Hey Andy (and list),
According to the inotify man page, the name buffer will always be
null-terminated. Furthermore, the name buffer seems to be allocated in
chunks of 16 bytes. I have not found an official confirmation for that.
I the way to go would be: char lastchar =
thoughts were in line of "if there would be an existing
error code for it, Simon would surely have added it".
Revised (= shorter) patch attached.
Best regards,
Dominik
From 2c38512eade5c14482dfb1f523d62a009b9ada09 Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Wed, 7 Jul 2021 06:05
Hey Simon,
On Mon, 2021-04-05 at 20:38 +0100, Simon Kelley wrote:
> Post 2.83, a the second query would be combined with the first, which
> can only reduce upstream traffic. The change in 2.85 is that the second
> query triggers a retry, so closer to the original situation. BUT the
> retry is
To be even more precise:
On Mon, 2021-04-05 at 22:16 +0200, Dominik Derigs wrote:
> This is the issue I'm concerned about. Some clients send the same
> query
> multiple times (they don't seem to have a local cache).
These clients don't even intend them as retries. Wireshark confirms
Hey all,
I've seeing a notable increase in upstream traffic with the current
dnsmasq release candidate. Some investigations have revealed that the
reason for this is the modified forwarding philosophy that *always*
triggers a retry whenever a query is received before the upstream was
able to
Hey Simon,
your patch surely makes sense.
On Mon, 2021-04-05 at 21:38 +0100, Simon Kelley wrote:
> Except that this all started because some clients don't retry from the
> same ID/source port and treating them as a new query that can be
> answered when the existing query for the same name
Hey Simon,
On Tue, 2021-04-06 at 23:58 +0100, Simon Kelley wrote:
> On 06/04/2021 23:18, Simon Kelley wrote:
>
> >
> > I think we should try something like your patch but remove the
> > configurablilty, and limit the time to 1-2 seconds.
> >
>
> It's there. tagged as 2.85rc3
Seen, tested, it
On Tue, 2021-02-23 at 09:41 +, Simon Kelley wrote:
>
> This is almost a FAQ. It's intended behaviour, because you can have
> multiple DHCP host records for the same MAC address with different
> addresses on different subnets. Only the address which matches the
> subnet where the host last
Hey list,
When specifying a DHCP host like
--dhcp-host=00:20:e0:3b:13:af,192.168.0.2,wap
I'd expect dnsmasq to respond to `dig wap` with the IP address
`192.168.0.2`. Instead, NOERROR with empty answer RR is returned.
Looking at the source code, this is expected as `lease_update_dns()`
loops
On Thu, 2021-09-23 at 11:00 +0100, Simon Kelley wrote:
> I just pushed a pretty straightforward patch to fix this.
Can confirm this fixes it.
Best,
Dominik
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
Hey Petr,
On Tue, 2021-10-12 at 04:40 +0200, Petr Menšík wrote:
> Hi Dominik,
>
> those tests look great. Something like that is exactly what I had
> on
> mind for dnsmasq itself. Would you mind if I borrow few things
> and try
> to make some dnsmasq-only parts, not dependent on pihole?
Go
Hey Petr and Simon,
On Mon, 2021-10-11 at 12:59 +0200, Petr Menšík wrote:
> I cannot consider current implementation of filter-a and filter-
> useful.
I did not look into the code before and was naively assuming it
would be in fact per-domain and not kill-'em-all style.
And yes, I do agree
Hey Tobias,
On Thu, 2021-10-07 at 12:29 +0200, Tobias via Dnsmasq-discuss
wrote:
> it would be useful (at least for me)
In general, it is a bad idea to do this but I assume you know
this. So what is your use case for manipulating the TTL of only
particular domains?
Best,
Dominik
On Sun, 2021-10-10 at 17:32 +0200, Treysis wrote:
> Why was this needed?
It is worth exploring the mailing list archive. Only two weeks
ago, we have seen valid use cases for an option to filter .
See, e.g.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015709.html
Hey Petr,
On Wed, 2021-10-20 at 19:15 +0200, Petr Menšík wrote:
> What do you think? Should we try to reuse some parts for both
> projects
> or just copy interesting stuff out and mostly forget its
> original source?
>
> [1] https://github.com/pemensik/FTL/tree/tests/test/dnsmasq
It might be
Hey Shrenik,
On Tue, 2021-10-19 at 17:20 +0530, Shrenik Bhura wrote:
> Option 12 hostname sent to RPi is the first octet of the IP
> address. This seems incorrect.
This can very well be desired behavior (if the hostname is set to
"192"). Can you quote your configuration and related files (e.g.
Hey Simon,
We received reports that the IDs of some log lines can be
incorrect ("log-queries=extra" is enabled).
I attach three representative log snippets that highlight the
issue (comments therein). Logs 1 and 2 seem to have the same
reason. I'd have provided a patch but I'm not sure about the
Hey Petr and Simon,
On Mon, 2021-09-27 at 23:03 +0100, Simon Kelley wrote:
> Petr, this code seems to have last been touched by you, in
>
> ad59f278c6234a416f36dfdd39143bb46f5d707a
>
> can you remember what that was supposed to achieve? None of it is
> making
> much sense to me.
Looks like we
Hey Enrico,
On Mon, 2021-09-27 at 12:21 +0200, Ercolino de Spiacico wrote:
> the time required is not linear
This is expected as inserted CNAMEs are checked against the
entire list to prevent adding duplicates. Hence, when adding more
and more new entries, the have to be checked against more and
records.
Best,
Dominik
From 8d012b975874d71fa39565a1acddcc65a87d27c6 Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Wed, 29 Sep 2021 08:22:05 +0200
Subject: [PATCH 1/3] Extend hostsdir to differentiate between individual files
in dynamic directories
Signed-off-by: D
Hey Petr,
On Wed, 2021-09-29 at 17:49 +0200, Petr Menšík wrote:
> May I ask for your reason, why are you trying to explicitly block IPv6 in
> year 2021?
I asked the very same question when we received the reports about this bug
with the different allocated memory sized that was fixed two weeks
Hey Petr and Simon,
I tried it with a temporary label and it seems to have worked. But I might
not have tested the right things.
On Wed, 2021-09-29 at 12:55 +0200, Petr Menšík wrote:
> I think there was issue with indextoname converting arrival packet index
> to a name. If it were not marked as
Hey Petr,
On Wed, 2021-09-29 at 22:48 +0200, Petr Menšík wrote:
> Source based response rules are in general cache unfriendly. What do you
> need it for? Is the dnsmasq instance always the only source for name
> resolution?
We add many features on top of dnsmasq. One example is our support for
Hey Petr,
On Mon, 2021-10-04 at 11:45 +0200, Petr Menšík wrote:
> Perhaps a flag could be added to dhcp-range, requesting also
> addition of dhcp-hosts to static dns.
Maybe this flag would better be set on --dhcp-host and --dhcp-
hostsfile if this is used? This would feel more "natural" to me.
which is sourced through dnsmasq.h
dnsmasq cannot be compiled within these projects.
The attached patch fixes this.
Best,
Dominik
From 776cdcdad6c8164593804d2b0a3f063923385e7e Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Thu, 7 Oct 2021 09:30:31 +0200
Subject: [PATCH] dnsmasq.h has to be inc
Hey Jean-Philippe,
The config is different in your two tries, but I guess this is
just a typo.
> --address='/#/127.0.1'
> --address='/#/127.0.0.1'
Anyway, I repeated your test on latest master and it is still
showing the same as v2.86.
On Wed, 2021-09-22 at 12:29 +0200, Jean-Philippe Lambert
Hey Simon and Johannes,
I'm pretty sure I've seen
On Mon, 2021-09-20 at 23:16 +0100, Simon Kelley wrote:
> config error is REFUSED
when dnsmasq used up all upstream servers, i.e., all of them are
considered to be broken. In Johannes'case dnsmasq manages to send
queries upstream but never
Hey Michael,
On Tue, 2021-10-05 at 05:43 -0700, Michael wrote:
> Maybe I am misunderstanding the issue, but dnsmasq already give
> the ability that is being asked for I believe.
if you go back one mail earlier than my last mail, you'd see that
the we're discussing specifically to not need two
Hey Simon,
Since commit "Fix --address=/#/.. which was lost in 2.86"
(26bbf5a314d833beaf0f147d24409969f05f3dba) --local being a
synonym for --server is broken as --local became a synonym for --
address.
The attached patch fixes this.
This was reported on the Pi-hole forums:
> I have
Hey Petr and others,
On Tue, 2021-10-05 at 17:13 +0200, Petr Menšík wrote:
> It would be beneficial to have also behavior tests.
it may be the time to mention that we do exactly this for Pi-hole
FTL which embeds the full dnsmasq for the DNS part. On every
commit, a virtual machine is started
Hey Hartmut,
> I'm using dnsmasq on OpenWrt. Since update dnsmasq from
>
> commit 51d56df7a3a125e117b3278cab16281c85500287
> Add RFC 4833 DHCP options "posix-timezone" and "tzdb-timezone".
>
> to
>
> commit 4ac517e4ac19eca65910c145868914587ea46b3b
> Fix coverity issues in dnssec.c
>
> I get
Hey Andreas,
On Sat, 2022-01-01 at 16:27 +0100, Andreas Metzler wrote:
> The manpage says "The requests blocked are for records [...]
> where the requested name has underscores". The test-query shown
> above is not for a name with underscores. So, afaict not working
> as documented.
you have
Hey Justin,
On Tue, 2022-01-04 at 17:34 +0800, Justin wrote:
> Recently i see lots of logs in dnsmasq:
> reducing DNS packet size for nameserver 127.0.0.1 to 1280
> almost one per minute
>
> my conf:
> [...]
> server=127.0.0.1#5353
once per minute sounds like this is happening all the time
ake a look (I don't want to break any other features).
The patch isn't highly optimized but prepared for readability.
Best,
Dominik
From 763f46948844eab25859e7ab72816733be3e533c Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Fri, 19 Nov 2021 10:59:25 +0100
Subject: [PATCH] Don't accept queries
Hey Alex,
On Thu, 2021-11-25 at 11:05 -0600, Alex Rainchik wrote:
> Not sure if it’s a bug or feature request :)
The latter. The observed behavior is expected.
Note that dnsmasq is a DNS *forwarder* equipped with a local
cache. It is not a *recursive* server. Dnsmasq has to forward
queries
Hey Justin,
On Sun, 2022-01-09 at 13:51 +0800, Justin wrote:
> 3)
>
> --all-servers says:
>
> By default, when dnsmasq has more than one up‐
> stream server available, it will send queries to
> just one server.
>
> --strict-order says:
>
> By default, dnsmasq
02 Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Sun, 26 Dec 2021 10:29:14 +0100
Subject: [PATCH 1/2] Log which interface is actually used when a different was
configured
Signed-off-by: DL6ER
---
src/dnsmasq.h | 2 +-
src/network.c | 6 --
2 files changed, 5 insertions(+), 3 deletion
issues.
This already has proven helpful when resolving a VLAN induced
issue (2 hops away) here:
https://discourse.pi-hole.net/t/dnsmasq-warn-ignoring-query-from-non-local-network/52346/14?u=dl6er
Best,
Dominik
From 9f4df221c014bb7ee8492a5bd8996dc7529cb1e6 Mon Sep 17 00:00:00 2001
From: Dominik
orking once an
alias interface is specified (even if valid).
Best,
Dominik
[resubmission of rebased patches, original submission in
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q4/015938.html]
From cc07a92ba26c3d9b3142a97e1c750fdb1a09e6e5 Mon Sep 17 00:00:00 2001
From: Dominik Der
`
(currently `4096`) to ensure fragmentation will never happen, but
I don't think we really want to do this given the steady growth
in DNSSEC-enabled zones (see trend graphs on
https://stats.dnssec-tools.org).
Best,
Dominik
From 1113ef0c3102adb9106a21a8c1c97137fa21cd32 Mon Sep 17 00:00:00 2001
From:
know a case where it is insufficient.
>
> Cheers,
> Petr
>
> On 1/9/22 11:06, Dominik Derigs wrote:
> > Hey Simon,
> >
> > Minimum safe size is recommended to be 1232. See
> > https://dnsflagday.net/2020/, relevant parts below:
> >
> > > This
From: Dominik Derigs
Date: Fri, 7 Jan 2022 06:11:53 +0100
Subject: [PATCH] Strip EDNS(0) Client Subnet / MAC information if
--strip-subnet or --strip-mac is set. If both the add and strip options are
set, incoming EDNS0 options are replaced. This ensures we do not
unintentionally forward client
Dear Simon,
Second resubmission of my patches.
They still apply cleanly to current master.
Best,
Dominik
Forwarded Message
From: Dominik Derigs
To: dnsmasq-discuss@lists.thekelleys.org.uk
, Simon Kelley
Subject: [PATCH] Addressing hostsdir shortcomings
Date: Sat, 08 Jan 2022
93f597e943283124af2e39620e748635cc6a04d6 Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Thu, 3 Feb 2022 16:12:16 +0100
Subject: [PATCH] Extend server to accept hostnames for upstream resolver
Signed-off-by: DL6ER
---
man/dnsmasq.8 | 4 +++
src/config.h | 3 +++
src/option.c | 69
)
Best,
Dominik
From eba5c590bc98b3cd5ca54ff59f654cb9da1aee8c Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Fri, 19 Nov 2021 10:08:01 +0100
Subject: [PATCH] Log server port when forwarding upstream
Signed-off-by: DL6ER
---
src/cache.c | 8 ++--
src/dnsmasq.h | 1 +
src/forward.c | 10
20326 8 2
SF IC config
Best,
Dominik
From be26a63372b18bd0dd567c4a40ed285e292fe7d5 Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Sat, 18 Dec 2021 10:08:01 +0100
Subject: [PATCH 1/2] Fix header of cache dump. The width of the host and
a
ds.
Best,
Dominik
[sent earlier as
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015704.html,
resubmitting patches rebased on latest master]
From 7873cc3dbfce3edeb534bf4d0a0030894aaa152a Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Wed, 29 Sep 2021 08:22:05 +0200
Subject: [P
try[DS] microsoft.net
to 127.0.0.1
This is added by this patch implementing it in the same way as
used already when logging "dnssec-query" in the code.
Best,
Dominik
From 00b8789e4119a25da7f286ca1cefd5fe66383b30 Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Sat, 2 Apr 2022 21:45:47 +0200
Hey Tobias,
On Wed, 2022-06-29 at 18:37 +, Tobias Hochgürtel wrote:
> There isn't a feature to reuse the dns-cache?
> or a plan to add this feature?
>
There is no such feature and there is also nothing planned at the moment
(not that I'd be aware of).
However, restarting dnsmasq once per
EY]" : "dnssec-
> > retry[DS]", 0);
>
> I see more changes as commit message says.
What do you see in addition?
It is a minimal invasive change that fixes the omission in a
previous commit as already said in the first mail:
On Sun, 2022-04-10 at 10:46 +0200, Dominik Deri
Hey all,
and here comes the third resubmission of my patches. I do still
believe that they are improvements. Even one year after writing
them, them do still apply cleanly on the master branch.
Best,
Dominik
Forwarded Message
From: Dominik Derigs
To: dnsmasq-discuss
added for
> dns.example.com, when
> dnsmasq would no longer start. Better I thing to only use DNS
> records
> that match the source address type if it's specified.
>
>
> Cheers,
>
> Simon.
>
>
>
>
>
> On 02/04/2022 20:40, Dominik Derigs wrote:
Hey Simon,
We observed a few cache oddities with the current release-
candidate of dnsmasq and have been able to pin this down to the
use of the new use-stale-cache option. The issue happens with
cached content being served when the actual domain data has moved
on. This is, of course, unavoidable
Dear all,
I'm trying to show host names (rather than IP addresses, if available)
in dnsmasq's log for A and queries, as well as for the forward
destinations, i.e. I want to replace
Feb 4 18:02:22 dnsmasq[14001]: query[A] clients6.google.com from 10.8.0.2
Feb 4 18:02:22 dnsmasq[14001]:
Dear all,
on the dnsmasq man page, I found the following:
*--neg-ttl=*
Negative replies from upstream servers normally contain time-to-live
information in SOA records which dnsmasq uses for caching. If the
replies from upstream servers omit this information, dnsmasq does
not
Dear Simon, CC mailing list,
today I've received a report of latest dnsmasq embedded into Pi-hole
crashing when www.facebook.com is visited (but only when logged in). I
was able to reproduce this myself after creating a (fake) account.
The hit/miss ratio is not 100% but it should be possible to
Hey Simon,
today the IANA started listing a new query type RESINFO that was
assigned to RR Type no. 261. The simple attached patch adds this RR Type
to dnsmasq.
Best,
Dominik
From a6331078d3b22c960df8ad78106da567cb76e82c Mon Sep 17 00:00:00 2001
From: DL6ER
Date: Thu, 2 Nov 2023 17:57:54 +0100
Dear mailing list members,
In 2016, dnsmasq got the option to prevent serving the
server version, some statistics and even the used upstream
DNS servers to its clients. Compiling with -DNO_ID removes
the entire *.bind info structure. However, setting -DNO_ID
requires a (re-)compilation from
ble only some parts of provided
> records? For
> example cache statistics might be restricted to localhost
> only or
> provided only by DBus, while version might be still useful
> to report.
>
> Cheers,
> Petr
On Fri, 2022-12-23 at 12:54 +0100, Dominik Derigs wrote:
>
eason why you wouldn't want to put
>
> no-ident
>
> into /etc/dnsmasq.conf
>
> Have I missed something?
>
>
> Cheers,
>
> Simon.
>
>
>
> On 15/01/2023 08:01, Dominik Derigs wrote:
> >
> > Hey Simon and Petr, CC list,
> >
>
Hey Simon, CC list,
the --rev-server option is currently broken in the released
version of dnsmasq for any non-dividable-by-eight CIDR
subnets.
It got broken in commit 1db9943 when resolving upstream
servers by name was extended to --rev-server without
accounting for the fact that rev-server is
Hey Simon,
On Thu, 2023-04-13 at 22:15 +0100, Simon Kelley wrote:
> I'd like to know how EDE replies are being used, and what the changes
> referred to in this statement by Peter are.
>
> "Note that the changes made by the pi-hole developers have been
> implemented in pi-hole-FTL, the dnsmasq
Hey Peter,
On Thu, 2023-04-13 at 08:37 +0200, Peter Russel wrote:
> Hi Simon
>
> Unfortunately, it looks like I've been shouting victory a little soon.
>
> The results are perfect when using dig, however, when using a browser
> (firefox, edge) the results are unreliable / inconsistent.
>
> The
Hey Simon,
On Thu, 2023-03-30 at 18:28 +0100, Simon Kelley wrote:
> I just merged the branch I've been working on for the last week which
> includes this patch, but much modified because the surrounding code has
> changed. The function is unaltered.
>
> The other changes are adding the ability
Hey Peter,
On Thu, 2023-04-13 at 12:15 +0200, Peter Russel wrote:
>
> Dominik, your questions and comments.
>
> Thanks for explaining "add-cpe-id=01234", meaning that it informs
> upstream that it is capable of processing EDNS data, nothing more.
> This implies dnsmasq cannot be the cause of
Hey Burton and Petr,
On Wed, 2023-05-10 at 21:12 -0500, B@us wrote:
> domains that don’t match \.[A-Za-z0-9]\.
You'd probably want to allow for - and _ too but Petr has the better
idea how to achieve this:
On Thu, 2023-05-11 at 17:56 +0200, Petr Menšík wrote:
> reject all IDN names, which start
Hey Simon,
this patch adds a method for deprecating ANY queries (following RFC
8482: Providing Minimal-Sized Responses to DNS Queries That Have
QTYPE=ANY). This conforms to how many of the large scale upstream DNS
providers (Google, Cloudflare to name only a few) are dealing with the
Hey Evandro,
see my reply to your other question as the questions are just two
aspects of the same thing:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q4/017363.html
Best,
Dominik
P.S. Your address evandro+dnsm...@gcc.gnu.org throws an "user unknown"
error.
On Thu,
Hey Evandro,
chaching of arbitrary types has been added this year in March and is
available in the latest master code (option --cache-rr). You can even
add --cache-rr=ANY to cache all records.
See
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=638c7c4d20004c0f320820098e29df62a27dd2a1
Hey Ercolino,
In the context of adblocking I am told certain browsers/systems react
much better when the DNS server returns FORBIDDEN (I guess they mean
REFUSED which is return code 5
https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6)
as this instructs the
Hey Simon,
we found a bug resulting in a use-after-free returning garbage data and
possibly crash when using DHCP + stale cache data.
The bug is triggered when using DHCP and a lease expires. It's name is
then free'd in kill_name() + do_script_run(). When the PTR record is
queried
Hey Erik,
sorry for the late reply.. I wanted to err on the side of caution this
time. We have been testing with your patch applied on top of latest
master for almost four days now and - so far - no new use-after-free
events occurred. Before, it happened at least once a day. Seems I have
Dear list,
we have added this commit to the currently running Pi-hole v6.0 beta. It
was confirmed by multiple users to fix aforementioned issues.
https://github.com/pi-hole/FTL/pull/1965
Have a great weekend!
Dominik
On 29.04.24 20:44, Erik Karlsson wrote:
From: Erik Karlsson
Not doing
73 matches
Mail list logo
