[Dnsmasq-discuss] Decouple enable-tftp and no-dhcp-interface

Hi, I'd like to suggest that enable-tftp and no-dhcp-interface should be decoupled. Not only is it confusing that no-dhcp-interface also disables enable-tftp for that interface, but it is sometimes desirable to allow DNS and TFTP on an interface without DHCP. Looking at src/tftp.c is seems

Re: [Dnsmasq-discuss] Decouple enable-tftp and no-dhcp-interface

On Jul 25, 2013, at 4:06 PM, Simon Kelley wrote: On 23/06/13 20:34, Lonnie Abelbeck wrote: Hi, I'd like to suggest that enable-tftp and no-dhcp-interface should be decoupled. Not only is it confusing that no-dhcp-interface also disables enable-tftp for that interface

Re: [Dnsmasq-discuss] Decouple enable-tftp and no-dhcp-interface

On Jul 25, 2013, at 4:44 PM, Lonnie Abelbeck wrote: On Jul 25, 2013, at 4:06 PM, Simon Kelley wrote: On 23/06/13 20:34, Lonnie Abelbeck wrote: Hi, I'd like to suggest that enable-tftp and no-dhcp-interface should be decoupled. Not only is it confusing that no-dhcp-interface also

Re: [Dnsmasq-discuss] Reg: Info related to leases file

On Sep 27, 2013, at 6:51 AM, Simon Kelley wrote: There's one change which needs to be made to the script. When dnsmasq is restarted, it won't know the MAC addresses for DHCPv6 (because they're not in the leasefile). So at start-up it will execute old script runs on each lease without

Re: [Dnsmasq-discuss] Reg: Info related to leases file

On Oct 3, 2013, at 8:05 AM, Nehal J Wani wrote: Yes. I just added contrib/mactable/macscript to the git repo, which is your previous script slightly less elegantly modified by me for this circumstance. I also put back the make new file then atomically rename behaviour since that means

[Dnsmasq-discuss] DNSCrypt - the big picture

DNS Gurus, With all the excellent work on DNSSEC, I'd like to get this list's thoughts on the merits of using DNSCrypt. http://dnscrypt.org/ I cross-compiled dnscrypt-proxy 1.3.3 together with libsodium 0.4.5 from source, and it works splendidly with our beloved dnsmasq. FYI, I started

Re: [Dnsmasq-discuss] DNSCrypt - the big picture

On Feb 7, 2014, at 7:15 AM, Maciej Soltysiak wrote: On Fri, Feb 7, 2014 at 1:42 PM, Lonnie Abelbeck li...@lonnie.abelbeck.com wrote: I admit is is nice to know that no-one is silently altering DNS queries/responses in transit to a trusted DNS server, but is that being overly paranoid

Re: [Dnsmasq-discuss] Does DNSSEC require nettle and gmp, or nettle with gmp?

On Mar 25, 2014, at 4:52 PM, Simon Kelley wrote: On 25/03/14 21:25, Lonnie Abelbeck wrote: Is the decision to not support OpenSSL shared libraries a final decision, or is there a chance you may reconsider ? The very early DNSSEC code used openSSL, so it's possible. The reason

Re: [Dnsmasq-discuss] Shellshock.

On Sep 27, 2014, at 7:01 AM, Matthias Andree matthias.and...@gmx.de wrote: Am 27.09.2014 um 12:01 schrieb Roy Marples: On Friday 26 Sep 2014 21:14:20 Simon Kelley wrote: This is just a heads-up that if you're using the --dhcp-script option in dnsmasq, and the script you're calling is being

[Dnsmasq-discuss] no-dhcp-interface and dhcp-range/ra-only

Hi, I'm in the process of moving from radvd to dnsmasq for ra-only... Everything works as before with radvd, except for one side case, if a user chooses for interface eth1... -- no-dhcp-interface=eth1 dhcp-range=lan,2001:db8:1:2::,ra-only,64,24h -- Then router advertisements seem to also be

Re: [Dnsmasq-discuss] Security warning for those at the bleeding edge.

