 00b8789e4119a25da7f286ca1cefd5fe66383b30 Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Sat, 2 Apr 2022 21:45:47 +0200
lable to see whether the issue is dnsmasq not responding
or the queries not making their way to dnsmasq or if something happens to
the queries sent upstream to the forward destionation, or whatever else may
be happening. We can surely give some assistance here, if you want.
B
EY]" : "dnssec-
> > retry[DS]", 0);
>
> I see more changes as commit message says.
What do you see in addition?
It is a minimal invasive change that fixes the omission in a
previous commit as already said in the first mail:
On Sun, 2022-04-10 at 10:46 +0200, Dominik Deri
Hey all,
and here comes the third resubmission of my patches. I do still
believe that they are improvements. Even one year after writing
them, them do still apply cleanly on the master branch.
Best,
Dominik
Forwarded Message
From: Dominik Derigs
To: dnsmasq-discuss
example
(no IPv6 address for a hostname but IPv6 source address given)
but this may be a real edge-case where we can expect users to
understand what they're doing and read the logs. Catching this
would require extra logic (valid hostnames are returned but none
is used -> error out).
Best,
Domi
ased) behavior from
serving expired content forever to a default value of one day.
This is freely configurable (I will set it down to one hour on
our systems) and can even be made serving forever, just as before
by explicitly setting the optional value to 0.
Best,
Dominik
Internal tracking is happeni
gethostbyaddr() ) but that does not seem to work at all. I'm not
sure if it's maybe related to that a process cannot connect to its own
UDP socket or something, but I'd obviously prefer a rather simple
solution. Any suggestions are highly appreciated.
Best regards,
Dominik
, it
seems like the clients aren't getting a TTL value with this A/ query.
Is it possible to have dnsmasq sending out a TTL for locally defined
NXDOMAINs ?
Best regards,
Dominik
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.o
rward.c:1319
#9 0x560c710d5dff in check_dns_listeners (now=now@entry=1693587879)
at /app/FTL/src/dnsmasq/dnsmasq.c:1836
#10 0x560c710d7d2d in main_dnsmasq (argc=,
argv=) at /app/FTL/src/dnsmasq/dnsmasq.c:1271
#11 0x560c71036f76 in main (argc=,
argv=0x7ffe4bdab088) at /app/FTL
Hey Simon,
today the IANA started listing a new query type RESINFO that was
assigned to RR Type no. 261. The simple attached patch adds this RR Type
to dnsmasq.
Best,
Dominik
From a6331078d3b22c960df8ad78106da567cb76e82c Mon Sep 17 00:00:00 2001
From: DL6ER
Date: Thu, 2 Nov 2023 17:57:54 +0100
source.
This patch adds a new run-time option --no-ident to achieve
the same without the need for recompiling.
I wish you some nice and hopefully relaxing Christmas days!
Best regards,
Dominik
From bb796f57bdf6a3ad9517e930096dd38cfebf937a Mon Sep 17 00:00:00 2001
From: DL6ER
Date: Fri, 23 Dec 2022 12
(strings)".
I thought about adding the possibility to only disable a
subset of these CHAOS records but it seems to just add to
much code complexity for such a small feature. Hence a "all
or nothing" seems the best fit for me here.
Best,
Dominik
On Tue, 2023-01-03 at 10:48 +, P
Hey Simon,
totally an oversight on my side. Updated patch attached.
Best
Dominik
On Mon, 2023-01-16 at 22:46 +, Simon Kelley wrote:
> The patch moves the relevant code to after processing of command-line
> arguments, but not reading configuration file(s). I can't think of any
> r
/1db9943c6879c160a5fbef885d5ceadd3668b74d
The proposed fix:
https://github.com/pi-hole/dnsmasq/pull/13
Best,
Dominik
From 6f39ec984e00aad03c045f2b7f9e814f671099bf Mon Sep 17 00:00:00 2001
From: DL6ER
Date: Fri, 3 Mar 2023 18:05:26 +0100
Subject: [PATCH] Fix --rev-server option. It was broken
AIL happens, EDE codes are
used to differentiate "normal" from DNSSEC-related reasons.
