Re: [Dnsmasq-discuss] 2 routes

[Geert Stappers via Dnsmasq-discuss]

On Mon, Nov 29, 2021 at 08:18:24AM +0100, Gerrit Kuehn via Dnsmasq-discuss 
wrote:
> On Sun, 28 Nov 2021 15:44:38 -0800 Carl Karsten wrote:
> 
> > Can the server send 2 (or more) pairs of netmask/gateway ?
> 
> Depends. Do you need this for a single interface or for separate ones?
> 
> > Otherwise I suspect this can be done if client has 2 virtual
> > interfaces, do dh request with different client ids.
> 
> Ig you have seprate interfaces, the obvious solution is to ask for a
> dhcp lease and setup for each one. On a single interface, you can,
> e.g., add static routes
> 
> ---
> # Send RFC-3442 classless static routes (note the netmask encoding)
> #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
> ---

Mmm, that is indeed
what 
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=dnsmasq.conf.example;hb=HEAD#l415
has.


As I read RFC 3442 I would expect
  dhcp-option=121, 24,192,168,1,1,2,3,4, 8,10,5,6,7,8

So destination 192.168.1.0/24 encoded as 24,192,168,1
and destination 10.0.0.0/8 encoded as 8,10



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] CNAME responses are not processed through address=/ ... / filter

[Geert Stappers via Dnsmasq-discuss]

On Thu, Nov 25, 2021 at 11:05:03AM -0600, Alex Rainchik wrote:
> Hello,
> 
> This is my first message here :)

Welcome


> Not sure if it’s a bug or feature request :)

Me neither 8^)

 
> It looks like CNAME responses are not processed through address=/ ...  / 
> filter,
> here is an example
> 
> Config file test.cfg:
> 
> # listening DNS port
> port=3
> # do not read /etc/resolv.conf at all
> no-resolv
> # do not re-read /etc/resolv.conf when file was changed by ISP
> no-poll
> # default upstream dns server
> server=1.1.1.1
> address=/setup.fe.apple-dns.net/10.10.10.10
> log-debug
> log-queries=extra
> log-facility=/dev/stdout
> keep-in-foreground
> no-daemon
> 
> Running test as “dnsmasq -C test.cfg”
> 
> Direct query for "setup.fe.apple-dns.net" works as expected:
> 
> username@mac:~$ dig @127.0.0.1 -p3 -t A setup.fe.apple-dns.net. +short
> 10.10.10.10
> 
> However when I query "setup.icloud.com", which is a CNAME pointing to
> "setup.fe.apple-dns.net" it does not get processed trough
> address=/ … / filter:
> 
> username@mac:~$ dig @127.0.0.1 -p3 -t A setup.icloud.com +short
> setup.fe.apple-dns.net.
> 17.248.190.138
> 17.248.190.206
> 17.248.190.112
> 17.248.190.68
> 17.248.168.72
> 17.248.190.71
> 17.248.168.68
> 17.248.190.104
> 
> Expected behavior would be for setup.icloud.com query to get
> "10.10.10.10" response, same as for setup.fe.apple-dns.net. Because
> setup.icloud.com is a CNAME pointing to setup.fe.apple-dns.net



$ dig @9.9.9.9 -t A setup.icloud.com

; <<>> DiG 9.16.13-Debian <<>> @9.9.9.9 -t A setup.icloud.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30811
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;setup.icloud.com.  IN  A

;; ANSWER SECTION:
setup.icloud.com.   3371IN  CNAME   setup.fe.apple-dns.net.
setup.fe.apple-dns.net. 19  IN  A   17.248.177.5
setup.fe.apple-dns.net. 19  IN  A   17.248.176.36
setup.fe.apple-dns.net. 19  IN  A   17.248.176.50
setup.fe.apple-dns.net. 19  IN  A   17.248.177.40
setup.fe.apple-dns.net. 19  IN  A   17.248.176.237
setup.fe.apple-dns.net. 19  IN  A   17.248.176.41
setup.fe.apple-dns.net. 19  IN  A   17.248.176.233
setup.fe.apple-dns.net. 19  IN  A   17.248.176.48

;; Query time: 28 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: do nov 25 18:44:52 CET 2021
;; MSG SIZE  rcvd: 209



As I see it:

 * the `dig -t A setup.icloud.com` is one single request
 * the response comes from one single upstream server
 * there is no need for Dnsmasq to redact the response


My advise to original poster is to add
 address=/setup.icloud.com/10.10.10.10
to the configuration.


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Behavior change of upstream servers set via DBus

[Geert Stappers via Dnsmasq-discuss]

On Tue, Nov 09, 2021 at 10:10:26PM +0800, Jerry Xiao wrote:
> I have 30k+ lines of rules like "server=/somehost.tld/#" in my config.
> What I need is to use the dhcp assigned dns server for those 30k+
> domains and forward the others to 1.1.1.1.

What **we** need is more important.


> This is not possible with your config.

Please express that from good community member
to fellow community members.

In other words:  Learn where to make demands.


And karma bonus points for showing the world
that you understand there time zone differences.
So reply below previous to make skipping message
possible (huge time gain) and reading in the discussion
order possible (huge gain in logical thinking).


Regards
Geert Stappers

P.S.
Neither am I a native english speaker,
I might misreading "You must fix my problem!", no hard feelings.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq hangs after a certain time

[Geert Stappers via Dnsmasq-discuss]

On Fri, Oct 29, 2021 at 03:00:11PM +0200, Felix Queißner wrote:
> Hello List!
> 
> I deployed a dnsmasq installation[0] in a Docker container that is built on
> top of debian and the s6-overlay software. It also contains a custom
> software that reads data from a mariadb and writes the dnsmasq config files.
> 
> This software will then send the HUP signal to dnsmasq when the config files
> change.
> 
> The problem will then appear one to three days later and dnsmasq will just
> stop working. The process won't exit, and doesn't react to signals anymore.
> Only using `kill` with SIGKILL will stop dnsmasq, which is then restarted by
> s6. dnsmasq will not answer any DHCP or DNS requests in that time.
> 
> Is that a known bug? Is this a new one?

> Can i somehow help reproducing/debugging the bug?

> I have experience in C development,
> so i can use gdb if it is required/wanted.

Start with it, don't wait for approval.

 
> Best regards
> - Felix "xq" Queißner
> 
> 
> [0]
> Dnsmasq version 2.85  Copyright (c) 2000-2021 Simon Kelley

Version 2.86 is released
and git has some work done for 2.87


> Compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6
> no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify
> dumpfile


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq and VPN client updates resolv.conf with multiple nameservers

[Geert Stappers via Dnsmasq-discuss]

On Wed, Nov 03, 2021 at 11:45:15PM +0100, Johannes Stezenbach wrote:
> Hi,
> 
> I've tried current git version v2.87test4-2-g9560658c5ba2.
> 
> Usually /run/dnsmasq/resolv.conf has only one entry for my
> home Wifi router.
> When I enable a VPN connection two more entries are added,
> but dnsmasq doesn't read it correctly.

} but dnsmasq doesn't deal with it as I expected.
or
} but dnsmasq doesn't deal with it as I hoped for.

 
> Real:
> nameserver 10.x.xx.60
> nameserver 10.x.xx.75
> nameserver 192.168.178.1
> 
> dnsmasq log:
> Nov  3 23:19:56 dnsmasq[31323]: reading /run/dnsmasq/resolv.conf
> Nov  3 23:19:56 dnsmasq[31323]: using nameserver 192.168.178.1#53
> Nov  3 23:19:56 dnsmasq[31323]: using nameserver 10.x.xx.75#53
> Nov  3 23:19:56 dnsmasq[31323]: using nameserver 192.168.178.1#53
> 
> 
> Queries then fail with NXDOMAIN.



> FWIW I still use --strict-order.
 



My guess it that reloading  dnsmasq after VPN open / close cloud help.

Please expriment with it and report back.

 
> Best Regards,
> Johannes
> 

Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq and VPN client updates resolv.conf with multiple nameservers

[Geert Stappers via Dnsmasq-discuss]

On Thu, Nov 04, 2021 at 10:00:03AM +0100, Johannes Stezenbach wrote:
> On Thu, Nov 04, 2021 at 07:46:18AM +0100, Geert Stappers via Dnsmasq-discuss 
> wrote:
> > On Wed, Nov 03, 2021 at 11:45:15PM +0100, Johannes Stezenbach wrote:
> > > 
> > > I've tried current git version v2.87test4-2-g9560658c5ba2.
> > > 
> > > Usually /run/dnsmasq/resolv.conf has only one entry for my
> > > home Wifi router.
> > > When I enable a VPN connection two more entries are added,
> > > but dnsmasq doesn't read it correctly.
> > 
> > } but dnsmasq doesn't deal with it as I expected.
> > or
> > } but dnsmasq doesn't deal with it as I hoped for.
> 
> It is a regression compared to cbbd56c96583, which I used before
> because it had the fix for an issue I had reported.
> 
> > > Real:
> > > nameserver 10.x.xx.60
> > > nameserver 10.x.xx.75
> > > nameserver 192.168.178.1
> > >
> > > dnsmasq log:
> > > Nov  3 23:19:56 dnsmasq[31323]: reading /run/dnsmasq/resolv.conf
> > > Nov  3 23:19:56 dnsmasq[31323]: using nameserver 192.168.178.1#53
> > > Nov  3 23:19:56 dnsmasq[31323]: using nameserver 10.x.xx.75#53
> > > Nov  3 23:19:56 dnsmasq[31323]: using nameserver 192.168.178.1#53
> 
> > > FWIW I still use --strict-order.
>  
> I suppose --strict-order could play a role here.
 
Yes could be, but with
>>> Real:
>>> nameserver 10.x.xx.60
>>> nameserver 10.x.xx.75
>>> nameserver 192.168.178.1

there should have be
>>> dnsmasq log:
>>> Nov  3 23:19:56 dnsmasq[31323]: reading /run/dnsmasq/resolv.conf
}}} Nov  3 23:19:56 dnsmasq[31323]: using nameserver 10.x.xx.60#53
>>> Nov  3 23:19:56 dnsmasq[31323]: using nameserver 10.x.xx.75#53
>>> Nov  3 23:19:56 dnsmasq[31323]: using nameserver 192.168.178.1#53


> } My guess it that reloading  dnsmasq after VPN open / close could help.
> > Please expriment with it and report back.
> 
> On restart dnsmasq reads it correctly. Sorry I neglected to
> clearly desribe this problem only happens when dnsmasq
> re-reads the /run/dnsmasq/resolv.conf after it changed.
> I tried SIGHUP but it doesn't work to re-read the file.
> "touch /run/dnsmasq/resolv.conf" causes dnsmasq to
> re-read it again, but with same result.
> 

Acknowledge on "reporting a regresssion".

IIRC is it the first report about it.


Advice:
Tell how to reproduce the inconvenience.


Another advice, more a challenge: `git bisect`


stappers@paddy:~/src/dnsmasq
$ git bisect start
stappers@paddy:~/src/dnsmasq
$ git bisect bad 9560658c5ba2
stappers@paddy:~/src/dnsmasq
$ git bisect good cbbd56c96583
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[d2ad5dc073aaacaf22b117f16106282a73586803] Fix truncation logic in 
make_local_answer()
stappers@paddy:~/src/dnsmasq
$ 



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] custom TFTP port

[Geert Stappers via Dnsmasq-discuss]

On Thu, Dec 09, 2021 at 07:42:30PM +, Konstantin Orekhov via 
Dnsmasq-discuss wrote:
> Hello there!

Welcome,


> Just like described
> in 
> https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q4/013650.html,
> I also have a use case in Kubernetes where all containers are running
> as non-root only thus making it impossible for me to start dnsmasq as
> I get permission error:
> dnsmasq: failed to create listening socket for port 69: Permission denied

And what about DNS, port 53,  and DHCP, port 67?


 
> I just love single-port option in dnsmasq for TFTP

Text from 
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q4/013659.html

|This is standard mode:
|IP 172.17.0.2.42447 > 172.17.0.1.69:  22 RRQ "/some_file" netascii
|IP 172.17.0.1.56457 > 172.17.0.2.42447: UDP, length 15
|IP 172.17.0.2.42447 > 172.17.0.1.56457: UDP, length 4
| 
|This is single port mode:
|IP 172.17.0.2.56296 > 172.17.0.1.69:  22 RRQ "/some_file" netascii
|IP 172.17.0.1.69 > 172.17.0.2.56296:  15 DATA block 1
|IP 172.17.0.2.56296 > 172.17.0.1.69:  4 ACK block 1

More text from that thread:
( https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q4/013660.html )
|The TID in the tftp packets is supposed to match the port it's sending
|on.  This is how well-behaving tftp software can verify it's receiving
|the correct packets.  The single-port stuff breaks down when, e.g.,
|you're booting 1500 computers from a given tftpd.
|
|It's always easier to write new code than to learn the existing tools.
|It's just not a sustainable practice, especially when you're violating
|standards in the process.

> and was wondering if custom port for it would be something that is
> possible to add to a list of command line args/config.
> If there's some other way to accomplish the same, please let me know
> as I was not able to find it.


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] tftp hook for "not found"

[Geert Stappers via Dnsmasq-discuss]

On Wed, Dec 01, 2021 at 08:36:47PM -0800, Carl Karsten wrote:
> Subject: Re: [Dnsmasq-discuss] tftp hook for "not found"
> or some way to create a symlink when needed.
> 
> when a pi net boots, it injects its serial number into the path that
> it requests:
> dnsmasq-tftp[678]: file /srv/tftp/7a6d27f6/autoboot.txt not found
> 
> When thathappens, I need to create a symlink:
> id=7a6d27f6
>  ln -s  /srv/tftp/boot /srv/tftp/${id}
> 
> and ideally catch that before it decides to error.  otherwise I'll
> just power cycle the pi and the 2nd time it should work.
> 
> if I understand the docs the hook only gets called on "sent" -
> 
> "The "tftp" action is invoked when a TFTP file transfer completes: the
> arguments are the file size in bytes, the address to which the file
> was sent, and the complete pathname of the file. "
> https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
> 
> I only expect to have 20 - 40 pi's, so it isn't a huge problem if I
> have to boot from SD card to harvest the serial number.  but it would
> be nice if we didn't need to do that.

It would be nice if the clients did not mengle next filename request.

Is the serial number also visible in the DHCP request?


> id=7a6d27f6

Is that a MAC address?



Anyway, this if is from the manual page of dnsmasq

  --dhcp-script=
   Whenever  a  new  DHCP lease is created, or an old one destroyed,
   or a TFTP file transfer completes, the executable specified by
   this  option  is  run.
   The arguments to the process are "add", "old" or "del", the
   MAC address of the  host  (or DUID  for IPv6) , the IP address,
   and the hostname, if known.



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] NetworkManager plugin not forwarding queries

[Geert Stappers via Dnsmasq-discuss]

On Tue, Dec 14, 2021 at 04:50:32PM +0100, Natxo Asenjo wrote:
> hi,
> 
> on a rhel 7.9 host, dnsmasq is not properly forwarding queries to some
> internal domains.
> 
> If I run dnsmasq on the foreground with the same configuration, it works
> fine (only resolving the specified domains)
> 
> Let's see:
> 
> interface=some-bridge-name
> #bind-dynamic
> 
> 
> domain-needed  # do not forward short names
> bogus-priv # drop non routed address spaces
> no-resolv  # do not resolve anything, only whitelist allowed which
> follows
> 
> # whitelisted dns domains
> server=/domain.local/10.xxx.xxx.xx
> server=/domain.local/10.1xxx.xxx.xx
> server=/other.sub.tld/10.1xxx.xxx.xx
> server=/other.sub.tld/10.1xxx.xxx.xx
> 
> # all other domains go to localhost
> address=/#/127.0.0.1
> 
> cache-size=1000
> 
> log-queries
> log-facility=/var/log/dnsmasq.log
> 
> 
> And obviously in /etc/resolv.conf
> 
> nameserver 127.0.0.1
> 
> So, if I restart NetworkMangager, because I added
> 
> # cat /etc/NetworkManager/conf.d/00-use-dnsmasq.conf
> # FILE MANAGED BY TEMPLATE
> # DO NOT MODIFY LOCALLY ALL CHANGES WILL BE OVERWRITTEN
> 
> [main]
> dns=dnsmasq
> 
> dnsmasq is automatically started (the dnsmaqs systemd service unit is
> disabled)
> 
> 
> I query a host in the sub.domain.tld and I have a timeout in dig, no
> servers could be reached.
> 
> 
> in the dnsmasq.log:
> Dec 14 16:36:41 dnsmasq[7508]: query[A] host.sub.domain.tld from 127.0.0.1
> Dec 14 16:36:41 dnsmasq[7508]: forwarded host.sub.domain.tld to 10.xxx.xxx.xx
> Dec 14 16:36:41 dnsmasq[7508]: forwarded host.sub.domain.tld to 10.xxx.xxx.xx
> Dec 14 16:36:46 dnsmasq[7508]: query[A] host.sub.domain.tld from 127.0.0.1
> Dec 14 16:36:46 dnsmasq[7508]: forwarded host.sub.domain.tld to 10.xxx.xxx.xx
> Dec 14 16:36:46 dnsmasq[7508]: forwarded host.sub.domain.tld to 10.xxx.xxx.xx
> 
> Ok, nou I kill dnsmasq, start it with --no-daemon
> 
> and then it works, dnsmasq forwards correctly.
> 
> In both cases I see a listening socket on the right interface port 53
> {udp,tcp}.
> 
> What am I doing wrong?

:-/

 
> Selinux shows no denials (avc empty). I turned it off (permissive), still
> no improvement.
> 
> Any help greatly appreciated.
 
Make a drawing of what you have build.

Then test again and follow the DNS request both
in the drawing and in the computer.

I think there will be mismatches in it,
like the DNS request ending up in another place
was where it should show up in the drawing.

Schematic would be better name for the drawing.


Groeten
Geert Stappers
Former electric engineer, so familiar with schematics
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq on large scale network

[Geert Stappers via Dnsmasq-discuss]

On Thu, Dec 09, 2021 at 03:28:40AM +0100, Petr Menšík wrote:
> On 12/5/21 19:44, Fabian Druschke wrote:
> > Hey friends, i hope you all are doing fine.
> >
> > Currently i'm facing a little challenge. I have a large network with
> > more or less 30k clients, and i need a router for NAT from the LAN
> > subnets, in the 10.0.0.0/8 address space to the outside WAN public ip
> > address. So it's a quite simple scenario.
> >
> > I've purchased a Juniper MX150 router already, but it was the wrong
> > choice due to the lack of NAT support at all. So i wanted to use
> > OpenWrt for this scenario, because it is really really simple to set
> > up for this use.
> >
> > What i'm struggeling with, is the DHCP server included on OpenWrt. By
> > default it's dnsmasq, and it's easy to configure through the LuCi web
> > interface. Before going into production i'd like to make sure if
> > dnsmasq is designed or capable to handle this amount of clients (peak
> > 30k / 5 requests per second).
> >
> > Does someone have experience with such a scenario, and is there a
> > proper tool to benchmark DHCP ?
> >
> 
> Interesting, I am just debugging situation when multiple instances start
> and request DHCP at similar time. Without no-ping option, it works quite
> bad. Even starting 16 instances at the same time does not work reliably
> to us with ping enabled. It seems our 2.79 version is broken, 2.81 were
> fixed. But if you have 5 requests per seconds, I would use more heavy
> server. Dnsmasq is great for small networks, but I think it has no
> design for high performance. It does not scale well with hundreds or
> thousands clients.
> 
> Make sure you use no-ping for good performance. Ping code does just one
> at a time, which makes it quite slow if enabled. I would try dhcp-server
> or kea, it seems you have big enough network.

I would avoid single points of failure.
 

Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Offered IPv4 DHCP address ping fix

[Geert Stappers via Dnsmasq-discuss]

On Wed, Dec 08, 2021 at 01:18:42AM +0100, Petr Menšík wrote:
> Hi Simon and others,
> 
> I am debugging strange issue, which happens inside OpenStack in certain
> situations. It seems under not precisely defined conditions dnsmasq
> returns "no address available" error even in situation, when not yet all
> leases are used.
   
> From 18e49004782549068450cded3c12ff65e44a4308 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= 
> Date: Wed, 8 Dec 2021 00:11:46 +0100
> Subject: [PATCH 2/2] Simplify ICMP ping from dhcp

Should there be a  PATCH 1/2 ?



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] feature: dictionary order import of addn-hosts dirs?

[Geert Stappers via Dnsmasq-discuss]

On Mon, Jul 19, 2021 at 06:52:03PM +0100, Ed W wrote:
> Hi, around 2.82 someone posted a little patch to import the config files in 
> dictionary order, which
> is very useful for situations where you have overlapping definitions. I'm 
> using an addn-hosts stanza
> pointing to a directory and files currently import in a somewhat random order 
> (suppose inode
> order?), which can lead to unexpected reverse host definitions in some cases
> 
> Could we have a dictionary order import for add-hosts files please?

Qouting Dominik from 
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015307.html
} Feature submissions via git patches are welcomed also on this list
} and are known to accelerate feature realization drastically.

So it is a good thing to be more precise then
 "around 2.82 someone posted a little patch to import the config files in 
dictionary order"

Visit the mailinglist archive and come back with the URL
of the (meanwhile outdated??) patch.


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] CS ART - dnsmasq bugs

[Geert Stappers via Dnsmasq-discuss]

On Wed, Jul 21, 2021 at 12:20:14AM +0100, Simon Kelley wrote:
> On 20/07/2021 10:26, Max Julian Hofmann via Dnsmasq-discuss wrote:
> > Dear dnsmasq developers,
> > 
> > the Advanced Research Team at CrowdStrike discovered multiple bugs
> > affecting dnsmasq. The discovered flaws are estimated as low risk. I
> > have attached a PDF file that contains the corresponding technical details.
> > 
> > Please feel free to share the document among other developerts to fix
> > the issues. Please let me know if you have any questions.
> > 
> 
> Thanks for that. I just pushed fixes for all the issues, except a couple
> which have been fortuitously fixed a couple of weeks ago. I think
> everything is done now.