On May 15, 2015, at 2:37 PM, Simon Kelley si...@thekelleys.org.uk wrote: Anyone running 2.67rc6 or 2.67rc7 should be aware that there's a remotely exploitable buffer overflow in those trees. I just tagged 2.67rc8, which includes the fix. Cheers, Simon. I think you meant to type

Re: [Dnsmasq-discuss] Unseen cache limit?

Robert, Looking at the code there is an upper limit of 1 for --cache-size -- src/option.c -- case 'c': /* --cache-size */ { int size; if (!atoi_check(arg, size)) ret_err(gen_err); else { /* zero is OK, and means no caching.

Re: [Dnsmasq-discuss] Clear prefix autonomous flag on router advertising

On Oct 13, 2015, at 2:03 PM, Carlos Carvalho wrote: > Shaun Lynch (em2s...@yahoo.com) wrote on Tue, Oct 13, 2015 at 01:16:35AM BRT: >> I am building a IPv4-IPv6 dual-stack gateway device for a virtual sandbox in >> which to experiment with different system

Re: [Dnsmasq-discuss] DNS-over-TLS

On Sep 7, 2015, at 2:04 PM, Matt Taggart wrote: > Hi, > > Have you seen this draft for adding TLS to DNS? > > https://tools.ietf.org/html/draft-ietf-dprive-start-tls-for-dns-01 > > What would it take to implement in dnsmasq? > Both as a server and as a client. Take a

Re: [Dnsmasq-discuss] strategies to mitigate DNS amplification attacks in ISP network

Doesn't DNSCrypt https://dnscrypt.org solve the same problem ? Lonnie On Dec 2, 2015, at 3:21 AM, Dave Taht wrote: > DNS cookies look kind of interesting... > > > -- Forwarded message -- > From: Mark Andrews > Date: Wed, Dec 2, 2015 at

Re: [Dnsmasq-discuss] Hint needed: neither patched 'dnsmasq 2.75' nor '2.76test4' will compile

On Jan 5, 2016, at 10:29 AM, Matthias Fischer <matthias.fisc...@ipfire.org> wrote: > Hi, > > On 05.01.2016 17:05, Lonnie Abelbeck wrote: >> Hi Matthias, >> >> It seems you have disabled HAVE_DHCP with enabled HAVE_SCRIPT. >> >> T

Re: [Dnsmasq-discuss] Hint needed: neither patched 'dnsmasq 2.75' nor '2.76test4' will compile

On Jan 4, 2016, at 7:13 PM, Matthias Fischer wrote: > Hi, > > sorry, this will be rather long... > > I'm trying to compile 'dnsmasq 2.75' (for use with 'IPFire 2.17 (i586) - > core95') with > all available patches but I'm always runnning into errors. ... > cd

Re: [Dnsmasq-discuss] Hint needed: neither patched 'dnsmasq 2.75' nor '2.76test4' will compile

On Jan 6, 2016, at 12:04 PM, Simon Kelley wrote: > The do_script_run calls need to be removed from the compilation when > DHCP is not included. Since the scripting system used to just about > DHCP events, it was automatically removed from the compilation when > DHCP was

Re: [Dnsmasq-discuss] dnscrypt -dnssec problems

On May 25, 2016, at 4:08 PM, wkitt...@gmail.com wrote: > On 05/25/2016 03:24 PM, Johnny Appleseed wrote: >> dig +dnssec wikipedia.org >> ;; Truncated, retrying in TCP mode. >> >> ; <<>> DiG 9.8.3-P1 <<>> +dnssec wikipedia.org >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<-

[Dnsmasq-discuss] FYI: netcalc 2.1.1

The netcalc project by Joachim Nilsson (@troglobit), is originally based on sipcalc, and the just released netcalc 2.1.1 has some new features dnsmasq configurations may be interested in. https://github.com/troglobit/netcalc For example, while a /24 network does not need fancy tools to

Re: [Dnsmasq-discuss] DNS-over-TLS

> On Apr 16, 2018, at 4:02 PM, Lonnie Abelbeck <li...@lonnie.abelbeck.com> > wrote: > > > On Oct 19, 2017, at 7:16 PM, Matt Taggart <tagg...@riseup.net> wrote: > >> Hi, >> >> Back in Sept 2015 I started a thread about DNS-over-TLS >>

Re: [Dnsmasq-discuss] DNS-over-TLS

On Oct 19, 2017, at 7:16 PM, Matt Taggart wrote: > Hi, > > Back in Sept 2015 I started a thread about DNS-over-TLS > > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q3/009833.html > > Since then there is now RFC7858 ( https://tools.ietf.org/html/rfc7858 ) >

Re: [Dnsmasq-discuss] How to pin IP rage two interface?

> On Nov 5, 2019, at 12:39 PM, bln 77 wrote: > > Hi everyone, > > I have a 10.1.0.0/16 network. > I want to have clients in the same network because I want to be able to > receive IP-broadcast for autodiscovery. > I configured two VLANs and the router has an interface/ip in both: > lan1:

Re: [Dnsmasq-discuss] Tag requests for a DHCP address from devices using a Locally Administered MAC address

Greetings, So how would dnsmasq users go about not granting DHCP leases to LAA (anonymous) MAC addresses ? I liken this to a PBX not accepting calls with anonymous/invalid caller-id entries. Lonnie > On Jul 26, 2020, at 10:04 AM, themiron...@gmail.com wrote: > > Hi, > > LAA stands for

Re: [Dnsmasq-discuss] Tag requests for a DHCP address from devices using a Locally Administered MAC address

> On Jul 27, 2020, at 1:12 PM, d...@lutean.com wrote: > > Hi everyone, > > The following proposed patch includes my attempt at a man page change. It > also includes Vladislav Grishenko's suggestion to tag LAA source addresses > independently from multicast addresses. > > If these changes

Re: [Dnsmasq-discuss] CVE-2020-25705 mitigation (SAD DNS)

> On Dec 9, 2020, at 4:38 AM, Petr Menšík wrote: > > I doubt limiting to 1221 can fix virtually anything. I doubt it would > fix anything even on Windows. I am sure it would not prevent any attack > on dnsmasq. > > I think the best mitigation would be blocking any external IP addresses > to

Re: [Dnsmasq-discuss] Disabling IPv6 at compile time no longer workingno

The dnsmasq commit that removed HAVE_IPV6 means dnsmasq must be compiled on a system with IPv6 headers. But at runtime, dnsmasq works on a IPv4-only (ipv6 module not loaded) Linux system. Even without the ipv6 network stack (no protocol family 10 registered) dnsmasq will happily resolve

Re: [Dnsmasq-discuss] v2.83 failed to send packet: Network is unreachable

> On Jan 22, 2021, at 4:33 PM, Simon Kelley wrote: > > Apolgies about your wasted time. Once more with 2.84test3 ? Thanks Simon, 2.84test3 solves all "failed to send packet" logs in my testing ... -- Jan 22 18:44:22 gw-lan daemon.info dnsmasq[3297]: started, version 2.84test3 cachesize 4096

Re: [Dnsmasq-discuss] Announce: dnsmasq-2.84

> Get it here: > > http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.84.tar.gz The version string generated is "2.84rc2" $ cat dnsmasq-2.84/VERSION (HEAD -> master, tag: v2.84rc2, tag: v2.84, origin/master, origin/HEAD) Lonnie ___ Dnsmasq-discuss

Re: [Dnsmasq-discuss] Announce: dnsmasq-2.84

> On Jan 25, 2021, at 5:21 PM, Lonnie Abelbeck > wrote: > > >> Get it here: >> >> http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.84.tar.gz > > The version string generated is "2.84rc2" > > $ cat dnsmasq-2.84/VERSION > (HEAD ->

Re: [Dnsmasq-discuss] v2.83 failed to send packet: Network is unreachable

> On Jan 21, 2021, at 5:53 PM, Steve Hirsch wrote: > > After upgrading dnsmasq from version 2.82 to version 2.83 on Arch Linux > (kernel 5.10.9), “failed to send packet: Network is unreachable” errors > continually show up. However, name resolution still appears to work with > v2.83.

Re: [Dnsmasq-discuss] v2.83 failed to send packet: Network is unreachable

amily not > supported by protocol”. However, it is mostly “Network Unreachable” and they > are pretty continuous (much more than the 10 you have). Dnscrypt is > configured to use DoH to cloudflare servers. On my side, doesn’t seem to be > related to activity level…low levels

Re: [Dnsmasq-discuss] Is there a way to run dnsmasq in safe mode (no-fail)?

> On May 23, 2021, at 11:08 AM, Cyberfusion wrote: > > Maybe it’s better to always validate the config before you restart dnsmasq. # dnsmasq --test dnsmasq: syntax check OK. Lonnie ___ Dnsmasq-discuss mailing list

Re: [Dnsmasq-discuss] Is there a way to run dnsmasq in safe mode (no-fail)?

> On May 23, 2021, at 12:47 PM, Cyberfusion wrote: > >> Op 23 mei 2021 om 19:31 heeft Lonnie Abelbeck >> het volgende geschreven: >> >>> On May 23, 2021, at 11:08 AM, Cyberfusion wrote: >>> >>> Maybe it’s better to always validate the c

Re: [Dnsmasq-discuss] Doing a split zone config

> On Mar 29, 2021, at 9:19 AM, Roland Giesler wrote: > > On Mon, 29 Mar 2021 at 08:52, Geert Stappers via Dnsmasq-discuss > wrote: > On Sun, Mar 28, 2021 at 10:11:01PM +0200, Roland Giesler wrote: > > Is it possible to set up a split zone in dnsmasq? > > Yes, you can. For split-horizon

Re: [Dnsmasq-discuss] How to add AAAA record for host with dynamic prefix?

> On Feb 26, 2021, at 9:59 AM, Fred F wrote: > > Hi Matthias, > > unfortunately I need the global addresses in DNS, as that's the only > way for me to reference the hosts in firewall rules (FreeBSD's packet > filter supports DNS aliases natively). So unfortunately ULA does not > help in this

Re: [Dnsmasq-discuss] dnsmasq v2.86?

Hi Andre, et al. > On Aug 11, 2021, at 1:36 AM, Andre Heider wrote: > > I'm using 2.86test6 on OpenWrt, and I think I've found a bug. Detail's are > vague so far but ever since I've started DoT with stubby as upstream server, > dnsmasq every now and then gets into a mode where it stops

Re: [Dnsmasq-discuss] [PATCH] Heap use after free in dhcp6_no_relay (CVE-2022-0934)

> On Mar 31, 2022, at 2:04 PM, Petr Menšík wrote: > > Possible vulnerability were found in latest dnsmasq. It were found with help > of oss-fuzz Google project by me and short after that independently also by > Richard Johnson of Trellix Threat Labs. > > It is affected only by DHCPv6

Re: [Dnsmasq-discuss] [PATCH] Heap use after free in dhcp6_no_relay (CVE-2022-0934)

ulnerability cannot be > triggered. ra-only should only broadcast its prefix(es) to end stations > without accepting messages from them. It should be safe. > > Regards, > Petr > > On 4/1/22 16:37, Lonnie Abelbeck wrote: >>> On Mar 31, 2022, at 2:04 PM, Petr Menšík wro

Re: [Dnsmasq-discuss] Feature request = block-conf

> On Feb 5, 2022, at 5:32 AM, Simon Kelley wrote: > > Let's try thinking out of the box here. Given the motivation to save storage, > I was wondering if there could be a way to use compression, gzip etc to save > more space. > > Building a decompressor into dnsmasq seems ugly, but then I

Re: [Dnsmasq-discuss] [PATCH] Don't advertise a default v6 route with no routeable prefixes

> On Jan 14, 2023, at 8:44 AM, Buck Horn wrote: > > On 14.01.2023 12:40:18, Chris Webb wrote: > >> If we are advertising local (ULA) prefixes but no globally-routeable >> prefixes, we should similarly not configure clients with a default route. >> Set the router lifetime to zero in this case