As I have mentioned before and we have discussed here, relying on the AD
bit for the IN-/SECURE determination is the best we have with proxy-
dnssec but it is by far not very good.
--dnssec still se
ou could discuss this directly, I'm just the middle man here,
> knowledgeable enough to test, not to change the code...
We listen and respond here, too, when we have something valuable to
contribute :-)
Dest,
Dominik
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
can". May this be "--cache-
rr" without options, some special "--cache-rr=all" or maybe
a dedicated option like "--cache-all".
Others than that - thanks for working on this! I already
started testing (using the long
Hey Peter,
On Thu, 2023-04-13 at 12:15 +0200, Peter Russel wrote:
>
> Dominik, your questions and comments.
>
> Thanks for explaining "add-cpe-id=01234", meaning that it informs
> upstream that it is capable of processing EDNS data, nothing more.
> This implies
extra protection against such
letter confusion "attacks".
Best
Dominik
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
this more complex path.
The proposed option --no-ANY simply ensures dnsmasq will not add any RRs
for such questions.
We are looking forward to enable it by default in Pi-hole v6.0+ given
this patch is accepted.
Best,
Dominik
From ac3134c48ef3ee6ec9be2f3b0993f710ac36f8f8 Mon Sep 17 00:00:00 2001
Hey Evandro,
see my reply to your other question as the questions are just two
aspects of the same thing:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q4/017363.html
Best,
Dominik
P.S. Your address evandro+dnsm...@gcc.gnu.org throws an "user unknown"
error.
On Th
to get
a wide testing audience (it is enabled to cache ANY in Pi-hole) but more
testing is always welcome!
Best,
Dominik
On Thu, 2023-12-07 at 14:05 -0600, Evandro Menezes via Dnsmasq-discuss
wrote:
> Current OSes are now using the HTTPS record to query the addresses and the
> canonica
:00:00 dnsmasq[4395]: DHCP 192.168.2.141 is
May 5 19:00:00 dnsmasq[4395]: forwarded
141.2.168.192.in-addr.arpa to 1.0.0.1|
The final immediate "forwarded" line comes from dnsmasq itself and
confirms that this was triggered by use-stale-cache.
Best,
Dominik
P.S.: The patch rec
misinterpreted when SIGALRM is used so I thought your patch wouldn't be
effective in our case. Sorry for this and thanks for challenging my
earlier statement.
Best,
Dominik
On 06.05.24 11:39, Erik Karlsson wrote:
Hi Dominik,
Are you sure the patch I sent does not solve this? I think it should
but continued
hammering the server. This was especially true for embedded devices
where any kind of DNS "error" may simply trigger endless repetitions.
The best compromise we could come up with was in fact defining a "valid"
response (A 0.0.0.0, ::) for blocking.
Best,
Dear list,
we have added this commit to the currently running Pi-hole v6.0 beta. It
was confirmed by multiple users to fix aforementioned issues.
https://github.com/pi-hole/FTL/pull/1965
Have a great weekend!
Dominik
On 29.04.24 20:44, Erik Karlsson wrote:
From: Erik Karlsson
Not doing
early (within the loop). The crash
does not happen for prefix lengths {8,16,24,32} as the loop runs only
once. However, for other prefixes, the loop runs more often (e.g. 128x
for /25 networks as above).
Best,
Dominik
From bf4c149f814ce2826f7db487a44d3eef7209ba14 Mon Sep 17 00:00:00 2001
From
Hey Simon,
yesterday, the IANA started listing a new query type WALLET that was
assigned RRType 262.
Best,
Dominik
From 4b7b659503cacdccbcdffc48bfecea54a7da1f64 Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Fri, 21 Jun 2024 20:59:04 +0200
Subject: [PATCH] Add newly assigned RRTYPE WALLET
101 - 156 of 156 matches
Mail list logo