Hi,
I'd like to suggest that enable-tftp and no-dhcp-interface should be decoupled.
Not only is it confusing that no-dhcp-interface also disables enable-tftp for
that interface, but it is sometimes desirable to allow DNS and TFTP on an
interface without DHCP.
Looking at src/tftp.c is seems
On Jul 25, 2013, at 4:06 PM, Simon Kelley wrote:
On 23/06/13 20:34, Lonnie Abelbeck wrote:
Hi,
I'd like to suggest that enable-tftp and no-dhcp-interface should be
decoupled.
Not only is it confusing that no-dhcp-interface also disables
enable-tftp for that interface
On Jul 25, 2013, at 4:44 PM, Lonnie Abelbeck wrote:
On Jul 25, 2013, at 4:06 PM, Simon Kelley wrote:
On 23/06/13 20:34, Lonnie Abelbeck wrote:
Hi,
I'd like to suggest that enable-tftp and no-dhcp-interface should be
decoupled.
Not only is it confusing that no-dhcp-interface also
On Sep 27, 2013, at 6:51 AM, Simon Kelley wrote:
There's one change which needs to be made to the script. When dnsmasq is
restarted, it won't know the MAC addresses for DHCPv6 (because they're not in
the leasefile). So at start-up it will execute old script runs on each
lease without
On Oct 3, 2013, at 8:05 AM, Nehal J Wani wrote:
Yes. I just added contrib/mactable/macscript to the git repo, which is your
previous script slightly less elegantly modified by me for this
circumstance. I also put back the make new file then atomically rename
behaviour since that means
DNS Gurus,
With all the excellent work on DNSSEC, I'd like to get this list's thoughts on
the merits of using DNSCrypt.
http://dnscrypt.org/
I cross-compiled dnscrypt-proxy 1.3.3 together with libsodium 0.4.5 from
source, and it works splendidly with our beloved dnsmasq.
FYI, I started
On Feb 7, 2014, at 7:15 AM, Maciej Soltysiak wrote:
On Fri, Feb 7, 2014 at 1:42 PM, Lonnie Abelbeck
li...@lonnie.abelbeck.com wrote:
I admit is is nice to know that no-one is silently altering DNS
queries/responses in transit to a trusted DNS server, but is that being
overly paranoid
On Mar 25, 2014, at 4:52 PM, Simon Kelley wrote:
On 25/03/14 21:25, Lonnie Abelbeck wrote:
Is the decision to not support OpenSSL shared libraries a final decision, or
is there a chance you may reconsider ?
The very early DNSSEC code used openSSL, so it's possible. The reason
On Sep 27, 2014, at 7:01 AM, Matthias Andree matthias.and...@gmx.de wrote:
Am 27.09.2014 um 12:01 schrieb Roy Marples:
On Friday 26 Sep 2014 21:14:20 Simon Kelley wrote:
This is just a heads-up that if you're using the --dhcp-script option in
dnsmasq, and the script you're calling is being
Hi,
I'm in the process of moving from radvd to dnsmasq for ra-only...
Everything works as before with radvd, except for one side case, if a user
chooses for interface eth1...
--
no-dhcp-interface=eth1
dhcp-range=lan,2001:db8:1:2::,ra-only,64,24h
--
Then router advertisements seem to also be
On May 15, 2015, at 2:37 PM, Simon Kelley si...@thekelleys.org.uk wrote:
Anyone running 2.67rc6 or 2.67rc7 should be aware that there's a
remotely exploitable buffer overflow in those trees. I just tagged
2.67rc8, which includes the fix.
Cheers,
Simon.
I think you meant to type
Robert,
Looking at the code there is an upper limit of 1 for --cache-size
-- src/option.c --
case 'c': /* --cache-size */
{
int size;
if (!atoi_check(arg, size))
ret_err(gen_err);
else
{
/* zero is OK, and means no caching.
On Oct 13, 2015, at 2:03 PM, Carlos Carvalho wrote:
> Shaun Lynch (em2s...@yahoo.com) wrote on Tue, Oct 13, 2015 at 01:16:35AM BRT:
>> I am building a IPv4-IPv6 dual-stack gateway device for a virtual sandbox in
>> which to experiment with different system
On Sep 7, 2015, at 2:04 PM, Matt Taggart wrote:
> Hi,
>
> Have you seen this draft for adding TLS to DNS?
>
> https://tools.ietf.org/html/draft-ietf-dprive-start-tls-for-dns-01
>
> What would it take to implement in dnsmasq?
> Both as a server and as a client.
Take a
Doesn't DNSCrypt https://dnscrypt.org solve the same problem ?
Lonnie
On Dec 2, 2015, at 3:21 AM, Dave Taht wrote:
> DNS cookies look kind of interesting...
>
>
> -- Forwarded message --
> From: Mark Andrews
> Date: Wed, Dec 2, 2015 at
On Jan 5, 2016, at 10:29 AM, Matthias Fischer <matthias.fisc...@ipfire.org>
wrote:
> Hi,
>
> On 05.01.2016 17:05, Lonnie Abelbeck wrote:
>> Hi Matthias,
>>
>> It seems you have disabled HAVE_DHCP with enabled HAVE_SCRIPT.
>>
>> T
On Jan 4, 2016, at 7:13 PM, Matthias Fischer
wrote:
> Hi,
>
> sorry, this will be rather long...
>
> I'm trying to compile 'dnsmasq 2.75' (for use with 'IPFire 2.17 (i586) -
> core95') with
> all available patches but I'm always runnning into errors.
...
> cd
On Jan 6, 2016, at 12:04 PM, Simon Kelley wrote:
> The do_script_run calls need to be removed from the compilation when
> DHCP is not included. Since the scripting system used to just about
> DHCP events, it was automatically removed from the compilation when
> DHCP was
On May 25, 2016, at 4:08 PM, wkitt...@gmail.com wrote:
> On 05/25/2016 03:24 PM, Johnny Appleseed wrote:
>> dig +dnssec wikipedia.org
>> ;; Truncated, retrying in TCP mode.
>>
>> ; <<>> DiG 9.8.3-P1 <<>> +dnssec wikipedia.org
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<-
The netcalc project by Joachim Nilsson (@troglobit), is originally based on
sipcalc, and the just released netcalc 2.1.1 has some new features dnsmasq
configurations may be interested in.
https://github.com/troglobit/netcalc
For example, while a /24 network does not need fancy tools to
> On Apr 16, 2018, at 4:02 PM, Lonnie Abelbeck <li...@lonnie.abelbeck.com>
> wrote:
>
>
> On Oct 19, 2017, at 7:16 PM, Matt Taggart <tagg...@riseup.net> wrote:
>
>> Hi,
>>
>> Back in Sept 2015 I started a thread about DNS-over-TLS
>>
On Oct 19, 2017, at 7:16 PM, Matt Taggart wrote:
> Hi,
>
> Back in Sept 2015 I started a thread about DNS-over-TLS
>
> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q3/009833.html
>
> Since then there is now RFC7858 ( https://tools.ietf.org/html/rfc7858 )
>
> On Nov 5, 2019, at 12:39 PM, bln 77 wrote:
>
> Hi everyone,
>
> I have a 10.1.0.0/16 network.
> I want to have clients in the same network because I want to be able to
> receive IP-broadcast for autodiscovery.
> I configured two VLANs and the router has an interface/ip in both:
> lan1:
Greetings,
So how would dnsmasq users go about not granting DHCP leases to LAA (anonymous)
MAC addresses ?
I liken this to a PBX not accepting calls with anonymous/invalid caller-id
entries.
Lonnie
> On Jul 26, 2020, at 10:04 AM, themiron...@gmail.com wrote:
>
> Hi,
>
> LAA stands for
> On Jul 27, 2020, at 1:12 PM, d...@lutean.com wrote:
>
> Hi everyone,
>
> The following proposed patch includes my attempt at a man page change. It
> also includes Vladislav Grishenko's suggestion to tag LAA source addresses
> independently from multicast addresses.
>
> If these changes
> On Dec 9, 2020, at 4:38 AM, Petr Menšík wrote:
>
> I doubt limiting to 1221 can fix virtually anything. I doubt it would
> fix anything even on Windows. I am sure it would not prevent any attack
> on dnsmasq.
>
> I think the best mitigation would be blocking any external IP addresses
> to
The dnsmasq commit that removed HAVE_IPV6 means dnsmasq must be compiled on a
system with IPv6 headers.
But at runtime, dnsmasq works on a IPv4-only (ipv6 module not loaded) Linux
system. Even without the ipv6 network stack (no protocol family 10 registered)
dnsmasq will happily resolve
> On Jan 22, 2021, at 4:33 PM, Simon Kelley wrote:
>
> Apolgies about your wasted time. Once more with 2.84test3 ?
Thanks Simon, 2.84test3 solves all "failed to send packet" logs in my testing
...
--
Jan 22 18:44:22 gw-lan daemon.info dnsmasq[3297]: started, version 2.84test3
cachesize 4096
> Get it here:
>
> http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.84.tar.gz
The version string generated is "2.84rc2"
$ cat dnsmasq-2.84/VERSION
(HEAD -> master, tag: v2.84rc2, tag: v2.84, origin/master, origin/HEAD)
Lonnie
___
Dnsmasq-discuss
> On Jan 25, 2021, at 5:21 PM, Lonnie Abelbeck
> wrote:
>
>
>> Get it here:
>>
>> http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.84.tar.gz
>
> The version string generated is "2.84rc2"
>
> $ cat dnsmasq-2.84/VERSION
> (HEAD ->
> On Jan 21, 2021, at 5:53 PM, Steve Hirsch wrote:
>
> After upgrading dnsmasq from version 2.82 to version 2.83 on Arch Linux
> (kernel 5.10.9), “failed to send packet: Network is unreachable” errors
> continually show up. However, name resolution still appears to work with
> v2.83.
amily not
> supported by protocol”. However, it is mostly “Network Unreachable” and they
> are pretty continuous (much more than the 10 you have). Dnscrypt is
> configured to use DoH to cloudflare servers. On my side, doesn’t seem to be
> related to activity level…low levels
> On May 23, 2021, at 11:08 AM, Cyberfusion wrote:
>
> Maybe it’s better to always validate the config before you restart dnsmasq.
# dnsmasq --test
dnsmasq: syntax check OK.
Lonnie
___
Dnsmasq-discuss mailing list
> On May 23, 2021, at 12:47 PM, Cyberfusion wrote:
>
>> Op 23 mei 2021 om 19:31 heeft Lonnie Abelbeck
>> het volgende geschreven:
>>
>>> On May 23, 2021, at 11:08 AM, Cyberfusion wrote:
>>>
>>> Maybe it’s better to always validate the c
> On Mar 29, 2021, at 9:19 AM, Roland Giesler wrote:
>
> On Mon, 29 Mar 2021 at 08:52, Geert Stappers via Dnsmasq-discuss
> wrote:
> On Sun, Mar 28, 2021 at 10:11:01PM +0200, Roland Giesler wrote:
> > Is it possible to set up a split zone in dnsmasq?
> >
Yes, you can.
For split-horizon
> On Feb 26, 2021, at 9:59 AM, Fred F wrote:
>
> Hi Matthias,
>
> unfortunately I need the global addresses in DNS, as that's the only
> way for me to reference the hosts in firewall rules (FreeBSD's packet
> filter supports DNS aliases natively). So unfortunately ULA does not
> help in this
Hi Andre, et al.
> On Aug 11, 2021, at 1:36 AM, Andre Heider wrote:
>
> I'm using 2.86test6 on OpenWrt, and I think I've found a bug. Detail's are
> vague so far but ever since I've started DoT with stubby as upstream server,
> dnsmasq every now and then gets into a mode where it stops
> On Mar 31, 2022, at 2:04 PM, Petr Menšík wrote:
>
> Possible vulnerability were found in latest dnsmasq. It were found with help
> of oss-fuzz Google project by me and short after that independently also by
> Richard Johnson of Trellix Threat Labs.
>
> It is affected only by DHCPv6
ulnerability cannot be
> triggered. ra-only should only broadcast its prefix(es) to end stations
> without accepting messages from them. It should be safe.
>
> Regards,
> Petr
>
> On 4/1/22 16:37, Lonnie Abelbeck wrote:
>>> On Mar 31, 2022, at 2:04 PM, Petr Menšík wro
> On Feb 5, 2022, at 5:32 AM, Simon Kelley wrote:
>
> Let's try thinking out of the box here. Given the motivation to save storage,
> I was wondering if there could be a way to use compression, gzip etc to save
> more space.
>
> Building a decompressor into dnsmasq seems ugly, but then I
> On Jan 14, 2023, at 8:44 AM, Buck Horn wrote:
>
> On 14.01.2023 12:40:18, Chris Webb wrote:
>
>> If we are advertising local (ULA) prefixes but no globally-routeable
>> prefixes, we should similarly not configure clients with a default route.
>> Set the router lifetime to zero in this case
41 matches
Mail list logo