Quoting Petr Mensik (
   https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015275.html 
   Fri Jul 9 12:10:23 UTC 2021
)
 

|Hi Simon,
|
|would you please tag another test version



And more complete quote

| | I have to say, I am very much liking the amount of testing that the new
| | code is getting. It's great to find these regressions _before_ release.
|
|Hi Simon,
|
|would you please tag another test version after fixing build of dbus
|builds? I tried building a test package for Fedora [1], but I would have
|to backport dbus fixes. No recent test release works with dbus enabled,
|which is required on Fedora.


Regards
Geert Stappers

[1] https://copr.fedorainfracloud.org/coprs/pemensik/dnsmasq/build/2312608/
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Change in behaviour of --server

[Geert Stappers via Dnsmasq-discuss]

On Fri, Jul 09, 2021 at 02:10:23PM +0200, Petr Menšík wrote:
> On 7/6/21 10:23 PM, Simon Kelley wrote:
> > On 06/07/2021 12:14, Kevin Darbyshire-Bryant wrote:
> >> Hi Simon,
> >>
> >> An eager OpenWrt tester of current dnsmasq master has noticed the
> >> following change in behaviour:
> > I have to say, I am very much liking the amount of testing that the
> > new code is getting. It's great to find these regressions _before_
> > release.
> >
> Hi Simon,
> 
> would you please tag another test version after fixing build of dbus
> builds?  I tried building a test package for Fedora [1], but I would
> have to backport dbus fixes. No recent test release works with dbus
> enabled, which is required on Fedora.
> 
> Thanks!

Tag  2.86test6 has been announced[2], does it build for Fedora?[3]

 
> Cheers,
> Petr


Groeten
Geert Stappers

1. https://copr.fedorainfracloud.org/coprs/pemensik/dnsmasq/build/2312608/
2. https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015320.html
3. https://copr.fedorainfracloud.org/coprs/pemensik/dnsmasq/builds/
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

[Geert Stappers via Dnsmasq-discuss]

On Fri, Jul 16, 2021 at 08:53:36AM +, Dominik DL6ER wrote:
> Hey,
> 
> On Fri, 2021-07-16 at 02:22 +0200, f...@gmx.de wrote:
> > If i ask dnsmasq BY ipv6, ALL A recorrd are returned (there is no )
> 
> man dnsmasq explicitly says:
> 
> > localise-queries
> > Return answers to DNS queries from /etc/hosts and --interface-name
> > and --dynamic-host which depend on the interface over which the query
> > was received. If a name has more than one address associated with it,
> > and at least one of those addresses is on the same subnet as the
> > interface to which the query was sent, then return only the address(es)
> > on that subnet. This allows for a server to have multiple addresses in
> > /etc/hosts corresponding to each of its interfaces, and hosts will get
> > the correct address based on which network they are attached to.
> > Currently this facility is limited to IPv4. 
> 
> Emphasis on
> 
> > Currently this facility is limited to IPv4. 
> 
> This is not a bug but actually rather expected behavior. The IPv6
> address of the arriving query does not match the subnet of any of the
> two A records you defined. Hence, dnsmasq is unable to determine what
> is the best fit and returns all known A records. This lets the client
> chose the one it can reach and seems meaningful.
> 
> What you request would be adding an interface-dependent address lookup:
> is there any suitable IPv4 address on the same interface. However,a few
> things need to be clarified in this case: how to handle multiple IPv4
> addresses on the same interface each of which having a valid record? It
> is just not possible to localize queries in the same way when it is not
> clear which IPv4 subnet the client is in.
> 
> My advice: There is no advantage in reaching a DNS server internally
> over IPv6 in a dual-stack network. Ensure your clients query dnsmasq
> over IPv4 and your problem is solved in both the simplest and also most
> reliable way.

My advice:
  See how (IPv4 or IPv6) and what (A versus )
  as totally different things.


Groeten
Geert Stappers

@Original Poster: Feel welcome, feeling shy is also fine.
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

[Geert Stappers via Dnsmasq-discuss]

On Fri, Jul 16, 2021 at 08:38:26AM +0200, f...@gmx.de wrote:
> Geert Stappers wrote:
> > On Fri, Jul 16, 2021 at 02:22:05AM +0200, f...@gmx.de wrote:
> > } Hello,
> > }
> > } i have a multi-homed ipv4 ONLY device "Alice". By each subnet it should be
> > } reached by the same name.
> > }
> > } Dnsmasq runs on a ip v4+v6 device "B". In the hosts file is "Alice" with 
> > all
> > } ips and always the same name.
> > }
> > } "localise-queries" is enabled.
> > }
> > }
> > } This works fine as long as i'm asking dnsmasq by ipv4, only the correct
> > } 1 ipv4 record is returned.
> > }
> > } If i ask dnsmasq BY ipv6, ALL A records are returned (there is no )
> > }
> > Please continue, tell what is expected from this mailinglist.
> > 
> 
> 
> I expect from the mailing list that it forwards my bugreport to people
> developing dnsmasq
> 
> "There is a dnsmasq mailing list at
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> <http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss> which
> should be the first location for queries, bugreports, suggestions etc."
> 
> What do you exprect from the mailing list?
} What do you expect from a mailing list?

Humans aware of interacting with other humans, humans finding common ground.


Back to where this email thread should about:

Host Alice is IPv4 only, so has no IPv6 address.
Which  record should exist for Alice?


Right now there is no "bugreport", at least none that I see.



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Query on Force-Renew support on dnsmasq

[Geert Stappers via Dnsmasq-discuss]

On Wed, Jul 14, 2021 at 10:47:35AM +0530, Gocool.. wrote:
> Hi Team,
> 
> I am using the dnsmasq package of version "2.83" as a DHCP server.
> Looking for the option for configuring the "DHCP-FORCERENEW" option in
> dnsmasq.
> 
> When there is a change in the LAN network subnet, the DHCP server should
> trigger FORCE-RENEW packets to all its connected clients. So, all the
> clients immediately get IP in the new subnet configured.
> 
> Could you please let me know whether the FORCE-RENEW option is supported in
> dnsmasq? If Yes, How can I achieve this? Please advise.

https://datatracker.ietf.org/doc/html/rfc2131 Dynamic Host Configuration 
Protocol
 

> Thank you in advance,

You are welcome, I do love to create awareness
about http://www.catb.org/~esr/faqs/smart-questions.html

> Gokul


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Regarding: (Dnsmasq-discuss) localise-queries on ipv6 server does not work with ipv4-only hosts

[Geert Stappers via Dnsmasq-discuss]

On Sat, Jul 17, 2021 at 02:15:53PM +0200, john doe wrote:
> On 7/17/2021 1:52 PM, Kevin Darbyshire-Bryant wrote:
> > On 17 Jul 2021, at 01:32, f...@gmx.de wrote:
> > > Am 16.07.2021 um 13:42 schrieb Geert Stappers:
> > > > ...
> > > All your messages are not helpfull and off topic.
> > > 
> > 
> > I agree.  I have long bitten my tongue on the antics of Geert from
> > when he first appeared on this list in 2017 even to the extent of
> > unsubscribing.  I know others have done so too.  As has been said on
> > this list already "Can you go find another hobby or somewhere else
> > to troll? I have yet to see any kind of usefulness to your belittling
> > users and their questions.  And the cutesy changing of your name along
> > with the witty only to you signatures are quite draining.”  Yes,
> > appearing as ‘Monthly Posting’ or ‘Yes’ or ‘Feed Back’
> > or ‘Web Search’ is real cute.  The sheer number of posts and
> > displayed attitude come across as “I’m the moderator of this
> > list” when there is no such thing.  I wish there were, for surely
> > this annoying turd that simply won’t flush would be long gone.
> > Whilst the intention might have been to increase the signal to noise
> > ratio on this list, quite the opposite has been achieved.
> > 
> 
> Sadly, 'Geert Stappers' is also doing the same kind of things on the
> Debian lists.
> 

I agree should ignore more.


Groeten
Geert Stappers
-- 
Silence is hard to parse


signature.asc
Description: PGP signature
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmasq replying with refuse without forwarding request to upstream server.

[Geert Stappers via Dnsmasq-discuss]

On Fri, Jul 23, 2021 at 05:43:22PM +0530, sunil rathod wrote:
> On Fri, Jul 23, 2021, 17:01 Simon Kelley  wrote:
> > On 23 July 2021 09:35:06 GMT+01:00, sunil rathod wrote:
> >>
> >> I get a warning message saying no upstream servers configured when I
> >> start the dnsmasq.  But in dnsmasq.conf file I have configured upstream
> >> server as below
> >> server=8.8.8.8@eth0
> >> dnsmasq is running but I get that warning message.
> >>
> > 
> > Ok. So you're not configuring a server and getting the expected response.
> > Your problem now is to work out why dnsmasq is not reading your
> > configuration. Note that it logs the configured servers ar start up, so
> > that should help debugging.
> >
> Hello Simon,

Hello All Time Zones and mailing list archive visitors.

> I have configured upstream server in. Conf file as below
> server=8.8.8.8@eth0
> But somehow dnsmasq not able to read it.  Wondering why is it not reading?


Besides the
> > Your problem now is to work out why dnsmasq is not reading your
> > configuration. Note that it logs the configured servers ar start up,
> > so that should help debugging.
there was also
|Could you please
|1. add "log-queries=extra" and "log-facility=/tmp/dnsmasq.log" to your
|   configuration,
|2. restart dnsmasq,
|3. do the DNS query that ends up in REFUSED, and
|4. send us the generated log file
|
|Maybe it reveals something of interest.
|
|Best,
|Dominik


In other words:
  Go beyond "it doesn't work for me" by providing actual information.



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Change in behaviour of --server

[Geert Stappers via Dnsmasq-discuss]

On Thu, Jul 22, 2021 at 08:57:13PM +0200, Geert Stappers via Dnsmasq-discuss 
wrote:
> On Fri, Jul 09, 2021 at 02:10:23PM +0200, Petr Menšík wrote:
> > On 7/6/21 10:23 PM, Simon Kelley wrote:
> > > On 06/07/2021 12:14, Kevin Darbyshire-Bryant wrote:
> > >> An eager OpenWrt tester of current dnsmasq master has noticed the
> > >> following change in behaviour:
> > > I have to say, I am very much liking the amount of testing that the
> > > new code is getting. It's great to find these regressions _before_
> > > release.
> > >
> > Hi Simon,
> > 
> > would you please tag another test version after fixing build of dbus
> > builds?  I tried building a test package for Fedora [1], but I would
> > have to backport dbus fixes. No recent test release works with dbus
> > enabled, which is required on Fedora.
> 
> Tag  2.86test6 has been announced[2], does it build for Fedora?[3]

Yes, it does build.

 
Groeten
Geert Stappers

1. https://copr.fedorainfracloud.org/coprs/pemensik/dnsmasq/build/2312608/
2. https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015320.html
3. https://copr.fedorainfracloud.org/coprs/pemensik/dnsmasq/builds/
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

[Geert Stappers via Dnsmasq-discuss]

On Sun, Jul 25, 2021 at 12:36:25AM +0200, f...@gmx.de wrote:
> 
> > Yes, it does not sound hard, but it is not available. This is a request
> > for a new feature.
> 
> Is this the right place?


Yes, this mailinglist is the right place
to describe feature requests for dnsmasq.


Regards
Geert Stappers
-- 
Mailinglist:
* Humans interacting with humans.
* Humans finding common ground.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

[Geert Stappers via Dnsmasq-discuss]

On Fri, Jul 16, 2021 at 02:22:05AM +0200, f...@gmx.de wrote:
> Hello,
> 
> i have a multi-homed ipv4 ONLY device "A". By each subnet it should be
> reached by the same name.
> 
> Dnsmasq runs on a ip v4+v6 device "B". In the hosts file is "A" with all
> ips and always the same name.
> 
> "localise-queries" is enabled.
> 
> 
> This works fine as long as i'm asking dnsmasq by ipv4, only the correct
> 1 ipv4 record is returned.
> 
> If i ask dnsmasq BY ipv6, ALL A recorrd are returned (there is no )
> 

Please continue, tell what is expected from this mailinglist.


 
Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] SEGV on dnsmasq 2.81

[Geert Stappers via Dnsmasq-discuss]

On Mon, Mar 07, 2022 at 10:37:33AM +0530, Arjun D R wrote:
> Hi Team,
> 
> We are facing a dnsmasq crash on version 2.81. We are not aware of steps to
> trigger the crash, but we used to get this crash frequently.
> 
> Crash Details:
> 

> 
> Dnsmasq logs:
> 

> 
> Is it a known failure/bug?


> Could you please help?

We, being projectlead Simon Kelley and us,
released newer versions of Dnsmasq.

Please try to reproduce the crash with a recent version.
Section "Get Code" at https://dnsmasq.org has link to
tarballs to download and "git clone" instructions.


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Does dnsmasq support cname within same domain?

[Geert Stappers via Dnsmasq-discuss]

On Fri, Mar 04, 2022 at 07:56:23PM +0100, Matus UHLAR - fantomas via 
Dnsmasq-discuss wrote:
> On 03.03.22 10:38, Frank Liu wrote:
> > On Thu, Mar 3, 2022 at 3:52 AM Matus UHLAR - fantomas wrote:
> > > this is strange, my dnsmasq.conf (2.85, debian 11) states:
> > > 
> > > # Provide an alias for a "local" DNS name. Note that this _only_ works
> > > # for targets which are names from DHCP or /etc/hosts. Give host
> > > # "bert" another name, bertrand
> > > #cname=bertand,bert
> 
> > Your config will work, because it is NOT from the same domain. The short
> > name "bertand" in your config is considered a top domain by itself, so you
> > can dig bertand. (ending dot), but you can't dig bertand.your.dhcp.domain.

Because  with only 'cname=bertand,bert' is dnsmasq
not aware of '.your.dhcp.domain'.
 

> > You will see the issue if you add the same domain in the cname config, eg:
> > cname=bertand.your.dhcp.domain,bert
> 
> 1. it's the default config from debian - I have not changed it.
>(and it's commented out)
> 
> 2. it was already explained that the problem lies elsewhere, my e-mail was
> even reply to that explanation.
> 
> It looks like the CNAME doesn't work for dhcp-assigned names although it
> should according to the config snippet above.
> 
> however, one should first verify this.
> 
> 
> I avoid problems of this type by defining:
> - hostnames and IP addresses in /etc/hosts
> - hostnames and MAC addresses in /etc/ethers
> 
> so the hostnames exist all the time.

Yes providing (configuring)  hostnames plus IP-address
makes it possible to answer to  A queries.


Groeten
Geert Stappers
Still curious about the challenge that original poster is facing.
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNS Upstream routing

[Geert Stappers via Dnsmasq-discuss]

On Mon, Mar 07, 2022 at 03:26:11PM +, Ian Bonham wrote:
> Hi Everyone,
> 
> I can't thank you enough for the work on DNSMASQ, it's an utterly brilliant
> piece of software. I'm amazed at the flexibility it gives me in securing my
> home network, thank you all who put in so much effort.
> 
> Gushing aside, I'm stuck on one config I can't figure out though, so I
> wonder if anyone could advise please? My server is routing everything
> perfectly, and DNSMASQ is sitting there diligently dealing with DHCP and
> DNS, and I have DNSSEC enabled for upstream requests (off to 1.1.1.1 or
> 1.0.0.1). However I'd quite like to route the upstream DNS requests over a
> Wireguard VPN, which is on another interface.
> 
> Is there a way to tell DNSMASQ to do it's upstream DNS requests over an
> alternative interface, rather than the standard (unencrypted) interface?
> Once the data are cached in DNSMASQ internally it's fine, that's on my
> internal network and the clients query it. It's the upstream requests I'm
> interested in routing privately over my VPN.
> 
> Any advice?

Share the output of `ip route show`
with this mailinglist and it's archive.


> Many thanks,

?
 

> Bon


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Problem with no-resolv and no IP

[Geert Stappers via Dnsmasq-discuss]

On Sun, Mar 06, 2022 at 07:22:19AM +0200, Alkis Georgopoulos wrote:
> On 3/6/22 05:35, Donald Muller wrote:
> > Alkis Georgopoulos
> > Sent Saturday, March 5, 2022 4:46 PM
> > > 
> > > Hi, on Ubuntu 22.04 and dnsmasq 2.86-1.1:
> > > 
> > > 1) Use the following dnsmasq.conf:
> > >  no-resolv
> > >  server=8.8.8.8
> > > 2) Ifdown the network so that there's no local IP
> > > 3) (Re)start dnsmasq
> > > 4) Ifup the network, let's say local IP=10.0.0.1 now
> > > 
> > > At that point:
> > > 5) `host google.com 10.0.0.1` fails with connection timed out,
> > > 6) `host google.com 127.0.0.1` works.
> > > 
> > > In other words, when dnsmasq is started when there's no local IP, AND
> > > no-resolv is set, then dnsmasq doesn't reply to the local IPs that are
> > > assigned later on.
> > > 
> > 
> > I think you need to enable
> > 
> > --bind-dynamic
> >Enable a network mode which is a hybrid between --bind-interfaces
> >and the default. Dnsmasq binds the address of individual
> >interfaces, allowing multiple dnsmasq instances, but if new
> >interfaces or addresses appear, it automatically listens
> >on those (subject to any access-control configuration). This
> >makes dynamically created interfaces work in the same way as the
> >default. Implementing this option requires non-standard networking
> >APIs and it is only available under Linux. On other platforms it
> >falls-back to --bind-interfaces mode.
> 
> aren't bind-dynamic and bind-interfaces for people that have multiple
> services in the 53 port?
> I have a single dnsmasq running, and it's listening on 0.0.0.0:53, i.e. on
> "all interfaces", shouldn't it be answering?

Please recognize that the text after  --bind-dynamic  is also
in the dnsmasq manual page.
 
> I think it's a wrong initialization bug somewhere in the code that decides
> when dnsmasq should answer. Configuration workarounds do exist, but I feel
> that it's a bug that should be resolved by updating the dnsmasq codebase.

No.


Long:
Regarding this "problem" is it not important what you feel.

And if you think:
* think about what is going on
* think what you should do


What is going on:
* dnsmasq is stacked upon network
* the network layer is removed, things break
* network is restored, not under the still running dnsmasq

What should be done:
* Keep trying to be a good human
* Keep trying to be a good libre software community member
* Understand that dnsmasq has "bind dynamic"
* Activate  bind-dynamic in your configuration
* Report back
* Make it possible to read this discussion in the discussion order,
  reply below previous text


 
> > > Please Cc me as I'm not subscribed to the list.
> > > 
> > > Thank you,
> > > Alkis Georgopoulos

It is because I respect an "alkisg" that I known from iPXE project, that
I do a "reply to all".  (No, I don't known if Alkis Georgopoulos and
"alkisg" are the same person)

Otherwise I would have ignore that request and done a "reply to list",
thinking: "So you want something from a community, but you don't want
to join that community".


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq consuming more memory

[Geert Stappers via Dnsmasq-discuss]

On Fri, Mar 11, 2022 at 03:50:46PM +0530, shashikumar Shashi wrote:
> Hi Simon Kelley,

Hello readers,
(either MailingList archive readers or ML subscribers)
 

> dnsmasq is running continuously for around five months, we had around 150
> clients. After 5 months dnsmasq got killed by the kernel, due to cgroup
> memory limit.
> It utilizes around 2GB of memory.
> Are there any known issues, we are using 2.80 dnsmasq version?
 
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=CHANGELOG;hb=HEAD


> kernel: [ pid ]   uid  tgid total_vm   rss nr_ptes nr_pmds swapents 
> oom_score_adj name
> kernel: [16698] 0 16698 6350  3088  15   30   
>   0 dnsmasq
> kernel: [16717] 0 16717 6350  1219  10   30   
>   0 dnsmasq
> kernel: [16751] 0 16751 1326   947   5   30   
>   0 python
> kernel: Memory cgroup out of memory: Kill process 16698 (dnsmasq) score 5 or 
> sacrifice child
> kernel: Killed process 16717 (dnsmasq) total-vm:25400kB, anon-rss:4876kB, 
> file-rss:0kB, shmem-rss
> kernel: oom_reaper: reaped process 16717 (dnsmasq), now anon-rss:0kB, 
> file-rss:0kB, shmem-rss:0kB
> systemd[1]: dnsmasq_vrf@swns.service: Unit entered failed state.
> systemd[1]: dnsmasq_vrf@swns.service: Failed with result 'signal'.
> 
> 
> Thanks,

You are welcome.


> Shashi


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Query on Privacy warning when connecting Ipad over wifi network

[Geert Stappers via Dnsmasq-discuss]

On Mon, Feb 28, 2022 at 02:21:13PM +0530, Gokulnathan MR wrote:
> Hi Team,
> 
> Whenever connecting the Ipad with my router over wireless network, there is
> a privacy warning showing that "This network is blocking encrypted DNS
> traffic".
> 
> [image: image.png]

Text from that image

   This network is blocking encrypted DNS traffic.

   The names of websites and other servers your
   device accesses on this network may be
   monitored and recorded by other devices on
   this network.
 

> Can anyone please let me know why this is happening? How to fix this?
> I could see many reports about this, but couldn't get the actual reason
> behind this and the solution.

Consider it a culture thing
and know how hard it is to explain (and change) culture.

 
> Regards
> Gokul


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Does dnsmasq support cname within same domain?

[Geert Stappers via Dnsmasq-discuss]

On Tue, Mar 01, 2022 at 09:21:58AM -0800, Frank Liu wrote:
> On Tue, Mar 1, 2022 at 3:37 AM Geert Stappers via Dnsmasq-discuss wrote:
> > On Tue, Mar 01, 2022 at 01:01:51AM -0800, Frank Liu wrote:
> > > Hi,
> > >
> > > I am running dnsmasq for dhcp/dns of a local test domain: 
> > > test.example.com.
> > > Everything works fine. When a dhcp client (eg: client1) comes up, it gets
> > > the IP from dnsmasq, and I can dig/nslookup client1.test.example.com to 
> > > get
> > > its IP.
> > >
> > > When I add a cname in the same domain, eg:
> > > cname=alias.test.example.com,client1.test.example.com
> > >
> > > dig/nslookup of alias.test.example.com only returns name
> > > client1.test.example.com, not the actual IP of client1.test.example.com
> > >
> > > It's interesting that if I add the cname for a different domain, eg:
> > > cname=alias.dummy.example.com,client1.test.example.com
> > >
> > > dig/nslookup of alias.dummy.example.com will return both name
> > > client1.test.example.com and its IP.
> > >
> > > I tried a few different versions but that doesn't make a difference.
> >
> > Please name those different versions.
> >
> 
> 2.76 (Debian 9),   2.85 (Debian 11).


Ah, I'm now beyond the ambiguty of different version of dig/nslookup.



> > > Is this a known issue/limitation?
> >
> > What is the actual question?
> >
> 
> Sorry, the question is in the email Subject. I guess it isn't clear, so I
> am pasting here:
> Does dnsmasq support cname within same domain?
 
:-)

I think it is more a dns-client problem as a dnsmasq problem.
As in: I don't yet understand the "problem".


> Thanks!

To early  ;-)


Come back with the output of 

  dig client1.test.example.com
and
  dig alias.dummy.example.com

Plus the extended dns logging of dnsmasq for those two dns client
requests.


> Frank

Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Does dnsmasq support cname within same domain?

[Geert Stappers via Dnsmasq-discuss]

On Tue, Mar 01, 2022 at 01:01:51AM -0800, Frank Liu wrote:
> Hi,
> 
> I am running dnsmasq for dhcp/dns of a local test domain: test.example.com.
> Everything works fine. When a dhcp client (eg: client1) comes up, it gets
> the IP from dnsmasq, and I can dig/nslookup client1.test.example.com to get
> its IP.
> 
> When I add a cname in the same domain, eg:
> cname=alias.test.example.com,client1.test.example.com
> 
> dig/nslookup of alias.test.example.com only returns name
> client1.test.example.com, not the actual IP of client1.test.example.com
> 
> It's interesting that if I add the cname for a different domain, eg:
> cname=alias.dummy.example.com,client1.test.example.com
> 
> dig/nslookup of alias.dummy.example.com will return both name
> client1.test.example.com and its IP.
> 
> I tried a few different versions but that doesn't make a difference.

Please name those different versions.

 
> Is this a known issue/limitation?

What is the actual question?
Please, pretty please, consult 
http://www.catb.org/~esr/faqs/smart-questions.html
before my "what is the problem"question.


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq stable bug report

[Geert Stappers via Dnsmasq-discuss]

On Sun, Mar 27, 2022 at 07:16:51PM -0700, dnsm...@riseup.net wrote:
> WITHOUT 'query-port=13371' in dnsmasq conf file:
> - dnsmasq make a UDP connection with user dnsmasq
> - dnsmasq make a TCP connection with user dnsmasq
> 
> WITH 'query-port=13371' in dnsmasq conf file:
> - dnsmasq make a UDP connection (from port 13371) "without user dnsmasq" (BUG)
> - dnsmasq make a TCP connection with user dnsmasq
> 
> Expected Result:
> - Requests made with "query-port" should be done with user dnsmasq
> 
> Actual Result:
> - Requests made with "query-port" does not have proper user,
>   blocked by firewall.

(I didn't knew that firewall rules take user in account)
What are the firewall rules that are used?
(What is the firewall rule that is used?)
 

> dnsmasq(-base): stable 2.85-1

On which operating system is that?
How is dnsmasq started? ( command line options )
What does the start upon system boot?  ( "init system" )


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] editing resolv.conf blocks dnsmasq, but not right away

[Geert Stappers via Dnsmasq-discuss]

On Wed, Mar 30, 2022 at 10:57:38PM +, Edward McGuire wrote:
> Dnsmasq 2.86
> Slackware Linux 15.0
> 
> This dnsmasq server provides DNS and DHCP service to a local network
> of about 150 devices. My problem emerges when I uncomment the first
> line of /etc/resolv.conf:
> 
> #nameserver 127.0.0.1
> nameserver [ISP ip redacted]
> nameserver [ISP ip redacted]
> 
> For 10 or 20 minutes after the edit,
> dnsmasq continues to operate perfectly.

Most likely due cache content considered valid.


> Then all client queries begin to time out.

Dnsmasq cache content expired.


> If I comment out the line again, the problem immediately disappears.
> 
> The problem is reliably reproducible. if I uncomment the line again,
> dnsmasq again operates perfectly for some time, then all client queries
> begin to time out again.
> 
> In /etc/dnsmasq.conf I have option "no-resolv" set. So it mystifies
> me that dnsmasq behavior would be affected by changes to resolv.conf.
> 
> Not seeing any error messages logged. What I do see is the rate of all
> activities logged slows to a crawl. I get about two messages per minute
> where the normal rate is hundreds per minute. Here's an example with
> "log-dhcp" turned on:
> 
> Mar 30 17:33:40 slack dnsmasq-dhcp[946]: 940533162 next server: [ip redacted]
> Mar 30 17:34:05 slack dnsmasq-dhcp[946]: 940533162 sent size:  1 option: 53 
> message-type  5
> Mar 30 17:34:40 slack dnsmasq-dhcp[946]: 940533162 sent size:  4 option: 54 
> server-identifier  [ip redacted]
> Mar 30 17:35:16 slack dnsmasq-dhcp[946]: 940533162 sent size:  4 option: 28 
> broadcast  [ip redacted]
> Mar 30 17:35:52 slack dnsmasq-dhcp[946]: 940533162 sent size:  4 option:  3 
> router  [ip redacted]
> Mar 30 17:36:22 slack dnsmasq-dhcp[946]: 940533162 sent size:  4 option:  1 
> netmask  [ip redacted]
> Mar 30 17:36:52 slack dnsmasq-dhcp[946]: 940533162 sent size: 12 option:  6 
> dns-server  [local ip redacted], [ISP ip redacted], [ISP ip redacted]
> 
> These log entries show a single DHCP response taking the daemon several
> MINUTES to complete! So something is blocking dnsmasq pretty badly.

s/something is blocking dnsmasq/something is blocking name resolving/

 
> This is my first attempt at a dnsmasq installation. So my fear is
> I've made a clueless error and just don't know enough to recognize
> it. Any ideas?

dig @[ISP ip redacted]  dnsmasq.org

 
> Cheers
> Edward


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Extend server to accept hostnames for upstream resolver

[Geert Stappers via Dnsmasq-discuss]

On Sat, Apr 02, 2022 at 09:40:15PM +0200, Dominik Derigs wrote:
> Dear Simon,

Dear Mailinglist audience,
(both the direct readers and the archive vistors)
 
> In docker swarm and compose configurations, other containers are
> only reachable via hostnames. It is not always possible to assign
> IP addresses beforehand. Hence, the upstream server IP is not
> known at dnsmasq start when the upstream is part of the deployed
> configuration, e.g., a local cloudflared or unbound container.
>   ...
> I know my proposal does sound somewhat strange (resolving a DNS
> server name)

I appriciate there is a patch.  ( Lets move beyond "strange" )


   ...
> --- a/src/option.c
> +++ b/src/option.c
> @@ -19,6 +19,10 @@
>  #include "dnsmasq.h"
>  #include 
>  
> +#ifdef HAVE_RESOLVESERVER
> +#include 
> +#endif
> +
>  static volatile int mem_recover = 0;
>  static jmp_buf mem_jmp;
>  static int one_file(char *file, int hard_opt);
> @@ -846,6 +850,11 @@ char *parse_server(char *arg, union mysockaddr *addr, 
> union mysockaddr *source_a
>char *interface_opt = NULL;
>int scope_index = 0;
>char *scope_id;
> +  int addr_type = 0;
> +#ifdef HAVE_RESOLVESERVER
> +  int ecode = 0;
> +  struct addrinfo *hostinfo, hints = { 0 };
> +#endif
>  

As long time direct reader of the mailinglist,
can I tell that the ML archive has entries
where dnsmasq projectleader Simon Kelley
says he is NOT happy with more '#ifdef's.


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Allow wildcard matching for TLD given a fixed 2nd level domain

[Geert Stappers via Dnsmasq-discuss]

On Fri, Feb 04, 2022 at 11:35:38AM +0200, Ercolino de Spiacico wrote:
> I have been trying to do a TLD wildcard matching but it appears this is not
> a supported syntax:
> 
> address=/baddomain.#/#
> 
> I would have expected to have the following blocked:
> baddomain.com
> baddomain.net
> baddomain.org
> baddomain.info
> etc
> 
> Is there an alternative syntax I could use to match all the TLD?

Try
  address=/baddomain.*/#

 
> If not could this be considered for the next release?
> 
> Thanks
> 
> _______
> Dnsmasq-discuss mailing list


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Questions about /etc/hosts

[Geert Stappers via Dnsmasq-discuss]

On Fri, Feb 11, 2022 at 12:24:27AM +0100, Petr Menšík wrote:
> On 2/10/22 20:24, Chris Green wrote:
> > When running dnsmasq it (by default) uses /etc/hosts to provide some
> > system's addresses.
> >
> > Some of my systems have their names in the /etc/hosts file against
> > a loopback address so host t470 has:-
> >
> > 127.0.0.1   localhost
> > 127.0.1.1   t470.zbmc.eu t470
> >
> >
> > While others only have their names against their (static) IP address
> > so host backup has:-
> >
> > 192.168.1.1 2860n   # Draytek router, internet
> > 192.168.1.2 dns.zbmc.eu dns # this Pi running dnsmasq
> > 192.168.1.3 esprimo zbmc.eu # my desktop system
> > 192.168.1.4 backup.zbmc.eu backup   # backup Raspberry Pi, also 
> > DNS/DHCP backup
> >
> >
> > Is that 127.0.1.1 loopback address just so that there is an IP for a
> > system to refer to itself (particularly in the case where it has DHCP
> > assigned IP so there isn't a fixed address for itself)?
> >
> >
> > Where a system has a static/fixed IP is it OK to have only the
> > 'localhost' loopback address and the 'real' static IP for 'self'?
> > E.g. can one have:-
> >
> > 127.0.0.1   localhost
> >
> > 192.168.1.1 2860n   # Draytek router, internet
> > 192.168.1.2 dns.zbmc.eu dns # this Pi running dnsmasq
> > 192.168.1.3 esprimo zbmc.eu # my desktop system
} } 192.168.1.3 esprimo.zbmc.eu # my desktop system
> > 192.168.1.4 backup.zbmc.eu backup   # backup Raspberry Pi, also 
> > DNS/DHCP backup
> >
> > As the /etc/hosts file on all of those systems (which have static IP)?
> >
> I think we would need to know, which distribution and version you are
> running.

And which computer of them is running dnsmasq as Domain Name Server
for the other computers.

> /etc/hosts is not directly controlled by dnsmasq.

dnsmasq, as DNServer,  uses /etc/hosts as source
for hostname-IPaddress-mapping. Consider it as source of a single thruth.

Back to
> > As the /etc/hosts file on all of those systems (which have static IP)?

That is fairly ignorant.  The whole idea of DNS is eliminating the
maintainance of /etc/hosts files.  And having hostname-IPaddress-mapping
in several places (/etc/hosts and DNS) creates several thruths, which
should be avoided.

 
> Depends on how t470 and t470.zbmc.eu names are used any by what
> services. I would recommend --local=/zbmc.eu/ or better auth-zone=zbmc.eu.

 
> I doubt host 127.0.1.1 were added automatically. Unless you don't know
> what does use it, I would recommend to comment it out and reboot.

???   (pronounance as "WTF")


> Unless you see any visible failures or delays during boot,
> it is safe to be removed :)

That :)  should be pronounanced as "it remains your decission"



Desktop esprimo has hostname esprimo.
Most likely is esprimo a DHCP client.
Esprimo could be (re)booted when there is no DNS and no DHCP server.

Upon boot will ask some services what is the address of esprimo.
Waiting for the absent DNS implies waiting for time-outs.
Having
  127.0.1.1 esprimo
in /etc/hosts will provide an answer to "What is the address of esprimo?"



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] CNAMEs

[Geert Stappers via Dnsmasq-discuss]

On Sun, Feb 06, 2022 at 04:02:40PM +, Ken Gillett wrote:
> On 4 Feb 2022, at 20:46, Ken Gillett wrote:
> > 
> > I have several CNAMEs set up in DNSmasq on my Mac server that I
> > thought were working. If I use the 'host' command to check a CNAME
> > e.g :-
> > 
> > host thecname
> > 
> > it returns:-
> > 
> > thecname is an alias for thetarget.
> > thetarget has address xx.xx.xx.xxx 
> > 
> > So looks good, but…
> > 
> > I now realise that all is not well. If I instead:-
> > 
> > ping thecname
> > 
> > it returns:-
> > 
> > ping: cannot resolve thecname: Unknown host
> > 
> > Which is apparent nonsense as it has just resolved that exact CNAME.
> > The problem appears to be that the client Mac performing the query
> > adds the domain name, so DNSmasq needs to resolve thecname.thedomain
> > (which is not cofigured), as if I use:-
> > 
> > ping thecname.
> > 
> > It works.
> > 
> > Previously I used MacOS Server's DNS (BIND) and a CNAME is listed as:-
> > 
> > thecname IN  CNAME thetarget.thedomain.
> > 
> > Which works perfectly. However, if I try something similar in DNSmasq, it 
> > simply fails.
> > 
> > If instead I create the DNSmasq cname as:-
> > 
> > cname=thecname.thedomain,thetarget
> > 
> >  That seems to work. But
> > 
> > Apart from being the inverse of how BIND configures CNAMEs, how can
> > I configure DNSmasq CNAMEs to work without having to add thedomain
> > to every cname in every CNAME record in DNSmasq? I don't like to
> > hard code things like that as it could change. Is there any way to
> > make DNSmasq deal with this appropriately?
> > 

Quote from https://dnsmasq.org/docs/dnsmasq-man.html

 --cname=,[,][,]
 Return a CNAME record which indicates that  is really
 . There is a significant limitation on the target; it must
 be a DNS record which is known to dnsmasq and NOT a DNS record
 which comes from an upstream server. The cname must be unique,
 but it is permissible to have more than one cname pointing to the
 same target. Indeed it's possible to declare multiple cnames to a
 target in a single line, like so: --cname=cname1,cname2,target

 If the time-to-live is given, it overrides the default, which is
 zero or the value of --local-ttl. The value is a positive integer
 and gives the time-to-live in seconds.

> 
> Any help with the CNAME problem?
> 

Answering that as

} Could I please get some help with what I call  "the CNAME problem"?

In manual pages are square brackets used to indicate what is optional.
Optional meaning "can left out" so
 --cname=,[,][,]
becomes
 --cname=,
and that matches
} } cname=thecname.thedomain,thetarget.thedomain

Back to the "the CNAME problem".
Please elaborate it.  ( Because I don't get the "problem". )


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Feature request = block-conf

[Geert Stappers via Dnsmasq-discuss]

On Sat, Feb 05, 2022 at 11:32:44AM +, Simon Kelley wrote:
> On 04/02/2022 09:46, Ercolino de Spiacico wrote:
> > I have a feature request.
> > 
> > Since dnsmasq is extremely popular on embedded devices with limited
> > resources (e.g. router) it would be a huge improvement to have a new
> > directive to block a list of domains.
> > 
> >   
> > 
> > Could we please have a new directive e.g. block-file
> > 
> > block-conf=/etc/dnsmasq.adblock
> > 
> > where only domains are needed in the mapped file?
> > 
> > baddomain.com
> > baddomain2.com
> > 
> > 
> > This would reduce drastically the demand on storage (so memory). Some of
> > the public adblock lists are huge hence having the adblock file
> > literally 1/2 of the original size would be amazing.
> > 
> Let's try thinking out of the box here. Given the motivation to save
> storage, I was wondering if there could be a way to use compression, gzip
> etc to save more space.
> 
> Building a decompressor into dnsmasq seems ugly, but then I came up with the
> option of --conf-script=/path/to/script.
> 
> Analogous to --conf-file, except that the standard output of the script is
> used as the configuration.
> 
> 
> So you could just have a script which consisted of
> 
> #!/bin/sh
> set -e
> 
> gunzip block-domains.gz | sed -e "s:^:address=/:" -e "s:$:/#:"
> 
> 
> The sed stuff might not be necessary: a decent compression algo should hide
> the repeated information pretty successfully itself.
> 
> 
> That solves you problem, and is more generally useful: It's also pretty
> trivial to implement.
> 
> Opinions, all?
> 

Another effect of `--conf-script` is that the script could be

```
#!/bin/sh
set -e
curl http://server.lan:4242/config/magic
```



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Make HighLoad constant value configurable from config.h

[Geert Stappers via Dnsmasq-discuss]

On Fri, Apr 08, 2022 at 04:34:11PM +0300, Серж ИвановЪ wrote:
> I am talking about this part of code in src/dhcp.c
> ```
> struct ping_result *do_icmp_ping(time_t now, struct in_addr addr, unsigned
> int h
> {
> static struct ping_result dummy;
> struct ping_result *r, *victim = NULL;
> int count, max = (int)(0.6 * (((float)PING_CACHE_TIME)/
>((float)PING_WAIT)));
> ```
> 
> 0.6 should be configurable via compile-time constants, not hard-coded

That should be expressed as a patch.


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Make HighLoad constant value configurable from config.h

[Geert Stappers via Dnsmasq-discuss]

On Fri, Apr 08, 2022 at 05:55:44PM +0300, Серж ИвановЪ wrote:
> пт, 8 апр. 2022 г. в 17:46, Geert Stappers :
> > On Fri, Apr 08, 2022 at 04:34:11PM +0300, Серж ИвановЪ wrote:
> > > I am talking about this part of code in src/dhcp.c
> > > ```
> > > struct ping_result *do_icmp_ping(time_t now, struct in_addr addr,
> > unsigned
> > > int h
> > > {
> > > static struct ping_result dummy;
> > > struct ping_result *r, *victim = NULL;
> > > int count, max = (int)(0.6 * (((float)PING_CACHE_TIME)/
> > >((float)PING_WAIT)));
> > > ```
> > >
> > > 0.6 should be configurable via compile-time constants, not hard-coded
> >
> > That should be expressed as a patch.
> >
> no problem, will do,

Okay,


> if it is acceptable to merge it,

just do it

that is the way to find out if an acceptable patch was submitted


> please confirm,

Here you go


> thanks

Yeah, right
 

Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNSSEC validation

[Geert Stappers via Dnsmasq-discuss]

On Wed, Apr 13, 2022 at 12:58:38AM +0100, Chris Staite via Dnsmasq-discuss 
wrote:
> Hi,

Hi,

 
> I’ve noticed that the 1.1.1.1/help was not working when running
> through dnsmasq.
 
Because I didn't understand "1.1.1.1/help not working",
did I visit http://1.1.1.1/help and got
redirected to https://1.1.1.1/help

Now there is an  URL  :-)


> It appears there’s a bug in the logic when a CNAME is returned from
> an unsigned zone.  I think there’s another bug in there in general
> that it returns BOGUS when a zone is SECURE also?
> 
> Anyway, please see my attached patch which remedies my problem and I
> believe implements DNSSEC as it was intended.
> 
> Thanks, Chris.
> 


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Whitelist again, git bisect

[Geert Stappers via Dnsmasq-discuss]

On Mon, Apr 11, 2022 at 12:45:38PM +0200, William Edwards wrote:
> Kovács József via Dnsmasq-discuss schreef op 2022-04-11 13:28:
> > 
> > I downgraded the dnsmasq from 2.86 to 2.80 and whitelist is working.
> > 
> > What could be the difference, if the configuration files are same?
> > 
   ...
> > 
> > Could somebody help me?
> 
> You could help yourself by binary searching for the commit that caused the
> change in behaviour ;)
 
Use `git bisect` for it.  Here a snippet from `man git bisect`

   Basic bisect commands: start, bad, good
   As an example, suppose you are trying to find the commit that
   broke a feature that was known to work in version v2.6.13-rc2 of
   your project. You start a bisect session as follows:

   $ git bisect start
   $ git bisect bad # Current version is bad
   $ git bisect good v2.6.13-rc2# v2.6.13-rc2 is known to be good

   Once you have specified at least one bad and one good commit, git
   bisect selects a commit in the middle of that range of history,
   checks it out, and outputs something similar to the following:

   Bisecting: 675 revisions left to test after this (roughly 10 steps)

   You should now compile the checked-out version and test it. If
   that version works correctly, type

   $ git bisect good

   If that version is broken, type

   $ git bisect bad



> > Thank you very much, in advance!

Yes, we are looking forward  you reporting back.



Groeten
Geert Stappers

P.S.
@József your system clock is some hours ahead, please adjust it.
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Whitelist magic

[Geert Stappers via Dnsmasq-discuss]

On Mon, Apr 11, 2022 at 01:28:39PM +0200, Kovács József via Dnsmasq-discuss 
wrote:
> Hello All,
> 
> I downgraded the dnsmasq from 2.86 to 2.80 and whitelist is working.
> 
> What could be the difference, if the configuration files are same?
> 
> These are is my configuration files:
> 
> kovacsj@laptop:~# cat /tmp/cmr/ap_dnsmasq_v1p1.5.conf
> no-hosts
> except-interface=lo
> bind-interfaces
> pid-file=/var/run/dnsmasq_v1p1.5.pid
> dhcp-leasefile=/var/run/dnsmasq_v1p1.5.leases
> log-facility=/var/log/lwuci/dnsmasq_v1p1.5.log
> interface=v1p1.5
> dhcp-range=192.168.5.11,192.168.5.91,255.255.255.0
> servers-file=/tmp/cmr/filtering.conf
> 
> kovacsj@laptop:~# cat /tmp/cmr/filtering.conf
> server=/robotszoft.hu/#
> server=/#/
> kovacsj@laptop:~#
> 
> The robotszoft.hu website is reachable, but the any others are not.
> 
> This is the desired result, but in the 2.86 version, it is not working.
> 
> Could somebody help me?
 
I tried to understand the "problem" and tried to understand
the "solution", but failed.

It is the
> server=/#/
that I don't understand.  Manual page says this about #

The special server address '#' means, "use the standard servers",
so  --server=/google.com/1.2.3.4  --server=/www.google.com/# will
send queries for google.com and its subdomains to 1.2.3.4, except
www.google.com  (and  its  subdomains) which will be forwarded as
usual.

> Thank you very much, in advance!
Please elaborate
> server=/#/


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Extend server to accept hostnames for upstream resolver

[Geert Stappers via Dnsmasq-discuss]

On Thu, Apr 07, 2022 at 12:24:15PM +0100, Simon Kelley wrote:
> This seems like a sensible idea, but it does need a clear warning in the
> documentation that it will only work if the dnsmasq instance being
> configured is not the one providing DNS to the local system.

And the idea did trigger further idea.

Manual page has
  -S, --local, 
--server=[/[]/[domain/]][[#]][@][@[#]]


( I think the mailing archive has a request for 
  -S, --local, 
--server=[/[]/[domain/]][#]][@][@[#]
so that  is mandatory. )

Making that
  -S, --local, 
--server=[/[]/[domain/]][#]][@][@[#]
where  can be an IP-address or servername.
When it is a servername is nameresolving started for servername.
Succesfull name resolving allow dnsmasq to do its task, failed name
resolving yields a fatal error.

The "name resolving"  is gethostbyname function or other function that
works for the (container) environment that started this request / idea.
I imagine that gethostbyname()  name resolving also reads /etc/hosts,
so more "environment" can benefit from this new feature.



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Extend server to accept hostnames for upstream resolver

[Geert Stappers via Dnsmasq-discuss]

On Thu, Apr 07, 2022 at 05:27:31PM +0200, Geert Stappers via Dnsmasq-discuss 
wrote:
> On Thu, Apr 07, 2022 at 12:24:15PM +0100, Simon Kelley wrote:
> > This seems like a sensible idea, but it does need a clear warning in the
> > documentation that it will only work if the dnsmasq instance being
> > configured is not the one providing DNS to the local system.
> 
> And the idea did trigger further idea.
> 
> Manual page has
>   -S, --local, 
> --server=[/[]/[domain/]][[#]][@][@[#]]
> 
> 
> ( I think the mailing archive has a request for 
>   -S, --local, 
> --server=[/[]/[domain/]][#]][@][@[#]
> so that  is mandatory. )

Found 
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q4/014440.html
then deciced to gonna make a fresh patch.

 
> Making that
>   -S, --local, 
> --server=[/[]/[domain/]][#]][@][@[#]
> where  can be an IP-address or servername.
> When it is a servername is nameresolving started for servername.
> Succesfull name resolving allow dnsmasq to do its task, failed name
> resolving yields a fatal error.
> 
> The "name resolving"  is gethostbyname function or other function that
> works for the (container) environment that started this request / idea.
> I imagine that gethostbyname()  name resolving also reads /etc/hosts,
> so more "environment" can benefit from this new feature.


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] DNSSEC Validation (super-simplified version)

[Geert Stappers via Dnsmasq-discuss]

On Fri, Apr 15, 2022 at 12:19:55AM +0100, Chris Staite via Dnsmasq-discuss 
wrote:
> Hi again again,
> 
> I realised it was even easier than that.  This time I am done and
> going to bed though, so no more spam from me (at least tonight anyway).

I when woke up, I did see three messages from same author about dnssec.
Only one message was openened (the other two got marked as read)
 
> This time I actually fixed an issue with my simplified version in so
> much as it was able to circumvent the unsigned check of the parent
> from the target of the CNAME if the CNAME came after the A record in
> the response, which was bad.  This stops that from happening, which
> is good.  It does require the CNAME to come before the A record, but
> I think that’s required in the standard anyway?  If it doesn’t,
> well then at least it’s better than it was before.
> 
> Once again, please see previous for reasoning behind the patch.

Please add the reason to the proposed patch.
 

> Thanks, Chris.
> 

Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Log upstream port for dnssec-retry

[Geert Stappers via Dnsmasq-discuss]

On Sun, Apr 10, 2022 at 10:46:58AM +0200, Dominik Derigs wrote:
> Dear Simon et al.,
> 
> The current version of dnsmasq logs the upstream port like
> 
> > Feb 21 22:02:18 dnsmasq[8991]: dnssec-query[DS] microsoft.net
> to 127.0.0.1#5053
> 
> when sending queries upstream. However, it is missing for dnssec-
> retry like
> 
> > Feb 21 22:02:18 dnsmasq[8991]: dnssec-retry[DS] microsoft.net
> to 127.0.0.1
> 
> This is added by this patch implementing it in the same way as
> used already when logging "dnssec-query" in the code.
> 
> Best,
> Dominik

> From 00b8789e4119a25da7f286ca1cefd5fe66383b30 Mon Sep 17 00:00:00 2001
> From: Dominik Derigs 
> Date: Sat, 2 Apr 2022 21:45:47 +0200
> Subject: [PATCH] Also log upstream port for dnssec-retry
> 
> Signed-off-by: DL6ER 

Regarding these three lines
| Subject: [PATCH] Also log upstream port for dnssec-retry
| 
| Signed-off-by: DL6ER 


There is only the commit summary,
there should be more text about the why.

> ---
>  src/forward.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/forward.c b/src/forward.c
> index c17541b..b522c1f 100644
> --- a/src/forward.c
> +++ b/src/forward.c
> @@ -527,8 +527,8 @@ static int forward_query(int udpfd, union mysockaddr 
> *udpaddr,
>   }
>  #ifdef HAVE_DNSSEC
> else
> - log_query_mysockaddr(F_NOEXTRA | F_DNSSEC, daemon->namebuff, 
> >addr,
> -  "dnssec-retry", (forward->flags & 
> FREC_DNSKEY_QUERY) ? T_DNSKEY : T_DS);
> + log_query_mysockaddr(F_NOEXTRA | F_DNSSEC | F_SERVER, 
> daemon->namebuff, >addr,
> +  (forward->flags & FREC_DNSKEY_QUERY) ? 
> "dnssec-retry[DNSKEY]" : "dnssec-retry[DS]", 0);

I see more changes as commit message says.


>  #endif
>  
> srv->queries++;
> -- 


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq 2.86 seems to stop reading from one of its dns sockets after a period of time under load

[Geert Stappers via Dnsmasq-discuss]

(wds1.1.1) entered blocking state
> [44075.727494] br-lan: port 5(wds1.1.1) entered disabled state
> [44075.740713] br-lan: port 5(wds1.1.1) entered blocking state
> [44075.746331] br-lan: port 5(wds1.1.1) entered listening state
> [44077.811280] br-lan: port 5(wds1.1.1) entered learning state
> [44079.859259] br-lan: port 5(wds1.1.1) entered forwarding state
> [44079.865029] br-lan: topology change detected, propagating
> [44082.572293] br-lan: port 5(wds1.1.1) received tcn bpdu
> [44082.577454] br-lan: topology change detected, propagating
> [44221.999541] br-lan: port 6(wds1.1.2) entered disabled state
> [44222.022059] br-lan: port 6(wds1.1.2) entered disabled state
> [44223.231419] br-lan: port 6(wds1.1.2) entered blocking state
> [44223.237146] br-lan: port 6(wds1.1.2) entered disabled state
> [44223.249414] br-lan: port 6(wds1.1.2) entered blocking state
> [44223.255030] br-lan: port 6(wds1.1.2) entered listening state
> [44225.265897] br-lan: port 6(wds1.1.2) entered learning state
> [44227.313875] br-lan: port 6(wds1.1.2) entered forwarding state
> [44227.319647] br-lan: topology change detected, propagating
> [44228.227914] br-lan: port 6(wds1.1.2) received tcn bpdu
> [44228.233077] br-lan: topology change detected, propagating
> [44228.625036] br-lan: received packet on wl0 with own address as source 
> address (addr:0c:cb:85:f7:e5:ab, vlan:0)
> [0.135997] br-lan: received packet on wl1 with own address as source 
> address (addr:0c:cb:85:f7:e5:aa, vlan:0)
> [56437.513600] br-lan: received packet on wl0 with own address as source 
> address (addr:0c:cb:85:f7:e5:ab, vlan:0)
> [56900.600612] br-lan: received packet on wl0 with own address as source 
> address (addr:0c:cb:85:f7:e5:ab, vlan:0)
> [57338.311331] br-lan: received packet on wl0 with own address as source 
> address (addr:0c:cb:85:f7:e5:ab, vlan:0)
> [57399.986991] br-lan: received packet on wl1 with own address as source 
> address (addr:0c:cb:85:f7:e5:aa, vlan:0)
> [57545.345542] br-lan: received packet on wl0 with own address as source 
> address (addr:0c:cb:85:f7:e5:ab, vlan:0)
> [58224.520851] br-lan: received packet on wl0 with own address as source 
> address (addr:0c:cb:85:f7:e5:ab, vlan:0)
> [61335.029068] br-lan: received packet on wl1 with own address as source 
> address (addr:0c:cb:85:f7:e5:aa, vlan:0)
> root:~# ping 192.168.1.1

ping --count 5 192.168.1.1  # to show interface still responds to ping.


> PING 192.168.1.1 (192.168.1.1): 56 data bytes
> 64 bytes from 192.168.1.1: seq=0 ttl=64 time=0.181 ms
> ^C
> --- 192.168.1.1 ping statistics ---
> 1 packets transmitted, 1 packets received, 0% packet loss
> round-trip min/avg/max = 0.181/0.181/0.181 ms



Advice for digging deeper:

   watch 'netstat -anu | grep 192.168.1.1:53'

   --log-queries=extra



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Permutation depends on order of entries in /etc/hosts

[Geert Stappers via Dnsmasq-discuss]

On Fri, Apr 22, 2022 at 11:54:01AM +, Christian König wrote:
> Hi all,
> 
> I think I came across a bug.

I'm thinking about http://www.catb.org/~esr/faqs/smart-questions.html#idm368


> Depending of the order of entries in /etc/hosts the permutation of
> answers for queries with more then one entry might not happen. According
> to [1], permutation is the desired behavior.

Acknowledge on
  permutation is the desired behavior.

(Use case: Round robin dns)


> Tested with dnsmasq 2.87test8.
> 
> Minimal example:
> 
> /etc/hosts with
> ```
> 10.0.2.1 gateway.lan
> 10.0.2.2 gateway.lan
> 10.0.2.1 son.lan
> ```
> 
> does permutate the answers to repeated queries by `dig gateway.lan`
> ___
> 
> However, if the order in /etc/hosts is
> ```
> 10.0.2.1 son.lan
> 10.0.2.1 gateway.lan
> 10.0.2.2 gateway.lan
> ```
> the answers are not permutated.


Please test with these four cases:
```
10.0.2.1 gateway.lan son.lan
10.0.2.2 gateway.lan
```

```
10.0.2.2 gateway.lan
10.0.2.1 gateway.lan son.lan
```

```
10.0.2.1 son.lan gateway.lan
10.0.2.2 gateway.lan
```

```
10.0.2.2 gateway.lan
10.0.2.1 son.lan gateway.lan
```

And get karma bonus points for reporting back.



Groeten
Geert Stappers

> [1] 
> https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q1/001774.html

That learnt me the use case for the desired behavior: Round robin dns with 
dnsmasq
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH] server option needs a server

[Geert Stappers via Dnsmasq-discuss]

When using option '--server', is an upstream server mandatory.
Expressing that by removing the [ ]  that suggests that  is optional.

At the spanish translation is only a [ removed.

Signed-off-by: Geert Stappers 
---
 man/dnsmasq.8| 2 +-
 man/es/dnsmasq.8 | 2 +-
 man/fr/dnsmasq.8 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index fea89fa..6030e65 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -443,7 +443,7 @@ Tells dnsmasq to never forward A or  queries for plain 
names, without dots
 or domain parts, to upstream nameservers. If the name is not known
 from /etc/hosts or DHCP then a "not found" answer is returned.
 .TP
-.B \-S, --local, 
--server=[/[]/[domain/]][[#]][@][@[#]]
+.B \-S, --local, 
--server=[/[]/[domain/]][#][@][@[#]]
 Specify IP address of upstream servers directly. Setting this flag does
 not suppress reading of /etc/resolv.conf, use \fB--no-resolv\fP to do that. If 
one or more
 optional domains are given, that server is used only for those domains
diff --git a/man/es/dnsmasq.8 b/man/es/dnsmasq.8
index 4a70a4f..0a12156 100644
--- a/man/es/dnsmasq.8
+++ b/man/es/dnsmasq.8
@@ -336,7 +336,7 @@ sin puntos o partes de dominios, a servidores upstream. Si 
el nombre
 no se conoce desde /etc/hosts o desde DHCP entonces una respuesta
 "no encontrado" es devuelta.
 .TP
-.B \-S, --local, --server=[/[]/[dominio/]][[#][@|[#]]
+.B \-S, --local, --server=[/[]/[dominio/]][#][@|[#]]
 Especificar la direcci�n IP de servidores upstream directamente. Fijar
 esta opci�n no suprime la lectura de /etc/resolv.conf, use -R para
 hacer eso. Si uno a m�s dominios opcionales son brindados, ese servidor
diff --git a/man/fr/dnsmasq.8 b/man/fr/dnsmasq.8
index dc2fdc0..3da75f6 100644
--- a/man/fr/dnsmasq.8
+++ b/man/fr/dnsmasq.8
@@ -421,7 +421,7 @@ des noms simples, c'est à dire ne comprenant ni points ni 
nom de domaine. Si un
 nom n'est pas dans /etc/hosts ou dans la liste des baux DHCP, alors une réponse
 de type "non trouvé" est renvoyée.
 .TP
-.B \-S, --local, --server=[/[]/[domaine/]][[#][@|[#]]]
+.B \-S, --local, --server=[/[]/[domaine/]][#][@|[#]]
 Spécifie directement l'adresse IP d'un serveur de nom amont. Cette option ne
 supprime pas la lecture du fichier /etc/resolv.conf : utiliser pour cela
 l'option
-- 
2.11.0


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Make HighLoad constant value configurable from config.h

[Geert Stappers via Dnsmasq-discuss]

On Sun, Apr 10, 2022 at 02:54:38PM +0300, Серж ИвановЪ wrote:
> пт, 8 апр. 2022 г. в 17:55, Серж ИвановЪ :
> > пт, 8 апр. 2022 г. в 17:46, Geert Stappers :
> >> On Fri, Apr 08, 2022 at 04:34:11PM +0300, Серж ИвановЪ wrote:
> >> > I am talking about this part of code in src/dhcp.c
> >> > ```
> >> > struct ping_result *do_icmp_ping(time_t now, struct in_addr addr, 
> >> > unsigned
> >> > int h
> >> > {
> >> > static struct ping_result dummy;
> >> > struct ping_result *r, *victim = NULL;
> >> > int count, max = (int)(0.6 * (((float)PING_CACHE_TIME)/
> >> >((float)PING_WAIT)));
> >> > ```
> >> >
> >> > 0.6 should be configurable via compile-time constants, not hard-coded
> >>
> >> That should be expressed as a patch.
> >>

> From d93e601e5d02221ae8a82770aa8771c8c0700beb Mon Sep 17 00:00:00 2001
> From: s3rj1k 
> Date: Sun, 10 Apr 2022 14:40:27 +0300
> Subject: [PATCH] Add PING_CHECKS_THRESHOLD compile-time variable
> 
> Signed-off-by: s3rj1k 
> ---
>  src/config.h | 1 +
>  src/dhcp.c   | 4 ++--
>  2 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/src/config.h b/src/config.h
> index cd37900..75c5d05 100644
> --- a/src/config.h
> +++ b/src/config.h
> @@ -35,6 +35,7 @@
>  #define MAXLEASES 1000 /* maximum number of DHCP leases */
>  #define PING_WAIT 3 /* wait for ping address-in-use test */
>  #define PING_CACHE_TIME 30 /* Ping test assumed to be valid this long. */
> +#define PING_CHECKS_THRESHOLD 60 /* threshold percent of possible ping 
> checks in the last PING_CACHE_TIME */
>  #define DECLINE_BACKOFF 600 /* disable DECLINEd static addresses for this 
> long */
>  #define DHCP_PACKET_MAX 16384 /* hard limit on DHCP packet size */
>  #define SMALLDNAME 50 /* most domain names are smaller than this */
> diff --git a/src/dhcp.c b/src/dhcp.c
> index 6104c87..3187e3f 100644
> --- a/src/dhcp.c
> +++ b/src/dhcp.c
> @@ -723,14 +723,14 @@ struct ping_result *do_icmp_ping(time_t now, struct 
> in_addr addr, unsigned int h
>  {
>static struct ping_result dummy;
>struct ping_result *r, *victim = NULL;
> -  int count, max = (int)(0.6 * (((float)PING_CACHE_TIME)/
> +  int count, max = (int)(((float)PING_CHECKS_THRESHOLD / 100) * 
> (((float)PING_CACHE_TIME)/
>   ((float)PING_WAIT)));
>  
>/* check if we failed to ping addr sometime in the last
>   PING_CACHE_TIME seconds. If so, assume the same situation still exists.
>   This avoids problems when a stupid client bangs
>   on us repeatedly. As a final check, if we did more
> - than 60% of the possible ping checks in the last 
> + than PING_CHECKS_THRESHOLD% of the possible ping checks in the last

FWIW:  I can't tell if that 60% is very same as the 0.6,
   but this patch does make that connection / relation.

>   PING_CACHE_TIME, we are in high-load mode, so don't do any more. */
>for (count = 0, r = daemon->ping_results; r; r = r->next)
>  if (difftime(now, r->time) >  (float)PING_CACHE_TIME)


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP server not assigning IP to RTMU86

[Geert Stappers via Dnsmasq-discuss]

On Sun, May 15, 2022 at 01:10:40AM +0200, Kamil via Dnsmasq-discuss wrote:
> On Sat, May 14, 2022 at 11:27:34AM +0200, Geert Stappers via Dnsmasq-discuss 
> wrote:
> > On Sat, May 14, 2022 at 02:53:51AM +0200, Kamil via Dnsmasq-discuss wrote:
  ... 
> > > 1. I plug one device - it works.
> > > 2. I unplug it and plug the RTMU86 - doesn't work.
> > > 3. I Unplug RTMU86 and plug any other device - it works.
> > >
  ... 
> > Be yourself, accept yourself. Full focus on the challenge that you are
> > facing.
> 
> Sure
> 

What proof is available of
the RTMU86 sending DHCP packages
when pluging the ethercable back in?


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Script dnsmasq's IP generation

[Geert Stappers via Dnsmasq-discuss]

Hello you,
(Cc to dnsmasq mailinglist)


On Fri, May 13, 2022 at 03:58:30PM +0200, Petr Menšík wrote:
> On 5/12/22 16:32, m...@foxt.dev wrote:
> > Hello,
> >    Is it possible to script dnsmasq's IP generation. I'm aware it's
> > possible to run a script when dnsmasq generates a lease, but as far as
> > I'm aware it's not possible to send data from the script back into
> > dnsmasq.
> >
> >    My ideal use case is the ability to use a different IP range for
> > different MAC address ranges (i.e. AA:BB:CC:00:00:00-AA:BB:CC:FF:FF:FF
> > use 192.168.2.1-255, where everything else uses 1.1-1.255)
> 
> I think you should be able to use dhcp-mac to assign tags, then use
> separate dhcp-range only for selected tags. If you are able to create
> patterns matching this way, no external script would be required.
> 
> dhcp-mac=set:special,AA:BB:CC:*:*:*
> 
> dhcp-range=tag:special,192.168.2.2,192.168.2.255
> dhcp-range=192.168.1.2,192.168.1.255
> 
> 
> >
> > Thanks in advance.

Please come with a sincere thanks
that expresses how usefull a response is.


In case you are busy with connecting the AA:BB:CC:*:*:* devices,
I recomment

  dhcp-range=tag:special,192.168.1.192,192.168.1.254
  dhcp-range=192.168.1.2,192.168.1.191

So all devices in 192.168.1.0/24  and the AA:BB:CCs at 192-254.

I'm trying to say that I miss the why for 192.168.1.0/24 and also a
192.168.2.0/24. That I expect that you are struggling with two networks.


In case the good advice Petr didn't solve your original problem,
try to describe your problem better (or just in other words).


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] static-y IP management

[Geert Stappers via Dnsmasq-discuss]

On Tue, May 17, 2022 at 03:26:44AM -0500, Carl Karsten wrote:
> On Tue, May 17, 2022 at 2:55 AM  wrote:
> >
> > On 5/16/22 5:46 PM, Carl Karsten wrote:
> > > I know of a few ways of doing this, but they all involve generating 10
> > > lines of .conf file.  I have no problem creating a little csv and
> > > writing about 10 lines of python to generate the file.   But anything
> > > that involves "generate" seems clunky. I am hoping dnsmasq has a
> > > provision for what I am doing.
> >
> > can't you create the .conf one time and leave it be for inclusion with the 
> > other
> > dnsmasq conf files? maybe i'm not understanding? is there some sort of 
> > dynamic
> > nature you've not mentioned?
> >
> 
> Yes I could, this is what I mean by generate the file.  I am trying to
> avoid that.
> If I have to swap out a machine, then I get a new mac, and I have to
> update the file.
> And this pattern comes up fairly often: I want a machine to have a
> defined IP, and I would like the dhcp server to be the source of truth
> defining what machines get what IPs.
> 
> I generally maintain a list of mac/IP/hostname, likely in a
> spreadsheet.

It is 2020 there are tools like Ansible.

I'm suggesting to maintain the mac/IP/hostname combos in YAML.


> or maybe a text file checked into version control.  If
> dnsmasq could read this file, it would save steps and less chance of
> my file and the server's file being out of sync.
> 
> I am creating a little cluster thing and documenting how to build it.
> If dnsmasq has a simple way of doing something, it will make my docs
> of the process easier.
 
https://en.wikipedia.org/wiki/Ansible_(software)


> Carl K

Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] pick up the patches

[Geert Stappers via Dnsmasq-discuss]

Hi,


Which patches got dropped (a.k.a. did not get a proper review)?

My list, by heart:

* a DNSEC patch by a new contributor
* another DNSEC related patch by same new contributor

Any other patches that shouldn't be ignored?

That question is the reason for this email:

  Raise again attention for a patch.


I known there is patch on man8/dnsmasq by myself.  I'll make an attempt
for a better version.  (A version that better explains a possible
improvement of dnsmasq.)


And there was a recent posting from Simon with "What do you think?"
IIRC is/was everbody thinking:  "yeah ..."


Also: Few days ago wkitty42 saying something like "reflection attack" 
I know wkitty42 is a smart guy, so I should read about "reflection
attack" so I can reply to that message to avoid "nobody cares"


Groeten
Geert Stappers
(now playing: "Pick up the pieces" by "Average White Band")
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Fix parsing of IPv6 addresses with peer from netlink

[Geert Stappers via Dnsmasq-discuss]

On Wed, May 18, 2022 at 02:48:09PM +0200, Beniamino Galvani wrote:
> --- a/src/netlink.c
> +++ b/src/netlink.c
> @@ -258,7 +258,9 @@ int iface_enumerate(int family, void *parm, int 
> (*callback)())
>   
>   while (RTA_OK(rta, len1))
> {
> - if (rta->rta_type == IFA_ADDRESS)
> + if (rta->rta_type == IFA_LOCAL)
> +   addrp = ((struct in6_addr *)(rta+1));
> + else if (rta->rta_type == IFA_ADDRESS && !addrp)
> addrp = ((struct in6_addr *)(rta+1)); 
>   else if (rta->rta_type == IFA_CACHEINFO)
> {

There new lines and one old line
> + if (rta->rta_type == IFA_LOCAL)
> +   addrp = ((struct in6_addr *)(rta+1));
> + else if (rta->rta_type == IFA_ADDRESS && !addrp)
> addrp = ((struct in6_addr *)(rta+1)); 
rewritten as I see them
+  if (conditionLOCAL)
+ addrp = value
+  else if (conditionADDRESS && !addrp)
  addrp = value


It is the "&& !addrp" that makes me feel uncomfortable.


Would
+  if (conditionLOCAL)
+ addrp = value
+  else if (conditionADDRESS)
  addrp = value

do?


Groeten
Geert Stappers

P.S.
@Beniamino   welcome to dnsmasq
do know that I'm more sysadmin then C-programmer
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH 1/2] server option needs a server

['Geert Stappers via Dnsmasq-discuss]

From: Geert Stappers 

When using option '--server', is an upstream server mandatory.
Expressing that by removing the [ ]  that suggests that  is optional.

At the spanish translation is only a [ removed.

Signed-off-by: Geert Stappers 
---
 man/dnsmasq.8| 2 +-
 man/es/dnsmasq.8 | 2 +-
 man/fr/dnsmasq.8 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index fea89fa..6030e65 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -443,7 +443,7 @@ Tells dnsmasq to never forward A or  queries for plain 
names, without dots
 or domain parts, to upstream nameservers. If the name is not known
 from /etc/hosts or DHCP then a "not found" answer is returned.
 .TP
-.B \-S, --local, 
--server=[/[]/[domain/]][[#]][@][@[#]]
+.B \-S, --local, 
--server=[/[]/[domain/]][#][@][@[#]]
 Specify IP address of upstream servers directly. Setting this flag does
 not suppress reading of /etc/resolv.conf, use \fB--no-resolv\fP to do that. If 
one or more
 optional domains are given, that server is used only for those domains
diff --git a/man/es/dnsmasq.8 b/man/es/dnsmasq.8
index 4a70a4f..0a12156 100644
--- a/man/es/dnsmasq.8
+++ b/man/es/dnsmasq.8
@@ -336,7 +336,7 @@ sin puntos o partes de dominios, a servidores upstream. Si 
el nombre
 no se conoce desde /etc/hosts o desde DHCP entonces una respuesta
 "no encontrado" es devuelta.
 .TP
-.B \-S, --local, --server=[/[]/[dominio/]][[#][@|[#]]
+.B \-S, --local, --server=[/[]/[dominio/]][#][@|[#]]
 Especificar la direcci�n IP de servidores upstream directamente. Fijar
 esta opci�n no suprime la lectura de /etc/resolv.conf, use -R para
 hacer eso. Si uno a m�s dominios opcionales son brindados, ese servidor
diff --git a/man/fr/dnsmasq.8 b/man/fr/dnsmasq.8
index dc2fdc0..3da75f6 100644
--- a/man/fr/dnsmasq.8
+++ b/man/fr/dnsmasq.8
@@ -421,7 +421,7 @@ des noms simples, c'est à dire ne comprenant ni points ni 
nom de domaine. Si un
 nom n'est pas dans /etc/hosts ou dans la liste des baux DHCP, alors une réponse
 de type "non trouvé" est renvoyée.
 .TP
-.B \-S, --local, --server=[/[]/[domaine/]][[#][@|[#]]]
+.B \-S, --local, --server=[/[]/[domaine/]][#][@|[#]]
 Spécifie directement l'adresse IP d'un serveur de nom amont. Cette option ne
 supprime pas la lecture du fichier /etc/resolv.conf : utiliser pour cela
 l'option
-- 
2.36.1


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH] --local was syntactically sugar on top of --server

['Geert Stappers via Dnsmasq-discuss]

From: Geert Stappers 

Manual page was unaware that --local became a separate option.

Now matches the --server and --local section with what
in option.c is:

$ grep -e '{ "server"' -e '{ "local"' src/option.c
{ "server", 1, 0, 'S' },
{ "local", 1, 0, LOPT_LOCAL },
$

---
 man/dnsmasq.8 | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 6030e65..890b360 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -443,7 +443,7 @@ Tells dnsmasq to never forward A or  queries for plain 
names, without dots
 or domain parts, to upstream nameservers. If the name is not known
 from /etc/hosts or DHCP then a "not found" answer is returned.
 .TP
-.B \-S, --local, 
--server=[/[]/[domain/]][#][@][@[#]]
+.B \-S, 
--server=[/[]/[domain/]][#][@][@[#]]
 Specify IP address of upstream servers directly. Setting this flag does
 not suppress reading of /etc/resolv.conf, use \fB--no-resolv\fP to do that. If 
one or more
 optional domains are given, that server is used only for those domains
@@ -492,10 +492,6 @@ flag which gives a domain but no IP address; this tells 
dnsmasq that
 a domain is local and it may answer queries from /etc/hosts or DHCP
 but should never forward queries on that domain to any upstream
 servers.
-.B --local
-is a synonym for
-.B --server
-to make configuration files clearer in this case.
 
 IPv6 addresses may include an %interface scope-id, eg
 fe80::202:a412:4512:7bbf%eth0.
@@ -513,6 +509,12 @@ source address specified but the port may be specified 
directly as
 part of the source address. Forcing queries to an interface is not
 implemented on all platforms supported by dnsmasq.
 .TP
+.B --local=[/[]/[domain/]]
+is like
+.B --server
+but the DNS requests are handled locally.
+So no need to provide [#][@][@[#]]
+.TP
 .B 
--rev-server=[/][,][#][@][@[#]]
 This is functionally the same as 
 .B --server, 
-- 
2.36.1


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH 2/2] --local was syntactically sugar on top of --server

['Geert Stappers via Dnsmasq-discuss]

From: Geert Stappers 

Manual page was unaware that --local became a separate option.

Now matches the --server and --local section with what
in option.c is:

$ grep -e '{ "server"' -e '{ "local"' src/option.c
{ "server", 1, 0, 'S' },
{ "local", 1, 0, LOPT_LOCAL },
$

---
 man/dnsmasq.8 | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 6030e65..6950a23 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -443,7 +443,7 @@ Tells dnsmasq to never forward A or  queries for plain 
names, without dots
 or domain parts, to upstream nameservers. If the name is not known
 from /etc/hosts or DHCP then a "not found" answer is returned.
 .TP
-.B \-S, --local, 
--server=[/[]/[domain/]][#][@][@[#]]
+.B \-S, 
--server=[/[]/[domain/]][#][@][@[#]]
 Specify IP address of upstream servers directly. Setting this flag does
 not suppress reading of /etc/resolv.conf, use \fB--no-resolv\fP to do that. If 
one or more
 optional domains are given, that server is used only for those domains
@@ -492,10 +492,6 @@ flag which gives a domain but no IP address; this tells 
dnsmasq that
 a domain is local and it may answer queries from /etc/hosts or DHCP
 but should never forward queries on that domain to any upstream
 servers.
-.B --local
-is a synonym for
-.B --server
-to make configuration files clearer in this case.
 
 IPv6 addresses may include an %interface scope-id, eg
 fe80::202:a412:4512:7bbf%eth0.
@@ -513,6 +509,12 @@ source address specified but the port may be specified 
directly as
 part of the source address. Forcing queries to an interface is not
 implemented on all platforms supported by dnsmasq.
 .TP
+.B --local=[/[]/[domain/]]
+is like
+.B --server
+but the DNS requests are handled locally.
+So need to provide [#][@][@[#]]
+.TP
 .B 
--rev-server=[/][,][#][@][@[#]]
 This is functionally the same as 
 .B --server, 
-- 
2.36.1


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNS only on LAN: what's not working?

[Geert Stappers via Dnsmasq-discuss]

.fritz.box", the other the desired ".lan".

 
>  System --
> Fedora 35, installed Nov.2021
> Linux 5.15.5-200.fc35.x86_64
> dnsmasq v 2.86
> 
> /etc/hosts:
> 127.0.0.1 localhost localhost.localdomain
> ::1 localhost localhost.localdomain
> 192.168.178.9   server.mydomain.lan
> 192.168.178.10  laptop.mydomain.lan
> 192.168.178.9   vhost1.lan
> 192.168.178.9   vhost2.lan
> 
> Router: Fritzbox 7490
> Local DNS Server: 192.168.178.9

What does that say?
If it says:
  "Fritz has been told to use 192.168.178.9 as upstream DNS"
say so.


> /etc/NetworkManager/NetworkManager.conf
> [main]
> dns=none
> 
> /etc/systemd/resolved.conf
> DNS=192.168.178.9
> DNSStubListener=no
> 
> /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
> nameserver 192.168.178.9
> nameserver 192.168.178.9
> nameserver 192.168.178.1
> search localhost
> 
> NM config for IPv4 wlp5s0 (wifi conn on server)
> Method: Manual
> Address: 192.168.178.9/24
> Gateway: 192.168.178.1 (router)
> DNS Servers: 192.168.178.9 (server)
> Search domains: localhost
> 
> /etc/dnsmasq.conf:
> domain-needed
> bogus-priv
> local=/lan/
> address=/lan/192.168.178.9
> address=/lan/127.0.0.1
> interface=wlp5s0 (wifi)
> listen-address=127.0.0.1
> no-dhcp-interface=wlp5s0
> bind-interfaces
> 


Missing configuration of a client.


And I think that path to a solution might be
disabling DHCP server on the Fritz box
and doing DHCP server with dnsmasq.



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP server not assigning IP to RTMU86

[Geert Stappers via Dnsmasq-discuss]

On Sat, May 14, 2022 at 02:53:51AM +0200, Kamil via Dnsmasq-discuss wrote:
> > On 11/05/2022 12:41, Kamil via Dnsmasq-discuss wrote:
> > > Hi!
> > > I've configured Dnsmasq with the following config:
> > >
> > > interface=eth0
> > > bind-interfaces
> > > dhcp-option=3,192.168.6.1
> > > dhcp-option=6,8.8.8.8
> > > set long-lasting records.
> > > dhcp-range=192.168.6.11,192.168.6.20,255.255.255.0,12h
> > >
> > >
> > > And most of the devices work just fine (here is the example syslog):
> > >
> > > May 10 16:25:11 myhost dnsmasq-dhcp[1862]: DHCP packet received on 
> > > eth0 which has no address
> > > May 10 16:25:12 myhost dhcpcd[740]: eth0: carrier acquired
> > > May 10 16:25:12 myhost kernel: [ 1598.601129] bcmgenet 
> > > fd58.ethernet eth0: Link is Up - 100Mbps/Full - flow control off
> > > May 10 16:25:12 myhost dhcpcd[740]: eth0: IAID 01:XX:XX:90
> > > May 10 16:25:12 myhost dhcpcd[740]: eth0: adding address 
> > > May 10 16:25:12 myhost dhcpcd[740]: eth0: probing address 
> > > 192.168.6.1/24 
> > > May 10 16:25:12 myhost avahi-daemon[384]: Joining mDNS multicast 
> > > group on interface eth0.IPv6 with address fe80::XX:XX:XX:d2c.
> > > May 10 16:25:12 myhost avahi-daemon[384]: New relevant interface 
> > > eth0.IPv6 for mDNS.
> > > May 10 16:25:12 myhost avahi-daemon[384]: Registering new address 
> > > record for fe80::XX:XX:XX:d2c on eth0.*.
> > > May 10 16:25:12 myhost dhcpcd[740]: eth0: soliciting an IPv6 router
> > > May 10 16:25:12 myhost dnsmasq-dhcp[1862]: DHCP packet received on 
> > > eth0 which has no address
> > > May 10 16:25:14 myhost dnsmasq-dhcp[1862]: DHCP packet received on 
> > > eth0 which has no address
> > > May 10 16:25:16 myhost dnsmasq-dhcp[1862]: DHCP packet received on 
> > > eth0 which has no address
> > > May 10 16:25:16 myhost dhcpcd[740]: eth0: using static address 
> > > 192.168.6.1/24 
> > > May 10 16:25:17 myhost avahi-daemon[384]: Joining mDNS multicast 
> > > group on interface eth0.IPv4 with address 192.168.6.1.
> > > May 10 16:25:17 myhost avahi-daemon[384]: New relevant interface 
> > > eth0.IPv4 for mDNS.
> > > May 10 16:25:17 myhost dhcpcd[740]: eth0: adding route to 
> > > 192.168.6.0/24 
> > > May 10 16:25:17 myhost avahi-daemon[384]: Registering new address 
> > > record for 192.168.6.1 on eth0.IPv4.
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 available DHCP 
> > > range: 192.168.6.11 -- 192.168.6.20
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 
> > > DHCPDISCOVER(eth0) 
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 tags: known, 
> > > eth0
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 DHCPOFFER(eth0) 
> > > 192.168.6.15 
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 requested 
> > > options: 1:netmask, 3:router, 28:broadcast, 6:dns-server
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 next server: 
> > > 192.168.6.1
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 sent size:  1 
> > > option: 53 message-type  2
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 sent size:  4 
> > > option: 54 server-identifier  192.168.6.1
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 sent size:  4 
> > > option: 51 lease-time  infinite
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 sent size:  4 
> > > option:  1 netmask  255.255.255.0
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 sent size:  4 
> > > option: 28 broadcast  192.168.6.255
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 sent size:  4 
> > > option:  3 router  192.168.6.1
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 sent size:  4 
> > > option:  6 dns-server  192.168.6.1
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 available DHCP 
> > > range: 192.168.6.11 -- 192.168.6.20
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 
> > > DHCPREQUEST(eth0) 192.168.6.15 
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 tags: known, 
> > > eth0
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 DHCPACK(eth0) 
> > > 192.168.6.15 
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 requested 
> > > options: 1:netmask, 3:router, 28:broadcast, 6:dns-server
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 next server: 
> > > 192.168.6.1
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 sent size:  1 
> > > option: 53 message-type  5
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 sent size:  4 
> > > option: 54 server-identifier  192.168.6.1
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 sent size:  4 
> > > option: 51 lease-time  infinite
> > > May 10 16:25:20 myhost dnsmasq-dhcp[1862]: 1567457464 

Re: [Dnsmasq-discuss] DHCP server not assigning IP to RTMU86

[Geert Stappers via Dnsmasq-discuss]

On Mon, May 23, 2022 at 08:37:41PM +0200, Kamil via Dnsmasq-discuss wrote:
> On 20/05/2022 19:19, Simon Kelley  wrote:
> >
> > I have a theory:
> >
> > In the logs, it takes between 7 and 9 seconds after carrier detect on
> > eth0 (I guess that's when you plug the RTMU86 in?) before eth0 is
> > allocated IP address 192.168.6.1. Until the address is allocated,
> > dnsmasq will ignore DHCP requests and log
> >
> > "DHCP packet received on eth0 which has no address"
> >
> > If the RTMU86 send a DHCP discover faster than 7 seconds and doesn't
> > retry in a reasonable time, that could explain the problem.
> >
> > ISC dhcpd may not need the local interface to be configured with an IP
> > address, which would explain the different behaviour.
> >
> >
> > The packet capture below shows just one DHCPDISCOVER being sent from
> >   0.0.0.0.bootpc > 255.255.255.255.bootps
> >
> > and it's before the  IP 192.168.6.1 > igmp.mcast.net which markswhen
> > eth0 gets an IP address.
> >
> > If you repeat the same test and leave the capture running for a few
> > minutes, do you see any more  0.0.0.0.bootpc > 255.255.255.255.bootps
> > packets, and if you do, do they get a reply?
> >
> > If I'm right, the solution may be to configure eth0 with a statis IP
> > address, so it doesn't have to wait for dhcpcd to go through a lengthy
> > process to give it an IP address every time the cable gets plugged in.
> >
> >
> Dear Simon,
> 
> 1) I've just sent my reply to Geert where I included my full logs with
> exact timestamps and my comments. Please have a look:
> https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg16249.html

For the record:
  I have seen that posting and choose to go silent about it.


> 2) Because I'm switching between two devices and the address for "Device X"
> is being assigned every time  - I think that it's not the case of "time".
> 3) Also I've left RTMU86 for a little bit longer and as you can see it
> retries several times.
> 4) eth0 has static IP configured for all this time. In /etc/dhcpcd.conf I 
> have:
> | interface eth0
> | static ip_address=192.168.6.1/24
> 
> Kind regards,
> Kamil


Groeten
Geert Stappers
-- 
Some things in life can never be fully appreciated nor understood
unless experienced firsthand. Some things in networking can never be
fully understood by someone who neither builds commercial networking
equipment nor runs an operational network.
-- https://datatracker.ietf.org/doc/html/rfc1925

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq 2.86 seems to stop reading from one of its dns sockets after a period of time under load

[Geert Stappers via Dnsmasq-discuss]

On Fri, May 13, 2022 at 08:15:42PM -0400, wkitt...@gmail.com wrote:
> On 5/13/22 3:48 PM, Simon Kelley wrote:
> > So queries are being received, and answered, but the reply is being
> > dropped by the kernel because the send queue is full of replies to dead
> > hosts? If the hosts are dead, where are the queries coming from to
> > generate these blocked replies?
> 
> reading the OP and the following responses, i almost wonder if there's some
> sort of "reflection attack" going on...
> 

Thanks for raising awareness of malicious factors.

After reading https://en.wikipedia.org/wiki/Reflection_attack I fail to
see why this particular kind attack could be in play.
Which authentication does dnsmasq with what?


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP server not assigning IP to RTMU86

[Geert Stappers via Dnsmasq-discuss]

On Tue, May 17, 2022 at 11:16:28AM +0200, Kamil via Dnsmasq-discuss wrote:
> On Mon, May 16, 2022 at 04:56:25PM +0100, Simon Kelley wrote:
> > On 15/05/2022 15:40, Kamil via Dnsmasq-discuss wrote:
> > > On Sun, May 15, 2022 at 07:21:47AM +0200, Geert Stappers via 
> > > Dnsmasq-discuss wrote:
> > > > What proof is available of
> > > > the RTMU86 sending DHCP packages
> > > > when pluging the ethercable back in?
 
> > > 16:17:31.125779 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, 
> > > Request from fa:XX:XX:XX:XX:1c (oui Unknown), length 300

> > > PS. I've read in FAQ about 255.255.255.255 broadcast and invalid
> > > firewall rules, but I don't have any firewall rules and I'm not changing
> > > network config files when switching to isc-dhcp-server (which I use as a
> > > benchmark)
> > >
> >
> > ISC dhcpd bypasses the firewall rules to receive that sort of broadcast
> > packet and dnsmasq doesn't, so the fact that it works with ISC and not
> > with dnsmasq is a strong hint that a firewall rule dropping destination
> > 255.255.255.255 and/or source 0.0.0.0 may well be the problem.
> >
> > What does the output of
> >
> >iptables -L
> >
> > look like?
> >
> # iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source   destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source   destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source   destination

Acknowledge on those firewall (empty) rules.


It is still an interesting problem. (Dnsmasq not doing it's DHCP server
task, on same hardware another DHCP server works for an unknown reason.)


I suggest that original poster, the main stakeholder of this challenge,
takes a deeper dive into it. Tooling for that is a network sniffer.
Sniff close to the RTMU86. Start with analyzing the working configuration.


Groeten
Geert Stappers

P.S.  @Kamil:  Your email client doesn't add
  On ,wrote:
line on top of your responses.

P.S.  @all: Please avoid obfuscation of what you send.
(Please do not mangle MAC addresses)
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dhcp leases file not consulted after restart?

[Geert Stappers via Dnsmasq-discuss]

On Thu, May 12, 2022 at 02:55:01PM -, Rance Hall via Dnsmasq-discuss wrote:
> I in the beginning of troubleshooting an issue with name resolution in dnsmasq
> on a freebsd server.
> I'm running dnsmasq 2.86 and I'm not able to resolve hostnames that are dhcp 
> clients.
> This is a new development and may possibly be related to
> a FreeBSD system upgrade from 13.0-RELEASE to 13.0-RELEASE-p11.
> Example, my desktop machine is a dhcp client and is active on the
> network, and can ping via hostname the firewall server that runs dnsmasq
> which is assigned a static IP and reads /etc/hosts for static names and
> /etc/resolv.conf.dnsmasq for upstream dns servers.However the firewall
> cannot ping the client by name, despite a record for that host in the
> dnsmasq.leases file.again, this is a new issue, and this used to work
> when the server was originally setup. 
> I can prove that the leases database file is being written to by the
> dnsmasq service as there are recent (read: from today) timestamps on
> the file itself.I'd appreciate any pointers as I'm running out of things
> to check and haven't found an obvious problem yet.Below is the startup
> log entry from a dnsmasq server restart.  Not sure if it helps, but I
> didnt want to ask without trying to prove that I tried to fix it myself.
> 
> 
> May 12 09:21:16 icm dnsmasq[17586]: started, version 2.86 cachesize 150
> May 12 09:21:16 icm dnsmasq[17586]: compile time options: IPv6 GNU-getopt 
> no-DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth 
> cryptohash DNSSEC loop-detect no-inotify dumpfile
> May 12 09:21:16 icm dnsmasq-dhcp[17586]: DHCP, IP range 192.168.19.75 -- 
> 192.168.19.125, lease time 12h
> May 12 09:21:16 icm dnsmasq-tftp[17586]: TFTP root is /usr/local/tftp secure 
> mode
> May 12 09:21:16 icm dnsmasq[17586]: using only locally-known addresses for 
> hallhome.private
> May 12 09:21:16 icm dnsmasq[17586]: reading /etc/resolv.conf.dhcp
> May 12 09:21:16 icm dnsmasq[17586]: using nameserver 71.10.216.1#53
> May 12 09:21:16 icm dnsmasq[17586]: using nameserver 71.10.216.2#53
> May 12 09:21:16 icm dnsmasq[17586]: using only locally-known addresses for 
> hallhome.private
> May 12 09:21:16 icm dnsmasq[17586]: read /etc/hosts - 8 addresses
> 
> 
> Thanks for any assistance/pointers you can provide.

Partial quote of 
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q2/016349.html

| Pattern seen on the mailing list is unawareness of
| network-server-client-model. Expressing such problems is indeed hard,
| but also the road to a solution. Know that you are the main stake holder
| of the problem that you are facing. The highest reward for
| finding a solution goes to you. Keep the eco system that you are
| consulting healthy by sharing also your success stories.
| 
| Avoid "DNS doesn't work",  make it "My DNS client gets odd replies
| from dnsmasq", "My DNS requests don't get forwarded" or another
| non-generic issue.
| 
| Use real DNS tools like `dig` or `host` instead of `ping`.


Invest in understanding 
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q2/016349.html

Visit 
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q2/016358.html
to get an idea how other people recieve what your email client is transmitting.
 
> Rance

No hard feelings


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH] free() after use

[Geert Stappers via Dnsmasq-discuss]

Because  GCC 12.1 did report:
  cache.c: In function ‘cache_make_stat’:
  cache.c:1683:30: warning: pointer used after ‘free’ [-Wuse-after-free]
   1683 | p = new + (p - buff);
|   ~~~^~~
  cache.c:1682:17: note: call to ‘free’ here
   1682 | free(buff);
| ^~
---
 src/cache.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cache.c b/src/cache.c
index a99d70d..e221afd 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1679,8 +1679,8 @@ int cache_make_stat(struct txt_record *t)
if (!(new = whine_malloc(newlen)))
  return 0;
memcpy(new, buff, bufflen);
-   free(buff);
p = new + (p - buff);
+   free(buff);
lenp = p - 1;
buff = new;
bufflen = newlen;
-- 
2.11.0


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] cache.c:1683:30: warning: pointer used after ‘free’

[Geert Stappers via Dnsmasq-discuss]

Hello,


With  GCC version 12.1  I do get:

cc -Wall -W -O2   -DVERSION='"2.87test8-16-g770bce9"' -c cache.c
cache.c: In function ‘cache_make_stat’:
cache.c:1683:30: warning: pointer used after ‘free’ [-Wuse-after-free]
 1683 | p = new + (p - buff);
  |   ~~~^~~
cache.c:1682:17: note: call to ‘free’ here
 1682 | free(buff);
  | ^~


Lines 1682 and 1683 in context:

$ awk '{ print NR, $0 }' src/cache.c | sed --silent -e '1675,1689p'
1675if (bytes_needed >= bytes_avail)
1676  {
1677/* expand buffer if necessary */
1678newlen = bytes_needed + 1 + bufflen - bytes_avail;
1679if (!(new = whine_malloc(newlen)))
1680  return 0;
1681memcpy(new, buff, bufflen);
1682free(buff);
1683p = new + (p - buff);
1684lenp = p - 1;
1685buff = new;
1686bufflen = newlen;
1687bytes_avail =  bufflen - (p - buff );
1688bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", 
daemon->addrbuff, port, queries, failed_queries);
1689  }



Patch is  work in progress.



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] free() after use

[Geert Stappers via Dnsmasq-discuss]

On Wed, Jun 22, 2022 at 11:05:57AM +0200, Geert Stappers via Dnsmasq-discuss 
wrote:
> Because  GCC 12.1 did report:
>   cache.c: In function ‘cache_make_stat’:
>   cache.c:1683:30: warning: pointer used after ‘free’ [-Wuse-after-free]
>1683 | p = new + (p - buff);
> |   ~~~^~~
>   cache.c:1682:17: note: call to ‘free’ here
>1682 | free(buff);
> | ^~
> ---
>  src/cache.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/cache.c b/src/cache.c
> index a99d70d..e221afd 100644
> --- a/src/cache.c
> +++ b/src/cache.c
> @@ -1679,8 +1679,8 @@ int cache_make_stat(struct txt_record *t)
>   if (!(new = whine_malloc(newlen)))
> return 0;
>   memcpy(new, buff, bufflen);
> - free(buff);
>   p = new + (p - buff);
> + free(buff);
>   lenp = p - 1;
>   buff = new;
>   bufflen = newlen;
> -- 
> 2.11.0
> 
That became 
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q2/016450.html
and this a reminder on it.


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Possible to reuse Cache over restats?

[Geert Stappers via Dnsmasq-discuss]

On Thu, Jun 30, 2022 at 12:32:20PM +, Tobias Hochgürtel wrote:
> From: Donald Muller, Date: Thursday, 30. June 2022 at 02:48
> > Geert Stappers, Sent: Wednesday, June 29, 2022 6:14:30 PM
> > > On Wed, Jun 29, 2022 at 08:25:18PM +, Dominik Derigs wrote:
> > > > On Wed, 2022-06-29 at 18:37 +, Tobias Hochgürtel wrote:
> > > > }  "state" is piled up
> > > > }  I do a hourly restart to loose state.
> > > > }  But I don't want to loose all the state!
> > > > > I also don't know how I can analyse that behavior.
> > > >
> > > > You could use some widely known and used tools like Wireshark where 
> > > > various
> > > > tutorial are available to see whether the issue is dnsmasq not 
> > > > responding
> > > > or the queries not making their way to dnsmasq or if something happens 
> > > > to
> > > > the queries sent upstream to the forward destionation, or whatever else 
> > > > may
> > > > be happening. We can surely give some assistance here, if you want.
> > > 
> > > Here already some assistance:
> > > 
> > > 
> > > * Tell us which version of dnsmasq is being used
> > > * Reread the manual page and in particular --log-queries option
> > 
> > Also, what you are running it on?
> 
> [root@router-fedora ~]# hostnamectl
> Static hostname: router-fedora
>Icon name: computer-desktop
>  Chassis: desktop 
>   Machine ID: c9c0e33265b848bfbce224fd8615fb30
>  Boot ID: 0824361c352745c0a35a75167a2f81a0
> Operating System: Fedora Linux 36 (Server Edition)
>  CPE OS Name: cpe:/o:fedoraproject:fedora:36
>   Kernel: Linux 5.18.6-200.fc36.x86_64
> Architecture: x86-64
>  Hardware Vendor: BIOSTAR Group
>   Hardware Model: N3150NH
> 
> [root@router-fedora ~]# dnsmasq --version
> Dnsmasq version 2.86  Copyright (c) 2000-2021 Simon Kelley
> Compile time options: IPv6 GNU-getopt DBus no-UBus no-i18n IDN2 DHCP
>   DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect
>   inotify dumpfile
 
Acknowledge on "I'm still stuck", but what about:

* Reread the manual page and in particular --log-queries option

???



Regards
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Possible to reuse Cache over restats?

[Geert Stappers via Dnsmasq-discuss]

On Wed, Jun 29, 2022 at 08:25:18PM +, Dominik Derigs wrote:
> On Wed, 2022-06-29 at 18:37 +, Tobias Hochgürtel wrote:
> > There isn't a feature to reuse the dns-cache?
> > or a plan to add this feature?
> > 
> 
> There is no such feature and there is also nothing planned at the moment

Oh, it was not a joke.


> However, restarting dnsmasq once per hour surely is the least optimal
> solution to circumvent what you are observing.

So true.

 
> On Wed, 2022-06-29 at 18:37 +, Tobias Hochgürtel wrote:
> > I also don't know how I can analyse that behavior.
> 
> You could use some widely known and used tools like Wireshark where various
> tutorial are available to see whether the issue is dnsmasq not responding
> or the queries not making their way to dnsmasq or if something happens to
> the queries sent upstream to the forward destionation, or whatever else may
> be happening. We can surely give some assistance here, if you want.

Here already some assistance:

* Tell us which version of dnsmasq is being used
* Reread the manual page and in particular --log-queries option


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP Proxy and UEFI HTTP boot

[Geert Stappers via Dnsmasq-discuss]

On Tue, Jun 07, 2022 at 11:35:26AM +0200, Michael via Dnsmasq-discuss wrote:
> Hi dnsmasq-discuss Groupmembers,
> 
> I tried to get working dnsmasq as DHCP Proxy for UEFI HTTP boot.
> 
> The following configuration, dnsmasq as DHCP Server, works (but we have
> another DHCP Server running):
> 
> dhcp-range=efi-http,192.168.1.200,192.168.1.220
> 
> dhcp-option=tag:efi-http,option:vendor-class,HTTPClient
> dhcp-option=tag:efi-http,option:bootfile-name,http://192.168.1.100/esxi/mboot.efi
> 
> But when i tried to setup dnsmasq as  DHCP Proxy it does not respond to any
> requests:
> 
> dhcp-range=efi-http,192.168.1.0,proxy,255.255.255.0
> 
> dhcp-option=tag:efi-http,option:vendor-class,HTTPClient
> dhcp-option=tag:efi-http,option:bootfile-name,http://192.168.1.100/esxi/mboot.efi
> 
> After further investigations I found out that dnsmasq does only responds
> (send packets) to DHCP Requests, when configured as DHCP Proxy, when the
> options  pxe-service and dhcp-boot are set (to some "default", useless
> values, and therefore UEFI HTTP Boot not work). But in my opinion these
> options are not necessary for booting UEFI HTTP Clients and makes no sense
> to set.
> 
> Anybody a hint for me whats wrong in my configuration?

It is incomplete.


> Or is the combination DHCP Proxy and UEFI HTTP boot not RFC like?
> 
> THx in advance

Yeah, the answer was send in advance.
Now wait for the next monthly posting.
 

> Michael



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP server not assigning IP to RTMU86

[Geert Stappers via Dnsmasq-discuss]

On Sat, Jun 04, 2022 at 06:54:18PM +0200, Nicolas Cavallari wrote:
> On 23/05/2022 20:34, Kamil via Dnsmasq-discuss wrote:
> > Dear Nicolas,
> > 
> > I've tried isc-dhcp-server without "authoritative" and it still work fine
> > 
> > 
> > If anything else fails, use tcpdump/wireshark.
> > 
> > 
> > 
> > I've used tcpdump. I've attached full log in this message:
> > https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg16249.html
> > please have a look.
> 
> There isn't enough information to debug things.  tcpdump only report a DHCP
> message of size 300 without reporting its content, which are important to
> see what's happening.
> 
> Ideally we would need a pcap file.  Censoring information in a pcap file is
> not easy but still possible with a hex editor.  Otherwise you can use
> "tshark -r capture.pcap -V" to output a text representation of the pcap,
> censor the output and give us the result.
> 
> Also, focus on the DHCP exchange with the RTMU86 that does not work.
> We already know how a successful DHCP exchange look like.

Kamil might not know how a successful DHCP exchange looks like.
Having a working example makes it much easier to debug a non-working one.

Thing I'm trying to say, is that it is an interesting problem.
I admit that I don't care about "RTMU86", but I'm really curious about
DHCP-clients that seem to work with some DHCP servers and likely not
with the dnsmasq DHCP server.

So I hope that more information about this case will be shared.


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP Proxy and UEFI HTTP boot

[Geert Stappers via Dnsmasq-discuss]

On Wed, Jun 08, 2022 at 12:22:50PM +0200, Michael via Dnsmasq-discuss wrote:
> Am 08.06.2022 10:31, schrieb Geert Stappers via Dnsmasq-discuss:
> > On Tue, Jun 07, 2022 at 11:35:26AM +0200, Michael via Dnsmasq-discuss wrote:
> > 
> > > Hi dnsmasq-discuss Groupmembers,
> > > 
> > > I tried to get working dnsmasq as DHCP Proxy for UEFI HTTP boot.
> > > 
 
> > > 
> > > Anybody a hint for me whats wrong in my configuration?
> > 
> > It is incomplete.
> > 
> > > Or is the combination DHCP Proxy and UEFI HTTP boot not RFC like?
> > > 
> > > THx in advance
> > 
> > Yeah, the answer was send in advance.
> > Now wait for the next monthly posting.
> > 
> 
> Thanks for your detailed answer.


You are welcome, now let's solve the interresting problem.
 
Please do share a completere configuration.  Show who is the main
stakeholder of dnsmasq as DHCP proxy for UEFI HTTP boot challenge.


It is OK to take time to read the monthly posting that was the posting
before the posting that started this thread. 
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q2/date.html


> Michael
 



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] ddns from dhcp hostname

[Geert Stappers via Dnsmasq-discuss]

On Wed, Jun 01, 2022 at 09:12:55AM +0200, john doe wrote:
> On 5/31/2022 10:35 PM, Carl Karsten wrote:
> > does dnsmasq do this sort of ddns:
> > 
> > dhcp client sends its hostname as part of its dhcp request
> > ddnsmasq assigns an IP and also adds the hostname:IP to its dns
> > 
> > I thought it did, but I can't find anything in the docs about it.
> > 
> 
> Yes. -- we need more info if you need help!
> 

So tell more, like
* What is the server?
* What is the client?
* How are those connected?
* What do you expect to happen?
* What is actually happening?


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP Proxy and UEFI HTTP boot

[Geert Stappers via Dnsmasq-discuss]

On Thu, Jun 09, 2022 at 07:13:37AM +0200, Michael via Dnsmasq-discuss wrote:
> Am 08.06.2022 22:16, schrieb Geert Stappers via Dnsmasq-discuss:
> > On Wed, Jun 08, 2022 at 12:22:50PM +0200, Michael via Dnsmasq-discuss wrote:
> > > Am 08.06.2022 10:31, schrieb Geert Stappers via Dnsmasq-discuss:
> > > > On Tue, Jun 07, 2022 at 11:35:26AM +0200, Michael via Dnsmasq-discuss 
> > > > wrote:
> > > > 
> > > > > Hi dnsmasq-discuss Groupmembers,
> > > > > 
> > > > > I tried to get working dnsmasq as DHCP Proxy for UEFI HTTP boot.
> > > >   
> > > > 
> > > > > Anybody a hint for me whats wrong in my configuration?
> > > > 
> > > > It is incomplete.
> > > > 
> > > 
> > > Thanks for your detailed answer.
> > > 
> > You are welcome, now let's solve the interresting problem.
> > 
> > Please do share a completere configuration.  Show who is the main
> > stakeholder of dnsmasq as DHCP proxy for UEFI HTTP boot challenge.
> > 
> 
> Hi Geert,

Hi dnsmasq-discuss Groupmembers,
 
> solved it yesterday. The trick was to "enable" the vendor by
> dhcp-pxe-vendor. So this is the working config:
> 
> # Disable DNS Server
> port=0
> 
> # Enable DHCP logging
> log-dhcp
> log-debug
> log-facility=/tmp/dns.log
> 
> # run as DHCP proxy
> dhcp-range=192.168.1.200,proxy
> dhcp-pxe-vendor=PXEClient,HTTPClient:Arch:00016
> dhcp-vendorclass=set:efihttp,HTTPClient:Arch:00016
> pxe-service=tag:efihttp,x86-64_EFI,"Network
> Boot",http://192.168.1.200/esxi/mboot.efi
> 
> dhcp-boot=tag:efihttp,http://192.168.1.200/esxi/mboot.efi
> dhcp-option-force=tag:efihttp,60,HTTPClient
> 
> Hhhhmm but the dhcp-pxe-vendor is not necessary for HTTPClient:Arch:7 or
> HTTPClient:Arch:9...? An iPXE boot with vendor class
> HTTPClient:Arch:7 does not need this option so eval by dhcp-vendorclass
> works for 7 "out of the box". Therefore I ignored that option also for
> 00016...

Plus  adding  "set tag"
(there was no "set tag" in the original posting)
 

> Thanks for offering support.

Thanks for reporting the succes.
 

> Regards Michael
 

Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Possible to reuse Cache over restarts?

[Geert Stappers via Dnsmasq-discuss]

On Thu, Jun 30, 2022 at 08:01:36PM +0200, Petr Menšík wrote:
> On 30. 06. 22 14:32, Tobias Hochgürtel wrote:
> > Geert Stappers wrote:
> >   * Tell us which version of dnsmasq is being used
> >   * Reread the manual page and in particular --log-queries option
> > 
> > [root@router-fedora ~]# *hostnamectl*
> > Static hostname: router-fedora
> >    Icon name: computer-desktop
> >  Chassis: desktop 
> >   Machine ID: c9c0e33265b848bfbce224fd8615fb30
> >  Boot ID: 0824361c352745c0a35a75167a2f81a0
> > Operating System: *Fedora Linux 36 (Server Edition)*
> >  CPE OS Name: cpe:/o:fedoraproject:fedora:36
> >   Kernel: *Linux 5.18.6-200.fc36.x86_64*
> >     Architecture: x86-64
> > Hardware Vendor: BIOSTAR Group
> >   Hardware Model: N3150NH
> > 
> > [root@router-fedora ~]# *dnsmasq --version*
> > *Dnsmasq version 2.86*Copyright (c) 2000-2021 Simon Kelley
> > Compile time options: *IPv6 GNU-getopt DBus no-UBus no-i18n IDN2 DHCP
> > DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect
> > inotify dumpfile*
> > 
> > This software comes with ABSOLUTELY NO WARRANTY.
> > Dnsmasq is free software, and you are welcome to redistribute it
> > under the terms of the GNU General Public License, version 2 or 3.
> 
> I am maintainer of Fedora dnsmasq package.  I don't know about any issue
> with latest dnsmasq on f36. It should work reliably.
> 
> I agree with Geert, log-queries option should reveal the most details for
> troubleshooting. Default logging to journal should be enough. Use
> "journalctl -xeu dnsmasq" command to see the most recent output of dnsmasq.
> 
> You should see whether incoming query were received by the dnsmasq. And
> where did it forwarded it. It should log also what forwarder replied. If
> reply after forward is not logged but wireshark can record such packets, it
> would mean some error in socket handling code. But I think all known errors
> in Fedora 36 were fixed.
> 
> It is possible to send SIGHUP to dnsmasq to clear just cache. Just use kill
> -SIGHUP $(pidof dnsmasq). But that should not be necessary, especially not
> periodic way. Because systemd-resolved is enabled by default on Fedora, are
> you sure you have disabled it correctly? Are you connected by multiple
> interfaces at the same time? Would it work with just one interface
> connected?
> 
> Lets find somehow a reason for your broken resolution instead of dumping the
> cache periodically. While it should work even with that, it definitely
> should not be required.

I also would like to know what is causing the need for restarting dnsmasq.
 

> Cheers,
> Petr
 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] patchwork

[Geert Stappers via Dnsmasq-discuss]

Previous-Subject: Re: [Dnsmasq-discuss] [PATCH] Create temporary leases for 
DHCPOFFER actions
In-Reply-To: 
On Fri, Jul 15, 2022 at 10:54:28PM +0200, Petr Menšík wrote:
> On 7/13/22 19:20, Geert Stappers via Dnsmasq-discuss wrote:
> > On Fri, Jul 08, 2022 at 10:26:35PM +0200, Petr Menšík wrote:
> > >   ... First two patches were already sent. I think I have sent
> > > also following patches already, but were not able to find them.
> > 
> > To prevent that patches get lost,
> > advices the Monthly Posting to poke after eight days again.
> > 
> > 
> > An additional attempt to prevent that patches (and contributors) get
> > lost, am I now experimenting with "dnsmasq mailing list patch collection"
> > 
> > It is a git repository that is cloned from 
> > git://thekelleys.org.uk/dnsmasq.git
> > The master branch follows that repo, the other branches have patches
> > that I collected from this mailinglist. Currently that is the only
> > extra branch "y22w27", short for "year 2022, week 27". An upcoming
> > branch is "gcc12".  I'm in need for a (short) branch name for
> >Create temporary leases for DHCPOFFER actions
> > as Previous-Subject says / suggests.

Ideas for the branch name are still welcome.


> > Webpage https://git.sr.ht/~stappers/dnsmasqmlpc has `git clone URL`
> > and links for further "browsing".
> > Example given: https://git.sr.ht/~stappers/dnsmasqmlpc/log/y22w27
> > 
> Interesting. Do you generate those by hand
> or are those generated by some tool?

By hand

 
> I have thought about a tool, which would collect patches sent from
> registered people and create a pull requests on gitlab or github, which
> would show their status. And if possible mark them merged automagically. But
> haven't found enough free time to play with that. Sort of external pull
> requests, which can be linked to bugs and tracked progress, if any.

There is 'patchwork' http://jk.ozlabs.org/projects/patchwork/
documentation is at https://patchwork.readthedocs.io/en/latest/

My estimation is that we, dnsmasq project, can live without such tool.
On the other hand it would be nice to have such tool.


Groeten
Geert Stappers


P.S.
If I have missed patches, just say so.
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Create temporary leases for DHCPOFFER actions, setup.sh

[Geert Stappers via Dnsmasq-discuss]

On Fri, Jul 08, 2022 at 10:26:35PM +0200, Petr Menšík wrote:
> 
> I am attaching also setup.sh, which I used to emulate starting multiple
> clients at similar time. I configured dnsmasq listening on virbr1 device and
> offering addresses. Then run that script as root and record communication in
> wireshark. Unlike current situation, there should not be any NACKs present.
> Even though ISC dhclient handles NACK well and is able to retry, unlike some
> netbooting firmware, which fails the boot in such situation.
> 
> Comments or testing would be welcome.

Idea: putting the `setup.sh` into the contrib directory


Regards
Geert Stappers

What follows is the script
--
#!/bin/sh

: ${BRIDGE:=virbr1}
NS=dhcp-test
INSTANCES=${1:-16}
WAIT=${2:-80}

ip netns add $NS
ip -netns $NS link set lo up
# Make sure old addresses are forgotten
rm -f /var/lib/dhclient/dhclient-testc*.{lease,log}

for I in $(seq 1 $INSTANCES); do
ip link add testc$I type veth peer name testh$I
ip link set testh$I master $BRIDGE up
ip link set testc$I netns $NS up
done

for I in $(seq 1 $INSTANCES); do
COMMON=dhclient-testc$I
LIB=/var/lib/dhclient/$COMMON
RUN=/run/$COMMON
ip netns exec $NS dhclient -v -d -1 -nc \
 -H test-$I \
 -sf /bin/true \
 -pf $RUN.pid \
 -lf $LIB.lease \
 -e PEERDNS=no \
 testc$I >& $LIB.log &
done

ip -netns $NS link
#while ps $(cat /run/dhclient-testc*.pid); do sleep 1; done
sleep $WAIT

cat /var/lib/dhclient/dhclient-testc*.log
grep 'DHCPOFFER' /var/lib/dhclient/dhclient-testc*.log
kill $(cat /run/dhclient-testc*.pid)
ip netns del $NS 2>/dev/null
--

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH 3/6] Create temporary leases on DISCOVER message

[Geert Stappers via Dnsmasq-discuss]

On Fri, Jul 08, 2022 at 10:26:35PM +0200, Petr Menšík wrote:
> From 7885f99da642306bc3ae65f591f36dd4a704918d Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= 
> Date: Fri, 10 Dec 2021 20:18:20 +0100
> Subject: [PATCH 3/6] Create temporary leases on DISCOVER message
> 
> Previously only ping cache contained hash of few last pinged addresses.
> They allowed skipping of address proposed to different host in
> allocate_address. If no-ping were used together with dhcp-sequential-ip,
> nothing would prevent offering single address to multiple clients.
> 
> Use temporary leases to store clients interested right when DHCPDISCOVER is
> received. It makes sure that address is 'reserved' for that client when
> he requests it. Uses short expiration time.
> ---
>  src/dbus.c|  2 +-
>  src/dnsmasq.h |  3 ++-
>  src/lease.c   | 25 +
>  src/rfc2131.c | 30 --
>  4 files changed, 44 insertions(+), 16 deletions(-)
> 
> diff --git a/src/dbus.c b/src/dbus.c
> index bf6b661..571743f 100644
> --- a/src/dbus.c
> +++ b/src/dbus.c
> @@ -537,7 +537,7 @@ static DBusMessage *dbus_add_lease(DBusMessage* message)
> "ia_id and is_temporary must be zero for 
> IPv4 lease");
>
>if (!(lease = lease_find_by_addr(addr.addr4)))
> - lease = lease4_allocate(addr.addr4);
> + lease = lease4_allocate(addr.addr4, 0);
>  }
>  #ifdef HAVE_DHCP6
>else if (inet_pton(AF_INET6, ipaddr, ))

Output from `git am`:
|Applying: Create temporary leases on DISCOVER message
|.git/rebase-apply/patch:17: space before tab in indent.
|   lease = lease4_allocate(addr.addr4, 0);
|warning: 1 line adds whitespace errors.

"repaired" in my public git repo.

More about that git repository in another email.



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] RFC8520 (MUD) support in DHCP

[Geert Stappers via Dnsmasq-discuss]

On Tue, Jul 12, 2022 at 12:29:29PM +0200, Petr Menšík wrote:
> On 11. 07. 22 15:18, Jasper Wiegratz wrote:
> > Hi Simon,
> > 
> > my university project for network security has been working with a fork
> > of dnsmasq for some time now.
> > 
> > I'm submitting the attached 2 patches for dnsmasq master branch to add
> > MUD DHCP option and URL extraction. This was requested on the mailing
> > list [1] [2].
> > 
> > I'm looking forward to hearing back from you. Thanks for your time and
> > efforts.
> 
> Seems simple, nice and reasonable. I vote for merging it.

:-)


The commit messages are way too terse.  At https://cbea.ms/git-commit/
is good advice on commit messages.

And one patch, the IPv6 one, would introduce trailing white space.


Both patches are applied to branch y22w27 of
my dnsmasq mailing list patch collection.
* 
https://git.sr.ht/~stappers/dnsmasqmlpc/commit/a3db3671cccdbe8f64b082d3c307ae908780b976
* 
https://git.sr.ht/~stappers/dnsmasqmlpc/commit/21d87fb1044f41004b72d447af42538917bc446f

When there are there true commit messages for them, I will put them
in a rfc8520mud branch and maintain them for a while.


The git repo is at https://git.sr.ht/~stappers/dnsmasqmlpc
over there you will find `git clone` URLs.




Groeten
Geert Stappers

[1] 
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg12326.html
[2] 
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg12116.html
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Create temporary leases for DHCPOFFER actions

[Geert Stappers via Dnsmasq-discuss]

On Fri, Jul 08, 2022 at 10:26:35PM +0200, Petr Menšík wrote:
> Hi!
> 
> I have already described similar problem back in year 2021 [1]. There exists
> race condition when higher count of clients starts at similar time and
> requests DHCP(v4). First two patches were already sent. I think I have sent
> also following patches already, but were not able to find them.

To prevent that patches get lost,
advices the Monthly Posting to poke after eight days again.


An additional attempt to prevent that patches (and contributors) get
lost, am I now experimenting with "dnsmasq mailing list patch collection"

It is a git repository that is cloned from git://thekelleys.org.uk/dnsmasq.git
The master branch follows that repo, the other branches have patches
that I collected from this mailinglist. Currently that is the only
extra branch "y22w27", short for "year 2022, week 27". An upcoming
branch is "gcc12".  I'm in need for a (short) branch name for
  Create temporary leases for DHCPOFFER actions
as Subject says / suggests.


Webpage https://git.sr.ht/~stappers/dnsmasqmlpc has `git clone URL`
and links for further "browsing". 
Example given: https://git.sr.ht/~stappers/dnsmasqmlpc/log/y22w27


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Fix --server=/#/...... which was lost in 2.86

[Geert Stappers via Dnsmasq-discuss]

On Sat, Jul 23, 2022 at 02:02:31PM +, 谢致邦 (XIE Zhibang) via Dnsmasq-discuss 
wrote:
> A victim of the domain-search rewrite.
> --server=/#/.. means to use the server for default. The new
> implementation orders the default server first, but because of the
> rewrote domain-search, it needs strict-order to ensure the default.


Much better as only the "git commit summary".


If the proposed change is related to commit 26bbf5a314d833bea say so.
(Yes, I'm asking for an even better commit message.)

 
> Signed-off-by: 谢致邦 (XIE Zhibang) 
> ---
>  src/dnsmasq.h  | 34 ++
>  src/domain-match.c | 15 +++
>  src/network.c  |  2 +-
>  3 files changed, 30 insertions(+), 21 deletions(-)
> 
> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
> index a8937ce..7512756 100644
> --- a/src/dnsmasq.h
> +++ b/src/dnsmasq.h
> @@ -534,23 +534,24 @@ union mysockaddr {
>  
>  
>  /* The actual values here matter, since we sort on them to get records in 
> the order
> -   IPv6 addr, IPv4 addr, all zero return, resolvconf servers, upstream 
> server, no-data return  */
> +   IPv6 addr, IPv4 addr, all zero return, default server, resolvconf 
> servers, upstream server, no-data return */
>  #define SERV_LITERAL_ADDRESS1  /* addr is the answer, or NoDATA is the 
> answer, depending on the next four flags */
>  #define SERV_USE_RESOLV 2  /* forward this domain in the normal way 
> */
> -#define SERV_ALL_ZEROS  4  /* return all zeros for A and  */
> -#define SERV_4ADDR  8  /* addr is IPv4 */
> -#define SERV_6ADDR 16  /* addr is IPv6 */
> -#define SERV_HAS_SOURCE32  /* source address defined */
> -#define SERV_FOR_NODOTS64  /* server for names with no domain part 
> only */
> -#define SERV_WARNED_RECURSIVE 128  /* avoid warning spam */
> -#define SERV_FROM_DBUS256  /* 1 if source is DBus */
> -#define SERV_MARK 512  /* for mark-and-delete and log code */
> -#define SERV_WILDCARD1024  /* domain has leading '*' */ 
> -#define SERV_FROM_RESOLV 2048  /* 1 for servers from resolv, 0 for 
> command line. */
> -#define SERV_FROM_FILE   4096  /* read from --servers-file */
> -#define SERV_LOOP8192  /* server causes forwarding loop */
> -#define SERV_DO_DNSSEC  16384  /* Validate DNSSEC when using this server 
> */
> -#define SERV_GOT_TCP32768  /* Got some data from the TCP connection 
> */
> +#define SERV_DEFAULT4  /* Use the server for default (need 
> strict-order) */
> +#define SERV_ALL_ZEROS  8  /* return all zeros for A and  */
> +#define SERV_4ADDR 16  /* addr is IPv4 */
> +#define SERV_6ADDR 32  /* addr is IPv6 */
> +#define SERV_HAS_SOURCE64  /* source address defined */
> +#define SERV_FOR_NODOTS   128  /* server for names with no domain part 
> only */
> +#define SERV_WARNED_RECURSIVE 256  /* avoid warning spam */
> +#define SERV_FROM_DBUS512  /* 1 if source is DBus */
> +#define SERV_MARK1024  /* for mark-and-delete and log code */
> +#define SERV_WILDCARD2048  /* domain has leading '*' */
> +#define SERV_FROM_RESOLV 4096  /* 1 for servers from resolv, 0 for 
> command line. */
> +#define SERV_FROM_FILE   8192  /* read from --servers-file */
> +#define SERV_LOOP   16384  /* server causes forwarding loop */
> +#define SERV_DO_DNSSEC  32768  /* Validate DNSSEC when using this server 
> */
> +#define SERV_GOT_TCP65536  /* Got some data from the TCP connection 
> */

Why the reshuffle?  What about SERV_DEFAULT 65536 and avoiding the reshuffle?
  


Regards
Geert Stappers
Fully aware that 2^16 does NOT fit in a 16-bit integer.
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Fix --server=/#/...... which was lost in 2.86

[Geert Stappers via Dnsmasq-discuss]

On Sat, Jul 23, 2022 at 10:54:04AM +, 谢致邦 (XIE Zhibang) via Dnsmasq-discuss 
wrote:
> Signed-off-by: 谢致邦 (XIE Zhibang) 
> ---
>  src/dnsmasq.h  | 34 ++
>  src/domain-match.c | 15 +++
>  src/network.c  |  2 +-
>  3 files changed, 30 insertions(+), 21 deletions(-)

Qoute from a few days ago on this mailing list

   please could you supply a suitable commit message which 
   describes clearly what the patch does


That quote in context
at https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q3/016485.html


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Log upstream port for dnssec-retry

[Geert Stappers via Dnsmasq-discuss]

On Sun, Apr 17, 2022 at 12:51:42PM +0200, Dominik Derigs wrote:
> On Fri, 2022-04-15 at 10:17 +0200, Geert Stappers wrote:
> >  2022-04-10, Dominik Derigs wrote:
} } } Subject: [PATCH] Also log upstream port for dnssec-retry
} }  there should be more text about the why.
> > > -   log_query_mysockaddr(F_NOEXTRA | F_DNSSEC, 
> > > daemon->namebuff, >addr,
> > > -    "dnssec-retry", (forward-flags & 
> > > FREC_DNSKEY_QUERY) ? T_DNSKEY : T_DS);
> > > +   log_query_mysockaddr(F_NOEXTRA | F_DNSSEC | F_SERVER, 
> > > daemon->namebuff, >addr,
> > > +    (forward->flags & FREC_DNSKEY_QUERY) 
> > > ? "dnssec-retry[DNSKEY]" : "dnssec-retry[DS]", 0);
 
those lines shuffled:
> > > -   log_query_mysockaddr(F_NOEXTRA | F_DNSSEC, 
> > > daemon->namebuff, >addr,
> > > +   log_query_mysockaddr(F_NOEXTRA | F_DNSSEC | F_SERVER, 
> > > daemon->namebuff, >addr,
> > > +    (forward->flags & FREC_DNSKEY_QUERY) 
> > > ? "dnssec-retry[DNSKEY]" : "dnssec-retry[DS]", 0);
> > > -    "dnssec-retry", (forward-flags & 
> > > FREC_DNSKEY_QUERY) ? T_DNSKEY : T_DS);

white space change on the above last two lines to align the ,
> > > + (forward->flags & FREC_DNSKEY_QUERY) ? "dnssec-retry[DNSKEY]" : 
> > > "dnssec-retry[DS]", 0);
> > > -     
> > > "dnssec-retry", (forward-flags & FREC_DNSKEY_QUERY) ? T_DNSKEY : T_DS);
> > I see more changes as commit message says.
> 
> What do you see in addition?

I was expecting to see only an addition of logging a port number.
The extra '| F_SERVER' did surprise me.
And the '(forward->flags & FREC_DNSKEY_QUERY) ? "dnssec-retry[DNSKEY]" : 
"dnssec-retry[DS]"'
becoming '"dnssec-retry"', plus a '0' becoming '(forward-flags & 
FREC_DNSKEY_QUERY) ? T_DNSKEY : T_DS)'
realy made me (poorly) expressing "the patch needs a much better commit message"


> It is a minimal invasive change that fixes the omission in a
> previous commit as already said in the first mail:
> 
> On Sun, 2022-04-10 at 10:46 +0200, Dominik Derigs wrote:
> > This is added by this patch implementing it in the same way as
> > used already when logging "dnssec-query" in the code.
> 
> This is the commit, if you want to compare the change yourself:
> https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ff43d35aeef6178f7471c6f37e91845c9a72bd2f

Partial 
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=ff43d35aeef6178f7471c6f37e91845c9a72bd2f
--- a/src/forward.c
+++ b/src/forward.c
@@ -123,9 +123,17 @@ static void set_outgoing_mark(struct frec *forward, int fd)
 static void log_query_mysockaddr(unsigned int flags, char *name, union 
mysockaddr *addr, char *arg, unsigned short type)
 {
   if (addr->sa.sa_family == AF_INET)
-log_query(flags | F_IPV4, name, (union all_addr *)>in.sin_addr, arg, 
type);
+{
+  if (flags & F_SERVER)
+   type = ntohs(addr->in.sin_port);
+  log_query(flags | F_IPV4, name, (union all_addr *)>in.sin_addr, 
arg, type);
+}
   else
-log_query(flags | F_IPV6, name, (union all_addr *)>in6.sin6_addr, 
arg, type);
+{
+  if (flags & F_SERVER)
+   type = ntohs(addr->in6.sin6_port);
+  log_query(flags | F_IPV6, name, (union all_addr *)>in6.sin6_addr, 
arg, type);
+}
 }
 

(saying "link was visited, an attempt to compare was done")

 
> Happy Easter and best regards,
> Dominik
> 

Thanks, you also.

Thing to consider: resubmit the patch with a better commit message.


Other thing we should think about:
A clear signal like "patch is rejected"


Groeten
Geert Stappers
In another attempt to get beyond ignored patches
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] address option doesn't work correctly if the target domain is a cname

[Geert Stappers via Dnsmasq-discuss]

dnsmasq[1]: 458 127.0.0.1/35410 query[A] 
> api.ott.kinopoisk.ru from 127.0.0.1
> Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 cached 
> api.ott.kinopoisk.ru is 
> Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 cached 
> ott-api-production-balancer.ott.yandex.net is 93.158.134.102
> Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 459 127.0.0.1/35410 
> query[] api.ott.kinopoisk.ru from 127.0.0.1
> Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 459 127.0.0.1/35410 cached 
> api.ott.kinopoisk.ru is 
> Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 459 127.0.0.1/35410 cached 
> ott-api-production-balancer.ott.yandex.net is 2a02:6b8::272
> 

I don't understand what Original Poster is trying to tell.

I suggest that OP adds "the why" on the configuration
plus "expecting to see" to the `nslook` output and the dnsmasq log
entries.


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] What does this reply to 'host' mean?

[Geert Stappers via Dnsmasq-discuss]

On Sun, Oct 16, 2022 at 01:34:26PM +0100, Chris Green wrote:
> I have been moving some domains around on my hosting provider and for
> one I'm getting the following rather strange response to a 'host'
> command:-
> 
> chris$ host www.jacquibennett.com
> www.jacquibennett.com is an alias for jacquibennett.com.
> jacquibennett.com has address 92.205.12.16
> Host jacquibennett.com not found: 2(SERVFAIL)
> 
> Is this just a DNS propagation oddity or have I misconfigured something?
> 

$ host www.jacquibennett.com
www.jacquibennett.com is an alias for jacquibennett.com.
jacquibennett.com has address 92.205.12.16
jacquibennett.com mail is handled by 0 
sxb1plzcpnl489538.prod.sxb1.secureserver.net.
$ 

-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH] Removed empty last lines

[Geert Stappers via Dnsmasq-discuss]

Files src/domain-match.c and src/metrics.c had empty last lines.
Now has the last line of those files more than just white space.

Signed-of-by:  Geert Stappers 
---
 src/domain-match.c | 1 -
 src/metrics.c  | 1 -
 2 files changed, 2 deletions(-)

diff --git a/src/domain-match.c b/src/domain-match.c
index 76a1109..219331c 100644
--- a/src/domain-match.c
+++ b/src/domain-match.c
@@ -729,4 +729,3 @@ int add_update_server(int flags,
   
   return 1;
 }
-
diff --git a/src/metrics.c b/src/metrics.c
index f3e6728..139ad4a 100644
--- a/src/metrics.c
+++ b/src/metrics.c
@@ -63,4 +63,3 @@ void clear_metrics(void)
   serv->query_latency = 0;
 }
 }
-   
-- 
2.11.0


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq: dhcp-server with disabled dns-server: /etc/hosts ignored

[Geert Stappers via Dnsmasq-discuss]

On Fri, Oct 21, 2022 at 11:23:28PM +0200, Michael Traxler wrote:
> Hello,
> 
> dnsmasq-2.87:
> 
> It took me quite some time to figure this out :-)
> 
> When you disable the DNS-server via
> port=0
> 
> the /etc/hosts file is ignored and also the
> addn-hosts=
> is ignored.
> 
> This then results in the problem, that the
> DHCP-server still works, but if you use the
> 
> dhcp-host=da:7a:3a:62:7d:d2,trb
> 
> where trb is a name in /etc/hosts
> dnsmasq reacts with:
> 
> DHCPDISCOVER(enp2s0) da:7a:3a:62:7d:d2 no address available
> 
> I checked via strace that it really doesn't even open
> /etc/hosts nor the given file via the "addn-hosts" option.
> 
> Looks for me like a bug. I can not find a logical reason, why a dhcp-server
> *needs* to have a running DNS-server.
> 
> Or is it a feature? :-)

Or an incomplete  configuration file.

So remove the 'port=0' (or comment it out) and check if
the host with MAC-address gets the IP-address of trb.

And report back.

 

Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmasq 2.85 stopped resolving dns zones.

[Geert Stappers via Dnsmasq-discuss]

On Tue, Oct 18, 2022 at 03:43:48PM +0300, Dach Shong wrote:
> Hello.
> 
> Dnsmasq 2.85 stopped resolving dns zones.

When did it stop?

 
> My system:
> Debian 11
> dnsmasq 2.85
> 
> cat /etc/dnsmasq.conf
> 
> listen-address=127.0.0.1
> bind-interfaces
> domain-needed
> no-dhcp-interface=lo
> bogus-priv
> filterwin2k
> interface=lo
> stop-dns-rebind
> clear-on-reload
> resolv-file=/etc/resolv.conf
> no-negcache
> cache-size=350
> 
> cat /etc/resolv.conf
> #nameserver 127.0.0.1
> nameserver 1.1.1.1
> nameserver 8.8.8.8
> 
> 
> dig @127.0.0.1 google.com
> 
> ; <<>> DiG 9.16.33-Debian <<>> @127.0.0.1 google.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 1706
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;google.com. IN A
> 
> ;; Query time: 3 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Tue Oct 18 08:18:25 MSK 2022
> ;; MSG SIZE  rcvd: 39
> 
> 
> dig @1.1.1.1 google.com
> 
> ; <<>> DiG 9.16.33-Debian <<>> @1.1.1.1 google.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33849
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ;; QUESTION SECTION:
> ;google.com. IN A
> 
> ;; ANSWER SECTION:
> google.com. 202 IN A 142.250.206.110
> 
> ;; Query time: 15 msec
> ;; SERVER: 1.1.1.1#53(1.1.1.1)
> ;; WHEN: Tue Oct 18 08:20:55 MSK 2022
> ;; MSG SIZE  rcvd: 55
> 
> 
> netstat -ntlp | grep :53
> tcp0  0 127.0.0.1:530.0.0.0:*   LISTEN 
> 279307/dnsmasq
> 
> 
> tail /var/log/dnsmasq.log
> Oct 18 12:33:02 dnsmasq[314051]: started, version 2.85 cachesize 350
> Oct 18 12:33:02 dnsmasq[314051]: compile time options: IPv6 GNU-getopt DBus
> no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash
> DNSSEC loop-detect inotify dumpfile
> Oct 18 12:33:02 dnsmasq[314051]: no servers found in 
> /run/dnsmasq/resolv.conf, will retry

Did the retry happen?


> Oct 18 12:33:02 dnsmasq[314051]: read /etc/hosts - 2 addresses
> Oct 18 12:33:22 dnsmasq[314051]: query[A] google.com from 127.0.0.1
> Oct 18 12:33:22 dnsmasq[314051]: config error is REFUSED

Most like the 'REFUSED' that `dig` reported also as:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 1706



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Removed empty last lines

[Geert Stappers via Dnsmasq-discuss]

On Sat, Oct 22, 2022 at 09:26:53PM +0200, Geert Stappers wrote:
> Files src/domain-match.c and src/metrics.c had empty last lines.
> Now has the last line of those files more than just white space.
> 
> Signed-of-by:  Geert Stappers 
> ---
>  src/domain-match.c | 1 -
>  src/metrics.c  | 1 -
>  2 files changed, 2 deletions(-)
> 
> diff --git a/src/domain-match.c b/src/domain-match.c
> index 76a1109..219331c 100644
> --- a/src/domain-match.c
> +++ b/src/domain-match.c
> @@ -729,4 +729,3 @@ int add_update_server(int flags,
>
>return 1;
>  }
> -
> diff --git a/src/metrics.c b/src/metrics.c
> index f3e6728..139ad4a 100644
> --- a/src/metrics.c
> +++ b/src/metrics.c
> @@ -63,4 +63,3 @@ void clear_metrics(void)
>serv->query_latency = 0;
>  }
>  }
> - 
> -- 
> 2.11.0
> 

The thing I aiming for is "formatting by machine".
So that tooling can enforce Coding Style.


Reason for raising this issue again, is seeing in a short time:

https://www.reddit.com/r/rust/comments/y935fn/comment/it3tvum/?utm_source=reddit_medium=web2x=3
* rustfmt would make the indentation match the semantics. clang-format probably 
would do the same

https://nuttx.apache.org/docs/latest/introduction/inviolables.html#clear-consistent-standardized-coding-style
* Strict conformance to the NuttX coding style. No “revolutionary”
  changes to the coding standard (but perhaps some “evolutionary” changes).
* Personal or organizational preference is not a justification for a
  coding style change.
* Nothing can come into NuttX that does not follow the coding standard.
* Expediency is not a justification for violating the coding standard.



Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] dnsmasq unit tests!

[Geert Stappers via Dnsmasq-discuss]

On Thu, May 21, 2020 at 04:32:01PM +0200, Geert Stappers wrote:
> On Thu, May 14, 2020 at 09:08:09PM +0200, Petr Menšík wrote:
> > My previous message is waiting for moderation, since my patch is a big one.
> > 
> > On 5/12/20 10:51 PM, Geert Stappers wrote:
> > > On Mon, May 04, 2020 at 05:02:38PM +0200, Petr Menšík wrote:
> > ...
> > > 
> > > I think it is great to have unittests.
> > > 
> > >   
> > > 
> > > To be continued ...
> > OK, patch cleaned up, should apply without any warning now.
> > 
> 
> Yes, works fine.  Fixes the parameter count mismatch that was seen
> earlier. One unittest failed as warned before. And yes indeed
> the Harald Jensas's patch 'Fix regression in s_config_in_context()
> method' does solve it.
> 
> 
> Cheers
> Geert Stappers
> (Curious who also
>  says: "Unittests? Yes, have it in the dnsmasq source tree!" )
> 

Rewording my curiousity: Who would like to have unittests in the dnsmasq
source tree AND has courage to express that?


Groeten
Geert Stappers
-- 
stappers@alpaca:~/src/dnsmasq
$ make check
make: *** No rule to make target 'check'.  Stop.
stappers@alpaca:~/src/dnsmasq
$

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Connection track mark based DNS query filtering.

[Geert Stappers via Dnsmasq-discuss]

On Fri, Jan 22, 2021 at 09:34:53PM +0100, Etan Kissling wrote:
> This extends query filtering support beyond what is currently possible
> with the `--ipset` configuration option, by adding support for:
> 1) Specifying allowlists on a per-client basis, based on their
>associated Linux connection track mark.
> 2) Dynamic configuration of allowlists via Ubus.
> 3) Reporting when a DNS query resolves or is rejected via Ubus.
> 4) DNS name patterns containing wildcards.
> 
> Disallowed queries are not forwarded; they are rejected
> with a REFUSED error code.
> 
> Signed-off-by: Etan Kissling 
> ---
>  Makefile  |   2 +-
>  man/dnsmasq.8 |  31 +++-
>  src/dnsmasq.h |  25 +++-
>  src/forward.c | 123 +++-
>  src/option.c  | 134 ++
>  src/pattern.c | 386 ++
>  src/rfc1035.c |  82 +++
>  src/ubus.c| 182 
>  8 files changed, 956 insertions(+), 9 deletions(-)
>  create mode 100644 src/pattern.c
 

Found this while looking for another patch.
Did see that no one did respond to the patch.
I might be wrong about that due my archive my only point of view.


What where other responses?


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH 2/6] Removed trailing white spaces

['Geert Stappers via Dnsmasq-discuss]

From: Geert Stappers 

This was done by
sed --in-place -e 's/[\t ]*$//' src/*.c src/*.h

However, this is an **empty** commit, The diff would be too big
for the mailinglist. The commit hash is needed for in .git-blame-ignore-revs

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH 5/6] Better description of Coding Style

['Geert Stappers via Dnsmasq-discuss]

From: Geert Stappers 

And the CS needs more tuning.
---
 .clang-format | 7 ++-
 CodingStyle   | 7 +++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/.clang-format b/.clang-format
index 75d465b..ada50d2 100644
--- a/.clang-format
+++ b/.clang-format
@@ -1,3 +1,8 @@
+#
+# Machine readable version of Dnsmasq Coding Style
+#
+# It is the program `clang-format`, that is supposed to read this YAML file.
+#
 ---
 Language:Cpp
 AccessModifierOffset: -2
@@ -180,7 +185,7 @@ StatementMacros:
   - QT_REQUIRE_VERSION
 TabWidth:8
 UseCRLF: false
-UseTab:  Never
+UseTab:  Always
 WhitespaceSensitiveMacros:
   - STRINGIZE
   - PP_STRINGIZE
diff --git a/CodingStyle b/CodingStyle
index 5457dd8..fb8c5b9 100644
--- a/CodingStyle
+++ b/CodingStyle
@@ -6,3 +6,10 @@ We indent by 2 spaces.
 When we are doing that for 4th time, we use a tab, not 8 spaces.
 Next indents are again 2 spaces and replace again with tab
 on modulo 4 indents.
+
+
+Further
+---
+
+In file .clang-format is the machine readable version
+of the Dnsmasq coding style.
-- 
2.37.2


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH 3/6] Tell `git blame` which commits to ignore

['Geert Stappers via Dnsmasq-discuss]

From: Geert Stappers 

new file:   .git-blame-ignore-revs

That file has commit-hash of commit to ignore
and information on how to activate it.
---
 .git-blame-ignore-revs | 9 +
 1 file changed, 9 insertions(+)
 create mode 100644 .git-blame-ignore-revs

diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs
new file mode 100644
index 000..29db600
--- /dev/null
+++ b/.git-blame-ignore-revs
@@ -0,0 +1,9 @@
+#
+# In this file is documented which commits
+#git blame
+# should ignore. To activate it, do
+#git config blame.ignoreRevsFile .git-blame-ignore-revs
+#
+
+# sed --in-place -e 's/[\t ]*$//' src/*.c src/*.h
+023ea4bea87bc4bccb4b7197ced1e604215186c8
-- 
2.37.2


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Coding Style

[Geert Stappers via Dnsmasq-discuss]

In-Reply-To: <20221022202018.cxxx2lag6dxqg...@gpm.stappers.nl>
Previous-Subject: Re: [Dnsmasq-discuss] [PATCH] Removed empty last lines
On Sat, Oct 22, 2022 at 10:20:18PM +0200, Geert Stappers via Dnsmasq-discuss 
wrote:
> On Sat, Oct 22, 2022 at 09:26:53PM +0200, Geert Stappers wrote:
> > Files src/domain-match.c and src/metrics.c had empty last lines.
> > Now has the last line of those files more than just white space.
> > 
> > diff --git a/src/domain-match.c b/src/domain-match.c
> > --- a/src/domain-match.c
> > +++ b/src/domain-match.c
> > @@ -729,4 +729,3 @@ int add_update_server(int flags,
> >
> >return 1;
> >  }
> > -
> > diff --git a/src/metrics.c b/src/metrics.c
> > --- a/src/metrics.c
> > +++ b/src/metrics.c
> > @@ -63,4 +63,3 @@ void clear_metrics(void)
> >serv->query_latency = 0;
> >  }
> >  }
> > -   
> > 
> 
> The thing I aiming for is "formatting by machine".
> So that tooling can enforce Coding Style.
> 

Differences against previous attempt:

* `git blame` can be told to ignore certain commits
* `clang-format` improved
* We became wiser


This email will get patches as follow-up message.

Expect to see a machine readable format description,
git blame commit ignore instructions and a CodingStyle file.


I'm looking forward to your feedback.


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Reserved IP Addresses for Specific DHCP Clients without a Connection to the Subnet

[Geert Stappers via Dnsmasq-discuss]

On Fri, Oct 28, 2022 at 06:44:36PM -0400, Rich Otero via Dnsmasq-discuss wrote:
>  On Thu, Oct 27, 2022 at 7:15 AM Simon Kelley wrote:
> > On 27/10/2022 11:49, Simon Kelley wrote:
> > > Rich Otero:
> > > >   dnsmasq v2.75 ...
> > >  
> > > strange things were happening, which I'll look into now, so make sure
> > > you don't have that. (I might have found a bug for my efforts).
> > >
> >
> > I did indeed find a bug, and if you _are_ using rapid commit, that might
> > be a problem, I doubt you are. The fix is in the git repo now.
> >
> 
> I think I've arrived at a solution. With v2.87
 
Plain v2.87  or v2.87 with the fix from git repo?


> and the following configuration, clients are now receiving
> the expected leases:
> 
> # /etc/dnsmasq.d/172.18.0.0-16
> dhcp-range=set:172.18.15.0-24,172.18.15.0,static,255.255.255.0
> shared-network=enp2s0,172.18.15.0
> 
> 
> # /etc/dhcp-hosts/172.18.15.0-24
> 00:c0:b7:f1:0f:65,rack7-pdu1
> 00:c0:b7:f1:a3:71,rack7-pdu2
> 
> 
> # /etc/dhcp-opts/172.18.15.0-24
> tag:172.18.15.0-24,option:router,172.18.15.1
> 
> 
> # /etc/static-hosts/172.18.15.0-24
> 172.18.15.106 rack7-pdu1
> 172.18.15.107 rack7-pdu2
> 
> 

Thanks for sharing that.



> This leads me to another question:

To be put in fresh thread  ...


> There are 129 other subnets whose gateway IP addresses will be moved
> away from the dnsmasq server. Is it allowed to have many shared-network
> directives in the config?
> 
> shared-network=enp2s0,172.18.0.0
> shared-network=enp2s0,172.18.1.0
> shared-network=enp2s0,172.18.2.0
>   < … >
> shared-network=enp2s0,172.18.125.0
> shared-network=enp2s0,172.18.126.0
> shared-network=enp2s0,172.18.127.0
> shared-network=enp2s0,172.18.128.0
> 
> 
> Thanks again for all of the help.

???


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Offer alternative DHCPv6 address if requested is taken

[Geert Stappers via Dnsmasq-discuss]

On Fri, Oct 21, 2022 at 12:38:37PM +0200, Petr Menšík wrote:
> On 10/21/22 12:25, Petr Menšík wrote:
> > Hi,
> > 
> > I am attaching a change, which has been part of RHEL/CentOS Stream 9 for
> > some while [1]. It fixes the problem with DHCPv6 only requests, which on
> > some situations fail to provide an address. This change is older than
> > related change, which attempted to solve similar issue on IPv4 too. It
> > works by offering a different (free) IPv6 address to client, than he
> > originally asked for. It is a simple change, but tested clients worked
> > with it. Accompanied by related change to add client-arch tag support
> > also for DHCPv6 [2]. It were created to solve rh bug #2002871 [3], of
> > which most of communication is unfortunately RH internal only. Parent
> > bug [4] has a bit more background visible to public. But no regressions
> > were reported after this change and it has improved a situation in
> > openstack. I haven't found my attempt to offer it here, but maybe I just
> > failed my search. If it were refused already, kindly point me to correct
> > thread. It improves iPXE booting of multiple machines on the same host
> > concurrently.
> > 
> > Cheers,
> > Petr
> > 
> > 1. 
> > https://gitlab.com/redhat/centos-stream/rpms/dnsmasq/-/blob/c9s/dnsmasq-2.86-alternative-lease.patch
> > 2. 
> > https://gitlab.com/redhat/centos-stream/rpms/dnsmasq/-/blob/c9s/dnsmasq-2.86-dhcpv6-client-arch.patch
> > 3. https://bugzilla.redhat.com/show_bug.cgi?id=2002871
> > 4. https://bugzilla.redhat.com/show_bug.cgi?id=1998448
> > 
> 
> Ah, found reference to the original thread:
> 
> https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015640.html
> 
> It has subject: [PATCH] DHCPv6 - network booting 'address in use'
> 
> It was neither refused or merged, so I like it to be reviewed.
> 

FWIW the patches from 2022-10-21 retransmit applied cleanly.


Groeten
Geert Stappers
More sysadmin than C-programmer
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH 4/6] Created file .clang-format

['Geert Stappers via Dnsmasq-discuss]

From: Geert Stappers 

I did
clang-format --assume-filename=.c --style=GNU --dump-config
and redirected that to .clang-format.

For coding style I should have pick a better match from
webpage https://clang.llvm.org/docs/ClangFormatStyleOptions.html

Item that complies with dnsmasq coding style is
IndentWidth: 2
---
 .clang-format | 190 ++
 1 file changed, 190 insertions(+)
 create mode 100644 .clang-format

diff --git a/.clang-format b/.clang-format
new file mode 100644
index 000..75d465b
--- /dev/null
+++ b/.clang-format
@@ -0,0 +1,190 @@
+---
+Language:Cpp
+AccessModifierOffset: -2
+AlignAfterOpenBracket: Align
+AlignArrayOfStructures: None
+AlignConsecutiveMacros: None
+AlignConsecutiveAssignments: None
+AlignConsecutiveBitFields: None
+AlignConsecutiveDeclarations: None
+AlignEscapedNewlines: Right
+AlignOperands:   Align
+AlignTrailingComments: true
+AllowAllArgumentsOnNextLine: true
+AllowAllParametersOfDeclarationOnNextLine: true
+AllowShortEnumsOnASingleLine: true
+AllowShortBlocksOnASingleLine: Never
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: All
+AllowShortLambdasOnASingleLine: All
+AllowShortIfStatementsOnASingleLine: Never
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: All
+AlwaysBreakAfterReturnType: AllDefinitions
+AlwaysBreakBeforeMultilineStrings: false
+AlwaysBreakTemplateDeclarations: MultiLine
+AttributeMacros:
+  - __capability
+BinPackArguments: true
+BinPackParameters: true
+BraceWrapping:
+  AfterCaseLabel:  true
+  AfterClass:  true
+  AfterControlStatement: Always
+  AfterEnum:   true
+  AfterFunction:   true
+  AfterNamespace:  true
+  AfterObjCDeclaration: true
+  AfterStruct: true
+  AfterUnion:  true
+  AfterExternBlock: true
+  BeforeCatch: true
+  BeforeElse:  true
+  BeforeLambdaBody: false
+  BeforeWhile: true
+  IndentBraces:true
+  SplitEmptyFunction: true
+  SplitEmptyRecord: true
+  SplitEmptyNamespace: true
+BreakBeforeBinaryOperators: All
+BreakBeforeConceptDeclarations: true
+BreakBeforeBraces: GNU
+BreakBeforeInheritanceComma: false
+BreakInheritanceList: BeforeColon
+BreakBeforeTernaryOperators: true
+BreakConstructorInitializersBeforeComma: false
+BreakConstructorInitializers: BeforeColon
+BreakAfterJavaFieldAnnotations: false
+BreakStringLiterals: true
+ColumnLimit: 79
+CommentPragmas:  '^ IWYU pragma:'
+QualifierAlignment: Leave
+CompactNamespaces: false
+ConstructorInitializerIndentWidth: 4
+ContinuationIndentWidth: 4
+Cpp11BracedListStyle: false
+DeriveLineEnding: true
+DerivePointerAlignment: false
+DisableFormat:   false
+EmptyLineAfterAccessModifier: Never
+EmptyLineBeforeAccessModifier: LogicalBlock
+ExperimentalAutoDetectBinPacking: false
+PackConstructorInitializers: BinPack
+BasedOnStyle:''
+ConstructorInitializerAllOnOneLineOrOnePerLine: false
+AllowAllConstructorInitializersOnNextLine: true
+FixNamespaceComments: false
+ForEachMacros:
+  - foreach
+  - Q_FOREACH
+  - BOOST_FOREACH
+IfMacros:
+  - KJ_IF_MAYBE
+IncludeBlocks:   Preserve
+IncludeCategories:
+  - Regex:   '^"(llvm|llvm-c|clang|clang-c)/'
+Priority:2
+SortPriority:0
+CaseSensitive:   false
+  - Regex:   '^(<|"(gtest|gmock|isl|json)/)'
+Priority:3
+SortPriority:0
+CaseSensitive:   false
+  - Regex:   '.*'
+Priority:1
+SortPriority:0
+CaseSensitive:   false
+IncludeIsMainRegex: '(Test)?$'
+IncludeIsMainSourceRegex: ''
+IndentAccessModifiers: false
+IndentCaseLabels: false
+IndentCaseBlocks: false
+IndentGotoLabels: true
+IndentPPDirectives: None
+IndentExternBlock: AfterExternBlock
+IndentRequires:  false
+IndentWidth: 2
+IndentWrappedFunctionNames: false
+InsertTrailingCommas: None
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLinesAtTheStartOfBlocks: true
+LambdaBodyIndentation: Signature
+MacroBlockBegin: ''
+MacroBlockEnd:   ''
+MaxEmptyLinesToKeep: 1
+NamespaceIndentation: None
+ObjCBinPackProtocolList: Auto
+ObjCBlockIndentWidth: 2
+ObjCBreakBeforeNestedBlockParam: true
+ObjCSpaceAfterProperty: false
+ObjCSpaceBeforeProtocolList: true
+PenaltyBreakAssignment: 2
+PenaltyBreakBeforeFirstCallParameter: 19
+PenaltyBreakComment: 300
+PenaltyBreakFirstLessLess: 120
+PenaltyBreakOpenParenthesis: 0
+PenaltyBreakString: 1000
+PenaltyBreakTemplateDeclaration: 10
+PenaltyExcessCharacter: 100
+PenaltyReturnTypeOnItsOwnLine: 60
+PenaltyIndentedWhitespace: 0
+PointerAlignment: Right
+PPIndentWidth:   -1
+ReferenceAlignment: Pointer
+ReflowComments:  true
+RemoveBracesLLVM: false
+SeparateDefinitionBlocks: Leave
+ShortNamespaceLines: 1
+SortIncludes:CaseSensitive
+SortJavaStaticImport: Before
+SortUsingDeclarations: true
+SpaceAfterCStyleCast: false
+SpaceAfterLogicalNot: false
+SpaceAfterTemplateKeyword: true
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeCaseColon: false
+SpaceBeforeCp

[Dnsmasq-discuss] [PATCH 1/6] new file: CodingStyle

['Geert Stappers via Dnsmasq-discuss]

From: Geert Stappers 

Documents how to indent.
(further codingstyle will be machine readable)
---
 CodingStyle | 8 
 1 file changed, 8 insertions(+)
 create mode 100644 CodingStyle

diff --git a/CodingStyle b/CodingStyle
new file mode 100644
index 000..5457dd8
--- /dev/null
+++ b/CodingStyle
@@ -0,0 +1,8 @@
+
+Indentation
+---
+
+We indent by 2 spaces.
+When we are doing that for 4th time, we use a tab, not 8 spaces.
+Next indents are again 2 spaces and replace again with tab
+on modulo 4 indents.
-- 
2.37.2


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH 6/6] Extended Makefile with format target

['Geert Stappers via Dnsmasq-discuss]

From: Geert Stappers 

For keeping the source code in shape, you do:
make format
or just
make fmt

File CodingStyle has `make fmt` documented
for being closer to the "Go-lang" and/or the "Rust" world.
---
 CodingStyle | 7 +++
 Makefile| 9 +
 2 files changed, 16 insertions(+)

diff --git a/CodingStyle b/CodingStyle
index fb8c5b9..58d83e6 100644
--- a/CodingStyle
+++ b/CodingStyle
@@ -13,3 +13,10 @@ Further
 
 In file .clang-format is the machine readable version
 of the Dnsmasq coding style.
+
+
+Format
+--
+
+To format the code execute:
+make fmt
diff --git a/Makefile b/Makefile
index 48e8d3b..b5be2ba 100644
--- a/Makefile
+++ b/Makefile
@@ -134,6 +134,15 @@ merge :
echo -n msgmerge $(PO)/$$f && $(MSGMERGE) --no-wrap -U 
$(PO)/$$f $(BUILDDIR)/dnsmasq.pot; \
done
 
+# enforce Coding Style
+format:
+   clang-format \
+   --style=file \
+   -i src/*.c src/*.h
+
+# alias inspired by `go fmt` and `cargo fmt`
+fmt: format
+
 # Canonicalise .po file.
 %.po : 
@cd $(BUILDDIR) && $(MAKE) -f $(top)/Makefile dnsmasq.pot
-- 
2.37.2


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss