Re: [Dnsmasq-discuss] Re-compile DNSMasq with Visual C

[Geert Stappers]

On Fri, Nov 24, 2017 at 06:35:11PM +, tesm...@gmail.com wrote:
> Hi all,
> 
} I am new to DNSMasq world. I am looking into make some changes in the code
> and comfortable with Visual Studio development environment.
> 
> Can someone guide me for re-compiling DNSMasq with Visual Studio.
> 

Start with it.

Learn that you are compiling sources for UNIX system on a Microsoft Windows 
system.

Find a UNIX ( Linux / BSD ) system, have clean compile in no time.

Make the code changes that you want to make on the UNIX system.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Remove upper limit of 10,000 for cache size

[Geert Stappers]

On Tue, May 08, 2018 at 11:16:51PM +0200, Dominik wrote:
> On 08.05.2018 22:17, Simon Kelley wrote:
> > From: Dominik Derigs <dl...@dl6er.de>, Date: Tue, 8 May 2018 18:44:41 +0200
> >> [PATCH] Remove upper limit of 10,000 for cache size.
> >>
> >> We should allow users to set any (maximum) cache size they like to
> >> set. Even embedded devices usually ship with at least 1 GB of RAM
> >> nowadays so memory shouldn't be an issue.
> >>
> >> Furthermore, this clipping is also not documented in the man page.
> >
> > The reason for the limit is actually performance: there may be plenty of
> > RAM, but the larger the cache is, the slower it is. This is true for
> > reverse (PTR) queries, which are less optimised than normal forward queries.
> >
> > I accept that the limit may now be too small, but it would be worth
> > doing some measurements of cache performance before raising or removing it.
> >
> >
> Hey Simon,
 
Hello Mailinglist,

> removing the upper limit will not change anything except for the few
> users that have set this value manually to a very large number. However,
> if they did so they were surely not expecting that dnsmasq could just
> ignore their setting.

The undocumented clipping is indeed harmfull.

> Personal experience with dnsmasq as a caching DNS server for a few
> hundred fairly active clients shows no notable performance impact even
> when allowing the maximum cache size to be > 100,000 (query reply time
> from cache is on the order of < 5 msec). It may always be that I miss
> something but even when dnsmasq's cache would be 10 (or more) times
> slower, it would still be much faster than when we'd periodically ask
> upstream servers.

Yes, the benefit of caching.

Thing that you might miss is how fast the dnsmasq server for
the few hunderd fairly active clients is. I'm trying to tell
that the performance penality that Simon warns us about,
might by canceled by high computing power.

Thing I wonder about is how the cache size clipping was discovered.

Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH] Warn about the impact of cache-size on performance

[Geert Stappers]

---
 man/dnsmasq.8| 2 +-
 man/es/dnsmasq.8 | 3 ++-
 man/fr/dnsmasq.8 | 3 ++-
 3 files changed, 5 insertions(+), 3 deletions(-)

Note that this patch contains non-ASCII characters,
those might be mangled during transport ...


diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 21069de..7664e06 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -692,7 +692,7 @@ will add 1.2.3.0/24 for both IPv4 and IPv6 requestors.
 
 .TP
 .B \-c, --cache-size=
-Set the size of dnsmasq's cache. The default is 150 names. Setting the cache 
size to zero disables caching.
+Set the size of dnsmasq's cache. The default is 150 names. Setting the cache 
size to zero disables caching. Note: huge cache size impacts performance.
 .TP
 .B \-N, --no-negcache
 Disable negative caching. Negative caching allows dnsmasq to remember
diff --git a/man/es/dnsmasq.8 b/man/es/dnsmasq.8
index 81c745a..4a70a4f 100644
--- a/man/es/dnsmasq.8
+++ b/man/es/dnsmasq.8
@@ -478,7 +478,8 @@ la traza reversa direcci
 .TP
 .B \-c, --cache-size=
 Fijar el tama�o del cach� de dnsmasq. El predeterminado es 150 nombres.
-Fijar el tama�o a cero deshabilita el cach�.
+Fijar el tama�o a cero deshabilita el cach�. Nota: el gran tama�o de
+cach� afecta el rendimiento.
 .TP
 .B \-N, --no-negcache
 Deshabilitar cach� negativo. El cach� negativo le permite a dnsmasq
diff --git a/man/fr/dnsmasq.8 b/man/fr/dnsmasq.8
index 80cef39..d3c05b8 100644
--- a/man/fr/dnsmasq.8
+++ b/man/fr/dnsmasq.8
@@ -666,7 +666,8 @@ différentes pourraient-être rencontrés, alors le cache 
devrait être désacti
 .TP
 .B \-c, --cache-size=
 Définit la taille du cache de Dnsmasq. La valeur par défaut est de 150 noms.
-Définir une valeur de zéro désactive le cache.
+Définir une valeur de zéro désactive le cache. Remarque: la taille importante
+du cache a un impact sur les performances.
 .TP
 .B \-N, --no-negcache
 Désactive le "cache négatif". Le "cache négatif" permet à Dnsmasq de se 
souvenir
-- 
2.15.1


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Remove upper limit of 10,000 for cache size

[Geert Stappers]

On Wed, May 09, 2018 at 11:21:31AM +0200, Dominik DL6ER wrote:
> Geert Stappers wrote:
> >  [ ... ] I'm trying to tell that the performance penality that Simon
> >  warns us about, might by canceled by high computing power.
> 
> I agree, but you should probably not be running a caching DNS server
> with hundreds of active clients on a really low-power embedded machine
> like the good old Raspberry Pi in its first version.

:-)


> I'm just trying to make clear that removing this artificial limit may
> improve the situation for those on beefier hardware but not impact the
> others as they are responsible for what they set when they decide to
> manually tweak their settings in this regard. It's a value where I think
> the hand-holding dnsmasq is doing for possibly supporting embedded
> devices better is just too much. In the end, Simon has to say if or not
> this artificial clipping can be removed or not. I think yes, because it
> doesn't affect anyone who has not changed the default value and allows
> the others to use any value for cache size them deem right for their
> hardware and application.

I also think that the clipping should be removed.

Resubmitting the patch with a new commit message would be a good thing.
(The original patch commit message would result in an ugly git log
when `git am`, "git apply-mail" was used.)`

I'll follow up this posting with a patch on the manual page.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Warn about the impact of cache-size on performance

[Geert Stappers]

On Fri, May 11, 2018 at 11:43:02PM +0100, Simon Kelley wrote:
> On 09/05/18 12:13, Geert Stappers wrote:
> >  3 files changed, 5 insertions(+), 3 deletions(-)
> > 
> > Note that this patch contains non-ASCII characters,
> > those might be mangled during transport ...
> 
> They were, please could you resend an attachment?

# git clone git://thekelleys.org.uk/dnsmasq.git
cd dnsmasq/
git remote add stappers http://stappers.it/git/dnsmasq
git fetch stappers
git checkout -b stappers/warn_cache_size stappers/warn_cache_size
git diff master
git checkout master
git merge stappers/warn_cache_size


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Warn about the impact of cache-size on performance

[Geert Stappers]

On Thu, May 31, 2018 at 02:18:39PM +0200, Geert Stappers wrote:
> On Sun, May 20, 2018 at 10:14:34PM +0200, Geert Stappers wrote:
> > On Fri, May 11, 2018 at 11:43:02PM +0100, Simon Kelley wrote:
> > > On 09/05/18 12:13, Geert Stappers wrote:
> > > >  3 files changed, 5 insertions(+), 3 deletions(-)
> > > > 
> > > > Note that this patch contains non-ASCII characters,
> > > > those might be mangled during transport ...
> > > 
> > > They were, please could you resend an attachment?
> > 
> > # git clone git://thekelleys.org.uk/dnsmasq.git
> > cd dnsmasq/
> > git remote add stappers http://stappers.it/git/dnsmasq
> > git fetch stappers
> } git branch --remote
> > git checkout -b stappers/warn_cache_size stappers/warn_cache_size
> > git diff master
> > git checkout master
> > git merge stappers/warn_cache_size
> } git branch -d stappers/warn_cache_size
> } git remote remove stappers
> 
> reminder by retransmit
 
It became 
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=7dcca6c62211e60905e2252a185bede909391877



Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Working on read-only drive

[Geert Stappers]

On Wed, Jun 13, 2018 at 08:51:01PM -0400, Weedy wrote:
> On Wed, Jun 13, 2018 at 10:34:08PM +0200, Jan Jurá?? wrote:
> > 
> > I have Raspberry Pi 3 with minimal raspbian image based on jessie
> > and I use it as access point.
> > 
> > The thing is that I made / read-only to prevent any possible
> > corruption caused by power loss. Now the problem of course is that
> > dnsmasq fails to open the lease file for writing and I get the
> > following error:
> > 
> > dnsmasq: cannot open or create lease file
> > /var/lib/misc/dnsmasq.leases: read-only file system
> > 
> > Now as I see it, I have several options:
> > 
> >  * disable somehow leasing so that dnsmasq doesn't fail on startup
> >  * Persuade dnsmasq to search for the lease file elsewhere (I still
> >have rw home)
> >  * Mount the file somehow to RAM disk
> > 
> > What would be the best solution and how to do it? Any ideas?
> Stick it on whatever tmpfs is already mounted. Thats what LEDE/OpenWRT do.

How is it done?A symlink? If yes,  what.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Help with PXE Proxy Mode

[Geert Stappers]

On Fri, Jun 15, 2018 at 02:02:50PM +0200, toto tata wrote:
> Hello,
> 
> I have an existing dnsmask server which is currently used as PXE proxy to
> deploy Linux machines.
> I would like to use it also to redirect my machines to my Distribution
> Point SCCM (Windows Infrastructure).
> 
> I've tried to modified the dnsmask.conf like below without success:
> pxe-service=X86-64_EFI, "Install Windows from SCCM Server", 1, 192.168.0.4
> 
> (I work with UEFI BIOS Type on my machines)
> 
> How can I achieve this ?

You might have achieve it already for 90%.

We don't know, we can't tell.
You might tell us what happens on the network cable.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Regex patch

[Geert Stappers]

On Sun, Jun 17, 2018 at 06:52:34PM +0200, john doe wrote:
> On 6/17/2018 5:46 PM, Thiago Alves wrote:
> >Sorry for being insistent here
> >
> >I just need to confirm that:
> >
> >1) The regex feature is not available in the official releases, so the only
> >way to enable it is by applying the patch mentioned in my previous message
> >2) It is safe to apply the patch on version 2.62 and use it in production
> >envs
> >
> 
> If you want to use features that are not in the official version of
> dnsmasq it is your responsability to insure that they are working as
> you expect them to!

Reports like

  Here is the updated patch of what I found in the archive.
  It does work for me.

do help to get a patch included.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Warn about the impact of cache-size on performance

[Geert Stappers]

On Sun, May 20, 2018 at 10:14:34PM +0200, Geert Stappers wrote:
> On Fri, May 11, 2018 at 11:43:02PM +0100, Simon Kelley wrote:
> > On 09/05/18 12:13, Geert Stappers wrote:
> > >  3 files changed, 5 insertions(+), 3 deletions(-)
> > > 
> > > Note that this patch contains non-ASCII characters,
> > > those might be mangled during transport ...
> > 
> > They were, please could you resend an attachment?
> 
> # git clone git://thekelleys.org.uk/dnsmasq.git
> cd dnsmasq/
> git remote add stappers http://stappers.it/git/dnsmasq
> git fetch stappers
} git branch --remote
> git checkout -b stappers/warn_cache_size stappers/warn_cache_size
> git diff master
> git checkout master
> git merge stappers/warn_cache_size
} git branch -d stappers/warn_cache_size
} git remote remove stappers

reminder by retransmit


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Implementation of DOH in dnsmasq

[Geert Stappers]

On Wed, Jun 20, 2018 at 10:11:53AM +0200, Nicolas Cavallari wrote:
> On 14/06/2018 22:32, Kurt H Maier wrote:
> > On Thu, Jun 14, 2018 at 09:38:42PM +0200, Mateusz Jo??czyk wrote:
> >>
> >> How difficult would it be to add support to DNS over HTTP/2.0 in dnsmasq, 
> >> for
> >> example in constrained environments like home routers?
> >>
> > 
> > This should be handled with a wrapper program.  HTTP/2.0 is an enormous
> > and ill-defined specification and it would not be appropriate to bolt it
> > directly into dnsmasq.  A dedicated HTTP/2.0 daemon can talk to dnsmasq
> > on the backend to provide this service.  Home routers are not
> > particularly constrained in this regard, since they generally have web 
> > services running to begin with.
> 
> It's much more than that. To be secure, TLS requires time, entropy and a CA
> list. Many home routers fails at having all three, or require the DNS to get
> time and CAs...
> 
> >> Please send any replies to the DoH mailing list at .
> > 
> > Why?
> 
> Because by doing so you will be subjected to the various IETF policies that
> applies to anyone participating on the IETF mailing list, which includes
> copyright grants, patents disclosure and other things that should be read by a
> lawyer.
> 

No new text, just doing the
} Please send any replies to the DoH mailing list at .


Groeten
Geert Stappers
Subscriber of mailinglist dnsmasq-discuss@lists.thekelleys.org.uk
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] domain-needed is ignored

[Geert Stappers]

On Thu, Jun 21, 2018 at 06:15:30AM +, Spon Spon wrote:
> Hi,
> I have following configuration of dnsmasq:
...
> domain-needed
...
> 
> Because of domain-needed option I expected that host only lookup,
> without domain part will not forwarded to upstream servers (in my case
> 192.168.2.1, but this seems it is not the case.

Please elaborate "seems"
Is it being polite or only having "forwarded" in logging and no further proof?


> The dnsmasq run on an EdgeRouter and has following version:
> root@bucuresti:/etc# /usr/sbin/dnsmasq --version
> Dnsmasq version 2.78-20-geaeda96  Copyright (c) 2000-2017 Simon Kelley
> Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP 
> conntrack ipset auth DNSSEC loop-detect inotify
> 
> This software comes with ABSOLUTELY NO WARRANTY.
> Dnsmasq is free software, and you are welcome to redistribute it
> under the terms of the GNU General Public License, version 2 or 3.
> 
> If I lookup a host with local domain, then the request is not going
> to upstream server. Please see below the logged queries:
> 
> Jun 21 09:13:31 dnsmasq[21398]: query[A] rrr from 127.0.0.1
> Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv4
> Jun 21 09:13:31 dnsmasq[21398]: query[] rrr from 127.0.0.1
> Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv6
> Jun 21 09:13:31 dnsmasq[21398]: query[MX] rrr from 127.0.0.1
> Jun 21 09:13:31 dnsmasq[21398]: forwarded rrr to 192.168.2.1
> Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1
> Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN
> Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1
> Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN
> 
> Is this a bug? Is there any configuration missing? I expected that
> rrr lookup wil not be forwarded to upstream server (192.168.2.1)
> 

Dnsmasq manual pages says

   -D, --domain-needed
  Tells dnsmasq to never forward A or  queries for plain names,
  without dots or domain  parts,  to upstream  nameservers. If
  the name is not known from /etc/hosts or DHCP then a "not found"
  answer is returned.

So it would prevent the cost of a dail-out connection.


  .  local testing .


Jun 21 09:41:14 weiss dnsmasq[24942]: query[MX] inertia from 172.24.0.36
Jun 21 09:41:14 weiss dnsmasq[24942]: forwarded inertia to 172.24.0.10

That un-expected, due 'domain-needed', forward is visible with tcpdump
at my upstream DNS :-(


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No DNS server assigned to dhcp clients if port != 53 in dnsmasq.conf

[Geert Stappers]

On Sat, Jun 30, 2018 at 08:39:56AM -0500, Gordon Hsiao wrote:
> If in my dnsmasq.conf I used a different port other than 53 for dns,
> dnsmasq never assigns DNS server to my dhcp clients, is this a feature or a
> bug? for port 53 everything works as expected, of course.

Please elaborate


Groeten
Geert Stappers
Who thinks that original poster has encountered a good feature
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No DNS server assigned to dhcp clients if port != 53 in dnsmasq.conf

[Geert Stappers]

On Sat, Jun 30, 2018 at 12:19:18PM -0400, B. Cook wrote:
> On Sat, Jun 30, 2018, 12:11 PM Geert Stappers  wrote:
> > On Sat, Jun 30, 2018 at 08:39:56AM -0500, Gordon Hsiao wrote:
> > > If in my dnsmasq.conf I used a different port other than 53 for dns,
> > > dnsmasq never assigns DNS server to my dhcp clients, is this a feature
> > > or a bug? for port 53 everything works as expected, of course.
> >
> > Please elaborate
> >
> >
> > Groeten
> > Geert Stappers
> > Who thinks that original poster has encountered a good feature
> 
> 
> I am not the original poster..
> 
> 8< -- snip -- >8
> 
> I want to run my DNS on port 59.
> 
> I want dnsmasq to assign my clients my DNS server running on port 59.
> 
> Why doesn't it.
> 
> 8< -- snip -- >8
> 
> That is how I am understanding the original request.
> 

Oh, I did understanding something like
  
  } I want to do non standard things.
  } But I can get it working in the first 30 minutes I tried.
  } Let me use the word 'bug' to get some attention.


I did give original poster some attention in a lazy way.

Where I wrote

> > Please elaborate


I shoud have written

} } Please tell more about the use case.
} } You might be doing something that I might need in the future




Groeten
Geert Stappers

P.S.
Make it possible to read in the discussion order.
Yes, reply below the text.
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH] iPXE is gPXE

[Geert Stappers]

Development of EtherBoot gPXE was always development
of iPXE core developer Michael Brown.

http://git.etherboot.org/?p=gpxe.git was last updated in 2011
https://git.ipxe.org/ipxe.git is well alive

This  s/gPXE/iPXE/ reflects that.

Signed-off-by: Geert Stappers <stapp...@stappers.nl>
---
 CHANGELOG|  4 ++--
 CHANGELOG.archive|  2 +-
 dnsmasq.conf.example | 16 
 src/rfc2131.c|  2 +-
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index ae03836..7d7a2b7 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2054,13 +2054,13 @@ version 2.47
 
Support arbitrarily encapsulated DHCP options, suggestion
and initial patch from Samium Gromoff. This is useful for
-   (eg) gPXE, which expect all its private options to be
+   (eg) iPXE, which expect all its private options to be
encapsulated inside a single option 175. So, eg, 
 
dhcp-option = encap:175, 190, "iscsi-client0"
dhcp-option = encap:175, 191, "iscsi-client0-secret"
 
-   will provide iSCSI parameters to gPXE.
+   will provide iSCSI parameters to iPXE.
 
Enhance --dhcp-match to allow testing of the contents of a
client-sent option, as well as its presence. This
diff --git a/CHANGELOG.archive b/CHANGELOG.archive
index 2df495b..f4362ca 100644
--- a/CHANGELOG.archive
+++ b/CHANGELOG.archive
@@ -2433,7 +2433,7 @@ version 2.41
 
Add --dhcp-match flag, to check for arbitrary options in
DHCP messages from clients. This enables use of dnsmasq
-   with gPXE. Thanks to Rance Hall for the suggestion.
+   with iPXE. Thanks to Rance Hall for the suggestion.
 
Added --dhcp-broadcast, to force broadcast replies to DHCP
clients which need them but are too dumb or too old to
diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
index 790eaf5..1ccca0c 100644
--- a/dnsmasq.conf.example
+++ b/dnsmasq.conf.example
@@ -444,14 +444,14 @@
 # The same as above, but use custom tftp-server instead machine running dnsmasq
 #dhcp-boot=pxelinux,server.name,192.168.1.100
 
-# Boot for Etherboot gPXE. The idea is to send two different
-# filenames, the first loads gPXE, and the second tells gPXE what to
-# load. The dhcp-match sets the gpxe tag for requests from gPXE.
-#dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
-#dhcp-boot=tag:!gpxe,undionly.kpxe
-#dhcp-boot=mybootimage
-
-# Encapsulated options for Etherboot gPXE. All the options are
+# Boot for iPXE. The idea is to send two different
+# filenames, the first loads iPXE, and the second tells iPXE what to
+# load. The dhcp-match sets the ipxe tag for requests from iPXE.
+#dhcp-boot=undionly.kpxe
+#dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
+#dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php
+
+# Encapsulated options for iPXE. All the options are
 # encapsulated within option 175
 #dhcp-option=encap:175, 1, 5b # priority code
 #dhcp-option=encap:175, 176, 1b   # no-proxydhcp
diff --git a/src/rfc2131.c b/src/rfc2131.c
index f3a7e53..270f6a4 100644
--- a/src/rfc2131.c
+++ b/src/rfc2131.c
@@ -909,7 +909,7 @@ size_t dhcp_reply(struct dhcp_context *context, char 
*iface_name, int int_index,
  
  if (!workaround && boot)
{
- /* Provide the bootfile here, for gPXE, and in case we 
have no menu items
+ /* Provide the bootfile here, for iPXE, and in case we 
have no menu items
 and set discovery_control = 8 */
  if (boot->next_server.s_addr) 
mess->siaddr = boot->next_server;
-- 
2.11.0


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Receive your own posts to the list?

[Geert Stappers]

On Fri, Jan 05, 2018 at 09:19:54AM +0100, Geert Stappers wrote:
> Hi,
>
> At http://lists.thekelleys.org.uk/mailman/options/dnsmasq-discuss
> is option 'Receive your own posts to the list?' set to 'Yes' for me.
>
> But I don't receive my own posts send to this mailing list.
>
> Postings from others to the ML are received.
>
>
> My postings are archived, examples given
>  http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011864.html
>  http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011865.html
>
> On other mailingslists I do get copies of my own posts.
>
>
> Do get other posters to this ML their own posts?
>[ ]  Yes, works for me

 [x] Yes, works for me :-/


>[ ]  No, I don't get my own posts
>
>
> What is needed to get own posts??
>

patience

An email has a round-trip-time of about a half hour

| Received: from bytemark.thekelleys.org.uk (bytemark.thekelleys.org.uk 
[213.138.109.107])
| by gpm.stappers.nl (Postfix) with ESMTPS id 5613D304009
| for <stapp...@stappers.nl>; Fri,  5 Jan 2018 09:01:37 +0100 (CET)
| Received: from localhost ([127.0.0.1] helo=bytemark.thekelleys.org.uk)
| by bytemark.thekelleys.org.uk with esmtp (Exim 4.80)
| (envelope-from <dnsmasq-discuss-boun...@lists.thekelleys.org.uk>)
| id 1eXMO4-0006vV-Ei
| for stapp...@stappers.nl; Fri, 05 Jan 2018 07:25:56 +
| Received: from gpm.stappers.nl ([82.161.218.215])
| by bytemark.thekelleys.org.uk with esmtp (Exim 4.80)
| (envelope-from <stapp...@stappers.nl>) id 1eXMNu-0006vO-UQ
| for dnsmasq-discuss@lists.thekelleys.org.uk; Fri, 05 Jan 2018 
07:25:47 +
| Received: by gpm.stappers.nl (Postfix, from userid 1000)
| id 7F0FC304032; Fri,  5 Jan 2018 08:25:46 +0100 (CET)


Groeten
Geert Stappers
--
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] iPXE is gPXE

[Geert Stappers]

Happy New Year,


What is the judgement on the patch below?

On Wed, Dec 27, 2017 at 08:55:22PM +0100, Geert Stappers wrote:
> Development of EtherBoot gPXE was always development
> of iPXE core developer Michael Brown.
> 
> http://git.etherboot.org/?p=gpxe.git was last updated in 2011
> https://git.ipxe.org/ipxe.git is well alive
> 
> This  s/gPXE/iPXE/ reflects that.
> 
> Signed-off-by: Geert Stappers <stapp...@stappers.nl>
> ---
>  CHANGELOG|  4 ++--
>  CHANGELOG.archive|  2 +-
>  dnsmasq.conf.example | 16 
>  src/rfc2131.c|  2 +-
>  4 files changed, 12 insertions(+), 12 deletions(-)
> 
> diff --git a/CHANGELOG b/CHANGELOG
> index ae03836..7d7a2b7 100644
> --- a/CHANGELOG
> +++ b/CHANGELOG
> @@ -2054,13 +2054,13 @@ version 2.47
>  
>   Support arbitrarily encapsulated DHCP options, suggestion
>   and initial patch from Samium Gromoff. This is useful for
> - (eg) gPXE, which expect all its private options to be
> + (eg) iPXE, which expect all its private options to be
>   encapsulated inside a single option 175. So, eg, 
>  
>   dhcp-option = encap:175, 190, "iscsi-client0"
>   dhcp-option = encap:175, 191, "iscsi-client0-secret"
>  
> - will provide iSCSI parameters to gPXE.
> + will provide iSCSI parameters to iPXE.
>  
>   Enhance --dhcp-match to allow testing of the contents of a
>   client-sent option, as well as its presence. This
> diff --git a/CHANGELOG.archive b/CHANGELOG.archive
> index 2df495b..f4362ca 100644
> --- a/CHANGELOG.archive
> +++ b/CHANGELOG.archive
> @@ -2433,7 +2433,7 @@ version 2.41
>  
>   Add --dhcp-match flag, to check for arbitrary options in
>   DHCP messages from clients. This enables use of dnsmasq
> - with gPXE. Thanks to Rance Hall for the suggestion.
> + with iPXE. Thanks to Rance Hall for the suggestion.
>  
>   Added --dhcp-broadcast, to force broadcast replies to DHCP
>   clients which need them but are too dumb or too old to
> diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
> index 790eaf5..1ccca0c 100644
> --- a/dnsmasq.conf.example
> +++ b/dnsmasq.conf.example
> @@ -444,14 +444,14 @@
>  # The same as above, but use custom tftp-server instead machine running 
> dnsmasq
>  #dhcp-boot=pxelinux,server.name,192.168.1.100
>  
> -# Boot for Etherboot gPXE. The idea is to send two different
> -# filenames, the first loads gPXE, and the second tells gPXE what to
> -# load. The dhcp-match sets the gpxe tag for requests from gPXE.
> -#dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
> -#dhcp-boot=tag:!gpxe,undionly.kpxe
> -#dhcp-boot=mybootimage
> -
> -# Encapsulated options for Etherboot gPXE. All the options are
> +# Boot for iPXE. The idea is to send two different
> +# filenames, the first loads iPXE, and the second tells iPXE what to
> +# load. The dhcp-match sets the ipxe tag for requests from iPXE.
> +#dhcp-boot=undionly.kpxe
> +#dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
> +#dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php
> +
> +# Encapsulated options for iPXE. All the options are
>  # encapsulated within option 175
>  #dhcp-option=encap:175, 1, 5b # priority code
>  #dhcp-option=encap:175, 176, 1b   # no-proxydhcp
> diff --git a/src/rfc2131.c b/src/rfc2131.c
> index f3a7e53..270f6a4 100644
> --- a/src/rfc2131.c
> +++ b/src/rfc2131.c
> @@ -909,7 +909,7 @@ size_t dhcp_reply(struct dhcp_context *context, char 
> *iface_name, int int_index,
> 
> if (!workaround && boot)
>   {
> -   /* Provide the bootfile here, for gPXE, and in case we 
> have no menu items
> +   /* Provide the bootfile here, for iPXE, and in case we 
> have no menu items
>and set discovery_control = 8 */
> if (boot->next_server.s_addr) 
>   mess->siaddr = boot->next_server;
> -- 
> 2.11.0
> 

-- 
Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq continuous integration

[Geert Stappers]

On Thu, Dec 14, 2017 at 09:27:34PM +, Simon Kelley wrote:
> On 13/12/17 10:10, Petr Men?ík wrote:
> > Hello everyone.
> > 
> > I maintain dnsmasq in Fedora and Red Hat Enterprise Linux.
> > 
> > We build for different sets of architectures and have some tests for
> > several packages. Dnsmasq is used for libvirt and network manager as a
> > dependency. In short, dnsmasq is important to us.
> > 
> > We lack something that we could attach after every build to test dnsmasq
> > is not (completely) broken. I do not know of any tests included in
> > dnsmasq repository. Is there any external repository that can be used to
> > validate dnsmasq still behaves properly? Is anyone using some kind of
> > continuos integration to ensure new build work at least the same as the
> > former one? I myself already made patches that broke some architectures
> > and some not. Such things are not easy to discover.
> > 
> > I currently assume no one has open source tests that can be used to
> > verify dnsmasq behavior right now. I would be glad if that was not true.
> > In the other case I would like to start some basic test suite, that can
> > be run to validate new build. I would like to make something useful that
> > could be merged into the repository sometime in the future.
> > 
> > I have a couple of questions:
> > * Do you know good and powerful enough framework to write such tests?
> > * Is there interest to cooperate on test suite? I think we could all
> > benefit from this, making dnsmasq more reliable.
> > * What language and library should be used for tests writing?
> > * Which tools would be useful for testing?
> > 
> > My kind of requirements:
> >   - setup support of temporary addresses, network namespaces or
> > containers would be useful
> >   - I would like to avoid reinventing the wheel, starting with bash
> > scripts, that would be simple at the start and hell to maintain later
> >   - I think scripting languages are more suited for complicated test
> > setup with more than one daemon instance
> >   - Preferred language would be python for me. Avocado [1] was
> > recommended to me. It is packaged in Fedora, but not in Debian. Because
> > Simon is Debian packager, I think something with good support on Debian
> > should be chosen. Do you know something?
> >   - check library [2] seems interesting. I am afraid current code would
> > be not easily broken into unit tests written in C
> >   - tests can be started as a single test or set of tests, failure
> > should be reported for each single test separately
> >   - dig would be useful for dns queries. ldns-testns can be quite useful
> > for special upstream DNS servers.   
> > 
> > What do you think? Any opinions would be appreciated.
> > 
> 
> I don't know of any such testing system, and I don't use one at present,
> the best I can do is fairly strict dogfood testing: the latest code is
> always running in the network router chez Kelleys.
> 
> If such a thing can be produced, I would be very interested in running it.


I read that as   "patches welcome":-)

 
 [1] https://github.com/avocado-framework/avocado
 [2] https://libcheck.github.io/check/


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Receive your own posts to the list?

[Geert Stappers]

Hi,

At http://lists.thekelleys.org.uk/mailman/options/dnsmasq-discuss 
is option 'Receive your own posts to the list?' set to 'Yes' for me.

But I don't receive my own posts send to this mailing list.

Postings from others to the ML are received.


My postings are archived, examples given
 http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011864.html
 http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011865.html

On other mailingslists I do get copies of my own posts.


Do get other posters to this ML their own posts? 
   [ ]  Yes, works for me
   [ ]  No, I don't get my own posts


What is needed to get own posts??


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [patch] Option to remove A-forA

[Geert Stappers]

On Fri, Jan 26, 2018 at 09:03:07AM +0100, Mattias Hellström wrote:
> On Thu, Jan 25, 2018 at 9:31 PM, Geert Stappers wrote:
> > On Thu, Jan 25, 2018 at 04:03:57PM +0100, Mattias Hellström wrote:
> > > Hi,
> > > I have made a patch to disable the A-for-A feature.
> > > I believe that the text portions can be made better by an actual DNS 
> > > expert.
> > >
> >
> > FWIW
> >   after "unmengle what was mengled by email programm" still patch errors 
> > occure.
> >
> Looks like I invoked a whitespace problem in the copy paste. Here is the
> patch as attachment.
> The relevant parts are equal to the unmengled if I test with "diff -bB"
>

Yes, that patch applies cleanly.

I propose this commit message:

-8<8<---8<
Option to remove A-forA

Given the following quote, and if that trend holds true, there are probably
no significant A-for-A requests anymore.

The percentages of A-for-A seen by root servers reported in 2001, 2003, and
2008 was 12%, 7.03%, and 2.7%, respectively. The decreasing trend
continues in our data collected in 2012, where A-for-A only contributes
0.4% of the traffic.

[[ http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf ]]

Signed-of-by: Mattias Hellstrom <hellstrom.matt...@gmail.com>
-8<8<---8<

> > > I have made a patch to disable the A-for-A feature.
> > > I believe that the text portions can be made better by an actual DNS 
> > > expert.

+++ b/man/dnsmasq.8
+.TP
+.B --no-afora
+Do not treat A-for-A DNS requests special. I.e. do not duck type a FQDN to an 
IP.
+++ b/src/option.c
+  { LOPT_NO_AFORA, OPT_NO_AFORA, NULL, gettext_noop("Do not treat A-for-A 
special."), NULL },


Those text portions??



Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [patch] Option to remove A-forA

[Geert Stappers]

On Thu, Jan 25, 2018 at 04:03:57PM +0100, Mattias Hellström wrote:
> Hi,
> I have made a patch to disable the A-for-A feature.
> I believe that the text portions can be made better by an actual DNS expert.
> 
> Given the following quote, and if that trend holds true, there are probably
> no significant A-for-A requests anymore.
> 
> The percentages of A-for-A seen by root servers reported in 2001, 2003, and
> 2008 was 12%???18%, 7.03%, and 2.7%, respectively. The decreasing trend
} 2008 was 12%, 7.03%, and 2.7%, respectively. The decreasing trend
> continues in our data collected in 2012, where A-for-A only contributes
> 0.4% of the traffic.
> 
> [[ http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf ]]
> 
> 
> ---
> 
>  man/dnsmasq.8 | 3 +++
> 
>  src/dnsmasq.h | 3 ++-
> 
>  src/option.c  | 3 +++
> 
>  src/rfc1035.c | 2 +-
> 
>  4 files changed, 9 insertions(+), 2 deletions(-)
> 
> 
> diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
> 
> index 6b914ec..40d531c 100644
> 
> --- a/man/dnsmasq.8
> 
> +++ b/man/dnsmasq.8
> 

FWIW
  after "unmengle what was mengled by email programm" still patch errors occure.


Find attached the unmengled patch, it will yield this 

patching file man/dnsmasq.8
Hunk #1 succeeded at 1908 with fuzz 1.
patching file src/dnsmasq.h
Hunk #1 FAILED at 250.
1 out of 1 hunk FAILED -- saving rejects to file src/dnsmasq.h.rej
patching file src/option.c
Hunk #1 FAILED at 160.
Hunk #3 succeeded at 498 with fuzz 2.
1 out of 3 hunks FAILED -- saving rejects to file src/option.c.rej
patching file src/rfc1035.c
Hunk #1 FAILED at 1570.
1 out of 1 hunk FAILED -- saving rejects to file src/rfc1035.c.rej


against git HEAD



Groeten
Geert Stappers
-- 
Leven en laten leven
Hi,
I have made a patch to disable the A-for-A feature.
I believe that the text portions can be made better by an actual DNS expert.
Given the following quote, and if that trend holds true, there are probably
no significant A-for-A requests anymore.
The percentages of A-for-A seen by root servers reported in 2001, 2003, and
2008 was 12%–18%, 7.03%, and 2.7%, respectively. The decreasing trend
continues in our data collected in 2012, where A-for-A only contributes
0.4% of the traffic.
[[ http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf ]]
---
 man/dnsmasq.8 | 3 +++
 src/dnsmasq.h | 3 ++-
 src/option.c  | 3 +++
 src/rfc1035.c | 2 +-
 4 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 6b914ec..40d531c 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -1908,6 +1908,9 @@ A special case of
 which differs in two respects. Firstly, only --server and --rev-server are allowed
 in the configuration file included. Secondly, the file is re-read and the configuration
 therein is updated when dnsmasq receives SIGHUP.
+.TP
+.B --no-afora
+Do not treat A-for-A DNS requests special. I.e. do not duck type a FQDN to an IP.
 .SH CONFIG FILE
 At startup, dnsmasq reads
 .I /etc/dnsmasq.conf,
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index f4d330a..dbb3477 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -250,7 +250,8 @@ struct event_desc {
 #define OPT_MAC_B6454
 #define OPT_MAC_HEX55
 #define OPT_TFTP_APREF_MAC 56
-#define OPT_LAST   57
+#define OPT_NO_AFORA   57
+#define OPT_LAST   58
 /* extra flags for my_syslog, we use a couple of facilities since they are known
not to occupy the same bits as priorities, no matter how syslog.h is set up. */
 
diff --git a/src/option.c b/src/option.c
index 831593b..be3bb9e 100644
--- a/src/option.c
+++ b/src/option.c
@@ -160,6 +160,7 @@ struct myoption {
 #define LOPT_DHCPTTL   348
 #define LOPT_TFTP_MTU  349
 #define LOPT_REPLY_DELAY   350
+#define LOPT_NO_AFORA  351
 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =
 
@@ -325,6 +326,7 @@ static const struct myoption opts[] =
 { "script-arp", 0, 0, LOPT_SCRIPT_ARP },
 { "dhcp-ttl", 1, 0 , LOPT_DHCPTTL },
 { "dhcp-reply-delay", 1, 0, LOPT_REPLY_DELAY },
+{ "no-afora", 0, 0, LOPT_NO_AFORA },
 { NULL, 0, 0, 0 }
   };

@@ -497,6 +499,7 @@ static struct {
   { LOPT_IGNORE_ADDR, ARG_DUP, "", gettext_noop("Ignore DNS responses containing ipaddr."), NULL },
   { LOPT_DHCPTTL, ARG_ONE, "", gettext_noop("Set TTL in DNS responses with DHCP-derived addresses."), NULL },
   { LOPT_REPLY_DELAY, ARG_ONE, "", gettext_noop("Delay DHCP replies for at least number of seconds."), NULL },
+  { LOPT_NO_AFORA, OPT_NO_AFORA, NULL, gettext_noop("Do not treat A-for-A special."), NULL },
   { 0, 0, NULL, NULL, NULL }
 };
 
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 0ad3ab1..940fc25 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1570,7 +1570,7 @@ size_t answer_request(struct dns_header *header, char *limit, si

Re: [Dnsmasq-discuss] Long nslookup times

[Geert Stappers]

On Wed, Jan 31, 2018 at 04:44:03PM +, Donald Muller wrote:
> boun...@lists.thekelleys.org.uk] On Behalf Of Geert Stappers
> Sent: Wednesday, January 31, 2018 4:56 AM
> > On Wed, Jan 31, 2018 at 10:22:53AM +0100, Geert Stappers wrote:
> > > On Tue, Jan 30, 2018 at 05:08:05PM +, Donald Muller wrote:
> > > >
> > > > Using Microsoft DNS server
> > > >
> > > > [~] # time nslookup www.microsoft.com 192.168.22.200 Address 1:
> > > > 192.168.22.200 djmfs1.djmuller.com
> > >
> > > Programm nslookup did a reverse lookup on used DNS address and got
> > > back a FQDN
> > >
> > > > Address 1: 172.229.210.230
> > > > a172-229-210-230.deploy.static.akamaitechnologies.com
> > > >
> > > > real0m0.103s
> > > >
> > > > Using dnsmasq
> > > >
> > > > [~] # time nslookup www.microsoft.com 192.168.22.220 Address 1:
> > > > 192.168.22.220 DJMFS2
> > >
> > > Non Fully Qualified Domain Name for the used DNS address
> > >
> > > > Address 1: 172.229.210.230
> > > > a172-229-210-230.deploy.static.akamaitechnologies.com
> > > >
> > > > real0m40.057s
> > >
> > > Wow, a full forty seconds ...
> > >
> > > > As you can see dnsmasq took a lot longer.
> > >
> > > > Both DNS servers are set up to
> > > > forward requests to my router (192.168.22.252) which then forwards
> > > > them on the my ISP DNS servers. The router is NOT running a DNS server.
> > >
> > > So the "forward" is about forwarding plain IP packets.
> > > Initially I did read the "forward" as "forwarding a DNS request"
> > >
> > >
> > > > Some queries run faster on the NAS. Others, like www.micorsoft.com
> > > > run slower. Here is my dnsmasq setup.
> > > >
> > > > Main dnsmasq config file

> > > > Is there a setting that needs to be changed/added/removed?

I'm not convinced that the culprit is in  dnsmasq.
Please continue to find proof  ...

> > > > What additional information do you need?
> > > >
> > >
> > > The connection between the r2012 server and the router.
> > > The connection between the dnsmasq and the router.
> > 
> > And
> > the connection between the nslookup client and the r2012 server the
> > connection between the nslookup client and the dnsmasq server
> > 
> 
> All devices, including the router, are connected at 1GB to a switch.

The testclient what does it have in /etc/resolv.conf while testing?
Other tools for `nslookup`, such as `dig` and `host`,
what timing results have those?
The QNAP NAS with dnsmasq, how much traffic must it handle?


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Long nslookup times

[Geert Stappers]

On Tue, Jan 30, 2018 at 05:08:05PM +, Donald Muller wrote:
> 
> Using Microsoft DNS server
> 
> [~] # time nslookup www.microsoft.com 192.168.22.200
> Server:192.168.22.200
> Address 1: 192.168.22.200 djmfs1.djmuller.com

Programm nslookup did a reverse lookup on used DNS address
and got back a FQDN


> Name:  www.microsoft.com
> Address 1: 172.229.210.230 
> a172-229-210-230.deploy.static.akamaitechnologies.com
> Address 2: 2001:428:4404:18f::356e
> Address 3: 2001:428:4404:192::356e
> 
> real0m0.103s
> 
> Using dnsmasq
> 
> [~] # time nslookup www.microsoft.com 192.168.22.220
> Server:192.168.22.220
> Address 1: 192.168.22.220 DJMFS2

Non Fully Qualified Domain Name for the used DNS address

> 
> Name:  www.microsoft.com
> Address 1: 172.229.210.230 
> a172-229-210-230.deploy.static.akamaitechnologies.com
> Address 2: 2001:428:4404:192::356e
> Address 3: 2001:428:4404:18f::356e
> 
> real0m40.057s

Wow, a full forty seconds ...


> As you can see dnsmasq took a lot longer.


> Both DNS servers are set up to
> forward requests to my router (192.168.22.252) which then forwards them
> on the my ISP DNS servers. The router is NOT running a DNS server.

So the "forward" is about forwarding plain IP packets.
Initially I did read the "forward" as "forwarding a DNS request"


> Some queries run faster on the NAS. Others, like www.micorsoft.com run
> slower. Here is my dnsmasq setup.
> 
> Main dnsmasq config file
> 
> user=x
> group=yyy
> log-facility=/share/CACHEDEV1_DATA/UserData/Logs/DNSMasq/dnsmasq.log
> log-async=25
> bind-dynamic
> conf-file=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-dns.conf  # 
> DNS configuration information
> conf-file=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-dhcp.conf # 
> DHCP configuration information
> 
> dnsmasq-dns.conf file
> 
> domain-needed
> domain=djmuller.com
> no-hosts
> addn-hosts=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-hosts.conf
> expand-hosts
> #log-queries
> local-service
> bogus-priv
> filterwin2k
> resolv-file=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-resolv.conf
> stop-dns-rebind
> rebind-localhost-ok
> no-poll
> clear-on-reload
> domain-needed
> mx-host=djmuller.com,djmuller.com,50
> mx-target=mail.djmuller.com
> cache-size=1000
> conf-file=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-adservers.conf
>  # List of servers that will return no-domain
> rebind-domain-ok=/plex.direct/
> 
> Is there a setting that needs to be changed/added/removed?
> What additional information do you need?
> 

The connection between the r2012 server and the router.
The connection between the dnsmasq and the router.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Long nslookup times

[Geert Stappers]

On Wed, Jan 31, 2018 at 10:22:53AM +0100, Geert Stappers wrote:
> On Tue, Jan 30, 2018 at 05:08:05PM +, Donald Muller wrote:
> > 
> > Using Microsoft DNS server
> > 
> > [~] # time nslookup www.microsoft.com 192.168.22.200
> > Address 1: 192.168.22.200 djmfs1.djmuller.com
> 
> Programm nslookup did a reverse lookup on used DNS address
> and got back a FQDN
> 
> > Address 1: 172.229.210.230 
> > a172-229-210-230.deploy.static.akamaitechnologies.com
> > 
> > real0m0.103s
> > 
> > Using dnsmasq
> > 
> > [~] # time nslookup www.microsoft.com 192.168.22.220
> > Address 1: 192.168.22.220 DJMFS2
> 
> Non Fully Qualified Domain Name for the used DNS address
> 
> > Address 1: 172.229.210.230 
> > a172-229-210-230.deploy.static.akamaitechnologies.com
> > 
> > real0m40.057s
> 
> Wow, a full forty seconds ...
> 
> > As you can see dnsmasq took a lot longer.
> 
> > Both DNS servers are set up to
> > forward requests to my router (192.168.22.252) which then forwards them
> > on the my ISP DNS servers. The router is NOT running a DNS server.
> 
> So the "forward" is about forwarding plain IP packets.
> Initially I did read the "forward" as "forwarding a DNS request"
> 
> 
> > Some queries run faster on the NAS. Others, like www.micorsoft.com run
> > slower. Here is my dnsmasq setup.
> > 
> > Main dnsmasq config file
> > 
> > user=x
> > group=yyy
> > log-facility=/share/CACHEDEV1_DATA/UserData/Logs/DNSMasq/dnsmasq.log
> > log-async=25
> > bind-dynamic
> > conf-file=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-dns.conf  
> > # DNS configuration information
> > conf-file=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-dhcp.conf 
> > # DHCP configuration information
> > 
> > dnsmasq-dns.conf file
> > 
> > domain-needed
> > domain=djmuller.com
> > no-hosts
> > addn-hosts=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-hosts.conf
> > expand-hosts
> > #log-queries
> > local-service
> > bogus-priv
> > filterwin2k
> > resolv-file=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-resolv.conf
> > stop-dns-rebind
> > rebind-localhost-ok
> > no-poll
> > clear-on-reload
> > domain-needed
> > mx-host=djmuller.com,djmuller.com,50
> > mx-target=mail.djmuller.com
> > cache-size=1000
> > conf-file=/share/CACHEDEV1_DATA/UserData/Configs/DNSMasq/dnsmasq-adservers.conf
> >  # List of servers that will return no-domain
> > rebind-domain-ok=/plex.direct/
> > 
> > Is there a setting that needs to be changed/added/removed?
> > What additional information do you need?
> > 
> 
> The connection between the r2012 server and the router.
> The connection between the dnsmasq and the router.

And
the connection between the nslookup client and the r2012 server
the connection between the nslookup client and the dnsmasq server

Groeten
Geert Stappers
Who thinks this mail thread is not about a dnsmasq issue
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Extension to hosts-dir and dhcohosts-dir

[Geert Stappers]

On Thu, Feb 08, 2018 at 09:11:43PM -, Andy Hawkins wrote:
> In article <20180208164432.GA97242@wopr>, Kurt H Maier wrote:
> > You should fix the editor; that behavior is dangerous for other reasons,
> > similar to the ones outlined here:
> > http://openwall.com/lists/oss-security/2017/11/27/2
> 
> I take your point. However, given that the facility is available for config
> files, I don't see any reason why it shouldn't be extended to other
> directories that contain files that are designed to be modified while
> dnsmasq is running.

I do read that statement as 80% of needed source code already present.
Craft the missing source code into a patch, posted to here
and see what happens.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] How to troubleshoot NXDOMAIN for local devices?

[Geert Stappers]

On Thu, Feb 15, 2018 at 10:46:27PM +, Andy Ruddock wrote:
> Todd Andrews wrote:
> > Hi All,
> > 
> > I'm running dnsmasq 2.76 on a Raspberry Pi.

FWIW there are 2.79 release candidates.


> > It's been working great for
> > months but today I started seeing an odd behavior for a specific local
> > device and I don't know how to troubleshoot it.
> > 
> > The device is a Dell Inspiron 5577 Windows 10 Home edition laptop with the
> > latest Windows updates. It's getting an IP address of 192.168.1.115.

What did choose the  .115  ??

> > I first noticed the problem when I tried to establish a VNC connection to it
> > because I can't connect via its hostname, "sagan", but I can connect via
> > its IP address.

Is hostname "sagan" really configured inside the Windows 10 Home edition 
laptop??


> > Neither the IP assignment nor the laptop's MAC address appear in
> > dnsmasq.leases. The only reason I know it is assigned .115 is by physically
> > going to the laptop and running the Windows 'ipconfig' program at the
> > command prompt.
> > 
> > I've rebooted the Raspberry Pi and the Windows 10 laptop, but it hasn't
> > made a difference.
> > 
> > More info below. Does anyone have any ideas?
> > 
> > Regards,
> > Todd
> 
> 
> Are you sure the windows box hasn't been configured with a static IP
> address?
> 
> Any information when you refresh the IP address from within a cmd window
> in Windows?
>   ipconfig /renew
> 
> > 
> > 
> > 1. dnsmasq.log shows:
> > /var/log/dnsmasq.log:Feb 15 12:38:34 dnsmasq[738]: config 192.168.1.115 is 
> > NXDOMAIN

Yes, that is problem original poster has.

> > 2. I believe the following are the relevant dnsmasq config file entries.
> > These have been working for quite some time. I'm obfuscating the full MAC
> > address:
> > 
> > dhcp-host=f4:8e:38:xx:xx:xx,sagan

That is MAC-address and hostname.
Where is the "connection" / "link"  with  IP-address?


And about MAC-address:
 * How many MAC addresses has the laptop?
 * Are you using the right one?
 * What was done to prevent typo errors?

> > domain=si.loc
> > local=/si.loc/
> > expand-hosts
> > 
> > 
> > 3.  $ dnsmasq --test
> > dnsmasq: syntax check OK.
> > 
> > 
> > 4. Using the program WinIPConfig2012 a.k.a. WinIPConfig 4.0
> > <http://www.pkostov.com/wordpress/?p=19>, I've verified that the laptop is
> > using the Raspberry Pi as the DHCP server. There's no other DHCP server on
> > my network that I know of.
> > 
> > 5. On a third computer, a Macintosh, I get these results.

The third computer, what is the hostname?

> > The Raspberry Pi is at 192.168.1.40.
> > 
> > $ ping sagan
> >   *ping: cannot resolve sagan: Unknown host*
> > $ ping sagan.si.loc
> >   *ping: cannot resolve sagan.si.loc: Unknown host*
> > 

Does it work for the hostname of the third computer?


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] --synth-domain enhancement

[Geert Stappers]

On Mon, Feb 19, 2018 at 10:41:01AM +0100, Dominik DL6ER wrote:
> On 16.02.2018 16:01, Simon Kelley wrote:
> > To clarify, the serial numbers in
> > the names correspond to the addresses in the range supplied. If you use
> > a subnet to specify the range, for instance 192.168.202.0/24, then yes
> > dyn-1 will be 192.168.202.0, but if you use start,end to specify the
> > range, then the start address becomes dyn-1
> That's exactly why I think zero-indexed would be better, as dyn-50 would
> then also correspond to 192.168.202.50. For custom ranges (not starting
> from zweo) I have no preference, but the logic should obviously be the
> same as for the full /24 network.

Here another +1   for starting at 0.

So
|  --synth-domain=gently.org.uk,192.168.202.50,192.168.202.70,dyn-* 
   
would in /etc/hosts format
192.168.202.50dyn-0.gently.ork.uk
192.168.202.51dyn-1.gently.ork.uk
192.168.202.52dyn-2.gently.ork.uk

And indeed, on networks where network address ends on zero,
there it will be
192.0.2.0 string0
192.0.2.1 string1
192.0.2.2 string2
192.0.2.3 string3


Another thing, "rollover"
192.0.2.9   string9
192.0.2.10  string10

Should it be  "%03d", so
192.0.2.8   string008
192.0.2.9   string009
192.0.2.10  string010
#
192.0.2.99  string099
192.0.2.100 string100
192.0.2.101 string101


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] How to troubleshoot NXDOMAIN for local devices?

[Geert Stappers]

On Fri, Feb 16, 2018 at 09:03:02AM -0800, Todd A wrote:
> On Thu, Feb 15, 2018 at 2:46 PM, Andy Ruddock wrote:
> 
>Todd Andrews wrote:
> > Hi All,
> >
> > It's getting an IP address of 192.168.1.115. I
> > first noticed the problem when I tried to establish a VNC
> > connection to it
> > because I can't connect via its hostname, "sagan", but I can
> > connect via its IP address.
> >
> > Neither the IP assignment nor the laptop's MAC address appear in
> > dnsmasq.leases. The only reason I know it is assigned .115 is by
> > physically
> > going to the laptop and running the Windows 'ipconfig' program at the
> > command prompt.
> >
> > I've rebooted the Raspberry Pi and the Windows 10 laptop, but it
> > hasn't made a difference.
> >
> > More info below. Does anyone have any ideas?
> >
> > Regards,
> > Todd
> 
> Hi Andy, thanks for getting back to me so quickly. (I originally
> sent this reply yesterday but forgot there's a maximum size per post
> to this list. Replaced screen capture with a link below.)
> 
> 
>Are you sure the windows box hasn't been configured with a static IP
>address?
> 
> 
> I'm positive: click to view screen capture 
> <https://www.dropbox.com/s/cwy72yu4sly62mp/sagan-configured-as-dhcp.PNG?dl=0>
> 
>Any information when you refresh the IP address from within a cmd window
>in Windows?
>         ipconfig /renew
> 
> 
> I never would have thought to try this. It gave a strange error but
> renewing fixed the problem immediately. Here's the error:
> 
>C:\Users\taa>ipconfig /renew
> 
>Windows IP Configuration
> 
>An error occurred while renewing interface Ethernet : The name
>specified in the network control block (NCB) is in use on a remote
>adapter.
>The NCB is the data.
> 
>C:\Users\taa>
> 
> 
> Having a specific error allowed me to Google it and find Bizarre
> DHCP server error solved 
> <https://web.archive.org/web/20161126203756/http://www.formortals.com/bizarre-dhcp-server-error-solved/>.
> The poster at that link 1) was not getting an IP address at all, 2)
> was running a Windows DHCP server, and 3) "found a second
> reservation in DHCP which looked odd; it had the same IP address as
> the first one that we deleted but it had an entirely different MAC
> and name."
> 
> This made me remember that a couple of weeks ago I changed my
> laptop's Computer Name in Windows.
> 
> Does this mean there is some other place where dnsmasq might have
> cached the IP address or MAC or hostname? I'm trying to figure out
> why dnsmasq.leases had no reference to the laptop's IP/MAC/hostname,
> neither the previous hostname or the new one.

My guess would be
| dhcp-host=f4:8e:38:xx:xx:xx,sagan
as the original post mentioned. And assuming that dnsmasq is smart enough
to not log what is already documented in the (static) configuration.



> Maybe this is one of those cases that is so bizarre
> it defies explanation (and I can live with that). :D


I would culprit the host renaming.

Matching XKCD item at https://www.xkcd.com/910/   :-)


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] How to troubleshoot NXDOMAIN for local devices?

[Geert Stappers]

On Fri, Feb 16, 2018 at 09:32:45AM -0800, Todd Andrews wrote:
> On Thu, Feb 15, 2018 at 11:45 PM, Geert Stappers wrote:
> > On Thu, Feb 15, 2018 at 10:46:27PM +, Andy Ruddock wrote:
> > > Todd Andrews wrote:
> > > > Hi All,
> > > >
> > > > I'm running dnsmasq on a Raspberry Pi.
> > > >
> > > > It's been working great for months but today I started seeing
> > > > an odd behavior for a specific local device and I don't know
> > > > how to troubleshoot it.
> > > >
> > > > The device is a Dell Inspiron 5577 Windows 10 Home edition
> > > > laptop with the latest Windows updates. It's getting an IP
> > > > address of 192.168.1.115.
> >
> > What did choose the  .115  ??
> >
> 
> In the absence of another DHCP server on my network, my guess is that it
> could only have been assigned by dnsmasq.
> 
> 
> > > > I first noticed the problem when I tried to establish a VNC
> > > > connection to it because I can't connect via its hostname,
> > > > "sagan", but I can connect via its IP address.
> >
> 
> 
> > Is hostname "sagan" really configured inside the Windows 10 Home edition
> > laptop??
> >
> 
> Yes. It's configured as the Computer Name under Windows.
> 

Acknowlegde.

More elsewhere in this thread.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Long nslookup times

[Geert Stappers]

On Wed, Feb 21, 2018 at 05:03:34PM +, Donald Muller wrote:
> boun...@lists.thekelleys.org.uk] On Behalf Of Geert Stappers
> Sent: Wednesday, January 31, 2018 5:33 PM
> > On Wed, Jan 31, 2018 at 04:44:03PM +, Donald Muller wrote:
> > > boun...@lists.thekelleys.org.uk] On Behalf Of Geert Stappers
> > > Sent: Wednesday, January 31, 2018 4:56 AM
> > > > On Wed, Jan 31, 2018 at 10:22:53AM +0100, Geert Stappers wrote:
> > > > > On Tue, Jan 30, 2018 at 05:08:05PM +, Donald Muller wrote:
> > > > > >
> > > > > > Using Microsoft DNS server
> > > > > > [~] # time nslookup www.microsoft.com 192.168.22.200 Address 1:
> > > > > > 192.168.22.200 djmfs1.djmuller.com
> > > > >
> > > > > Programm nslookup did a reverse lookup on used DNS address and got
> > > > > back a FQDN
> > > > >
> > > > > > Using dnsmasq
> > > > > > [~] # time nslookup www.microsoft.com 192.168.22.220 Address 1:
> > > > > > 192.168.22.220 DJMFS2
> > > > >
> > > > > Non Fully Qualified Domain Name for the used DNS address
> > > > >
> > > > > >
> > > > > > real0m40.057s
> > > > >
> > > > > Wow, a full forty seconds ...
> > > > >
> > 
> > I'm not convinced that the culprit is in  dnsmasq.
> > Please continue to find proof  ...
> > 
> > > > > > What additional information do you need?
> > > > > The connection between the r2012 server and the router.
> > > > > The connection between the dnsmasq and the router.
> > > > And
> > > > the connection between the nslookup client and the r2012 server the
> > > > connection between the nslookup client and the dnsmasq server
> > > All devices, including the router, are connected at 1GB to a switch.
> > 
> > The testclient what does it have in /etc/resolv.conf while testing?
> > Other tools for `nslookup`, such as `dig` and `host`, what timing results 
> > have
> > those?
> > The QNAP NAS with dnsmasq, how much traffic must it handle?
> 
> The test client has the following in reslov.conf
> 
> [~] # cat /etc/resolv.conf
> nameserver 192.168.22.220
> nameserver 192.168.22.242
> 
> host shows the following:
> 
> [~] # time host www.microsoft.com 192.168.22.220
> Using domain server:
> Name: 192.168.22.220
> Address: 192.168.22.220#53
> Aliases:
> 
> www.microsoft.com is an alias for www.microsoft.com-c-3.edgekey.net.
> www.microsoft.com-c-3.edgekey.net is an alias for 
> www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
> www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is an alias for 
> e13678.dspb.akamaiedge.net.
> e13678.dspb.akamaiedge.net has address 104.88.47.193
> e13678.dspb.akamaiedge.net has IPv6 address 2001:418:143c:19e::356e
> e13678.dspb.akamaiedge.net has IPv6 address 2001:418:143c:1a9::356e
> 
> real0m0.050s
> user0m0.001s
> sys 0m0.001s
> 
> dig is not installed.
> 
> The QNAP NAS is not handling much traffic. If is a home file server with 
> minimal traffic.
> 
> I also set up dnsmasq on a second NAS with just DNS running, no DHCP. This 
> NAS is used for backups so normally has no traffic. I get the same long times
> 
> [~] # time nslookup www.microsoft.com 192.168.22.242
> Server:192.168.22.242
> Address 1: 192.168.22.242 djmfs3.djmuller.com
> 
> Name:  www.microsoft.com
> Address 1: 104.88.47.193 a104-88-47-193.deploy.static.akamaitechnologies.com
> Address 2: 2001:418:143c:19e::356e
> Address 3: 2001:418:143c:1a9::356e
> 
> real0m40.071s
> user0m0.000s
> sys 0m0.001s
> 
> What times do you get if you do a nslookup on www.microsoft.com?

| $ time nslookup www.microsoft.com 172.24.0.7
| Server:   172.24.0.7
| Address:  172.24.0.7#53
| 
| Non-authoritative answer:
| www.microsoft.com canonical name = www.microsoft.com-c-3.edgekey.net.
| www.microsoft.com-c-3.edgekey.net canonical name = 
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
| www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net  canonical name 
= e13678.dspb.akamaiedge.net.
| Name: e13678.dspb.akamaiedge.net
| Address: 104.73.152.80
| 
| 
| real  0m0,261s
| user  0m0,006s
| sys   0m0,006s
| $ time host www.microsoft.com 172.24.0.7
| Using domain server:
| Name: 172.24.0.7
| Address: 172.24.0.7#53
| Aliases: 
| 
| www.microsoft.com is an alias for www.microsoft.com-c-3.edgekey.net.
| www.microsoft.com-c-3.edgekey.net is an alias for 
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
| www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is an alias for 
e13678.dspb.akamaiedge.net.
| e13678.dspb.akamaiedge.net has address 104.73.152.80
| e13678.dspb.akamaiedge.net has IPv6 address 2a02:26f0:f4:196::356e
| e13678.dspb.akamaiedge.net has IPv6 address 2a02:26f0:f4:19f::356e
| 
| real  0m0,096s
| user  0m0,008s
| sys   0m0,004s

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Long nslookup times

[Geert Stappers]

On Wed, Feb 21, 2018 at 07:02:45PM +0100, Geert Stappers wrote:
> On Wed, Feb 21, 2018 at 05:03:34PM +, Donald Muller wrote:
> > > > > On Wed, Jan 31, 2018 at 10:22:53AM +0100, Geert Stappers wrote:
> > > > > > On Tue, Jan 30, 2018 at 05:08:05PM +, Donald Muller wrote:
> > > > > > >
> > > > > > > Using Microsoft DNS server
> > > > > > > [~] # time nslookup www.microsoft.com 192.168.22.200 Address 1:
> > > > > > > 192.168.22.200 djmfs1.djmuller.com
> > > > > >
> > > > > > Programm nslookup did a reverse lookup on used DNS address and got
> > > > > > back a FQDN
> > > > > >
> > > > > > > Using dnsmasq
> > > > > > > [~] # time nslookup www.microsoft.com 192.168.22.220 Address 1:
> > > > > > > 192.168.22.220 DJMFS2
> > > > > >
> > > > > > Non Fully Qualified Domain Name for the used DNS address

So we know that the reverse DNS data source is some what sloppy configured.

||| 192.168.22.200 djmfs1.djmuller.com
||| 192.168.22.220 DJMFS2

But the real thing I'm trying to tell:  extra (unwanted??) reverse lookup happen


> > > > > > Wow, a full forty seconds ...
> > > > > >
> > > 
> > > I'm not convinced that the culprit is in  dnsmasq.
> > > Please continue to find proof  ...

Because you have a interesting probleem ...


> > > > > > > What additional information do you need?
> > > > All devices, including the router, are connected at 1GB to a switch.
> > > 
> > > The testclient what does it have in /etc/resolv.conf while testing?
> > > Other tools for `nslookup`, such as `dig` and `host`, what timing results 
> > > have
> > > those?
> > > The QNAP NAS with dnsmasq, how much traffic must it handle?
> > 
> > The test client has the following in reslov.conf
> > 
> > [~] # cat /etc/resolv.conf
> > nameserver 192.168.22.220
> > nameserver 192.168.22.242
> > 
> > host shows the following:
> > 
> > [~] # time host www.microsoft.com 192.168.22.220
> > Using domain server:
> > Name: 192.168.22.220
> > Address: 192.168.22.220#53
> > Aliases:
> > 
> > www.microsoft.com is an alias for www.microsoft.com-c-3.edgekey.net.
> > www.microsoft.com-c-3.edgekey.net is an alias for 
> > www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
> > www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is an alias for 
> > e13678.dspb.akamaiedge.net.
> > e13678.dspb.akamaiedge.net has address 104.88.47.193
> > e13678.dspb.akamaiedge.net has IPv6 address 2001:418:143c:19e::356e
> > e13678.dspb.akamaiedge.net has IPv6 address 2001:418:143c:1a9::356e
> > 
> > real0m0.050s
> > user0m0.001s
> > sys 0m0.001s

That is much better than forty seconds ...

> > dig is not installed.

Install it. Rule out that we are dealing with a bogus nslookup.

> > 
> > The QNAP NAS is not handling much traffic. If is a home file server with 
> > minimal traffic.
> > 
> > I also set up dnsmasq on a second NAS with just DNS running, no DHCP. This 
> > NAS is used for backups so normally has no traffic. I get the same long 
> > times
> > 
> > [~] # time nslookup www.microsoft.com 192.168.22.242
> > Server:192.168.22.242
> > Address 1: 192.168.22.242 djmfs3.djmuller.com

A reverse DNS lookup was performed
> > 
> > Name:  www.microsoft.com
> > Address 1: 104.88.47.193 a104-88-47-193.deploy.static.akamaitechnologies.com

A reverse DNS lookup was performed

> > Address 2: 2001:418:143c:19e::356e
> > Address 3: 2001:418:143c:1a9::356e
> > 
> > real0m40.071s
> > user0m0.000s
> > sys 0m0.001s
> > 
> > What times do you get if you do a nslookup on www.microsoft.com?
> 
> | $ time nslookup www.microsoft.com 172.24.0.7
> | Server: 172.24.0.7
> | Address:172.24.0.7#53

No sign that nslookup did a reverse lookup.

> | Non-authoritative answer:
> | www.microsoft.com   canonical name = www.microsoft.com-c-3.edgekey.net.
> | www.microsoft.com-c-3.edgekey.net   canonical name = 
> www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
> | www.microsoft.com-c-3.edgekey.net.globalredir.akadns.netcanonical name 
> = e13678.dspb.akamaiedge.net.
> | Name:   e13678.dspb.akamaiedge.net
> | Address: 104.73.152.80

No sign that nslookup did a reverse lookup.

> | real0m0,261s
> | user    0m0,006s
> | sys 0m0,006s

Conside

Re: [Dnsmasq-discuss] Set environment variable for dhcp-script

[Geert Stappers]

On Sat, Aug 11, 2018 at 01:09:53AM +, Daniel Weller wrote:
> From: Geert Stappers Sent: Friday, August 10, 2018 7:20:50 AM
> > On Fri, Aug 10, 2018 at 09:11:48AM +, Daniel Weller wrote:
> > > I am trying to pass a DHCP header value that is read from the client
> > > DHCP request- to the file being called by dhcp-script=. The
> > > easiest way to do that I think is to set an environment variable that
> > > the dhcp-script= has access to while executing.
> > 
> > What is the original problem?
> > 
> > So let us know which DNSMASQ_... you miss.
> > 
> 
> That is the original problem. Just trying to pass a custom DHCP
> header option to the dhcp-scrip=. What do you mean by "So let
> us know which DNSMASQ_... you miss" ? I understand there is a lot of
> DNSMASQ_... options on the man page under dhcp-script. None let you
> grab all of the DHCP headers passed from the client to the server.
> 

, I was hoping for an answer like

} I do mis DNSMASQ_FOO. FOO is a custom DHCP option, being option number 
} Having DNSMASQ_FOO in dhcp-script would solve the problem of ...


Without knowing the original problem is not possible to provide
an alternative solution.

Without knowng the DHCP option number is not possible to advice
which existing DHCP option to use as starting point for the currently
missing source code for putting FOO into environment for dhcp-script. 


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Set environment variable for dhcp-script

[Geert Stappers]

On Mon, Aug 13, 2018 at 06:17:59PM +, Daniel Weller wrote:
> Geert Stappers
> >>>>>
> >>>>>  What is the original problem?
> >>>>>
>
> I am trying to pass DHCP header option 161 OPTION_MUD_URL_V4 to the
> dhcp-script. Doing so would allow for the use of dnsmasq to communicate
> a MUD url via DHCP to a mud manager.

Quoting https://osmud.org/
| How does MUD work?
|
| A MUD compliant network includes a MUD manager that communicates with
| network services like DHCP allowing the MUD manager to be informed
| of when devices enter and leave the network. Devices that provide
| additional information and context about themselves via MUD specified
| methods when seen on the network are considered to be ?MUD Enabled
| Devices?. The MUD manager uses this context to obtain/download
| information from the manufacturer defining allowed behaviors for
| specific devices. The MUD manager uses the information (stored in a MUD
| file) to communicate with network services including firewall, DNS,
| and DHCP services and/or other services including network monitoring
| software to communicate allowed behaviors of individual devices.

And the MUD URL DHCP Option is documented
at https://tools.ietf.org/html/draft-ietf-opsawg-mud-25#section-10


Sounds like a valid extension of dnsmasq. But I'm worn out. It took three
attempts to get an answer what the original problem is. Hopefully there
will be a fresh start like:

| Hello,
|
| I am trying to set a DNSMASQ_MUD_URL variable from inside dnsmasq- giving
| the script being called by dhcp-script access to that variable.
| MUD is Manufacturer Usage Description ( https://osmud.org/ )
|
| Find attached a patch with the extra source code.
|
| However, when it forks I am unable to follow the child process
| in my debugger. I have tried setting "set follow-fork-mode " &
| "set detach-on-fork " but after the process forks- it seems to
| just hang and never be called.
|
| Also I've got my local variable inside the lease struct and passed to
| queue_script() in helper.c.
|
| Any ideas how to debug the dhcp-script child process or where I should
| set the environment variable to allow the script called by dhcp-script
| to read this environment variable?



Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Set environment variable for dhcp-script

[Geert Stappers]

On Thu, Aug 09, 2018 at 08:38:33PM +, Daniel Weller wrote:
> Hello,
> 
> I am trying to set an environment variable from inside dnsmasq- giving
> the script being called by dhcp-script access to that variable. I
> think the location to do this is inside helper.c in the create_helper()
> function. However, when it forks I am unable to follow the child process
> in my debugger. I have tried setting "set follow-fork-mode " &
> "set detach-on-fork " but after the process forks- it seems to
> just hang and never be called.
> 
> Also I've got my local variable inside the lease struct and passed to
> queue_script() in helper.c.
> 
> Any ideas how to debug the dhcp-script child process or where I should
> set the environment variable to allow the script called by dhcp-script
> to read this environment variable?

What is the original problem?


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Set environment variable for dhcp-script

[Geert Stappers]

On Fri, Aug 10, 2018 at 09:11:48AM +, Daniel Weller wrote:
> From: Geert Stappers, Sent: Friday, August 10, 2018 1:51:26 AM
> > On Thu, Aug 09, 2018 at 08:38:33PM +, Daniel Weller wrote:
> > > Hello,
> > >
> > > I am trying to set an environment variable from inside dnsmasq- giving
> > > the script being called by dhcp-script access to that variable. I
> > > think the location to do this is inside helper.c in the create_helper()
> > > function. However, when it forks I am unable to follow the child process
> > > in my debugger. I have tried setting "set follow-fork-mode " &
> > > "set detach-on-fork " but after the process forks- it seems to
> > > just hang and never be called.
> > >
> > > Also I've got my local variable inside the lease struct and passed to
> > > queue_script() in helper.c.
> > >
> > > Any ideas how to debug the dhcp-script child process or where I should
> > > set the environment variable to allow the script called by dhcp-script
> > > to read this environment variable?
> > 
> > What is the original problem?
> > 
> I am trying to pass a DHCP header value that is read from the client
> DHCP request- to the file being called by dhcp-script=. The
> easiest way to do that I think is to set an environment variable that
> the dhcp-script= has access to while executing.
> 

What is the original problem?


So let us know which DNSMASQ_... you miss. ( check manual for DNSMASQ_ )


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] local dns broke

[Geert Stappers]

On Mon, Jul 23, 2018 at 06:02:02PM -0500, Carl Karsten wrote:
> On Mon, Jul 23, 2018 at 4:16 PM, Geert Stappers  wrote:
> >
> > What do the other client fine that the netplan client doesn't do?
> >
> 
> resolve local names.
> 
> xenial box:
> carl@twist:~$ host pc8
> pc8 has address 192.168.1.8
> 
> carl@twist:~$ host trist
> trist has address 192.168.1.156
> 
> bionic netplan:
> juser@dc10b:~$ host pc8
> Host pc8 not found: 2(SERVFAIL)
> juser@dc10b:~$ host trist
> Host trist not found: 2(SERVFAIL)
> 
> juser@dc10b:~$ host pc8 192.168.1.8
> Using domain server:
> Name: 192.168.1.8
> Address: 192.168.1.8#53
> Aliases:
> pc8 has address 192.168.1.8
> 
> juser@dc10b:~$ host trist 192.168.1.8
> Using domain server:
> Name: 192.168.1.8
> Address: 192.168.1.8#53
> Aliases:
> trist has address 192.168.1.156
> 
> 
> juser@dc10b:~$ cat /run/systemd/resolve/resolv.conf
> # [comments removed]
> nameserver 192.168.1.8
> 
> juser@dc10b:~$ cat /etc/resolv.conf
> nameserver 127.0.0.53
 

My guess is that a domain name is missing, dc10b correct and twist wrong.


Cheers
Geert Stappers
--
Yes, discussion order is in chronological order

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] selecting log queries

[Geert Stappers]

On Wed, Mar 07, 2018 at 06:09:21PM -0800, John Pearson wrote:
> 
> What I'm trying to do: grep log files for domains intentionally asked for.

Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 10.1.0.163
Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 127.0.0.1
Mar  7 18:06:07 dnsmasq[29158]: query[A] collector.githubapp.com from 10.1.0.163
Mar  7 18:06:07 dnsmasq[29158]: query[A] api.github.com from 10.1.0.163


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] selecting log queries

[Geert Stappers]

On Thu, Mar 08, 2018 at 11:03:53AM -0800, John Pearson wrote:
> On Thu, Mar 8, 2018 at 12:55 AM, Geert Stappers wrote:
> > On Wed, Mar 07, 2018 at 06:09:21PM -0800, John Pearson wrote:
> > >
> > > What I'm trying to do: grep log files for domains intentionally asked
> > > for.
> >
> > Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 10.1.0.163
> > Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 127.0.0.1
> > Mar  7 18:06:07 dnsmasq[29158]: query[A] collector.githubapp.com from 
> > 10.1.0.163
> > Mar  7 18:06:07 dnsmasq[29158]: query[A] api.github.com from 10.1.0.163
> >
> 
> Thanks Geert. I meant that in this case collector.githubapp.com &
> api.github.com are also domains that I didn't directly request. They were
> requested by the page when I went to github.com if that makes sense.
 
So all requests came from the same webbrowser.
Try to understand why the requests should be marked different.
Then try to understand why a name server should log them differently.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] selecting log queries

[Geert Stappers]

On Thu, Mar 08, 2018 at 09:28:41PM -0800, John Pearson wrote:
> On Thu, Mar 8, 2018 at 12:09 PM, Geert Stappers wrote:
> > On Thu, Mar 08, 2018 at 11:03:53AM -0800, John Pearson wrote:
> > >  ... I meant that in this case collector.githubapp.com &
> > > api.github.com are also domains that I didn't directly request.
> > > They were requested by the page when I went to github.com if that
> > > makes sense.
> >
> > So all requests came from the same webbrowser.
> > Try to understand why the requests should be marked different.
> > Then try to understand why a name server should log them differently.
> 
> Yeah all the requests came from the browser. I can't immediately think of
> how parse out an implicit request versus the page itself querying more
> domains.

OK,  continue your pursuit of "what is the webbrowser doing" with
a tool like mitmproxy   https://mitmproxy.org/ 


Good luck with it. Make it possible that people can read in the discussion 
order,
place responses _below_ previous post.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Announce : dnsmasq-2.79

[Geert Stappers]

On Sun, Mar 18, 2018 at 04:58:53PM +, Simon Kelley wrote:
> I just tagged and push the final 2.79 release.

Cool!

> Release notes below.

Euh, I do miss
 Inotify: Ignore backup files created by editors
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/
 
> Enjoy.
> 
> 
> Simon.
> 
> version 2.79
> Fix parsing of CNAME arguments, which are confused by extra
> spaces. Thanks to Diego Aguirre for spotting the bug.
> 
> Where available, use IP_UNICAST_IF or IPV6_UNICAST_IF to bind
> upstream servers to an interface, rather than SO_BINDTODEVICE.
> Thanks to Beniamino Galvani for the patch.
> 
> Always return a SERVFAIL answer to DNS queries without the
> recursion desired bit set, UNLESS acting as an authoritative
> DNS server. This avoids a potential route to cache snooping.
> 
> Add support for Ed25519 signatures in DNSSEC validation.
> 
> No longer support RSA/MD5 signatures in DNSSEC validation,
> since these are not secure. This behaviour is mandated in
> RFC-6944.
> 
> Fix incorrect error exit code from dhcp_release6 utility.
> Thanks Gaudenz Steinlin for the bug report.
> 
> Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC
> time validation when --dnssec-no-timecheck is in use.
>   Note that this is an incompatible change from earlier releases.
> 
> Allow more than one --bridge-interface option to refer to an
> interface, so that we can use
> --bridge-interface=int1,alias1
> --bridge-interface=int1,alias2
> as an alternative to
> --bridge-interface=int1,alias1,alias2
> Thanks to Neil Jerram for work on this.
> 
> Fix for DNSSEC with wildcard-derived NSEC records.
> It's OK for NSEC records to be expanded from wildcards,
> but in that case, the proof of non-existence is only valid
> starting at the wildcard name, *. NOT the name expanded
> from the wildcard. Without this check it's possible for an
> attacker to craft an NSEC which wrongly proves non-existence.
> Thanks to Ralph Dolmans for finding this, and co-ordinating
> the vulnerability tracking and fix release.
>   CVE-2017-15107 applies.
> 
> Remove special handling of A-for-A DNS queries. These
> are no longer a significant problem in the global DNS.
> http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf
> Thanks to Mattias Hellström for the initial patch.
> 
> Fix failure to delete dynamically created dhcp options
> from files in -dhcp-optsdir directories. Thanks to
> Lindgren Fredrik for the bug report.
> 
> 
>  Add to --synth-domain the ability to create names using
> sequential numbers, as well as encodings of IP addresses.
> For instance,
>   --synth-domain=thekelleys.org.uk,192.168.0.50,192.168.0.70,internal-*
> creates 21 domain names of the form
> internal-4.thekelleys.org.uk over the address range given, with
> internal-0.thekelleys.org.uk being 192.168.0.50 and
> internal-20.thekelleys.org.uk being 192.168.0.70
>     Thanks to Andy Hawkins for the suggestion.
> 
> Tidy up Crypto code, removing workarounds for ancient
> versions of libnettle. We now require libnettle 3.
> 
> 

Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Long nslookup times

[Geert Stappers]

On Fri, Mar 02, 2018 at 06:14:33AM +, Donald Muller wrote:
> Geert Stappers, Sent Wednesday, February 21, 2018 1:18 PM
> > On Wed, Feb 21, 2018 at 07:02:45PM +0100, Geert Stappers wrote:
> > > On Wed, Feb 21, 2018 at 05:03:34PM +, Donald Muller wrote:
> > 
> > 
> > 
> > > > > > > > Wow, a full forty seconds ...
> > > > > > > >
> > > > >
> > > > > I'm not convinced that the culprit is in  dnsmasq.
> > > > > Please continue to find proof  ...
> > 
> > Because you have a interesting probleem ...

Yep

> > > >
> > > > real0m0.050s
> > > > user0m0.001s
> > > > sys 0m0.001s
> > 
> > That is much better than forty seconds ...
> > 
> > > > dig is not installed.
> > 
> > Install it. Rule out that we are dealing with a bogus nslookup.
> 
> Results of dig
> 
> [~] # dig www.microsoft.com 192.168.22.220
> ;; ANSWER SECTION:
> www.microsoft.com.  2025IN  CNAME   
> www.microsoft.com-c-3.edgekey.net.
> www.microsoft.com-c-3.edgekey.net. 13945 IN CNAME 
> www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
> www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net. 72 IN CNAME 
> e13678.dspb.akamaiedge.net.
> e13678.dspb.akamaiedge.net. 19  IN  A   23.206.169.201
> ;; Query time: 10 msec
> 
> ;; ANSWER SECTION:
> 192.168.22.220. 0   IN  A   192.168.22.220
> ;; Query time: 0 msec
> [~] #
> 

Total query time is 10 msec plus 0 msec


@Original Poster:  Come back to the dnsmasq mailinglist
   when you have more proof that your interresting problem
   is caused by dnsmasq.
   If want to hire a consultant, do so.
   If you are here for hiring a consultant, say so.


At least try to understand where to ask what.
Karma bonus points for telling over few weeks
what caused the forty seconds lookup time.


Groeten
Geert Stappers
Probably way too concerned about the health of dnsmasq community
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] doc issue: dhcp on multiple interfaces

[Geert Stappers]

On Thu, Apr 26, 2018 at 12:24:56PM +0200, Harald Dunkel wrote:
> 
> maybe I am too blind to see, but apparently something like
> 
>   dhcp-range=em1,10.0.0.10,10.0.0.254,12h
>   dhcp-range=em2,10.0.1.10,10.0.1.254,12h
> 
> is not mentioned in the man page. Is it possible that the
> interface part was lost?
> 

range 10.0.0.10...10.0.0.254 is for interface in that range
range 10.0.1.10...10.0.1.254 is for interface in that range


Back to
> Is it possible that the interface part was lost?

There is no need to manual map an interface to a DHCP-range.

If there is a deeper problem behind the original question,
then please express yourself.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Authoritative and recursive service from the same interface

[Geert Stappers]

On Fri, Sep 28, 2018 at 08:03:50PM -0400, Eric Luehrsen wrote:
> On 09/28/2018 06:46 PM, Simon Kelley wrote:
> > On 28/09/18 23:07, Marc Heckmann wrote:
> > > 
> > > I am curious though: what will be used for the NS record if the
> > > auth-server configuration is omitted?
> > 
> > 
> > It appears to return an NS record of "." ie the DNS root. Which is not
> > particularly sensible. This may need some more thought
> > 
> 
> In other software something like the following makes a reasonable
> non-functioning default, when things go wrong. It terminates locally instead
> of whatever root-as-NS will cause.
> 7200 IN SOA localhost. nobody.invalid. 1 3600 1200 9600 300
> 7200 IN NS localhost.
> 

And what A record for Name Server 'localhost.' ?



Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] NM - dnsmasq, shared conn. no IP to client

[Geert Stappers]

On Mon, Nov 05, 2018 at 08:25:33PM +0200, Kemal Kilic wrote:
> Hello Folks,
> 
> I have 64 bit openSUSE Tumbleweed.
> Just a week ago my shared wifi and ethernet connections were working with
> NetworkManager
> 
> I do not know what happened but now I got such messages and the client can
> not get IP address
> Why dnsmasq can not create that lease file in /var/lib/NetworkManager?
> How can I get over this problem?


Start with explaining why NetworkManager (usualy on "clients" )
should start dnsmasq (usualy on "servers" )




> Thanks for your time.

In http://www.catb.org/~esr/faqs/smart-questions.html is documented
that I could/should have spend my time elsewhere.


> Here is the NetworkManager log:
> 
> systemctl status NetworkManager
> ??? NetworkManager.service - Network Manager
>   Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled;
> vendor preset: disabled)
>  Drop-In: /usr/lib/systemd/system/NetworkManager.service.d
>   ??NetworkManager-ovs.conf
>   Active: active (running)
> Docs: man:NetworkManager(8)
> Main PID: 1319 (NetworkManager)
>Tasks: 4 (limit: 4915)
>   CGroup: /system.slice/NetworkManager.service
>   ??1319 /usr/sbin/NetworkManager --no-daemon
>   ??1704 /sbin/dhclient -d -q -sf /usr/lib/nm-dhcp-helper -pf 
> /var/run/dhclient-enp5s0.pid -lf
> /var/lib/NetworkManager/dhclient-5aa08187-8d97-4502-836f-6f26683d034e-enp5s0.lease
> -cf /var/lib/N>
> 
> Nov 05 20:13:51 michael NetworkManager[1319]:   [1541441631.6756] 
> Executing: /usr/sbin/iptables --table nat --insert POSTROUTING --source 
> 10.42.0.0/255.255.255.0 ! --destination 10.42.0.0/255.255>
> Nov 05 20:13:51 michael NetworkManager[1319]:   [1541441631.6767] 
> dnsmasq-manager: starting dnsmasq...
> Nov 05 20:13:51 michael NetworkManager[1319]:   [1541441631.6778] 
> device (wlp2s0f0u10): state change: ip-config -> ip-check (reason 'none', 
> sys-iface-state: 'managed')
> Nov 05 20:13:51 michael NetworkManager[1319]:   [1541441631.6788] 
> device (wlp2s0f0u10): state change: ip-check -> secondaries (reason 'none', 
> sys-iface-state: 'managed')
> Nov 05 20:13:51 michael NetworkManager[1319]:   [1541441631.6790] 
> device (wlp2s0f0u10): state change: secondaries -> activated (reason 'none', 
> sys-iface-state: 'managed')
> Nov 05 20:13:51 michael NetworkManager[1319]: dnsmasq: cannot open or create 
> lease file /var/lib/NetworkManager/dnsmasq-wlp2s0f0u10.leases: Permission 
> denied
> Nov 05 20:13:51 michael dnsmasq[692]: cannot open or create lease file 
> /var/lib/NetworkManager/dnsmasq-wlp2s0f0u10.leases: Permission denied
> Nov 05 20:13:51 michael dnsmasq[692]: FAILED to start up
> Nov 05 20:13:51 michael NetworkManager[1319]:   [1541441631.6902] 
> device (wlp2s0f0u10): Activation: successful, device activated.
> Nov 05 20:13:51 michael NetworkManager[1319]:   [1541441631.6907] 
> dnsmasq-manager: dnsmasq exited with error: Filesystem problem (missing 
> file/directory, permissions) (3)
> 
> 



Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] static lease issues?

[Geert Stappers]

Executive summary:  email has been seen

On Mon, Nov 05, 2018 at 03:30:12AM +, Kevin Darbyshire-Bryant wrote:
> Hi Simon, Hi List,
 
Hello List,


> I???m hearing rumblings from the openwrt community that something
> isn???t right with static leases.

Please pursuit it further


> The behaviour manifests itself as the statically assigned host being unable 
> to renew its lease.  e.g.
> 
> -this is okay

Please dont take it for granted ...


> Nov  4 15:29:29 192.168.0.254 dnsmasq-dhcp[2378]: 424644159 available DHCP 
> range: 192.168.0.100 -- 192.168.0.199
> Nov  4 15:29:29 192.168.0.254 dnsmasq-dhcp[2378]: 424644159 client provides 
> name: sylvester
> Nov  4 15:29:29 192.168.0.254 dnsmasq-dhcp[2378]: 424644159 
> DHCPDISCOVER(eth0.54) 00:11:22:33:44:55
> Nov  4 15:29:29 192.168.0.254 dnsmasq-dhcp[2378]: 424644159 tags: lan, known, 
> eth0.54
> Nov  4 15:29:29 192.168.0.254 dnsmasq-dhcp[2378]: 424644159 
> DHCPOFFER(eth0.54) 192.168.0.12 00:11:22:33:44:55

Here I'm missing the logging of DHCPREQUEST and DHCPACK

> -but later
> 
> Nov  4 15:52:32 192.168.0.254 dnsmasq-dhcp[2378]: 53015875 available DHCP 
> range: 192.168.0.100 -- 192.168.0.199
> Nov  4 15:52:32 192.168.0.254 dnsmasq-dhcp[2378]: 53015875 client provides 
> name: sylvester
> Nov  4 15:52:32 192.168.0.254 dnsmasq-dhcp[2378]: 53015875 
> DHCPREQUEST(eth0.54) 192.168.0.12 00:11:22:33:44:55
> Nov  4 15:52:32 192.168.0.254 dnsmasq-dhcp[2378]: 53015875 DHCPNAK(eth0.54) 
> 192.168.0.12 00:11:22:33:44:55 address not available
> Nov  4 15:52:32 192.168.0.254 dnsmasq-dhcp[2378]: 53015875 broadcast response
> Nov  4 15:52:32 192.168.0.254 dnsmasq-dhcp[2378]: 53015875 sent size:  1 
> option: 53 message-type  6
> Nov  4 15:52:32 192.168.0.254 dnsmasq-dhcp[2378]: 53015875 sent size:  4 
> option: 54 server-identifier  192.168.0.254
> Nov  4 15:52:32 192.168.0.254 dnsmasq-dhcp[2378]: 53015875 sent size: 21 
> option: 56 message  61:64:64:72:65:73:73:20:6e:6f:74:20:61:76...

Option 56 is DHCP Error Message

message  61:64:64:72:65:73:73:20:6e:6f:74:20:61:76...
ASCII a  d  d  r  e  s  s n  o  t a  v  

> Nov  4 15:52:32 192.168.0.254 dnsmasq-dhcp[2378]: 1321333264 available DHCP 
> range: 192.168.0.100 -- 192.168.0.199
> Nov  4 15:52:32 192.168.0.254 dnsmasq-dhcp[2378]: 1321333264 client provides 
> name: sylvester

Gap of  four seconds

> Nov  4 15:52:36 192.168.0.254 dnsmasq-dhcp[2378]: 1321333264 
> DHCPDISCOVER(eth0.54) 00:11:22:33:44:55
> Nov  4 15:52:36 192.168.0.254 dnsmasq-dhcp[2378]: 1321333264 tags: lan, 
> known-othernet, eth0.54
> Nov  4 15:52:36 192.168.0.254 dnsmasq-dhcp[2378]: 1321333264 
> DHCPOFFER(eth0.54) 192.168.0.190 00:11:22:33:44:55

Those three log entries are the same as  Nov  4 15:29:29


> 
> I have yet to see this behaviour personally, so I???m putting this out there 
> as
>  a) anyone else
>  b) any ideas on debugging?

Debugging idea:  Get involvement of the initial reporter.


The above "anyone else seen this?" is the real problem. Which is
not understanding the problem.

The P in  DHCP  stands for Protocol. It is between server and client.

So please take some time to tell more about the client
plus how they are configured and connected.



Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No Broadcast Dhcp Offers

[Geert Stappers]

On Sat, Sep 22, 2018 at 07:06:53PM +0200, gravit...@gmx.com wrote:
> Hi all,
> I have a very simple question, but it seems difficult to find a solution...
> 
> By default DNSMASQ sends Dhcp OFFER message with eth.dst=ff:ff:ff:ff:ff:ff , 
> it
> sends to broadcast mac.
> I have a dongle which works a bit outside specs, and can't answer to broadcast
> mac.

I don't buy that.  ARP also does ethernet broadcasts.
Without Address Resolution Protocol no IPv4 networking on ethernet.

What I think is that no driver is loaded for the dongle
during first DHCP Discover request.


> So, I need DNSMASQ to send the Dhcp OFFER messages (and better also ACK/NAK 
> and
> the whole Dhcp stack) to a specific mac I set.
> Does it exist such option?

I don't know.

 
> I already was thinking to start crafting Dhcp frames myself... but I dont
> really want to rewrite my own DNSMASQ...

Then just write your own DHCP server. ;-)


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Initializing DNS ....

[Geert Stappers]

On Fri, Nov 16, 2018 at 04:39:20PM +, Mark Olbert wrote:
> 
> I am transferring the DHCP/DNS services provided by dnsmasq for my
> LAN from one device to another (the old device runs Debian wheezy;
> the new one runs Debian stretch).
> 
> A number of the devices on my LAN have fixed IP addresses. Some of
> these are statically-defined on the devices themselves, and others are
> always assigned the same address by virtue of entries in dnsmasq.conf
> like this:
> 
> dhcp-host=1C:6F:65:39:09:8D,colossus,10.0.0.8
> 
> This is all pretty straightforward, and has worked fine for years on
> the old device.
> 
> But what I?m noticing when I try to cut over to the new device is that
> the DNS service only appears to be resolving local LAN addresses for
> devices for which it has issued a DHCP lease. I had assumed that those
> fixed IP entries in dnsmasq.conf ?initialized? the DNS service so that
> it would resolve them properly whether or not a lease had been issued.
 

I do mis a picture or drawing.  So I made one. 
Please view it with a mono spaced font   ( "typewriter" )


+-+  +-+
| wheezy  |  | stretch |
+++  +++
 ||
  ==LAN
  |   |   |
  +---++ ++-++++ 
  | client | | colossus || client2 |
  ++ +--++-+ 


>  What?s the recommended way of addressing the situation?

Frankly, I don't understand "the situation".


> I could put the fixed IP addresses in /etc/hosts. But I?ve resisted
> doing that because of concerns over someday accidentally changing
> the DHCP assignment in dnsmasq.conf and forgetting to update the
> corresponding entry in hosts (or vice versa). It feels kludgy.

I think the kludgy feeling is that the expected magic didn't work.

The trick is knowing that it is high tech, not magic.




Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] test DHCP clients

[Geert Stappers]

On Sat, Dec 29, 2018 at 07:49:34PM +0100, Geert Stappers wrote:
> Hi,
> 
> What is your favorite / good enough  DHCP test client?
> 

I use `dhtest`  ( 
https://sargandh.wordpress.com/2012/02/23/linux-dhcp-client-simulation-tool/ )

Test is `dhtest -m 00:00:11:22:33:44 -i eth0`

At server side is dnsmasq.
With `dhcp-range=192.168.45.100,192.168.45.200` I do get replies.
With `dhcp-range=192.168.45.19,proxy` I don't.

I would like to know it my "DHCP client" is wrong
or that I did misconfigure dnsmasq.


My complete /etc/dnsmasq.conf

# interface=eth0
dhcp-range=192.168.45.19,proxy
## dhcp-range=192.168.45.100,192.168.45.200

dhcp-option=vendor:PXEClient,6,2b

dhcp-boot=filename,192.168.45.19
log-dhcp

enable-tftp

tftp-root=/srv/tftpd

port=0


 
Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] test DHCP clients

[Geert Stappers]

Hi,

What is your favorite / good enough  DHCP test client?



Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Fwd: [PATCH] fix entries in /etc/hosts disabling static leases

[Geert Stappers]

On Tue, Jan 15, 2019 at 02:45:19PM -0800, Steven Siloti wrote:
> On Tue, Jan 15, 2019 at 12:44 PM Kaas Baichtal wrote:
> 
> > I tried to install this patch manually to my 2.80 and got a segfault that
> > prevented dnsmasq running. I also tried git cloning the master and
> > installing that instead but got the same result. Any suggestions? I could
> > really use this fix. Thank you.
>
> Sorry about that, the attached patch should fix it.

The fix works for me.

Thanks

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] DHCPv6: Honor assigning IPv6 address based on MAC address

[Geert Stappers]

On Sun, Jan 13, 2019 at 09:11:27AM +, Roy Marples wrote:
> On 11/01/2019 16:52, Pali Rohár wrote:
> > Hello, can somebody look at this patch?
> > 
> > I remember that more people asked for ability to assign IPv6 address
> > based on MAC address specified in config file, rather then IAID/DUID.
> 
> ...
> 
> > > Also this patch adds support for allowing IPv6 address to be associated
> > > with multiple hardware addresses, and gives dnsmasq permission to abandon 
> > > a
> > > lease. This is similar functionality as already supported for IPv4 
> > > address.
> 
> Can we get this by itself first? We should have this ability with DUID at
> least to match ISC dhcpd behaviour - and to be pinickity, IAID + type as
> well (IAID of 1 for example is different for IA_NA and IA_PD).
> 
> Then we can look at MAC address assignment as a smaller and later patch.
> 

Spilting a problem in smaller ones is a good thing.
Sending in small patches also.


Cheers
Geert Stappers
-- 
Rejecting patches is much better for a project than ignoring patches.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Solaris specific patches to fix build failures and improve performance

[Geert Stappers]

On Mon, Jan 14, 2019 at 04:56:23PM +0100, libor.buk...@oracle.com wrote:
> Hello,
 
Welcome,


> patches resolve the build failures, functionality, and performance issues on
> Solaris. A brief description is included in each patch.
> 
> Please let me know whether these patches could be merged

patching file src/bpf.c
Hunk #1 FAILED at 32.
1 out of 1 hunk FAILED -- saving rejects to file src/bpf.c.rej
patching file src/config.h
Hunk #1 succeeded at 290 with fuzz 1 (offset -15 lines).
patching file src/dnsmasq.h
Hunk #1 succeeded at 1343 (offset -11 lines).
patching file src/ip6addr.h
patching file src/dhcp.c
patching file Makefile
patching file contrib/lease-tools/dhcp_release.c
Druk een willekeurige toets in...
patching file src/dhcp6.c
patching file src/dhcp-common.c
Hunk #1 succeeded at 497 (offset 4 lines).
patching file src/dnsmasq.c
Hunk #4 succeeded at 891 (offset -4 lines).
patching file src/dnsmasq.h
Hunk #1 succeeded at 1556 (offset -11 lines).


> and which changes are necessary.

At http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q1/012803.html
and http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q1/012812.html
are examples of patches that can be applied with `git am`.

In http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q1/012751.html
is a nice example of a reminder on a proposal patch.  Yes, it does happen that
patches are overlooked.

And the mailinglist archive has posting with the wish of reducing the amounts
of '#ifdef'


Regards
Geert Stappers
DevOps Engineer


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] 3 secs dhcp delay

[Geert Stappers]

On Fri, Jan 18, 2019 at 10:36:19AM +0100, Harald Dunkel wrote:
> On 1/17/19 11:58 PM, Simon Kelley wrote:>
} } http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q1/012822.html
} } }  ... VPN ...
> > The delay is while dnsmasq tests the address it's about to allocate in
> > case some host is already using it. It sends a ICMP echo request
> > (essentially a ping) and if it gets a reply, the test fails. After a 3
> > second timeout the test succeeds and the address is allocated. If you're
> > happy that there are no machines using IP addresses without leasing
> > them, or that the similar test that DHCP clients do will find this, then
> > you can disable the check in dnsmasq using the --no-oing config flag.
> } you can disable the check in dnsmasq using the --no-ping config flag.

 --no-Ping

Quoting dnsmasq manual page

  -5, --no-ping
 (IPv4  only)  By default, the DHCP server will attempt to ensure
 that an address is not in use before allocating it to a host. It
 does  this  by  sending an ICMP echo request (aka "ping") to the
 address in question. If it gets a reply, then the  address  must
 already be in use, and another is tried. This flag disables this
 check. Use with caution.


The 3 seconds from the subject line explained
and how to avoid that delay.


> Do you think dnsmasq could watch/ping its IP address range while it is
> idle, caching the result? It might examine the local arp table as well:
> If there is an entry with matching MAC and IP address, isn't it reasonable
> to assume that the IP address is not in use somewhere else?


I think that "make dnsmasq a network monitor"
should be in seperate thread.



Regards
Geert Stappers
DevOps engineer

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Problem with server=/local/127.0.0.1

[Geert Stappers]

On Thu, Dec 13, 2018 at 07:44:14AM +0300, Denis wrote:
> Hello, everyone!
> 
> In my dnsmasq.conf "server=/local/127.0.0.1" doesn't seem to work. At
> least, it doesn't work how I thought it was supposed to work. I was
> under the impression that server=/$domainname/$address should cause the
> $domainname to be looked up only in $address. However, like I said,
> I have the line "server=/local/127.0.0.1", dnsmasq --test returns
> "syntax check OK", but my *.local names are not resolved.
> 
> Here's the full content of my dnsmasq.conf:
> 
> domain-needed
> bogus-priv
> strict-order
> server=/local/127.0.0.1
> local=/local/
> listen-address=127.0.0.1
> no-dhcp-interface=127.0.0.1
> expand-hosts
> domain=local
> 
> Am I missing something, or is this option not supposed to work like I think?
 
Text from the manual page of dnsmasq

|  -S,   --local,  
--server=[/[]/[domain/]][[#][@|[#]]
|  Specify IP address of upstream servers directly.
|
|  local is a synonym for server 


Comment out your 'server=' and 'local=' lines or remove them.
Try again and report back.

If the "*.local" still aren't resolved. Tell more how it is done.
(programs and computer being used, what should be the result, why)
I'm asking because the
> listen-address=127.0.0.1
is somewhat strange ..


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP from dnsmasq in docker container

[Geert Stappers]

On Sun, Dec 16, 2018 at 09:19:16PM -0500, Craig Younkins wrote:
> On Sun, Dec 16, 2018 at 5:15 PM Simon Kelley wrote:
> > On 13/12/2018 14:10, Craig Younkins wrote:
> > > First, thank you for dnsmasq!
> > >
> > > I'm among a number of people having trouble using dnsmasq
> > > for DHCP when it is running in a docker container. Everyone seems to get
> > > "no address range available for DHCP request via eth0" in their log
> > > unless they change to host networking mode.
> > >
> > > The code path for that error message is at [5]. I'm having a little
> > > trouble understanding the 'contexts', but I think the problem is that
> > > the container is running in bridged networking mode, and thus the
> > > interface has an IP address outside the netmask range.
> > >
> > > Is there a way to make this work without using host networking? Maybe
> > > adding the external IP to the container interface? Thank you for any
> > > suggestions!
> > >
> >
> >
> > I'm not familiar with these docker "networking modes", can you explain
> > what they mean?
> >
> >
> > What's happening here is quite straightforward to understand.  A DHCP
> > request arrives at an interface which has the IP address 172.17.0.2 and
> > netmask 172.17.255.255. Dnsmasq tries to find a dhcp-range from which is
> > can allocate an address by looking for a DHCP range which covers the
> > same network. Since the only available DHCP range is
> > 192.168.1.200,192.168.1.251 and that's not the same network, this fails.
> >
> >
> > Depending on exactly how docker is set up, something equivalent to the
> > ISC dhcpd's "shared-network" configuration might be the way to go. This
> > is a useful facility which I've considered adding before, essentially,
> > is allows you to tell dnsmasq that (in this case) 172.17.0.0/16 and
> > 192.168.1.0/24 are both on the same network segment or broadcast domain.
> > That would allow dnsmasq to deduce that the request which comes from the
> > 172.17.0.0/16 segment can be satisfied by a 192.168.1.0/24 address.
> >
> > Note that there are other requirements needed to make this work.
> > Notably, a DHCP client that gets a 192.168.1.0/24 address has to have
> > suitable routing to allow it to route packets to 172.17.0.2, and the
> > reverse route is also needed.
> >
> > To be clear: shared-network doesn't exist in released versions of
> > dnsmasq, I'm proposing new code.
> >
> >
>
>
> Thank you Simon for the explanation, that makes sense.
> 
> I did try manually adding the LAN IP to the interface visible from within
> the container via "ip address add 192.168.1.2/24 dev eth0". That eliminates
> the error message, and so I assume an offer was made, but the offer was not
> received by the requesting LAN device. I believe the bridged networking
> mode caused the kernel to drop the packet somewhere.
> 
> An overview of the docker networking modes can be found at [1], and a
> better view of the details of bridged networking can be found at [2]. In
> docker it's most common to use the default bridged network, and using host
> networking is considered poor practice because the lack of isolation.
> Looking at the list again, the newer macvlan networking driver may be the
> best bet for this situation.

A test with docker "macvlan networking" learn me that the docker macvlan
is not plain macvlan from Linux kernel[6]. Largest difference is that
dockerd does DHCP server for its container. Some beware when doing
DHCP server inside container connect with "macvlan". I do now understand
better why  pihole docker recommends "host networking".


> What I should have asked in my original message was "Is there a way to
> override this check?" I think manually adding the IP to the interface as
> above accomplishes the same thing, meaning I got dnsmasq to send the offer.
> Still there is something wrong, but I think the problematic behavior lies
> in the details of docker bridged networking mode rather than dnsmasq. I
> can't ask for anything more from the dnsmasq community, thank you!

Please report your milage.


> [1] https://docs.docker.com/network/
> [2] 
> https://github.com/docker/labs/blob/master/networking/concepts/05-bridge-networks.md
> [5] 
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/rfc2131.c;h=56dc3d103741baeb68a730f0ce15a10338a2f885;hb=91421cb7575df7bb211dacc30dc7c7c715c38299#l345
> 
[6] https://en.wikipedia.org/wiki/TUN/TAP#External_links go to 
http://www.pocketnix.org/posts/Linux%20Networking:%20MAC%20VLANs%20and%20Virtual%20Ethernets


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [DHCPV4] android devices issue makes able to use a reserved ipv4 address in dnsmasq

[Geert Stappers]

On Mon, Dec 10, 2018 at 12:21:00PM +, Inigo de la Fuente wrote:
> Hi all,
> 
> I have a question regarding to DHCPv4 leases.
> Doing some tests I have faced a possible android issue
> that I want to share with you.
> 
> 1.- I set the DHCP range of ipv4 address from 192.168.72.51 to 192.168.72.150
> in dnsmasq.conf.
> 2.- One windows pc is connected and get an ipv4 lease (192.168.72.65)
> 3.- One android device is connected and get an ipv4 lease (192.168.72.133)
> 4.- stop dnsmasq and remove all entries in dhcp.leases
> 5.- add dummy entries to dhcp.leases file till there is not any address
> available in the dhcp range and start dnsmasq again.
> 6.- windows pc is not able to obtain an ipv4 lease because all are occupied.
> Ping is not possible
> 7.- android device 'seems' to be able to use the saved leased ipv4 
> (192.168.72.133).
> Ping is possible
> 
> Here the output of dnsmasq at step 7:
> dnsmasq-dhcp: 93920162 available DHCP range: 10.173.190.51 -- 10.173.190.150
> dnsmasq-dhcp: 93920162 vendor class: HUAWEI:android:ANE
> dnsmasq-dhcp: 93920162 client provides name: HUAWEI_P20_lite-9a7e63d7d
> dnsmasq-dhcp: 93920162 DHCPDISCOVER(eth1) 00:be:3b:02:c1:02 no address 
> available
> dnsmasq-dhcp: 93920162 available DHCP range: 10.173.190.51 -- 10.173.190.150
> dnsmasq-dhcp: 93920162 vendor class: HUAWEI:android:ANE
> dnsmasq-dhcp: 93920162 client provides name: HUAWEI_P20_lite-9a7e63d7d
> dnsmasq-dhcp: 93920162 DHCPDISCOVER(eth1) 00:be:3b:02:c1:02 no address 
> available
> dnsmasq-dhcp: 93920162 available DHCP range: 10.173.190.51 -- 10.173.190.150
> 
> Why my device is able to ping with the last saved leased ipv4 address
> even if this address is reserved in dhcp.leases file?
 
Imaginary problem


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNSMASQ wrong addresses allocated after changing DHCP Clients between Neutron vRouters

[Geert Stappers]

On Thu, Dec 06, 2018 at 08:00:24PM -0200, Luis Kleber wrote:
> Em qui, 6 de dez de 2018 às 17:47, Brian Haley escreveu:
> > On 12/6/18 9:47 AM, Luis Kleber wrote:
> > > Last days I install 2 servers, one with Centos7 and other with Debian8,
> > > without Openstack/Neutron. Both with the same DNSMASQ config I
> > > originally posted.
> > > On both I was using version 2.76 and upgraded to 2.78, using the same
> > > ethernet interface changing the IP address between 100.97.97.1/24
> > > <http://100.97.97.1/24> and 100.98.98.1/24 <http://100.98.98.1/24>, and
> > > everything works as expected. I also tested with 2 different interfaces
> > > ont each case and also worked fine.
> > > The DHCP client always was the same in all cases (Debian8, Centos7, and
> > > Centos7 with Neutron).
> > >
> > > It seems that the problem only happens when using DNSMAQ with Neutron
> > > routers.
> > > How debug it better within Neutron?  Another cache table, or how see
> > > more detailed debug infos?
> > >
> >
> > Luis,
> >
> > You should probably file a bug against neutron
> > (https://bugs.launchpad.net/neutron/) with the relevant info, along with
> > the neutron commands you're running and debug from the dhcp-agent and
> > /var/lib/neutron/dhcp/xxx/ files as necessary.  I don't exactly
> > understand what you mean by "LAN changing", perhaps if I knew the
> > commands you're using it would be clearer.
> >
> > Thanks,
> >
> > -Brian (from the Neutron team)
>
> Hi Brian,
> 
> Ok, I'll file a bug there.

What became the URL of that bug report?


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP from dnsmasq in docker container

[Geert Stappers]

On Thu, Dec 13, 2018 at 09:10:59AM -0500, Craig Younkins wrote:
> First, thank you for dnsmasq!
> 
> I'm among a number of people[1][2][3][4] having trouble using dnsmasq for
> DHCP when it is running in a docker container. Everyone seems to get "no
> address range available for DHCP request via eth0" in their log unless they
> change to host networking mode.
> 
> The code path for that error message is at [5]. I'm having a little trouble
> understanding the 'contexts', but I think the problem is that the container
> is running in bridged networking mode, and thus the interface has an IP
> address outside the netmask range.
> 
> Is there a way to make this work without using host networking? Maybe
> adding the external IP to the container interface? Thank you for any
> suggestions!
> 
> Relevant sample configuration:
> addn-hosts=/etc/pihole/gravity.list
> addn-hosts=/etc/pihole/black.list
> addn-hosts=/etc/pihole/local.list
> localise-queries
> no-resolv
> cache-size=1
> log-queries=extra
> log-facility=/var/log/pihole.log
> local-ttl=2
> log-async
> server=8.8.8.8
> server=8.8.4.4
> interface=eth0
> dhcp-authoritative
> dhcp-range=192.168.1.200,192.168.1.251,24h
> dhcp-option=option:router,192.168.1.1
> dhcp-leasefile=/etc/pihole/dhcp.leases
> domain=local
> 
> root@6082bda95199:/# ip a
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> 10: eth0@if11:  mtu 1500 qdisc noqueue
> state UP group default
> link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet *172.17.0.2/16 <http://172.17.0.2/16>* brd 172.17.255.255 scope 
> global eth0
>valid_lft forever preferred_lft forever
> 
> To reproduce, you can run something like what is in [6], then enabling the
> DHCP server through the non-ssl web interface. `docker exec -it pihole
> /bin/bash` to get into the container and `tail -f /var/log/pihole.log` for
> the log.
> 
> [1] https://github.com/pi-hole/docker-pi-hole/issues/355
> [2] https://discourse.pi-hole.net/t/dhcp-not-working-docker/12593
> [3] 
> https://discourse.pi-hole.net/t/no-address-range-available-for-dhcp-request-via-eth0/14350
> [4] 
> https://serverfault.com/questions/825497/running-dnsmasq-in-docker-container-on-debian-check-dhcp-ignores-dnsmasq
> [5] 
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/rfc2131.c;h=56dc3d103741baeb68a730f0ce15a10338a2f885;hb=91421cb7575df7bb211dacc30dc7c7c715c38299#l345
> [6] https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh
> 

Summary in my words:

} pihole is the DNS part of dnsmasq with some extras.
} pihole is got dockerized
} pihole got DHCP server functionality from dnsmasq
} docker version of pihole had/has trouble with DHCP server,
}  their documentation says "host network"


Back to
> Is there a way to make this work without using host networking?

IIRC there wasn't yet a report on this mailinglist saying

   "FYI  dnsmasq (DNS + TFTP + DHCP) works inside docker"


I do hope that such succes will be reported.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Problem with server=/local/127.0.0.1

[Geert Stappers]

On Thu, Dec 13, 2018 at 08:47:39PM +0300, Denis wrote:
> On Thu, 13 Dec 2018 09:54:44 +0100 Geert Stappers wrote:
> > On Thu, Dec 13, 2018 at 07:44:14AM +0300, Denis wrote:
> > > Hello, everyone!
> > > 
> > > In my dnsmasq.conf "server=/local/127.0.0.1" doesn't seem to work.
> > > At least, it doesn't work how I thought it was supposed to work. I
> > > was under the impression that server=/$domainname/$address should
> > > cause the $domainname to be looked up only in $address. However,
> > > like I said, I have the line "server=/local/127.0.0.1", dnsmasq
> > > --test returns "syntax check OK", but my *.local names are not
> > > resolved.
> > > 
> > > Here's the full content of my dnsmasq.conf:
> > > 
> > > domain-needed
> > > bogus-priv
> > > strict-order
> > > server=/local/127.0.0.1
> > > local=/local/
> > > listen-address=127.0.0.1
> > > no-dhcp-interface=127.0.0.1
> > > expand-hosts
> > > domain=local
> > > 
> > > Am I missing something, or is this option not supposed to work like
> > > I think?  
> >  
> > Text from the manual page of dnsmasq
> > 
> > |  -S,   --local, 
> > server=[/[]/[domain/]][[#][@|[#]]
> > |  Specify IP address of upstream servers directly.
> > |  local is a synonym for server 
> > 
> > 
> > Comment out your 'server=' and 'local=' lines or remove them.
> > Try again and report back.
> > 
> > If the "*.local" still aren't resolved. Tell more how it is done.
> > (programs and computer being used, what should be the result, why)
> > I'm asking because the
> > > listen-address=127.0.0.1  
> > is somewhat strange ..
> > 
> My configuration:
> 
> Manjaro Linux, 32-bit, one ethernet card. It is connected to a router with a 
> cable, the router is connected to my ISP also with a cable. A netbook is 
> connected to the router via Wi-Fi.
> On the PC:
> Avahi is installed and enabled (avahi-daemon active), 
> systemd-resolved is disabled
> /etc/resolv.conf is usually filled by NetworkManager, but just before 
> changing dnsmasq.conf and restarting it with different options I manually 
> edited it (/etc/resolv.conf) and left only one line: "nameserver 192.168.1.1" 
> (router address)
> 
> Results of "systemctl status dnsmasq.service":
> 
> 1. With both lines ("local=/local/" and "server=/local/127.0.0.1") commented:
> Dec 13 19:32:53 DenDesktop dnsmasq[2564]: dnsmasq: syntax check OK.
> Dec 13 19:32:53 DenDesktop systemd[1]: Started A lightweight DHCP and caching 
> DNS server.
> Dec 13 19:32:53 DenDesktop dnsmasq[2565]: started, version 2.80 cachesize 150
> Dec 13 19:32:53 DenDesktop dnsmasq[2565]: compile time options: IPv6 
> GNU-getopt DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth>
> Dec 13 19:32:53 DenDesktop dnsmasq[2565]: DBus support enabled: connected to 
> system bus
> Dec 13 19:32:53 DenDesktop dnsmasq[2565]: reading /etc/resolv.conf
> Dec 13 19:32:53 DenDesktop dnsmasq[2565]: using nameserver 192.168.1.1#53
> Dec 13 19:32:53 DenDesktop dnsmasq[2565]: read /etc/hosts - 5 addresses
> 
> 2. With only "local=/local/" uncommented:
> (1) + one line:
> Dec 13 19:48:52 DenDesktop dnsmasq[3122]: using local addresses only for 
> domain local
> 
> 3. With only "server=/local/127.0.0.1" uncommented:
> (1) + one line:
> Dec 13 19:38:36 DenDesktop dnsmasq[2788]: ignoring nameserver 127.0.0.1 - 
> local interface
> 
> 4. With both lines uncommented:
> (1) + (2) + (3)
> 
> In all these cases my PC's ip address (192.168.1.2) is resolved to my PC's 
> name (DenDesktop). If I "ping DenDesktop.local", the result is:
> 'PING DenDesktop.local (127.0.0.200) 56(84) bytes of data.
> 64 bytes from 127.0.0.200 (127.0.0.200): icmp_seq=1 ttl=64 time=0.029 ms'
> 
> If I manually insert "nameserver 127.0.0.1" into /etc/resolv.conf above all 
> other nameservers and enable option "strict-order" in dnsmasq.conf, ONLY THEN 
> local names are resolved, i.e. "ping DenDesktop.local" output is:
> 'PING DenDesktop.local (192.168.1.2) 56(84) bytes of data.
> 64 bytes from DenDesktop.local (192.168.1.2): icmp_seq=1 ttl=64 time=0.027 ms'
> 
> I thought that "server=/local/127.0.0.1" was a functional equivalent
> of doing exactly that (putting the line "nameserver 127.0.0.1"
> into the beginning of /etc/resolv.conf): first checked 127.0.0.1 for
> domain local, then went to /etc/resolv.conf for other nameservers.
> It seems that the 

Re: [Dnsmasq-discuss] Logging of NXDOMAIN without SOA

[Geert Stappers]

On Sat, Dec 15, 2018 at 04:37:06PM +0100, Dominik DL6ER wrote:
> Dear all,
> 
> I observe that dnsmasq does not log the result of a query that was
> replied to with NXDOMAIN when the response does not include an SOA
> record. To my understanding, this is because, without an SOA record, no
> TTL is available and the logging event when adding a domain to the
> internal cache in not triggered.
> 
> Steps to reproduce:
> 
>1. Configure dnsmasq to use the server 9.9.9.9
>2. Query www.isitblocked.org
>3. Observe that the following is logged (extra logging format):
> 
> Dec 15 16:11:32 dnsmasq[14851]: 1853 192.168.3.3/58098 query[A] 
> www.isitblocked.org from 192.168.3.3
> Dec 15 16:11:32 dnsmasq[14851]: 1853 192.168.3.3/58098 forwarded 
> www.isitblocked.org to 9.9.9.9
> 
> As you see, the reply (NXDOMAIN) is missing although the response is
> correctly sent to the requesting client.
> 

|$ host www.isitblocked.org
|www.isitblocked.org has address 74.208.236.124
|www.isitblocked.org has IPv6 address 2607:f1c0:100f:f000::2d1
|stappers@paddy:~
|$ host www.isitblocked.org 9.9.9.9
|Using domain server:
|Name: 9.9.9.9
|Address: 9.9.9.9#53
|Aliases: 
|
|Host www.isitblocked.org not found: 3(NXDOMAIN)
|$ host -t soa www.isitblocked.org
|www.isitblocked.org has no SOA record
|$ host -t soa www.isitblocked.org 9.9.9.9
|Using domain server:
|Name: 9.9.9.9
|Address: 9.9.9.9#53
|Aliases: 
|
|Host www.isitblocked.org not found: 3(NXDOMAIN)
|$ 



Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNSMASQ wrong addresses allocated after changing DHCP Clients between Neutron vRouters

[Geert Stappers]

On Wed, Nov 28, 2018 at 08:49:57AM -0200, Luis Kleber wrote:
> Em ter, 27 de nov de 2018 às 20:12, Geert Stappers escreveu:
> > On Mon, Nov 26, 2018 at 04:42:05PM -0200, Luis Kleber wrote:
> > 
> > > dhcp-range=set:infra-70-subnet,100.101.1.11,100.101.1.64,600s
> > > dhcp-option=tag:infra-70-subnet,3,100.101.1.1
> > > dhcp-range=set:infra-71-subnet,100.101.2.11,100.101.2.64,600s
> > > dhcp-option=tag:infra-71-subnet,3,100.101.2.1
> > > dhcp-range=set:infra-72-subnet,100.98.98.11,100.98.98.64,600s
> > > dhcp-option=tag:infra-72-subnet,3,100.98.98.1
> >  infra-73 ... infra-92 
> > > dhcp-range=set:infra-93-subnet,100.103.8.11,100.103.8.64,600s
> > > dhcp-option=tag:infra-93-subnet,3,100.103.8.1
> > > dhcp-range=set:infra-94-subnet,100.104.1.11,100.104.1.64,600s
> > > dhcp-option=tag:infra-94-subnet,3,100.104.1.1
> > > dhcp-range=set:infra-95-subnet,100.96.96.11,100.96.96.64,600s
> > > dhcp-option=tag:infra-95-subnet,3,100.96.96.1
> >
> > Why?
> >
> 
> "Why" what?
> If the question is the all other dhcp-ranges (unused for this scenario),
> the answer is because in production case these other networks for each dhcp
> range exist. These other unused ranges for this test case, this cannot be a
> problem.
> 
> Thanks
 
No problem, no hardfeelings.

It was me who should have wrote in his initial reply


  Oops, that is a complex setup. Is really all the complexity needed?


Anyway: Feel free to post, do known that it is been readed.


Groeten
Geert Stappers
-- 
> this cannot be a problem.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] PXE boot in proxy mode not working

[Geert Stappers]

On Fri, Nov 30, 2018 at 01:47:50PM +, Tschigirinski Jewgeni wrote:
> Hi,
> 
> I want use dnsmasq in proxy mode to boot uefi pxe client.
> 
> I can observe dhcp discover and dhcp offer coming from the real dhcp
> server, no dhcp request is sending.
> 
> The relevant configuration is:
> 
> dhcp-range=x.x.x.1,proxy
> dhcp-option=vendor:PXEClient,6,2b
> dhcp-boot=bootnetx64.efi,"PXE Server"
> enable-tftp
> tftp-root=/tftpboot
> port=0
> 
> Many thanks for any advice
 
My advice:  Share more information with us.
 * info about DHCP server
 * info about the UEFI PXE client
 * how the obseration from
   > I can observe dhcp discover and dhcp offer coming from the real dhcp
   > server, no dhcp request is sending.
   was made


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Help with dnsmasq and vlans tags

[Geert Stappers]

On Tue, Dec 04, 2018 at 08:02:48AM -0300, jmperrote wrote:
> El 2018-12-03 13:30, john doe escribió:
> > On 12/3/2018 4:27 PM, jmperrote wrote:
> > > We need help to configure dnsmasq with vlans tagged on router.
> > > 
> > > We actually have a dnsmasq server serving dns and dhcp, and 3 nics,
> > > one for each vlans:
> > > 
> > 
> > I'm not sure to fully understand the issue(s) you are facing.

In my words "VLAN is a new concept"


> > As far as dnsmasq is concerned, there is no differences between 3
> > physical "nicks" and 3 VLAN tagged interfaces  (802.1Q).
> > So for a start you could simply try:
> > 
> > # Specify DHCP range with a tag
> > dhcp-range=set:vlan99,172.23.100.200,172.23.100.230,12h
> > dhcp-range=set:vlan100,172.23.101.200,172.23.101.230,12h
> > dhcp-range=set:vlan100,172.23.102.200,172.23.102.230,12h
> 
> 
>  John Doe, sorry for my mistake, my actual configuration of dnsmasq are:
> 
>   dhcp-range=interface:eth0,set:VLAN_37,10.11.37.50,10.11.37.200,6h
>   dhcp-option=eth0,6,10.11.37.15 #dns primario
>   dhcp-option=eth0,1,255.255.255.0 # mascara de red
>   dhcp-option=eth0,option:router,10.11.37.1 # gateway
> 
>   dhcp-range=interface:eth1,set:VLAN_137,10.11.137.90,10.11.137.98,6h
>   dhcp-option=eth1,6,10.11.37.15 #dns primario
>   dhcp-option=eth1,1,255.255.255.0 # mascara de red
>   dhcp-option=eth1,option:router,10.11.137.1 # gateway
> 
>   dhcp-range=interface:eth2,set:VLAN_237,10.11.237.50,10.11.237.200,6h
>   dhcp-option=eth2,6,10.11.37.15 #dns primario
>   dhcp-option=eth2,1,255.255.255.0 # mascara de red
>   dhcp-option=eth2,option:router,10.11.237.1 # gateway
> 
> We have 3 nics on the system eth0/eth1/eth2, one for each VLAN, and try to
> replace for one nic with VLANs tagged.
> 
> We try the tag option and the dhcp assign ip on correct range for each PC on
> each vlan, but dnsmasq allways assign to the PC the same gateway, that is
> the las vlan configured.
> 
> For example on this configuraton assign the correct range to the PC, but the
> gateway always assign 10.11.237.1 gateway, to all PC
> 
> dhcp-range=interface:eth0.37,set:VLAN_37,10.11.37.90,10.11.37.98,6h
> dhcp-option=eth0.37,6,10.11.37.15 #dns primario
> dhcp-option=eth0.37,1,255.255.255.0 # mascara de red
> dhcp-option=eth0.37,option:router,10.11.37.1 # gateway
> 
> dhcp-range=interface:eth0.137,set:VLAN_137,10.11.137.90,10.11.137.98,6h
> dhcp-option=eth0.137,6,10.11.37.15 #dns primario
> dhcp-option=eth0.137,1,255.255.255.0 # mascara de red
> dhcp-option=eth0.137,option:router,10.11.137.1 # gateway
> 
> dhcp-range=interface:eth0.237,set:VLAN_237,10.11.237.50,10.11.237.200,6h
> dhcp-option=eth0.237,6,10.11.37.15 #dns primario
> dhcp-option=eth0.237,1,255.255.255.0 # mascara de red
> dhcp-option=eth0.237,option:router,10.11.237.1 # gateway
> 
> 
> It is necessary to use "vconfig" to configure virtual vlan interface on the
> operating system, or can use tagged vlans from the router ?

The above question rewritten in my words:

} Who helps me understanding VLANs?
} Where do I need to change what?  At Operating System? Router?  Both??

Seen the question.

On the 'Problem / Subject: Re: [Dnsmasq-discuss] Help with dnsmasq and vlans 
tags'
start with focus on just 'VLAN'. After that, add dnsmasq.
 

Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Help with dnsmasq and vlans tags

[Geert Stappers]

On Wed, Dec 05, 2018 at 09:09:25AM -0300, jmperrote wrote:
> El 2018-12-04 12:26, john doe escribió:
> > On 12/4/2018 12:02 PM, jmperrote wrote:
> > > 
> > >  John Doe, sorry for my mistake, my actual configuration of dnsmasq
> > > are:
> > > 
> > > dhcp-range=interface:eth0,set:VLAN_37,10.11.37.50,10.11.37.200,6h
> > > dhcp-option=eth0,6,10.11.37.15 #dns primario
> > > dhcp-option=eth0,1,255.255.255.0 # mascara de red
> > > dhcp-option=eth0,option:router,10.11.37.1 # gateway
> > > 
> > > dhcp-range=interface:eth1,set:VLAN_137,10.11.137.90,10.11.137.98,6h
> > > dhcp-option=eth1,6,10.11.37.15 #dns primario
> > > dhcp-option=eth1,1,255.255.255.0 # mascara de red
> > > dhcp-option=eth1,option:router,10.11.137.1 # gateway
> > > 
> > > dhcp-range=interface:eth2,set:VLAN_237,10.11.237.50,10.11.237.200,6h
> > > dhcp-option=eth2,6,10.11.37.15 #dns primario
> > > dhcp-option=eth2,1,255.255.255.0 # mascara de red
> > > dhcp-option=eth2,option:router,10.11.237.1 # gateway
> > > 
> > > We have 3 nics on the system eth0/eth1/eth2, one for each VLAN, and
> > > try to replace for one nic with VLANs tagged.
> > > 
> > > We try the tag option and the dhcp assign ip on correct range for each
> > > PC on each vlan, but dnsmasq allways assign to the PC the same
> > > gateway, that is the las vlan configured.
> > > 
> > > For example on this configuraton assign the correct range to the PC,
> > > but the gateway always assign 10.11.237.1 gateway, to all PC
> > > 
> > > dhcp-range=interface:eth0.37,set:VLAN_37,10.11.37.90,10.11.37.98,6h
> > > dhcp-option=eth0.37,6,10.11.37.15 #dns primario
> > > dhcp-option=eth0.37,1,255.255.255.0 # mascara de red
> > > dhcp-option=eth0.37,option:router,10.11.37.1 # gateway
> > > 
> > > dhcp-range=interface:eth0.137,set:VLAN_137,10.11.137.90,10.11.137.98,6h
> > > dhcp-option=eth0.137,6,10.11.37.15 #dns primario
> > > dhcp-option=eth0.137,1,255.255.255.0 # mascara de red
> > > dhcp-option=eth0.137,option:router,10.11.137.1 # gateway
> > > 
> > > dhcp-range=interface:eth0.237,set:VLAN_237,10.11.237.50,10.11.237.200,6h
> > > dhcp-option=eth0.237,6,10.11.37.15 #dns primario
> > > dhcp-option=eth0.237,1,255.255.255.0 # mascara de red
> > > dhcp-option=eth0.237,option:router,10.11.237.1 # gateway
> > > 
> > > 
> > > It is necessary to use "vconfig" to configure virtual vlan interface
> > > on the operating system, or can use tagged vlans from the router ?
> > > 
> > 
> > To be able to answer your question I need to know the following:
> > 
> >  - What hardware is the router (netgear, cisco ...)?
> >  - What type of distribution (name and version) are you using 'vconfig'
> > on (Linux, Oracle)?
> > 
> > I can't answer your question without knowing your network topology, but
> > if the router is VLAN tagging capable I would use it and also use the
> > DHCP capability from that router.
> > 
> > Also, to isolate whether it is a vlan configuration or a dnsmasq issue
> > simply try the line I have provided, obviously you can change the Ip
> > ranges to your liking.
> 
> 
> Hello john doe,

Hello Mailinglist,

> 
> Send the data:
>  -- Router mikrotik RB1100 AH
>  -- Ubuntu 16.04
>  -- Using vconfig with 3 VLANs
> 
> Yes, the router have capabilitie to dhcp,
> you recommend to use that instead of dnsmasq for dhcp ?.

What I did read in the reply from john doe:

  Other options might resolve the original problem.


But, yes, it is possible to replace
three NICs with single NIC plus three VLANs.  Surely for DHCP stuff.
If three NICs were choose due high bandwidth usage,
that can't be solved by "VLAN".


Cheers
Geert Stappers


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Help with dnsmasq and vlans tags

[Geert Stappers]

On Wed, Dec 05, 2018 at 10:35:50AM -0300, jmperrote wrote:
  
> With three nics and one IP for each are working since longtime fine,
> now we try to reconvert the solution using VLANS and one nic.


start with focus on just 'VLAN'. After that, add dnsmasq.


Cheers
Geert Stappers

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Multiple instances of dnsmasq on Debian with systemd

[Geert Stappers]

On Sat, Dec 01, 2018 at 01:20:58PM +0100, M. Buecher wrote:

> [Unit]
> Description=dnsmasq (%i) - A lightweight DHCP and caching DNS server
> Requires=network.target
> Wants=nss-lookup.target
> Before=nss-lookup.target

The "Wants" and the "Before" have the same targets.
That feels odd to me.



Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Help with dnsmasq and vlans tags

[Geert Stappers]

On Thu, Dec 06, 2018 at 06:52:11PM +0100, john doe wrote:
> On 12/6/2018 3:50 PM, jmperrote wrote:
> >>>> dhcp-option=eth0,6,10.11.37.15 #dns primario
> >>>> dhcp-option=eth0,1,255.255.255.0 # mascara de red
> >>>> dhcp-option=eth0,option:router,10.11.37.1 # gateway
> >>>>
> >>>> dhcp-range=interface:eth1,set:VLAN_137,10.11.137.90,10.11.137.98,6h
> >>>> dhcp-option=eth1,6,10.11.37.15 #dns primario
> >>>> dhcp-option=eth1,1,255.255.255.0 # mascara de red
> >>>> dhcp-option=eth1,option:router,10.11.137.1 # gateway
> >>>>
> >>>> dhcp-range=interface:eth2,set:VLAN_237,10.11.237.50,10.11.237.200,6h
> >>>> dhcp-option=eth2,6,10.11.37.15 #dns primario
> >>>> dhcp-option=eth2,1,255.255.255.0 # mascara de red
> >>>> dhcp-option=eth2,option:router,10.11.237.1 # gateway
> >>>>
> > 
> > Hello, ok trying a solution to resolv dnsmasq with vlans and one nic, I
> > do next
> > 
> > I reconfigured the dnsmasq with this and the mikrotik router with tagged
> > vlans.
> > 
> > dhcp-range=tag:eth0,set:eth0,10.11.37.50,10.11.37.200,6h
> > dhcp-range=tag:eth0,set:eth0,10.11.137.50,10.11.137.200,6h
> > dhcp-range=tag:eth0,set:eth0,10.11.237.50,10.11.237.200,6h
> > dhcp-option=tag:eth0,option:dns-server,10.11.37.15
> > dhcp-option=tag:eth0,option:dns-server,10.11.37.15
> > dhcp-option=tag:eth0,option:dns-server,10.11.37.15
> > dhcp-option=tag:eth0,option:router,10.11.137.1
> > dhcp-option=tag:eth0,option:router,10.11.37.1
> > dhcp-option=tag:eth0,option:router,10.11.237.1

Check the above config again.

| dhcp-range=tag:eth0.37,set:eth0,10.11.37.50,10.11.37.200,6h
| dhcp-range=tag:eth0.137,set:eth0,10.11.137.50,10.11.137.200,6h
| dhcp-range=tag:eth0.237,set:eth0,10.11.237.50,10.11.237.200,6h
| dhcp-option=tag:eth0.37,option:dns-server,10.11.37.15
| dhcp-option=tag:eth0.137,option:dns-server,10.11.37.15
| dhcp-option=tag:eth0.237,option:dns-server,10.11.37.15
| dhcp-option=tag:eth0.137,option:router,10.11.137.1
| dhcp-option=tag:eth0.37,option:router,10.11.37.1
| dhcp-option=tag:eth0.237,option:router,10.11.237.1

Is what I would expect.


> > The assign of ip work fine, each PC on each vlan pickup a IP on
> > corresponding vlan, but on 3 PCs allways assign the same gateway -->
> > 10.11.237.1
> > 
> 
> If it is working for most of the hosts,

If, only if.


> my guess is that you need to renew the lease on those hosts.
> 
> EG with dhclient:
> 
> $ dhclient -r  && dhclient 
> 
> Where  is the name of the interface on which the lease need to
> be released and acquired.


No, start with a static address at the clients.
Then check if connecting the "dnsmasq host with 3 VLANID" works.
Me and Murphy say that it doesn't work.
I say that the switch needs additional configuration.
Feel free to proof me wrong.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNSMASQ wrong addresses allocated after changing DHCP Clients between Neutron vRouters

[Geert Stappers]

On Mon, Nov 26, 2018 at 04:42:05PM -0200, Luis Kleber wrote:

> dhcp-range=set:infra-70-subnet,100.101.1.11,100.101.1.64,600s
> dhcp-option=tag:infra-70-subnet,3,100.101.1.1
> dhcp-range=set:infra-71-subnet,100.101.2.11,100.101.2.64,600s
> dhcp-option=tag:infra-71-subnet,3,100.101.2.1
> dhcp-range=set:infra-72-subnet,100.98.98.11,100.98.98.64,600s
> dhcp-option=tag:infra-72-subnet,3,100.98.98.1
 infra-73 ... infra-92 
> dhcp-range=set:infra-93-subnet,100.103.8.11,100.103.8.64,600s
> dhcp-option=tag:infra-93-subnet,3,100.103.8.1
> dhcp-range=set:infra-94-subnet,100.104.1.11,100.104.1.64,600s
> dhcp-option=tag:infra-94-subnet,3,100.104.1.1
> dhcp-range=set:infra-95-subnet,100.96.96.11,100.96.96.64,600s
> dhcp-option=tag:infra-95-subnet,3,100.96.96.1

Why?

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] debugging dhcpv6 requests forwarded via relay agent

[Geert Stappers]

On Thu, Jan 10, 2019 at 05:48:26PM +0530, Sandeep K M wrote:
> On Wed, Jan 9, 2019 at 10:33 PM Simon Kelley wrote:
> > On 04/01/2019 06:25, Sandeep K M wrote:
> > >
> > > Attached are the packet captures:
> > >
> > > 1. Packets exchanged between client and relay (client-relay.pcap)
> > > 2.  Packets exchanged between relay and server (relay-server.pcap)
> > > 3. strace of dnsmasq (dnsmasq.trace)
> > >
   ...
> >
> > I'm sure this was tested with a relay, but the current test harnesses
> > here would take some work to get into a position to test this code, so
> > I'm going to try and use you as a tester, if that's OK?
> >
> >
> > Looking at the strace output, dnsmasq logs that it's sending a
> > DHCPADVERTISE reply, but it never calls sendto() to actually send the
> > packet. This is definitely a dnsmasq bug, and not something in your
> > network that's causing the packet to get lost: it never gets sent.
> >
> >
> > What's confusing me is that manually tracing the code paths from what's
> > known to be working (log the DHCPADVERTISE) to the sendto() call that
> > should send that packet, I can't see any reason why the code should fail.
> >
> > Are you in a position to run dnsmasq under gdb and step through the
> > relevant code? I can give you detailed instructions on where to set
> > breakpoints and where the reply packet could be getting lost. The path
> > is maybe 50 lines.
> >
> > Staring at the code has found me one bug, but it's not relevant in this
> > case. (The code to avoid copying an RFC6939 link address option in a
> > relay request to the reply to the relay actually sends a zero-length
> > option, instead of eliding it entirely.)
> >
> 
> I will be happy to be your tester :)
> 
> Its fairly a simple setup with two hosts and a switch. I can create this
> any time you want.
> 
> Please provide me the instructions. I am using dnsmasq version 2.78.


Keeping the ML in loop would be good.
At least for the sake of the mailinglist archive.


Regards
Geert Stappers


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq 2.78 is failing to respond to dhcpv6 requests forwarded via relay agent

[Geert Stappers]

On Mon, Jan 07, 2019 at 01:09:11PM +0530, Sandeep K M wrote:
> On Fri, Jan 4, 2019 at 7:32 PM Geert Stappers wrote:
> > On Fri, Jan 04, 2019 at 05:34:03PM +0530, Sandeep K M wrote:
> >
> > > Please let me know if any other information is needed.
> >
> > Not yet mentioned in this thread is working connectity between "server"
> > and "client".  This will require temporary manual configuration
> > of an IPv6 address at client. Let say it is 2020::2/120.
> > Then verify with more than "ping". Example given:  `ssh 1040::2`
> >
> > It shall reveal how well router ( with the odd name 'Switch' ) is
> > configured for routing between 1040::/120 and 2020::/120.
> > Also if the ssh deamon is able to send packets out on the right
> > interface.
> >
> > I do know that it might seem a detour. And we also known that
> > original poster is already stuck with current setup. So the "detour"
> > could be a step forward.   Good luck.
> >
> >
> Hi,
> 
> As you suggested I added the IPv6 address 2020::2/120 manually to my client
> 
> # ip -6 addr add 2020::2/120 dev eth1
> 
> when I pinged the server it failed :
> 
> root@Ubuntu3481:~# ping6 -I 2020::2 1040::2
> PING 1040::2(1040::2) from 2020::2 : 56 data bytes
> ping: sendmsg: Network is unreachableping: sendmsg: Network is unreachale
> 
> Then I added a default route:
> 
> 
> root@Ubuntu3481:~# ip -6 route add default via 2020::1
> root@Ubuntu3481:~# ip -6 route
> 2020::/120 dev eth1  proto kernel  metric 256
> fe80::/64 dev eth0  proto kernel  metric 256
> fe80::/64 dev eth1  proto kernel  metric 256
> default via 2020::1 dev eth1  metric 1024
> 
> I see the ping is working fine now:
> 
> root@Ubuntu3481:~# ping6 -I 2020::2 1040::2
> PING 1040::2(1040::2) from 2020::2 : 56 data bytes
> 64 bytes from 1040::2: icmp_seq=1 ttl=63 time=0.278 ms
> 64 bytes from 1040::2: icmp_seq=2 ttl=63 time=0.178 ms
> 64 bytes from 1040::2: icmp_seq=3 ttl=63 time=0.172 ms
 
So ICMP packets can roundtrip across the router.
If other packets can, is still unknown.
(As in '> > Then verify with more than "ping". Example given:  `ssh 1040::2`')


Idea is finding out if the original problem could be caused
by incomplete routing rules.



> But when I remove the manually configured IPv6 address and try to get a new
> IPv6 using "dhclient -6 eth1" again it fails. I see the same log lines in
> dnsmasq log:
> 
> Jan  7 07:19:54 dnsmasq-dhcp[3815]: DHCPSOLICIT(m1s1p7) 
> 00:01:00:01:23:c5:ba:1b:00:50:56:96:d1:7c
> Jan  7 07:19:54 dnsmasq-dhcp[3815]: DHCPADVERTISE(m1s1p7) 2020::19 
> 00:01:00:01:23:c5:ba:1b:00:50:56:96:d1:7c
> Jan  7 07:19:55 dnsmasq-dhcp[3815]: DHCPSOLICIT(m1s1p7) 
> 00:01:00:01:23:c5:ba:1b:00:50:56:96:d1:7c
> Jan  7 07:19:55 dnsmasq-dhcp[3815]: DHCPADVERTISE(m1s1p7) 2020::19 
> 00:01:00:01:23:c5:ba:1b:00:50:56:96:d1:7c
> 
> When we have enable-ra configured wont dnsmasq advertise the gateway IP's ?
> Do we need to enable RA even in the switch where relay agent is running ?
> can we configure default gateway to the clients via dhcpv6 options similar
> to IPv4 ?
> 
> 
> PS: If I replace dnsmasq server with ISC DHCP server everything works fine.

And the essential configuration items of the working setup
are correctly transposed to the non-working setup?


Regards
Geert Stappers
Curious about why the DHCPADVERTISE packets aren't seen with a network sniffer.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq 2.78 is failing to respond to dhcpv6 requests forwarded via relay agent

[Geert Stappers]

On Fri, Jan 04, 2019 at 05:34:03PM +0530, Sandeep K M wrote:
> Hi,
> 
> On Fri, Jan 4, 2019 at 3:59 PM Geert Stappers wrote:
> > On Fri, Jan 04, 2019 at 02:47:11PM +0530, Sandeep K M wrote:
> > > On Fri, Jan 4, 2019 at 2:30 PM Geert Stappers wrote:
> > > > On Fri, Jan 04, 2019 at 11:55:49AM +0530, Sandeep K M wrote:
> > > > > [  ]
> > > > > Please let me know if any other information is required.
> > > >
> > > > At the server
> > > >   ip link   # what interfaces are there
> > > >   ip -6 address
> > > >   ip -6 route
> > >
> > > Here are the output of the commands:
> > >
> > > root@8320:~# *ip -6 addr*
> > > 49: m1s1p7:  mtu 1500 state UNKNOWN qlen 
> > > 1000
> > > inet6 1040::2/120 scope global
> > >valid_lft forever preferred_lft forever
> > > inet6 fe80::480f:cf00:7af:8444/64 scope link
> > >valid_lft forever preferred_lft forever
> >
> > Based upon that: there is only 1 interface

But it are about sixty


> > > root@8320:~# *ip -6 route*
> > > 1040::/120 dev m1s1p7  proto kernel  metric 256  pref medium
> > > 2020::/120 via 1040::1 dev m1s1p7  proto static  metric 512  pref medium
> >
> > So there is some kind of routing information where the 2020::/120 network
> > is ...
> >

In the non-stripped version
> fe80::/64 dev bridge-vrf  proto kernel  metric 256  pref medium
> fe80::/64 dev tap0  proto kernel  metric 256  pref medium
> fe80::/64 dev tap-br0  proto kernel  metric 256  pref medium
> fe80::/64 dev m1s1p7  proto kernel  metric 256  pref medium
(do notice there is no default route)

> > > Sorry forgot to capture "ip link" output. The setup is disassembled as of
> > > now but if it is required then I will recreate the setup and send you the
> > > output.
> >
> > Come again?
> > As in: "How was the output of `ip -6 addr` and `ip -6 route` generated?"
> >
> These command output is what I have captured previously for my reference
> before dissembling the setup.

OK. Thanks for explaining.

> *I have recreated the setup and attached (ip-command-output.txt) is the
> output of the commands that you have requested in full*.

> Please let me know if any other information is needed.

Not yet mentioned in this thread is working connectity between "server"
and "client".  This will require temporary manual configuration
of an IPv6 address at client. Let say it is 2020::2/120.
Then verify with more than "ping". Example given:  `ssh 1040::2`

It shall reveal how well router ( with the odd name 'Switch' ) is
configured for routing between 1040::/120 and 2020::/120.
Also if the ssh deamon is able to send packets out on the right
interface.

I do know that it might seem a detour. And we also known that
original poster is already stuck with current setup. So the "detour"
could be a step forward.   Good luck.


Groeten
Geert Stappers


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq 2.78 is failing to respond to dhcpv6 requests forwarded via relay agent

[Geert Stappers]

On Fri, Jan 04, 2019 at 02:47:11PM +0530, Sandeep K M wrote:
> On Fri, Jan 4, 2019 at 2:30 PM Geert Stappers wrote:
> > On Fri, Jan 04, 2019 at 11:55:49AM +0530, Sandeep K M wrote:
> > > [  ]
> > >
> > > Please let me know if any other information is required.
> >
> >
> > At the server
> >
> >   ip link   # what interfaces are there
> >   ip -6 address
> >   ip -6 route
> >
> Hi,
> 
> Here are the output of the commands:
> 
> root@8320:~# *ip -6 addr*
> 49: m1s1p7:  mtu 1500 state UNKNOWN qlen 1000
> inet6 1040::2/120 scope global
>valid_lft forever preferred_lft forever
> inet6 fe80::480f:cf00:7af:8444/64 scope link
>valid_lft forever preferred_lft forever

Based upon that: there is only 1 interface

> root@8320:~# *ip -6 route*
> 1040::/120 dev m1s1p7  proto kernel  metric 256  pref medium
> 2020::/120 via 1040::1 dev m1s1p7  proto static  metric 512  pref medium

So there is some kind of routing information where the 2020::/120 network is ...


> Sorry forgot to capture "ip link" output. The setup is disassembled as of
> now but if it is required then I will recreate the setup and send you the
> output.

Come again?
As in: "How was the output of `ip -6 addr` and `ip -6 route` generated?



Cheers
Geert Stappers
DevOps Engineer

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq 2.78 is failing to respond to dhcpv6 requests forwarded via relay agent

[Geert Stappers]

On Fri, Jan 04, 2019 at 11:55:49AM +0530, Sandeep K M wrote:
> Attached are the packet captures:
> 
> 1. Packets exchanged between client and relay (client-relay.pcap)
> 2.  Packets exchanged between relay and server (relay-server.pcap)
> 3. strace of dnsmasq (dnsmasq.trace)
> 
> Please let me know if any other information is required.


At the server

  ip link   # what interfaces are there
  ip -6 address
  ip -6 route



Cheers
Geert Stappers
DevOps Engineer

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP, how to ignore the client MAC address?

[Geert Stappers]

On Fri, Jan 11, 2019 at 11:29:13AM +0100, MIchael Schleicher (smicha) wrote:
> On 11.01.19 10:53, john doe wrote:
> > On 1/11/2019 9:49 AM, MIchael Schleicher (smicha) wrote:
> > > 
> > > I have just checked on my environment what's in the dnsmasq.leases file:
> > > 
> > > 1547246444 00:50:56:85:23:ea 10.198.10.223 win-vm 01:00:50:56:85:23:ea
> > > 1547276503 00:50:56:85:f1:86 10.198.10.37 linux-vm 01:00:50:56:85:f1:86
> > > 
> > > As you see the Client-ID (5th field) is the MAC + "01:" as prefix.
> > > 
> > 
> > You previously said that the hostname is always the same, as ilustrated
> > by the above they are not (win-vm vs linux-vm)?
> > 
> 
> That are 2 different systems. (1 Windows and 1 Linux VM). It's just a
> example
> 

Thing I would like to known is the name of the virtualisation platform.
Mostly because all those I seen did allow me to define MAC address.


Cheers
Geert Stappers
DevOps Engineer

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] test DHCP clients

[Geert Stappers]

On Sun, Dec 30, 2018 at 03:36:29PM +0100, Geert Stappers wrote:
> On Sat, Dec 29, 2018 at 10:00:50PM +0100, Geert Stappers wrote:
> > On Sat, Dec 29, 2018 at 07:49:34PM +0100, Geert Stappers wrote:
> > > Hi,
> > > 
> > > What is your favorite / good enough  DHCP test client?
> > > 
> > 
> > I use `dhtest`  ( 
> > https://sargandh.wordpress.com/2012/02/23/linux-dhcp-client-simulation-tool/
> >  )
> > 
> > Test is `dhtest -m 00:00:11:22:33:44 -i eth0`
> > 
> > At server side is dnsmasq.
> > With `dhcp-range=192.168.45.100,192.168.45.200` I do get replies.
> > With `dhcp-range=192.168.45.19,proxy` I don't.
> > 
> > I would like to know if my "DHCP client" is wrong
> > or that I did misconfigure dnsmasq.
> > 
> 
> Both.
> 
> Working dnsmasq.conf
> ---
> $ cat /etc/dnsmasq.conf
> # interface=eth0
> 
> pxe-service=123456789, "Install Linux", pxelinux,0
> 
> dhcp-range=172.24.0.63,proxy
> ## dhcp-range=172.24.0.30,172.24.0.40
> 
> dhcp-option=vendor:PXEClient,6,2b
> 
> dhcp-boot=bootfilename.bin,nero.lan,172.24.0.54
> log-dhcp
> 
> enable-tftp
> tftp-root=/srv/tftpd
> 
> port=0
> ---
> 
> Main difference against previous version is the 'pxe-service=' line.
> 
> The 172.24.0.63 is the broadcast address ( my network is 172.24.0.0/26 )
> 
> 
> To have that seen working, I did have to reboot a physical computer.
 
Without reboot:

   sudo dhtest -m 00:00:11:22:33:44 -i eth0 \
 -c 97,hex, -c 93,hex, -c 94,hex,010201 \
 -o PXEClient:Arch:0:UNDI:002001


> So, yes,  your advice for DHCP test client is still welcome.

   :-)


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] test DHCP clients

[Geert Stappers]

On Sat, Dec 29, 2018 at 10:00:50PM +0100, Geert Stappers wrote:
> On Sat, Dec 29, 2018 at 07:49:34PM +0100, Geert Stappers wrote:
> > Hi,
> > 
> > What is your favorite / good enough  DHCP test client?
> > 
> 
> I use `dhtest`  ( 
> https://sargandh.wordpress.com/2012/02/23/linux-dhcp-client-simulation-tool/ )
> 
> Test is `dhtest -m 00:00:11:22:33:44 -i eth0`
> 
> At server side is dnsmasq.
> With `dhcp-range=192.168.45.100,192.168.45.200` I do get replies.
> With `dhcp-range=192.168.45.19,proxy` I don't.
> 
> I would like to know if my "DHCP client" is wrong
> or that I did misconfigure dnsmasq.
> 

Both.

Working dnsmasq.conf
---
$ cat /etc/dnsmasq.conf
# interface=eth0

pxe-service=123456789, "Install Linux", pxelinux,0

dhcp-range=172.24.0.63,proxy
## dhcp-range=172.24.0.30,172.24.0.40

dhcp-option=vendor:PXEClient,6,2b

dhcp-boot=bootfilename.bin,nero.lan,172.24.0.54
log-dhcp

enable-tftp
tftp-root=/srv/tftpd

port=0
---

Main difference against previous version is the 'pxe-service=' line.

The 172.24.0.63 is the broadcast address ( my network is 172.24.0.0/26 )


To have that seen working, I did have to reboot a physical computer.

So, yes,  your advice for DHCP test client is still welcome.



Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] test DHCP clients

[Geert Stappers]

On Sun, Dec 30, 2018 at 07:30:42PM +, Roy Marples wrote:
> On 29/12/2018 18:49, Geert Stappers wrote:
> > What is your favorite / good enough  DHCP test client?
> 
> dhcpcd - if there's a relevant DHCP RFC it doesn't support, it's a bug.
> https://roy.marples.name/projects/dhcpcd
> 

https://roy.marples.name/git/dhcpcd.git/tree/src/if-options.c#n154


So a battle test DCHP client   that has a test option.
Nifty idea!  Thanks for reporting.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Curious with default upstream server and /etc/resolv.conf

[Geert Stappers]

On Sat, Sep 15, 2018 at 11:19:59PM -0400, Igor Kapushkin wrote:
> Hi,
> 
> I'm playing with new DNSMasq instalation in a raspberry pi and one thing I
> notice is that by default the DNSMasq service will forward everything to my
> router. Log file says:
> 
> <<<
> Sep 14 07:41:53 dnsmasq[32]: query[A] google.com from 192.168.1.10
> Sep 14 07:41:53 dnsmasq[32]: forwarded google.com to 192.168.1.2
> >>>
> 
> 192.168.1.10 is my raspberry pi (DNSMasq). 192.168.1.2 is my router. I ran 
> that
> query from my computer with "dig @192.168.1.10 google.com"
> 
> I didnt change anything in the original config files. My question is why is
> DNSMasq forwarding the queries to the router by default? This is just because
> I'm curious, theres nothing broke with my DNSMasq.
> 
> In the dnsmasq.conf file, I see that DNSMasq gets its upstream server from /
> etc/resolv.conf. In the raspberry pi, this is what /etc/resolv.conf has:
> 
> <<<
> # Generated by resolvconf
> nameserver 127.0.0.1
> >>>
> 
> So I'm curious why DNSMasq is not sending those requests to 127.0.0.1 if 
> that's
> what configured in /etc/resolv.conf. Why is log saying "forwarded google.com 
> to
> 192.168.1.2" instead of "forwarded google.com to 127.0.0.1"?

The thing Original Poster probably missed:  '# Generated by resolvconf'

And the '# Generated by resolvconf' should be read as
 # at some point in time written by resolvconf"
 

> Thanks

Sorry the brief reply



Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Odd caching behaviour...

[Geert Stappers]

On Wed, Mar 20, 2019 at 09:00:20PM +, John Robson wrote:
> Hi,
> 
> I have a library which I think has a bug, but this bug is affecting DNS
> queries, and bringing out some odd behaviour in dnsmasq...
> 
> Program is making a query to resolve an address (foo.bar.com)
> A normal query results in a CNAME (foo.bar.com.edgekey.net), which results
> in another CNAME (e1234.a.akamaiedge.net) which has an A record.
> 
> However every so often dnsmasq returns just the first CNAME.
> Note I haven't yet caught it in the act of that first truncated response.
> The only thing that makes sense to me is if the edgekey.net name servers
> didn't respond in good time... but
> 
> However the bug in the library then means it asks again, instantly.  and
> again... and again
> It manages over 100MB/ minute of DNS requests - dnsmasq answering them all
> from the cache (I see *no* external requests for that address).

Hey, that is the idea about DNS caching ...


> When I restart the program the very first query (identical query as before)
> gets a complete answer from dnsmasq.
> 
> What I can't understand is how that restart makes any difference to dnsmasq.
> Does dnsmasq have some sort of 'Oh hell the query load is insane I'm just
> extending the cache a bit to help' mode which it then escapes from as the
> program restarts?
> There are no external queries for this name during the period of insanity,
> but the first request after does get put to the external name servers.
> 
> I'm running an 'external interface only' capture to try and capture the
> initial error condition (which I very much doubt is a problem in dnsmasq),
> to see if that can shed some light on the issue.
> 
> 
> Thoughts? debug hints? laughter?
 

To me it seems that the first DNS request from the application has
"recursion".  Upon encountering the bug is doing the app "non
recursion". With "recusion" do I mean 'When the reply is not an A-record
do a next query'.

On debug hints:  Currently is the suspected trigger of the bug
a DNS that doesn't respond within good time.  So make a "chain"
of DNServers where you control the response time of one.

Good luck with it.  And feel welcome to report back.


> Cheers,
> John

Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] The order of nameservers provided by `server=`

[Geert Stappers]

On Tue, Mar 26, 2019 at 01:30:37AM +0800, Fox Haxx wrote:
> On Mon, Mar 25, 2019 at 05:19:58PM +, John Robson wrote:
> > Does that not only apply to those in /etc/resolv.conf (or the overridden 
> > file)
> 
> My tests show that it applies to all configured nameservers.
> 
> The man page needs updating to reflect this, I think. In many places where it
> refers to /etc/resolv.conf it in fact means all the nameservers. At least
> that's the only reasonable behavior I can intuit.

Source of manual page is man/dnsmasq.8
The git clone URL is git://thekelleys.org.uk/dnsmasq.git ( or 
http://thekelleys.org.uk/git/dnsmasq.git )

After your changes `git format-patch` plus `git send-email`
and see what happens.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Netboot drops DNSMasq DHCP offer

[Geert Stappers]

On 04-04-2019 11:58, Conrad Kostecki wrote:

>> John Robson hat am 4. April 2019 um 10:40 geschrieben:
>>
>>
>> A couple of packet captures might help you (and us) see what is being sent
>> differently.
> good idea. Here are the captures. To be honest, I don't see anything, which 
> it shouldn't work.
>
> https://www.bl4ckb0x.de/files/dnsmasq.pcap (works not)
> https://www.bl4ckb0x.de/files/fritzbox.pcap (works)

The fritzbox is 192.168.178.1,  dnsmasq machine is 192.168.32.1.

Both hand out subnet mask 255.255.255.0, none provides a client IP address.


Regards

Geert Stappers

Devops Engineer @ Hendrikx ITC



___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP tag being ignored?

[Geert Stappers]

On Fri, Apr 05, 2019 at 09:43:12PM +, Dave Thompson wrote:
> Hi there,
> 
> I am trying to configure Dnsmasq to provide a custom range of IP
> addresses for my VMs which will then map to a certain subdomain. The
> trouble is, the tag is being found (I can see in the log file) but
> the correct IP range is never provided.
> 
> Here's my config file:
> 
> domain=int.[redacted]
> domain=vm.int.[redacted],192.168.1.50,192.168.1.150
> 
> dhcp-range=192.168.0.50,192.168.0.150,12h
> dhcp-range=tag:vms,192.168.1.50,192.168.1.150,12h

So
ccc.ddd.0.nnn and
ccc.ddd.1.nnn
 
> dhcp-mac=set:vms,08:00:27:*:*:*
> 
> dhcp-host=98:E7:F4:BA:3D:AA,192.168.0.80
> dhcp-leasefile=/var/lib/misc/dnsmasq.leases
> dhcp-authoritative
> 
> log-dhcp
> 
> >From the log:
> 
> Apr  5 17:37:39 pi dnsmasq-dhcp[21541]: 3063663390 available DHCP range: 
> 192.168.0.50 -- 192.168.0.150
missing the   192.168.1.50   --   192.168.1.150  range
> Apr  5 17:37:39 pi dnsmasq-dhcp[21541]: 3063663390 vendor class: MSFT 5.0
> Apr  5 17:37:39 pi dnsmasq-dhcp[21541]: 3063663390 client provides name: 
> DWT-VPC-W7-0
> Apr  5 17:37:39 pi dnsmasq-dhcp[21541]: 3063663390 DHCPINFORM(eth0) 
> 192.168.0.104 08:00:27:ab:8b:7e
eth0   ccc.ddd.0.nnn   08:00:27:*:*:*
> Apr  5 17:37:39 pi dnsmasq-dhcp[21541]: 3063663390 tags: vms, eth0
> Apr  5 17:37:39 pi dnsmasq-dhcp[21541]: 3063663390 DHCPACK(eth0) 
> 192.168.0.104 08:00:27:ab:8b:7e DWT-VPC-W7-0
> 
> Can any of you point out what I am missing, please?

Start with changing your
} domain=int.[redacted]
} domain=vm.int.[redacted],192.168.1.50,192.168.1.150
} 
} dhcp-range=192.168.0.50,192.168.0.150,12h
} dhcp-range=tag:vms,192.168.1.50,192.168.1.150,12h

into

 domain=int.[redacted]
 domain=vm.int.[redacted],192.168.0.151,192.168.0.200
 
 dhcp-range=192.168.0.50,192.168.0.150,12h
 dhcp-range=tag:vms,192.168.0.151,192.168.0.200,12h

to get
} Dnsmasq to provide a custom range of IP addresses
} for VMs which will then map to a certain subdomain.
 
So all in  ccc.ddd.X.nnn


Extending it to   ccc.ddd.A.nnn and  ccc.ddd.B.nnn will
take extra effort.


> Thank you very much,
> 
> Dave


Looking forward to the report of the success story.
Yes, even little success stories are welcome.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] DHCPv6: Honor assigning IPv6 address based on MAC address

[Geert Stappers]

On Mon, Apr 01, 2019 at 01:02:20AM +0200, Pali Rohár wrote:
> On Tuesday 12 February 2019 13:41:43 Geert Stappers wrote:
> > On 06-02-2019 21:29, Pali Rohár wrote:
> > > On Friday 11 January 2019 17:52:43 Pali Rohár wrote:
> > >> On Monday 17 December 2018 18:41:09 Pali Rohár wrote:
> > >>> Currently IPv6 addresses are assigned to tuple (IAID, DUID). When system
> > >>> changes IAID/DUID then old assigned IPv6 address cannot be reused, even
> > >>> when in config file was DHCPv6 assignment based on MAC address (and not 
> > >>> on
> > >>> DUID).

   ...

> > >> Hello, can somebody look at this patch?
> > >>
> > >> I remember that more people asked for ability to assign IPv6 address
> > >> based on MAC address specified in config file, rather then IAID/DUID.
> > >>
> > > PING
> > >
> > Another request for
> > 
> > Hey, could this patch get reviewed?
> > 
> > 
> Hello, can somebody review this patch?
> 

FWIW

* The (four months old) patch does get applied cleanly.
* My compiler is happy with it
* Executable remains running upon start ( no early crash )
* I'm unable to test the (new) IPv6 functionality


Where in the "patch pipeline" is Pali's patch?


Regards
Geert Stappers
-- 
Avoid unreviewed patches

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Reverse of option 121

[Geert Stappers]

On Thu, Jan 31, 2019 at 06:59:25PM +0100, Daniel Huhardeaux wrote:
> Le 31/01/2019 à 17:51, Geert Stappers a écrit :
> > On Tue, Jan 29, 2019 at 01:51:39PM +0100, Daniel Huhardeaux wrote:
> > > Le 28/01/2019 à 20:11, Geert Stappers a écrit :
> > > > On Mon, Jan 28, 2019 at 06:44:22PM +0100, Daniel Huhardeaux wrote:
> > > > > Hi,
> > > > > 
> > > > > I have a setup where 3 VLANs are involved and stateless-static-route
> > > > > are sended for one of them. Some devices can be part of one or
> > > > > another of this VLANs.
> > > > > 
> > > > > Problem is that if a device was connected to the VLAN who sended
> > > > > the static-routes, when switching to one of the other VLAN the
> > > > > static-routes are still there.
> > > > > 
> > > > > Is there a way to remove static routes via a dhcp option ? Opposite
> > > > > of option 121 ?
> > > > > 
> > > > > Thanks for any hint
> > > > > 
> > > > 
> > > > On Linux with NetworkManager are all routes over a device deleted
> > > > whenever the device is disconnected.
> > > > 
> > > > So when you have a disconnect upon VLAN hop-over you are fine.
> > > > 
> > > > Upon connect happens another DHCP including  option 121 static routes.
> > > 
> > > I face this problem with Windows client (8.1)
> > > 
> > 
> > But a disconnect is seen by that client while switching VLAN?
> 
> No, that's my problem. At this time I'm looking to find a way to tell
> Windows to delete all routes when changing SSID.
> 
> It seems that even a reboot doesn't delete those static routes.
> 

FWIW   I just came across this


| option rfc3442-classless-static-routes code 121 = array of integer 8;
| option ms-classless-static-routes code 249 = array of integer 8;
| 
| option rfc3442-classless-static-routes 24, 172,24,4, 172,24,0,4,  24, 
192,168,72, 172,24,0,4,  0, 172,24,0,1;
| option ms-classless-static-routes  24, 172,24,4, 172,24,0,4,  24, 
192,168,72, 172,24,0,4,  0, 172,24,0,1;

It is ISC dhcp server configuration saying

  ip route add 172.24.4.0/24 via 172.24.0.4
  ip route add 192.168.72.0/24 via 172.24.0.4
  ip route add default via 172.24.0.1

twice.  Once in standard and once for Microsoft systems.

Thing I'm trying to say:

 When those wierd Microsoft systems consider option 121 as persistent,
 maybe you can try option 249.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Bug with conf file

[Geert Stappers]

On Mon, Feb 18, 2019 at 12:40:15PM -0500, Zac Morris wrote:
>  There seems to be a bug with the
> *dhcp-hostsfile=*
> ...option in a config file.
> 
> The man page <http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html>
> states that:
> The format of a line is the same as text to the right of '=' in
> *--dhcp-host*
> 
> ...when I try to use that format I get startup error:
> dnsmasq: bad option at line 2 of /etc/dnsmasq.d/dhcp-hosts
> 
> ...when I try to add the dhcp-host= to be beginning of each line, the
> server *will start* but I get the following warnings in the log file:
>  bad hex constant at line 2 of /etc/dnsmasq.d/dhcp-hosts
> 
> Based on searches this seems to be a known issue, so I switched to using
> the conf-file= option which starts with no errors or warnings.
> 
> Both errors seem to originate in options.c but I don't know c well enough
> to supply a fix.
 
Please supply files to reproduce it.


> The workaround *works*, but you don't get the SIGHUP auto-reload of the
> dhcp-hosts without stopping the deamon.
> 
> 
> Thanks,
> -Zac
> 
> dnsmasq --version
> Dnsmasq version 2.76  Copyright (c) 2000-2016 Simon Kelley

Testing with 2.80 would also be good.



Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] DHCPv6: Honor assigning IPv6 address based on MAC address

[Geert Stappers]

Another request for

Hey, could this patch get reviewed?


On 06-02-2019 21:29, Pali Rohár wrote:
> PING
>
> On Friday 11 January 2019 17:52:43 Pali Rohár wrote:
>> Hello, can somebody look at this patch?
>>
>> I remember that more people asked for ability to assign IPv6 address
>> based on MAC address specified in config file, rather then IAID/DUID.
>>
>> On Monday 17 December 2018 18:41:09 Pali Rohár wrote:
>>> Currently IPv6 addresses are assigned to tuple (IAID, DUID). When system
>>> changes IAID/DUID then old assigned IPv6 address cannot be reused, even
>>> when in config file was DHCPv6 assignment based on MAC address (and not on
>>> DUID).
>>>
>>> IAID/DUID is changed when rebooting from one operating system to another;
>>> or after reinstalling system. In reality it is normal that DUID of some
>>> machine is changed, so people rather assign also IPv6 addresses based on
>>> MAC address.
>>>
>>> So assigning IPv6 based on MAC address in dnsmasq is currently semi-broken.
>>>
>>> This patch tries to fix it and honors IPv6 config rules with MAC address,
>>> to always assign particular IPv6 address to specific MAC address (when
>>> configured). And ignores the fact if IAID/DUID was changed.
>>>
>>> Normally IPv6 address should be assigned by IAID/DUID (which also state
>>> DHCPv6 RFCs), but dnsmasq has already some support for assigning IPv6
>>> address based on MAC address, when users configured in config file.
>>>
>>> So this patch just tries to fix above problem for user configuration with
>>> MAC addresses. It does not change assignment based on DUID.
>>>
>>> Also this patch adds support for allowing IPv6 address to be associated
>>> with multiple hardware addresses, and gives dnsmasq permission to abandon a
>>> lease. This is similar functionality as already supported for IPv4 address.
>>> ---
>>>  man/dnsmasq.8 |  9 ++---
>>>  src/rfc3315.c | 62 
>>> ++-
>>>  2 files changed, 59 insertions(+), 12 deletions(-)
>>>
>>> diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
>>> index f01a5ba..8614f08 100644
>>> --- a/man/dnsmasq.8
>>> +++ b/man/dnsmasq.8
>>> @@ -1068,10 +1068,13 @@ will only match a
>>>  Token-Ring hardware address, since the ARP-address type for token ring
>>>  is 6. 
>>>  
>>> -As a special case, in DHCPv4, it is possible to include more than one
>>> -hardware address. eg:
>>> +It is possible to include more than one hardware address. eg for IPv4:
>>>  .B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2
>>> -This allows an IP address to be associated with
>>> +or for IPv6:
>>> +.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,[::2]
>>> +or for both:
>>> +.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2,[::2]
>>> +This allows an IPv4 and/or IPv6 address to be associated with
>>>  multiple hardware addresses, and gives dnsmasq permission to abandon a
>>>  DHCP lease to one of the hardware addresses when another one asks for
>>>  a lease. Beware that this is a dangerous thing to do, it will only
>>> diff --git a/src/rfc3315.c b/src/rfc3315.c
>>> index a20776d..c83cf2d 100644
>>> --- a/src/rfc3315.c
>>> +++ b/src/rfc3315.c
>>> @@ -54,7 +54,7 @@ static struct prefix_class 
>>> *prefix_class_from_context(struct dhcp_context *conte
>>>  #endif
>>>  static void mark_context_used(struct state *state, struct in6_addr *addr);
>>>  static void mark_config_used(struct dhcp_context *context, struct in6_addr 
>>> *addr);
>>> -static int check_address(struct state *state, struct in6_addr *addr);
>>> +static int check_address(struct state *state, struct dhcp_config *config, 
>>> struct in6_addr *addr);
>>>  static void add_address(struct state *state, struct dhcp_context *context, 
>>> unsigned int lease_time, void *ia_option, 
>>> unsigned int *min_time, struct in6_addr *addr, time_t 
>>> now);
>>>  static void update_leases(struct state *state, struct dhcp_context 
>>> *context, struct in6_addr *addr, unsigned int lease_time, time_t now);
>>> @@ -746,7 +746,7 @@ static int dhcp6_no_relay(struct state *state, int 
>>> msg_type, void *inbuff, size_
>>> /* If the client asks for an address on the same network as 
>>> a configured address, 
>>>offer the configured address instead, to make moving to 
>>> newly-configured
>>>addresses automatic. */
>>> -   if (!(c->flags & CONTEXT_CONF_USED) && config_valid(config, 
>>> c, ) && check_address(state, ))
>>> +   if (!(c->flags & CONTEXT_CONF_USED) && config_valid(config, 
>>> c, ) && check_address(state, config, ))
>>>   {
>>> req_addr = addr;
>>> mark_config_used(c, );
>>> @@ -755,8 +755,14 @@ static int dhcp6_no_relay(struct state *state, int 
>>> msg_type, void *inbuff, size_
>>>   }
>>> else if (!(c = address6_available(state->context, 
>>> _addr, solicit_tags, plain_range)))
>>>  

Re: [Dnsmasq-discuss] Referring the PXE GUID / UUID in dhcp script

[Geert Stappers]

On Wed, Feb 20, 2019 at 03:38:27PM +0900, 西谷優希 wrote:
> Hi,
> 
> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2010q1/003844.html
> As mentioned in this post, a PXE request contains a GUID / UUID value.
> Is there a way to refer this GUID / UUID in dhcp script?
> 
> I'd like to implement like below:
> 1. execute PXE Boot
> 2. send DHCP request to dhsmasq
> 3. hook dhcp-script which does:
>   - refer UUID of the client
>   - take the the client information from CMDB
>   - create pxelinux.cfg/ with the taken information(e.g. RAID type,
> kernel version)
> 4. send DHCP response to the host
> 5. booting goes on ...
> 
> Of course, it is possible to use the MAC address of NIC in place of UUID,
> but it can be changed by repair and replacement and the priority of UUID is
> higher than the MAC address of NIC for pxelinux.
> So it's great if GUID / UUID can be referred in dhcp script.

I did read that as
  How are GUID/UUID provided to  dhcp-script?

Reading http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
did not clearly reveal it.  My startpoint would

|  If the client provides user-classes, 
DNSMASQ_USER_CLASS0..DNSMASQ_USER_CLASSn 

and see if DNSMASQ_USER_CLASS97 is indeed GUID/UUID


Hope this helps,

Regards
Geert Stappers
Devops Engineer Hendrikx ITC


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Reverse of option 121

[Geert Stappers]

On Mon, Jan 28, 2019 at 06:44:22PM +0100, Daniel Huhardeaux wrote:
> Hi,
> 
> I have a setup where 3 VLANs are involved and stateless-static-route are
> sended for one of them. Some devices can be part of one or another of this
> VLANs.
> 
> Problem is that if a device was connected to the VLAN who sended the
> static-routes, when switching to one of the other VLAN the static-routes are
> still there.
> 
> Is there a way to remove static routes via a dhcp option ? Opposite of
> option 121 ?
> 
> Thanks for any hint
> 

On Linux with NetworkManager are all routes over a device deleted
whenever the device is disconnected.

So when you have a disconnect upon VLAN hop-over you are fine.

Upon connect happens another DHCP including  option 121 static routes.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Minimal capabilities for options

[Geert Stappers]

On Sun, Jan 20, 2019 at 02:38:46AM -0800, Mathieu Hofman wrote:
> Running dnsmasq in docker currently requires explicitly granting the
> NET_ADMIN capability for the container, or dnsmasq fails to start if
> configured to drop root.
> 
> The failure is due to a capset() call that includes NET_ADMIN when dnsmasq
> attempts to keep capabilities before dropping root. If the capability is
> not already available, the call fails. If dnsmasq doesn't drop root, the
> checks are skipped and it starts successfully without the capability, but
> potentially fails later depending on the configured options.
> 
> From what I gather, the NET_ADMIN capability is only needed to inject a
> neighbor / ARP entry after receiving a DHCP request from a client so that
> the response can be sent using unicast. The capability is not required if
> the DHCP server is disabled or if the dhcp-broadcast option is used.
> 
> The NET_RAW capability is similarly needed to send an ICMP ping before
> allocating an address for a client, but pings are not used if the DHCP
> server is disabled or if the no-ping option is specified.
> 
> I would like to suggest 2 improvements to the way capabilities are handled
> in dnsmasq:
> 
> 1) Only try to keep capabilities which are actually needed according to the
> configured options. If the DHCP server is disabled, do not keep (or request
> if not available) the NET_ADMIN and NET_RAW capabilities. If the
> dhcp-broadcast option is specified, do not include NET_ADMIN. If no-ping is
> specified, do not include NET_RAW.
> Currently the NET_BIND_SERVICE capability is kept only if DAD or dynamic
> binding are required by the config. This suggestion would use similar logic
> for the NET_ADMIN and NET_RAW capabilities.
> 
> 2) Check that the capabilities required for the configuration are available
> to the process when starting, and fail early if they are not. Currently
> capabilities are not checked. It's only a side effect of the capset() call
> when dropping root that dnsmasq will fail to start if a capability is
> missing. If dnsmasq is configured to not drop privileges, such as starting
> as a non-root user, or staying root without changing user, dnsmasq will
> only fail later when attempting to use a feature requiring the capability.
> 
> Optionally, dnsmasq could try to automatically disable any configured
> feature that relies on the missing capability, and probably warn such
> action was taken in the logs. For the NET_RAW capability, it's probably not
> possible to disable pings if the DHCP server is not authoritative as that
> might be too risky. For the NET_ADMIN capability hopefully it's safe to
> automatically switch to dhcp-broadcast.
> 
> For now, I'm working around the current capabilities handling by manually
> dropping root and granting the required capabilities to dnsmasq before
> executing it. Dnsmasq seem to run fine from what I can tell, but I've only
> tested it in my environment.
> My docker config for this is here:
> https://gist.github.com/mhofman/cdd85a6baa4b9206830b254d0ab9bb89
> 
> To summarize the new suggested capabilities logic would be:
> - Figure out the set of capabilities required for the configured options
> (regardless of user config).
> - Check if the process has the required capabilities. Fail if not, or
> optionally gracefully degrade features and warn.
> - If configured to drop root, call capset() only with required capabilities.
> 
> The current alternative is not acceptable in my opinion: keep running as
> root (or worse, in debug mode).
> 
> This change would also help pi-hole which recently added code to check for
> available capabilities before invoking dnsmasq. See
> https://github.com/pi-hole/FTL/issues/432
> 
> A similar request was made in 2013:
> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q2/007188.html
> 

Some how I did read that as
  "Before I spend time on improving dnsmasq source code, I would
   like to known how if changes against capability will be excepted?"


So now writing that explicied.


Cheers
Geert Stappers
DevOps Engineer at Hendrikx-ITC

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Reverse of option 121

[Geert Stappers]

On Tue, Jan 29, 2019 at 01:51:39PM +0100, Daniel Huhardeaux wrote:
> Le 28/01/2019 à 20:11, Geert Stappers a écrit :
> > On Mon, Jan 28, 2019 at 06:44:22PM +0100, Daniel Huhardeaux wrote:
> > > Hi,
> > >
> > > I have a setup where 3 VLANs are involved and stateless-static-route
> > > are sended for one of them. Some devices can be part of one or
> > > another of this VLANs.
> > >
> > > Problem is that if a device was connected to the VLAN who sended
> > > the static-routes, when switching to one of the other VLAN the
> > > static-routes are still there.
> > >
> > > Is there a way to remove static routes via a dhcp option ? Opposite
> > > of option 121 ?
> > >
> > > Thanks for any hint
> > >
> >
> > On Linux with NetworkManager are all routes over a device deleted
> > whenever the device is disconnected.
> >
> > So when you have a disconnect upon VLAN hop-over you are fine.
> >
> > Upon connect happens another DHCP including  option 121 static routes.
> 
> I face this problem with Windows client (8.1)
> 

But a disconnect is seen by that client while switching VLAN?



Cheers
Geert Stappers
DevOps Engineer at Hendrikx ITC


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Can mulitple --conf-dir be specified?

[Geert Stappers]

On Thu, May 30, 2019 at 09:47:34PM +0200, M. Buecher wrote:
> Hi all,
> 
> just thinking about a new dnsmasq setup,

OK, acknowledge.


> and I would like to read .conf files from multiple directories.

Why?
What would be the benefit over multiple files?


> So, is it possible to specify multiple --conf-dir and does this work? Either
> via console parameter or via .conf file.
> The man page only talks from a single directory, but does not explicitly
> deny or allow multiple ones.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Can mulitple --conf-dir be specified?

[Geert Stappers]

On Fri, May 31, 2019 at 12:45:01AM +0200, M. Buecher wrote:
> On 2019-05-30 23:37, Geert Stappers wrote:
> > On Thu, May 30, 2019 at 09:47:34PM +0200, M. Buecher wrote:
> > > Hi all,
> > > 
> > > just thinking about a new dnsmasq setup,
> > 
> > OK, acknowledge.
> > 
> > 
> > > and I would like to read .conf files from multiple directories.
> > 
> > Why?
> > What would be the benefit over multiple files?
> 
> I'm always using a modular approach, therefore I already use multiple conf
> files inside a conf dir per instance.
> Now I want to use a common conf dir plus separate conf dirs for my multiple
> dnsmasq instances.


That does not answer
> > What would be the benefit over multiple files?


 
> > > So, is it possible to specify multiple --conf-dir and does this
> > > work? Either via console parameter or via .conf file.
> > > The man page only talks from a single directory, but does not
> > > explicitly deny or allow multiple ones.

 
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=343b7b4ad0e49cd23d41d78fe2a69be3603db502


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Server Statement with regex possible?

[Geert Stappers]

On Sun, Jun 02, 2019 at 02:01:23PM +0200, Stefan Wiederoder wrote:
> Am Mo., 27. Mai 2019 um 12:48 Uhr schrieb Geert Stappers:
> > On 27-05-2019 09:40, Stefan Wiederoder wrote:
> >
> > > Hello list,
> > > I need to configure dnsmasq to query some zones (approx 700 to be
> > > precise) from another DNS server. Is it possible to use regex within
> > > the server statement?
> > >
> > > I saw some mails/patches,
> >
> > Such as?
> >
> 
> I found these URLs while searching for dnsmasq regex support:
> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2012q1/005615.html
> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q2/007124.html
> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q2/012311.html
> https://github.com/lixingcong/dnsmasq-regex
> 
> but I don't know if one of those patches made it into mailine - at least I've 
> found
> nothing within the documentation. But maybe this indicates the current state, 
> no
> regex support with the server statement.
> 
> > > but nothing within the documentation.
> > >
> > > Any example would be greatly appreciated.
> > >
> > > I'm using Version 2.76 on rhel7, but i have no problem to compile a
> > > newer version.


Feel free to enrich our mailinglist archive.


Regards
Geert Stappers


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Noisy DHCPv6 DHCPADVERTISE

[Geert Stappers]

On Sat, Jun 01, 2019 at 08:02:27PM -0700, Sam Edwards wrote:
> Hello,
> 
> I have dnsmasq set up to provide IPv6 RAs with the SLAAC bit set,
> and also serve select static DHCPv6 leases. Everything is set up and
> working correctly, but because only some devices have a static lease
> set up, and there is no DHCPv6 pool, my logs fill up with entries from
> devices that don't get a lease, reporting that there is no address
> available for them.
> 
> Jun  1 19:46:56 dnsmasq-dhcp[4798]: DHCPADVERTISE(switch0.5) 
> 00:02:00:00:01:57:72:f6:40:68:e8:c6:6d:4e:8e:bd:fc:34:65:xx:xx:xx,no 
> addresses available
> Jun  1 19:47:33 dnsmasq-dhcp[4798]: DHCPADVERTISE(switch0.5) 
> 00:01:00:01:1d:b7:03:73:3c:07:54:xx:xx:xx,no addresses available
> Jun  1 19:48:12 dnsmasq-dhcp[4798]: DHCPADVERTISE(switch0.5) 
> 00:01:00:01:21:4c:7f:01:08:66:98:xx:xx:xx,no addresses available
> Jun  1 19:48:57 dnsmasq-dhcp[4798]: DHCPADVERTISE(switch0.5) 
> 00:02:00:00:01:57:72:f6:40:68:e8:c6:6d:4e:8e:bd:fc:34:65:xx:xx:xx,no 
> addresses available
> Jun  1 19:49:24 dnsmasq-dhcp[4798]: DHCPADVERTISE(switch0.5) 
> 00:01:00:01:1d:b7:03:73:3c:07:54:xx:xx:xx,no addresses available
> Jun  1 19:50:04 dnsmasq-dhcp[4798]: DHCPADVERTISE(switch0.5) 
> 00:01:00:01:21:4c:7f:01:08:66:98:xx:xx:xx,no addresses available
> Jun  1 19:50:57 dnsmasq-dhcp[4798]: DHCPADVERTISE(switch0.5) 
> 00:02:00:00:01:57:72:f6:40:68:e8:c6:6d:4e:8e:bd:fc:34:65:xx:xx:xx,no 
> addresses available
> Jun  1 19:51:15 dnsmasq-dhcp[4798]: DHCPADVERTISE(switch0.5) 
> 00:01:00:01:1d:b7:03:73:3c:07:54:xx:xx:xx,no addresses available
> Jun  1 19:51:17 dnsmasq-dhcp[4798]: DHCPADVERTISE(switch0.5) 
> 00:01:00:01:23:38:5f:28:e0:33:8e:xx:xx:xx,no addresses available
> Jun  1 19:51:54 dnsmasq-dhcp[4798]: DHCPADVERTISE(switch0.5) 
> 00:01:00:01:21:4c:7f:01:08:66:98:xx:xx:xx,no addresses available
> 
> I see in the source, around line 899 of src/rfc3315.c that there is
> code to suppress these messages when dnsmasq is operating strictly in
> stateless IPv6 mode, but that of course doesn't apply to me.
> 
> The question I guess I'm really asking here then, is if the log entry
> that's emitted on line 905 of src/rfc3315.c shouldn't be a log6_quiet
> instead of a log6_packet, or if there's a feeling that this log line
> is important enough to be present at all times.
> 
> Here's the relevant part of my configuration for reference:
> 
> quiet-dhcp
> quiet-dhcp6
> quiet-ra
> enable-ra
> ra-param=*,mtu:tun0,high,60

At http://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html is
 
dhcp-range=[tag:[,tag:],][set:,][,|constructor:][,][,][,]

 ...

 The optional  keyword may be static which tells dnsmasq to enable
 DHCP for the network specified, but not to dynamically allocate IP
 addresses: only hosts which have static addresses given via --dhcp-host
 or from /etc/ethers will be served. A static-only subnet with address
 all zeros may be used as a "catch-all" address to enable replies to all
 Information-request packets on a subnet which is provided with
 stateless DHCPv6, ie --dhcp-range=::,static

> dhcp-range=set:Clients-v6,::,constructor:switch0.5,static,slaac,64,24h

There is no mode 'static,slaac'.  And mode 'static' is most likely
the reason for the reported "no addresses available".

If so we, dnsmasq project, have to discuss this manual page snippet

 A static-only subnet with address all zeros may be used as a "catch-all"
 address to enable replies to all Information-request packets on a subnet
 which is provided with stateless DHCPv6, ie --dhcp-range=::,static

further. Or maybe not, an Information-request is another request
as a request for an address.


> dhcp-option=tag:Clients-v6,option6:dns-server,[::]
> dhcp-option=tag:Clients-v6,option6:domain-search,example.com

And at http://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html is this
 
dhcp-host=[][,id:|*][,set:][,][,][,][,ignore]

Now find ',' or ',ignore' in belows  dhcp-host lines.

> dhcp-host=3c:07:54:xx:xx:xx,set:Clients-v6,[::5],caesar,caesar.example.com
> dhcp-host=id:00:01:00:01:20:69:f8:4b:b8:27:eb:xx:xx:xx,set:Clients-v6,[::7],prince,prince.example.com
> dhcp-host=id:00:03:00:01:00:1f:f3:xx:xx:xx,set:Clients-v6,[::9],kitchen.example.com
> dhcp-host=22:88:fe:xx:xx:xx,set:Clients-v6,[::235],adiutor,adiutor.example.com
> dhcp-host=8e:16:5c:xx:xx:xx,set:Clients-v6,[::91],peel,peel.example.com
> dhcp-host=7e:44:1c:xx:xx:xx,set:Clients-v6,[::126],solium,solium.example.com
> dhcp-host=fa:76:fc:xx:xx:xx,set:Clients-v6,[::222],fenestram,fenestram.example.com
> dhcp-host=id:00:01:00:01:23:f2:35:79:6c:0b:84:xx:xx:xx,set:Clients-v6,[::250],imbrem,imbrem.example.com
 


Regards
Geert Stappers
Looking forward to "Yes, now it works also me" messages.
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Server Statement with regex possible?

[Geert Stappers]

On 27-05-2019 09:40, Stefan Wiederoder wrote:

> Hello list, 
> I need to configure dnsmasq to query some zones (approx 700 to be
> precise) from another DNS server. Is it possible to use regex within
> the server statement?
>
> I saw some mails/patches,

Such as?


> but nothing within the documentation. 
>
> Any example would bei greatly appreciated.
>
> I'm using Version 2.76 on rhel7, but i have no problem to compile a
> newer version.
>
>
> Thanks,
> Stefan
>
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNSMASQ used to force redirection for testing. IPv6 transport issue.

[Geert Stappers]

On 07-06-2019 16:48, Mcginniss, David S wrote:

> All,
>
>  
>
> I have loaded DDWRT on a small router and I am having the issue as
> follows.
>
>  
>
> I have set an IP for a FQDN as follows.
>
>  
>
> listen-address=127.0.0.1
>
Why  listen on localhost?   ( please elaborate that configuration
decission )


> listen-address=::1
>
> address=/FQDN/XXX.XXX.XXX.XXX
>
> The if a WiFi UE makes an A record query over IPv4 transport all is
> well and I am able to force connection to the XXX.XXX.XXX.XXX node I
> am testing.  The GTM serving the DNS has many geographic nodes and
> within regions many nodes served round robin.  The problem is when
> dual stack clients attach they prefer IPv6 and will send their A
> record query out over IPv6 and get another IP from the GTM pool. This
> is correct behavior the devices do both  and A record searches
> over IPv6. 
>
>  
>
> It is these clients that I am testing with and to make testing valid I
> need to leave them in out of the box condition.
>
>  
>
> I need to have the Router reply to the IPv6 A record query with my
> fixed address and I haven’t been able to figure out how to force it to
> do so.
>

FWIW    I haven't been able to figure out what the use case is.


>  
>
> Anyone who has already tackled this and could enlighten me from this list?
>
>  
>
>

Regards

Geert Stappers


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq compilation and dependencies

[Geert Stappers]

On Wed, Jun 12, 2019 at 03:19:04PM +, SALA MASSIMO wrote:
> Hi
> 
> 
> I have some servers with linux 2.6.18.
> 
> I know... but I cannot upgrade because of legacy applications,
> it's ok for us, they are only for intranet usage.
> 
> 
> Pls a few questions:
> 
> 1) configure and compile vs dnsmasq --help
> 
> 
> I want only the DNS daemon, a minimal version (not authoritative).
> 
> I tried this:
> 
>  make COPTS="-DNO_AUTH DNO_DHCP -DNO_INOTIFY -DNO_IPV6 -DNO_SCRIPT 
> -DNO_TFTP"
> 
> and it succeded.
> 
> 
> However running
> 
>  src/dnsmasq --help
> 
> I still see some options regarding the excluded features (like dhcp).
> 
> Is this ok ?
> 

Please, compare
make COPTS="-DNO_AUTH DNO_DHCP -DNO_INOTIFY -DNO_IPV6 -DNO_SCRIPT -DNO_TFTP"
with
make COPTS="-DNO_AUTH -DNO_DHCP -DNO_INOTIFY -DNO_IPV6 -DNO_SCRIPT 
-DNO_TFTP"
 

> 2) dependencies
> 
> 
> >From the  http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
> 
> I don't understand the dependencies on shared libraries.
> 
> 
> Example: an excerpt from ver 2.79
> 
> Tidy up Crypto code, removing workarounds for ancient
> versions of libnettle. We now require libnettle 3.
> 
> 
> With the aforementioned options (1), is libnettled required?
> 
> The output of ldd src/dnsmasq shows only
> 
> linux-vdso.so.1 =>  (0x2aaab000)
> libc.so.6 => /lib64/libc.so.6 (0x003ed480)
> /lib64/ld-linux-x86-64.so.2 (0x003ed4400000)
> 
> 
> On linux  2.6.18 I tried to download and compile libnettle3, but there are 
> too many broken dependencies.
> Is it possibile to use dnsmasq 2.80 without this library?


 
Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Lease comes back after removing

[Geert Stappers]

On 23-06-2019 08:06, A C wrote:

> I'm having trouble removing leases from my system.  I have a client that
> accepted a lease in my DHCP range before I remembered to put it in
> /etc/ethers and /etc/hosts to give it a static lease.
>
> I turned off the client, stopped dnsmasq, removed the lease file entry
> in /var/lib/misc/dnsmasq.leases and then restarted dnsmasq.  Then I
> restarted the client.  It again found the original lease in my DHCP
> range instead of picking one from /etc/ethers (in fact it reports "not
> giving name ap.lan to the DHCP lease of 10.0.200.102 because the name
> exists in /etc/hosts with address 10.0.0.252").
>
> How can I fully purge the lease and get it to start over?  The client is
> an embedded device and has no memory of the lease once I power cycle it
> so somehow dnsmasq is remembering even though the lease file was purged.
>
Recently I had simular sympthoms, infact still have them.

It give me the akward feeling that `readethers` does not work as I expect.

Because it was the first time that i used Dnsmasq with  /etc/ethers I
choose to continue with the netboots I have to do.


Yes, most likely will it bite me another time.

Meanwhile send your report of (successfull) mapping of IPv4 address on
MAC address through  /etc/ethers


Cheers

Geert Stappers




___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Lease comes back after removing

[Geert Stappers]

On Sun, Jun 23, 2019 at 09:33:21AM -0700, A C wrote:
> On 2019-06-23 03:32, Geert Stappers wrote:
> > On 23-06-2019 08:06, A C wrote:
> > 
> >> I'm having trouble removing leases from my system.  I have a client that
> >> accepted a lease in my DHCP range before I remembered to put it in
> >> /etc/ethers and /etc/hosts to give it a static lease.
> >>
> >> I turned off the client, stopped dnsmasq, removed the lease file entry
> >> in /var/lib/misc/dnsmasq.leases and then restarted dnsmasq.  Then I
> >> restarted the client.  It again found the original lease in my DHCP
> >> range instead of picking one from /etc/ethers (in fact it reports "not
> >> giving name ap.lan to the DHCP lease of 10.0.200.102 because the name
> >> exists in /etc/hosts with address 10.0.0.252").

Please check if I understand that,
that the configuration is simular to this:

/etc/dnsmasq.conf:

dchp-range=10.0.200.101-10.0.200.150
readethers


/etc/ethers
00:00:ca:fe:be:ef   ap.lan


/etc/hosts

10.0.0.252  ap.lan



> >> How can I fully purge the lease and get it to start over?  The client is
> >> an embedded device and has no memory of the lease once I power cycle it
> >> so somehow dnsmasq is remembering even though the lease file was purged.
> >>
> > Recently I had simular sympthoms, infact still have them.
> > 
> > It give me the akward feeling that `readethers` does not work as I expect.
> > 
> > Because it was the first time that i used Dnsmasq with  /etc/ethers I
> > choose to continue with the netboots I have to do.
> > 
> > 
> > Yes, most likely will it bite me another time.
> > 
> > Meanwhile send your report of (successfull) mapping of IPv4 address on
> > MAC address through  /etc/ethers
> 
> /etc/ethers works fine for me, I have 50 clients listed in it, no issues. 

Acknowledge on that.  ( and no questions asked why it works fine )


> My only issue is when I forget to add a client to the list
> prior to first putting it online and it acquires a lease from the DHCP
> lease pool instead of the IP I want to give it via the combination of
> ethers/hosts.  After that I have extreme difficulty purging the lease to
> force a new address.


My /etc/ethers has a line like

00:02:b0:ef:f0:ef  kornuit

Doing `host kornuit` returns correctly the IPv4 address that is in DNS.
(other DNS as dnsmasq  ( no kornuit entry in /etc/hosts ))


I also stopped dnsmasq, removed the lease file and restarted dnsmasq.

Did another PXE netboot  ( consider it an embedded device, it has no
memory of previous lease )

Server kornuit got the IPv4 address as before, one from the Dnsmasq
DHCP range. Where it looks like a persistent DHCP lease, do I think
that it is algoritme that hands out each time the same IPv4 address.

Thing I need to verify is if dnsmasq does do a DNS-lookup on 'kornuit'
after reading /etc/ethers.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Starting as non-root

[Geert Stappers]

On 13-05-2019 11:02, Roy Marples wrote:
> On 13/05/2019 09:31, Kristoffel Pirard wrote:
>> The dnsmasq man page for the --user parameter says that "Dnsmasq must
>> _normally_ be started as root".  We tested starting as non-root user,
>> but with capabilities cap_net_bind_service, cap_net_admin,
>> cap_net_raw.  It currently seems to work, but I'm debating if we
>> should actually use this 'hack'.
>>
>> So should the ambiguous adverb 'normally' be removed from the
>> documentation?  If not, what are the circumstances in which it is
>> allowed to not start as root?
>
> The whole world is not Linux. Most other OS's don't have these caps.
>
>
In other words:    The _normally_  in  'Dnsmasq must normally be started
as root' is correct.


Cheers

Geert Stappers






___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss