Re: [Dnsmasq-discuss] 'tidying' unused variable warnings

I'm inclined not to take these, on the grounds that complicated preprocessor stuff is a greater evil than false-positive warnings on unusual platforms for build configurations. Simon. On 10/03/2020 10:25, Kevin 'ldir' Darbyshire-Bryant wrote: > Hi Simon, > > Feel free to throw these patches awa

Re: [Dnsmasq-discuss] stop-dns-rebind and IPv6

On 17/03/2020 21:48, Dominik wrote: > Patch attached. and applied. Thanks. Simon. > > On 17.03.20 21:54, Simon Kelley wrote: >> >> On 11/03/2020 07:55, Dominik wrote: >>> Hey Buck, >>> >>> dnsmasq blocks all IPv4 address replies in the &quo

Re: [Dnsmasq-discuss] TTL in nested wild card CNAME

records with  TTL 0 .  I perhaps wrongly thought it meant they > are not cached.  That is why I added ttl-min 5s. That's you problem then. Make the .consul records TTL 5 and the problem will go away. In TTLs, 0 is "forever". S. > > On Tue, Mar 17, 2020, 10:46 AM Sim

Re: [Dnsmasq-discuss] NETLINK_NO_ENOBUFS not defined on old platforms

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0506a5ed4e56863627c54aedad30ad61221292ef should handle both old kernel header files and old kernels, in any combination. Cheers, Simon. On 19/03/2020 13:16, Petr Gotthard wrote: > Hello, > > The commit > http://thekelleys.org.uk/git

Re: [Dnsmasq-discuss] [PATCH 0/1] Fix resource leak on ubus_init failure.

On 18/03/2020 21:24, Oldřich Jedlička wrote: > Hi, > > This is my first patch here. I discovered one resource leak in ubus_init, when > ubus_add_object fails - the ubus connection stays open. I added a patch, see > follow-up email. (Hopefully git send-email sends it.) > > Regards, > Oldrich. > >

Re: [Dnsmasq-discuss] NETLINK_NO_ENOBUFS not defined on old platforms

On 19/03/2020 21:01, Petr Gotthard wrote: >> Thanks. >> >> FWIW in case it gets too silent >> resend the patch as `git format-patch` artifact > > Oops, sorry. Let me resend it right away. No need. I'm working on a slightly more elaborate alternative. Simon. > > >>From f669af70871b80ab7ecf2

Re: [Dnsmasq-discuss] SOA serial increase

On 19/03/2020 17:28, William Edwards wrote: > Hello, > > Does dnsmasq increase SOA serial when adding a new DNS record after DHCP > lease is requested? Yes. > > I am not sure because docs say '--auth-soa' allows for specifying serial. It does, but it's optional: dnsmasq will generate one for y

Re: [Dnsmasq-discuss] Nameserver dot

On 19/03/2020 17:23, William Edwards wrote: > Hi, > > I have auth-sec-servers set to: > 'auth-sec-servers=nsauth0.cyberfusion.nl,nsauth1.cyberfusion.be,nsauth2.cyberfusion.nu,nsauth3.cyberfusion.nl' > > These nameservers are shown, but I am also getting back an NS record > consisting of '.': > >

Re: [Dnsmasq-discuss] SOA serial increase

nning NTP, maybe? Simon. On 20/03/2020 08:18, William Edwards wrote: > > Op 20 mrt. 2020 om 00:39 heeft Simon Kelley <mailto:si...@thekelleys.org.uk>> het volgende geschreven: > >> On 19/03/2020 17:28, William Edwards wrote: >>> Hello, >>> >>>

Re: [Dnsmasq-discuss] Nameserver dot

This sounds like a bug, doing auth DNS without an auth-server statement is a recent addition, and I probably forgot this effect on secondary servers. Will take a look in the next day or two. Simon. On 20/03/2020 08:25, William Edwards wrote: > >> Op 20 mrt. 2020 om 00:23 heeft Sim

Re: [Dnsmasq-discuss] Still investigating delay on first dns query - more info

On 23/03/2020 13:25, Chris Green wrote: > I'm still trying to work out why the first DNS query to dnsmasq > running on a server on my LAN suffers a 5 second delay but subsequent > requests don't see the delay. > > I'm running dnsmasq version 2.76 on a Raspberry Pi. The systems > seeing the dela

Re: [Dnsmasq-discuss] TFTP storage issue prevents other dnsmasq services (DHCP/DNS) to run

On 26/03/2020 09:15, Ercolino De Spiacico wrote: > It seems like enabling TFTP like: > > enable-tftp > tftp-root=/mnt/usb/TFTP > dhcp-boot=pxelinux.0,,192.168.0.1 > > But experiencing an system storage issue (usb failure, unable to mount, > etc) takes the full dnsmasq down e.g. prevent from runni

Re: [Dnsmasq-discuss] SOA serial increase

oo > late at night. > William The forthcoming 2.81 release errors in startup is auth-server is not set under these circumstances. http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=08933475abd0580cff747e3d1e0db3865207a200 Cheers, Simon. > > On 20/03/2020 08:18, William Edwards

Re: [Dnsmasq-discuss] Fwd: dnsmasq localise-queries + addn-hosts

On 19/03/2020 21:47, Jake Howard wrote: > Hello! > > Is `localise-queries` meant to work against entries added via  > `addn-hosts`? Querying a record returns both IPs, but always in the same  > order. The order is correctly fixed when the records are put in  > `/etc/hosts` directly. Yes, localis

Re: [Dnsmasq-discuss] Nameserver dot

;. That seems to make sense. As a workaround, with 2.80, just pick which of your servers is primary and remove it from the --auth-sec-servers list and add it as --auth-server. Remember to undo that when you upgrade to 2.81 Cheers, Simon. > > > On 20/03/2020 08:25, Willia

Re: [Dnsmasq-discuss] NETLINK_NO_ENOBUFS not defined on old platforms

On 20/03/2020 02:18, Roy Marples wrote: > On 19/03/2020 22:01, Simon Kelley wrote: >> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0506a5ed4e56863627c54aedad30ad61221292ef >> >> >> >> should handle both old kernel header files and old kernels, in

Re: [Dnsmasq-discuss] [PATCH 1/1] Allow overriding of ubus service name.

Patch applied, thanks. Simon. On 20/03/2020 21:18, Oldřich Jedlička wrote: > Same as for the dbus, allow specifying ubus service name (namespace) on > the command line as an optional argument to --enable-ubus option. > > Signed-off-by: Oldřich Jedlička > --- > man/dnsmasq.8 | 7 +-- > s

Re: [Dnsmasq-discuss] Fwd: dnsmasq localise-queries + addn-hosts

p that tickles the bug. Can you boil it down to the simplest configuration that displays the problem, and also specify which version of dnsmasq you're using? cheers, Simon. > > Thanks, > - Jake Howard > > On Sat, 28 Mar 2020, at 17:59, Simon Kelley wrote: >> On 19/03/20

Re: [Dnsmasq-discuss] Fwd: dnsmasq localise-queries + addn-hosts

query. I'm not familiar with Docker. Is it using NAT? Simon. > > Thanks! > > On Mon, 30 Mar 2020, at 20:42, Simon Kelley wrote: >> On 28/03/2020 20:38, Jake Howard wrote: >> > Hi, >> >  >> > My intention is to have 1 dnsmasq instance, accessible

Re: [Dnsmasq-discuss] [PATCH] src/dnsmasq.c: Labeled a lonely #endif

On 05/04/2020 17:07, Geert Stappers wrote: > diff --git a/src/dnsmasq.c b/src/dnsmasq.c > index 0f73782..878167c 100644 > --- a/src/dnsmasq.c > +++ b/src/dnsmasq.c > @@ -2112,6 +2112,4 @@ int delay_dhcp(time_t start, int sec, int fd, uint32_t > addr, unsigned short id) > >return 0; > } > -#

Re: [Dnsmasq-discuss] Fwd: dnsmasq localise-queries + addn-hosts

he routing tables might be an easier fix. Simon. > > Thanks, > - Jake Howard > > On Wed, 8 Apr 2020, at 16:44, Simon Kelley wrote: >> On 06/04/2020 17:35, Jake Howard wrote: >> > Hello, >> >  >> > Here's an info dump, which hopefully gives a bi

[Dnsmasq-discuss] Announce: dnsmasq-2.81

After 18 long months, tonight I released dnsmasq 2.81. The next release should happen to a shorter timescale. http://thekelleys.org.uk/dnsmasq/dnsmasq-2.81.tar.gz Enjoy. Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.u

Re: [Dnsmasq-discuss] Prefix delegation with DNSmasq

The first question is, how static are your global addresses? Making a network which can survive renumbering is a lot more difficult than one with known and fixed addresses. Simon. On 12/04/2020 17:20, Oliver Freyermuth wrote: > Dear DNSmasqers, > > I have a setup in mind and wonder whether dn

Re: [Dnsmasq-discuss] Prefix delegation with DNSmasq

20 18:20, Oliver Freyermuth wrote: > Am 12.04.20 um 19:01 schrieb Simon Kelley: >> The first question is, how static are your global addresses? Making a >> network which can survive renumbering is a lot more difficult than one >> with known and fixed addresses. > > Luc

Re: [Dnsmasq-discuss] No DHCPOffer back but DHCPDiscover is being received by machine

On 14/04/2020 18:51, Josh H wrote: > Hi there, > > I'm receiving no DHCPOffer back from my DHCPDiscover. However, I can > tcpdump the machine running dnsmasq and it is receiving the DHCPOffer > packets.  > > Here's my very very simple dnsmasq.conf > # To disable dnsmasq's DNS server functionali

Re: [Dnsmasq-discuss] No DHCPOffer back but DHCPDiscover is being received by UML machine

On 15/04/2020 19:27, Josh H wrote: > It's difficult for me to share the config outright as I'm using a > modified version of netkit that I've updated to a much newer kernel > - http://netkit-ng.github.io/. The netkit version that is available on > that link is the one that worked with dnsmasq ju

Re: [Dnsmasq-discuss] No DHCPOffer back but DHCPDiscover is being received by UML machine

ile /usr/bin/dnsmasq -d Probably best to email the result to me direct. Cheers, Simon. > > Thanks, > Josh  > > On Thu, 16 Apr 2020 at 12:49, Simon Kelley <mailto:si...@thekelleys.org.uk>> wrote: > > > > On 15/04/2020 19:27, Josh H wrote: > >

Re: [Dnsmasq-discuss] Failure of dnsmasq v2.81 in docker (qemu emulated armhf hardware)

On 19/04/2020 06:19, Dominik wrote: > On Wed, 2020-04-15 at 21:34 +0200, Dominik wrote: >> A possible solution seems to be what Petr Gotthard suggested >> (dnsmasq-discuss /Thu Mar 19 13:16:11 GMT 2020/): >> >>> +#ifdef NETLINK_NO_ENOBUFS >>>setsockopt(daemon->netlinkfd, SOL_NETLINK, >>> NE

Re: [Dnsmasq-discuss] No DHCPOffer back but DHCPDiscover is being received by UML machine

e what system calls it's making. > > > What command would I need to run for this? And what service is best to > upload the strace result, pastebin? > > Thanks, > Josh  > > On Thu, 16 Apr 2020 at 12:49, Simon Kelley <mailto:si...@thekelleys.org.uk>> wrote:

Re: [Dnsmasq-discuss] Dnsmasq-controller for Kubernetes

I have no experience of Kubernetes, but this sure looks useful to my untrained eye, thanks. Simon. On 21/04/2020 11:44, kvaps wrote: > Hi, I'm using Dnsmasq in Kubernetes as DNS- and DHCP-server to organize > network-booting server farm for long time. > > At this moment I glad to introduce dns

Re: [Dnsmasq-discuss] DHCPv6 with IPv4 address in last 32 bits of IPv6 address: ideas?

On 21/04/2020 14:58, William Edwards wrote: > Hello, > > I am working on replacing static IP addresses in our network by static > DHCP leases (which is in turn preparation for PXE). For IPv4, this is > easily doable, but for IPv6 this is a bit of a challenge because of the > following: > > In

Re: [Dnsmasq-discuss] DHCPv6 with IPv4 address in last 32 bits of IPv6 address: ideas?

On 23/04/2020 20:49, Simon Kelley wrote: > > According to RFC 4291 Para 2.2, a mixed representation is possible, for > instance ipv6-mapped IPv4 addresses can be written as > > ::.1.2.3.4 > > So you could use something like 2a01:ac00::$something:98.98.98.98 > &g

Re: [Dnsmasq-discuss] No DHCPOffer back but DHCPDiscover is being received by UML machine

delinux package which contains prebuilt > UML images with kernel versions of 4.9, 4.19 or 5.5 if they'd be handy? > https://tracker.debian.org/pkg/user-mode-linux. > > Thanks for the support, > Josh > > On Thu, 23 Apr 2020 at 20:30, Simon Kelley <mailto:si...@thekelle

Re: [Dnsmasq-discuss] TFC 7440

On 27/04/2020 21:56, Jeff Silverman wrote: > People, > > I am working for a large software company. > > For performance reasons, they feel they have to have RFC 7440 > compatibility, for speed. I have not found an open source TFTP server > that implements RFC 7440, so they are going to use Wi

Re: [Dnsmasq-discuss] No DHCPOffer back but DHCPDiscover is being received by UML machine

ns of 4.9, 4.19 or 5.5 if they'd be handy? > https://tracker.debian.org/pkg/user-mode-linux. > > Thanks for the support, > Josh > > On Thu, 23 Apr 2020 at 20:30, Simon Kelley <mailto:si...@thekelleys.org.uk>> wrote: > > Ok, so Josh ran the strace and se

Re: [Dnsmasq-discuss] No forgetting logic when using hostsdir

On 17/05/2020 11:28, Kevin 'ldir' Darbyshire-Bryant wrote: > The man page sayeth: > (http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html) > > --hostsdir= > Read all the hosts files contained in the directory. New or changed files are > read automatically. See --dhcp-hostsdir for details.

Re: [Dnsmasq-discuss] [PATCH] Fix buffer overflow in TCP requests

That's a nasty bug, and could explain what pi-hole users are seeing. If I understand things correctly, this bug will only manifest itself when the write() or read() syscalls return EINTR ir EAGAIN, which is possible, but not common, hence the bugs wasn't detected earlier. Frank, did you find a wa

Re: [Dnsmasq-discuss] Static leases issues

On 08/06/2020 17:18, Bruno BEAUFILS wrote: > Hello everyone, > > I have got a static leases issue with dnsmasq 2.80-1 installed as > Debian Buster package. > > I search the man page and the mailing list archives without any > success. Thus I try here. > > Here is short summary of what I have. >

Re: [Dnsmasq-discuss] [Bugreport] => man page => key '-S, --local, --server' => typo

On 26/06/2020 21:11, Geert Stappers wrote: > On Fri, Jun 26, 2020 at 01:42:42PM +, a...@protonmail.com wrote: >> Hello, world! >> >> See: >> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=man/dnsmasq.8;h=a2a60d5e2b3d4d8a3a944d8f451afd97b4ca1033;hb=HEAD >> See line 431 >> >> Sentence a

Re: [Dnsmasq-discuss] BOGUS DNSSEC responses

Just a stab in the dark: are you sure that the clocks on these machines are accurate? DNSSEC signatures have validity periods and when I checked obsswitcher.com its start-of-validity time was only an hour or so before the time when I checked, so a bad clock would explain what you're seeing. Failin

Re: [Dnsmasq-discuss] BOGUS DNSSEC responses

delay is in >> milliseconds). As for the domains, my domain is kept in cloudflare, they >> provide the DNSSEC records as well. I don't know if that's the case for >> github and/or updates.spamassassin.org, which I also see failing. >> >> I'll set the flags an

Re: [Dnsmasq-discuss] [PATCH] Fix buffer overflow in TCP requests

eryfile-example-100thousand -l 1000 -c 20 -q 10 -d 300 > -p 53 -P tcp > > I used the first 100 thousand entries from here: > https://www.dns-oarc.net/files/dnsperf/data/queryfile-example-10million-201202.gz > > Frank > > On Sun, Jun 28, 2020 at 1:58 PM Simon Kelley wrot

Re: [Dnsmasq-discuss] Ability to not bind :: for DNS when binding wildcard

On 06/07/2020 14:05, Matthias May wrote: > Hi Dominik > > Well the system in question has > net.ipv6.conf.all.disable_ipv6 = 1 > thus the expected output would be that no IPv6 bindings exist at all. > I kind of understand that when IPv6 is disabled, that one would not expect to > see :::53 in ne

Re: [Dnsmasq-discuss] Fwd: [PATCH] Makefile: make variables overridable

On 12/07/2020 18:53, John Ericson wrote: > Hi, I am another NixOS maintainer. > > Yes, it is true that ?= in makefiles is somewhat rare, and that we can work > around this other ways. But it was I who proposed the ?= change on our > side[1], so let say why I think it's the right choice: > > Mos

Re: [Dnsmasq-discuss] BOGUS DNSSEC responses

elleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.82rc1.tar.gz Please could you check if that fixes things? cheers, Simon. > > Edit: Resending the unbound.conf zipped since the unzipped version it > got held up by mailman. > > Cheers, > -- > László Károlyi > https://li

[Dnsmasq-discuss] dnsmasq-2.82rc1

I've just tagged the first release-candidate for dnsmasq-2.82. http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.82rc1.tar.gz This has some (but not all) the patches left over from 2.81, and a couple of new trivial fixes, but most importantly, it should fix a source of random cras

[Dnsmasq-discuss] Announce: dnsmasq-2.82

I just publish version 2.82 of dnsmasq. This fixes a nasty problem introduced in 2.81 which causes random crashes on systems where there's significant DNS activity over TCP. It also fixes DNSSEC validation problems with zero-TTL DNSKEY and DS records. http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2

Re: [Dnsmasq-discuss] [PATCH] return responses without qname

I'm not sure that this is the correct solution to the problem. I'd argue that this is an unbound issue: A reply to a DNS query that doesn't echo the qname surely cannot be considered a valid reply? I'm not sure why unbound would do that. The query-id is only 16 bits, so can't be considered enough

Re: [Dnsmasq-discuss] TCP DNS requests fail with "communications error" / "end of file"

On 20/07/2020 14:11, Jinn Ko wrote: > Hi, > > While using dnsmasq as embedded in the pi-hole project I came across an issue > with how TCP > DNS requests are handled over Wireguard interfaces. > > A ticket was raised in the FTL project > (https://github.com/pi-hole/FTL/issues/824) and the > con

Re: [Dnsmasq-discuss] Make dnsmasq distinguish local IPs

I think this is the crux. dnsmasq is listening on the wildcard address and accepting packets which arrive from lo. lo has address 127.0.0.20 (amongst others) and therefore dnsmasq is deciding that queries is sends to 127.0.0.20 will end up back at itself, and refusing to do that because it's a ba

Re: [Dnsmasq-discuss] [PATCH] pxe: support pxe clients with custom vendor-class

The patch looks fine in princple, but it doesn't apply to the current release (2.82) What version of dnsmasq were you patching? Cheers, Simon. On 02/12/2020 12:23, Wang Shanker wrote: > According to UEFI[1] and PXE[2] specs, PXE clients are required to have > `PXEClient` identfier in the vendo

Re: [Dnsmasq-discuss] How do I disable the RDNS in the RA without disabling the DNS itself?

On 05/12/2020 22:47, Kristof Mattei wrote: > Hi all! > >   > > I have a dual stack network. > >   > > * IPv4: > o Subnet: 192.168.1.1/24, with DNSMASQ on 192.168.1.1 providing > the DHCP. > o DHCP via DNSMASQ > o DNS address 192.168.1.10 is sent to clients with dhcp-

Re: [Dnsmasq-discuss] [PATCH v2] pxe: support pxe clients with custom vendor-class

Patch applied. http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4ded96209e8346711f9d0b9e13a835d42835853d I've manually reviewed this, and done very minimal testing, please test it to make sure it's OK. Simon. On 04/12/2020 02:17, Wang Shanker wrote: > From 606d638918edb0e0ec07fe27eb

Re: [Dnsmasq-discuss] dhcp-relay and option 82

On 02/12/2020 10:33, Mani Wieser wrote: > Dear all > I am trying to use dnsmask as dhcp relay in dd-wrt as a substitution to > their buggy dhcpfwd solution. It works fine, but I can't find a way to > inject option 82. > I tried with > dhcp-circuitid=set:82,1,"ws-c" > dhcp-remoteid=set:"ws-c" > dhcp

Re: [Dnsmasq-discuss] Sad DNS vulnerability

On 08/12/2020 00:51, WU, CHRIS wrote: > Hello.  I read this story on ZDnet about a DNS cache poisoning > vulnerability and it mentions dnsmasq as one of the affected applications. > >   > > https://www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-dns/ > >   > > Is there anyth

Re: [Dnsmasq-discuss] dhcp-relay and option 82

On 07/12/2020 13:58, Mani Wieser wrote: > On 07.12.2020 00:38, Simon Kelley wrote: >> On 02/12/2020 10:33, Mani Wieser wrote: >>> Dear all >>> I am trying to use dnsmask as dhcp relay in dd-wrt as a substitution to >>> their buggy dhcpfwd solution. It w

[Dnsmasq-discuss] Announce: security and release of dnsmasq-2.83.

Dnsmasq 2.83 is now available from https://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.83.tar.gz The main focus in this release is security fixes for a some newly announced flaws. See https://www.jsof-tech.com/disclosures/dnspooq for the details. There are broadly two sets of problems. The first i

Re: [Dnsmasq-discuss] "multiple MAC addresses in a single dhcp-host" vs "multiple dhcp-host lines with the same IP address"

On 22/01/2021 11:22, Jaime wrote: > Hi. > > A long time ago [1], Simon wrote to the list saying: > > "Be aware that multiple MAC addresses in a single dhcp-host has > different semantics to multiple dhcp-host lines, each with one MAC > address but with the same IP address." > > Is this still tru

Re: [Dnsmasq-discuss] v2.83 failed to send packet: Network is unreachable

On 22/01/2021 02:14, Steve Hirsch wrote: > Hi Lonnie, > >   > > I am also seeing an occasional “failed to send packet: Address family > not supported by protocol”.  However, it is mostly “Network Unreachable” > and they are pretty continuous (much more than the 10 you have).  > Dnscrypt is config

Re: [Dnsmasq-discuss] v2.83 failed to send packet: Network is unreachable

On 22/01/2021 16:08, Hannu Nyman wrote: > I bisected the dnsmasq commits, and looks like it is caused by this: > > 15b60ddf935a531269bb8c68198de012a4967156  FAIL > 824461192ca5098043f9ca4ddeba7df1f65b30ba  Ok ? > > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=15b60ddf935a531269bb8c68

Re: [Dnsmasq-discuss] v2.83 failed to send packet: Network is unreachable

Update: I missed a case. Simon. thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=12af2b171de0d678d98583e2190789e50e02 On 22/01/2021 17:47, Simon Kelley wrote: > On 22/01/2021 16:08, Hannu Nyman wrote: >> I bisected the dnsmasq commits, and looks like it is cause

Re: [Dnsmasq-discuss] v2.83 failed to send packet: Network is unreachable

Apolgies about your wasted time. Once more with 2.84test3 ? Cheers, Simon On 22/01/2021 18:37, Hannu Nyman wrote: >> Update: I missed a case. > > > Possibly also something else. > > With 2.84test2, there are now three different errors: > > > Fri Jan 22 20:32:49 2021 daemon.info dnsmasq[120

Re: [Dnsmasq-discuss] [PATCH] Rename HAVE_NETTLEHASH to HAVE_CRYPTOHASH

On 24/01/2021 14:30, Vladislav Grishenko wrote: > Hi, > >   > > Commit 2024f9729713fd657d65e64c2e4e471baa0a3e5b “Support hash function > from nettle (only)” has introduced HAVE_NETTLEHASH option (thanks, Petr!). > But, I think, there's no much sense to bind feature name to specific > cryptolib be

Re: [Dnsmasq-discuss] v2.83 failed to send packet: Network is unreachable - roadmap?

On 24/01/2021 11:38, Matthias Andree wrote: > Am 23.01.21 um 02:34 schrieb Lonnie Abelbeck: >>> On Jan 22, 2021, at 4:33 PM, Simon Kelley wrote: >>> >>> Apolgies about your wasted time. Once more with 2.84test3 ? >> Thanks Simon, 2.84test3 solves all "fail

Re: [Dnsmasq-discuss] v2.83 failed to send packet: Network is unreachable - roadmap?

On 24/01/2021 22:12, Simon Kelley wrote: > On 24/01/2021 11:38, Matthias Andree wrote: >> Am 23.01.21 um 02:34 schrieb Lonnie Abelbeck: >>>> On Jan 22, 2021, at 4:33 PM, Simon Kelley wrote: >>>> >>>> Apolgies about your wasted time. Once more with 2

[Dnsmasq-discuss] Announce: dnsmasq-2.84

Last week's 2.83 release has proved to have a regression. The symptoms are random log messages reporting "failure to send packet" and the DNS query associated with this is lost. Retries of the query do not fail, so the operational effect of this is minimal. To trigger the bug, dnsmasq has to be und

Re: [Dnsmasq-discuss] DNSpooq v2.80 backport patch

On 28/01/2021 17:48, Dave M wrote: > Hi all, > > The DNSpooq disclosure contains a total of 7 CVEs. > > Can someone confirm that the patch backport for v2.80 published > at http://www.thekelleys.org.uk/dnsmasq/dnspooq-patches/2.80-dnspooq.patch.v2  > addresses all > of them? > > I guess the pref

Re: [Dnsmasq-discuss] Announce: dnsmasq-2.84 - sort and semantic versioning

On 26/01/2021 16:55, M. Buecher wrote: > > > On 2021-01-26 17:41, M. Buecher wrote: >> On 2021-01-26 00:43, Lonnie Abelbeck wrote: On Jan 25, 2021, at 5:21 PM, Lonnie Abelbeck wrote: > Get it here: > > http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.84.tar.gz

Re: [Dnsmasq-discuss] DNSpooq v2.80 backport patch

Good spot. I've just posted version 3, which addresses this, and also includes the changes to the Makefile, stupidly omitted from v2. https://www.thekelleys.org.uk/dnsmasq/dnspooq-patches/2.80-dnspooq.patch.v3 Cheers, Simon. On 01/02/2021 22:25, WU, CHRIS wrote: >> The patch does address all

Re: [Dnsmasq-discuss] Announce: dnsmasq-2.84 - sort and semantic versioning

On 31/01/2021 19:27, Matthias Andree wrote: > Am 31.01.21 um 12:21 schrieb Geert Stappers: >> Lonnie Abelbeck's hint on another release was indeed very humble >> and very polite. And yes, he is right with expressing >> We do ourself and the rest of mankind a favour by avoiding >> version string

Re: [Dnsmasq-discuss] Announce: dnsmasq-2.84 - sort and semantic versioning

On 31/01/2021 11:21, Geert Stappers wrote: > > Besides not pretty, it is also not readable. > Plus '-k 1.6,1.6' looks very odd in that line. > > | sort -k1.2,1.5r -k1.6,1.7r -k1.8,1.9r -k1.10,1.11r > looks more "having a pattern" But it's wrong. The -k1.6,1.6 sorts on the first letter _after_

Re: [Dnsmasq-discuss] Debian Buster Security Update?

In progress with the security team. Simon. On 02/02/2021 02:21, Andrew Miskell wrote: > That’s really up to the maintainer of the debian packages. I suspect they’ll > fix it at some point. > > Sent from my iPhone > >> On Feb 1, 2021, at 20:16, mailinglistno...@abwesend.de wrote: >> >> Hello

Re: [Dnsmasq-discuss] v2.84 temporary failure in name resolution when IPV6 is enabled

On 03/02/2021 01:57, Amit wrote: > I have been following discussions in "[Dnsmasq-discuss] v2.83 failed to > send packet: Network is unreachable" and was happy to hear it has been > resolved in dnsmasq v2.84-1 in debian testing. > > However, this still seems to affect me and I get the error: > >

Re: [Dnsmasq-discuss] DKIM / DMARC emails.

On 17/02/2021 13:54, Etan Kissling wrote: > When submitting a patch I noticed that the Dnsmasq mailing list modifies > the subject of the email (prefix [Dnsmasq-discuss]) as well as appends > 'Dnsmasq-discuss mailing list' information to the end of my message. > > These modifications break DKIM si

Re: [Dnsmasq-discuss] Client retries broken in 2.84

On 16/02/2021 00:42, Nicholas Mu wrote: > Hi,  > > I noticed a low level increase in DNS errors after upgrading to 2.84. > After doing some packet diving, it seems that retries behave differently > in the new version. For my testing, I'm using dnspython but I believe > this issue would affect any

Re: [Dnsmasq-discuss] Temporary failure in name resolution when IPv6 is enabled

On 09/02/2021 04:08, Amit wrote: > On Wed, Feb 3, 2021 at 12:16 PM Geert Stappers wrote: >> > > [snip] > >> >> My guess: >> >> } } Where is the `ping www.google.com` done? >> } The ping is done at the end of the chain >> } } Where and how is IPv6 disabled? >> } Same machine, magic from Network

Re: [Dnsmasq-discuss] DKIM / DMARC emails.

gt;> >>> See my earlier patch: >>> - [PATCH v4] Connection track mark based DNS query filtering. >>> >>> Other mailing lists such as netfilter-de...@vger.kernel.org >>> do not share these DMARC problems. >>> >>> What is the preferred app

Re: [Dnsmasq-discuss] getting different responses from high traffic DNSmasq

On 18/02/2021 09:44, Boris Behrens wrote: > This happened after the update from v2.76 to v2.80 > > Is there a way how I can debug that deeper. The information you've given so far is useful, but not enough to allow someone to easily reproduce the problem, which is the key. Questions which need a

Re: [Dnsmasq-discuss] How to add AAAA record for host with dynamic prefix?

On 13/02/2021 19:22, Fred F wrote: > Dear all, > > I'd like to bump this question. Isn't there anybody who is using > dnsmasq in IPv6 networks with dynamic prefixes? > > Regards, > Frederik > > On Sat, 10 Oct 2020 at 16:59, Fred F wrote: >> >> Hi, >> >> I am using dnsmasq in an environment with

Re: [Dnsmasq-discuss] DKIM / DMARC emails.

folders. DMARC is a security standard for >>>>> accessing email authenticity. >>>>> >>>>> See my earlier patch: >>>>> - [PATCH v4] Connection track mark based DNS query filtering. >>>>> >>>>> Other mailing l

Re: [Dnsmasq-discuss] Website and Dnsmasq pages

On 23/01/2021 15:07, - Neustradamus - wrote: > Hello Simon, > > It is possible to rename https://thekelleys.org.uk/dnsmasq/doc.html to > https://thekelleys.org.uk/dnsmasq/index.html? > And create a redirection of doc.html to https://thekelleys.org.uk/dnsmasq/? https://thekelleys.org.uk/dnsmasq/

Re: [Dnsmasq-discuss] Client retries broken in 2.84

gets abandoned and client1 has to await client2s reply. In the meantime client3 ask for example.com.. Cheers, Simon. > Thanks, > Nick > > On Wed, Feb 17, 2021 at 4:03 PM Simon Kelley <mailto:si...@thekelleys.org.uk>> wrote: > > On 16/02/2021 00:42, Nichola

Re: [Dnsmasq-discuss] DHCP hosts without active leaes not added to DNS cache

On 23/02/2021 09:13, Dominik Derigs wrote: > Hey list, > > When specifying a DHCP host like > > --dhcp-host=00:20:e0:3b:13:af,192.168.0.2,wap > > I'd expect dnsmasq to respond to `dig wap` with the IP address > `192.168.0.2`. Instead, NOERROR with empty answer RR is returned. > > Looking at

Re: [Dnsmasq-discuss] [PATCH] --bind-dynamic and fast netlink changes

On 18/02/2021 11:56, Petr Menšík wrote: > Hi Simon and others, > > I have started checking behaviour of dnsmasq on fast netlink changes, > reported originally on RHEL7 bug[1]. Found commit 1627d577[2] helps a > lot on RHEL 7, which is already in current version. But for some reason, > even latest

Re: [Dnsmasq-discuss] Website and Dnsmasq pages

On 25/02/2021 14:27, - Neustradamus - wrote: > Hello Simon, > > Thanks for your last changes on the website! > > About the files currently in http://www.thekelleys.org.uk/dnsmasq/ > > It is possible: > - to move "all" into a subfolder and create a redirection to new place > - to rename the doc.h

Re: [Dnsmasq-discuss] How to add AAAA record for host with dynamic prefix?

On 26/02/2021 15:54, Fred F wrote: > Hi Simon, > > thanks for your reply. Unfortunately ULA does not solve my problem, as > this host needs to be reachable through that address from the outside > world. And I'd like to use the DNS name as an alias in the firewall > (FreeBSD). So right now I am stu

Re: [Dnsmasq-discuss] RDNSS lifetime support

On 29/01/2021 09:23, Nguyen Ngo wrote: > Hello, > I was wondering if dnsmasq has support for the following RFC standard. I > couldn't find it anywhere in the documentation. > > RFC 8106 > Section 5.1 Recursive > DNS Server lifetime field. > Section

Re: [Dnsmasq-discuss] [PATCH] --bind-dynamic and fast netlink changes

ht be better with --log-async. User would have to use > --log-listen if interested in watching listeners changes. > - Patch 0004 - Obtain MTU only in case it would be used. Attempt to > reduce innecessary syscall inside iface_enumerate loop in some cases. > > 1. https://github.com/Inf

Re: [Dnsmasq-discuss] [PATCH] --bind-dynamic and fast netlink changes

On 02/03/2021 17:49, Simon Kelley wrote: > > Maybe to should have a new option to control debug-level logging. > Without that set my_syslog could just discard any calls with LOG_LEVEL > set to DEBUG (which is just the ones we're talking about, as far as I > can see, but cou

Re: [Dnsmasq-discuss] [PATCH] --bind-dynamic and fast netlink changes

On 01/03/2021 10:56, Petr Menšík wrote: > On 3/1/21 1:02 AM, Simon Kelley wrote: >> That looks sensible except for one thing. I wasn't sure about the >> logging in the first place, and having to add Yet Another Config Option >> to control it is the last straw; I thin

Re: [Dnsmasq-discuss] First question(s)

On 12/03/2021 15:47, Ken Gillett via Dnsmasq-discuss wrote: > Only just discovered dnsmasq and planning to use it on my LAN, but have a > couple of initial questions I hope can be answered here:- > > I want to allocate all IP addresses from specified range, but provide DNS > names for some hosts

Re: [Dnsmasq-discuss] [PATCH] --bind-dynamic and fast netlink changes

Cool. I just pushed two commits. One to implement --log-debug and one to enable it for those messages. Simon. On 09/03/2021 00:01, Petr Menšík wrote: > Hi, > > --debug-log is good as well, whatever suits you more. > > On 3/2/21 6:49 PM, Simon Kelley wrote: >> On 01/03/20

Re: [Dnsmasq-discuss] [PATCH] Another regression from v2.83 on bound interfaces

So, networkmanager is specifying a source address or interface with its servers? Slightly worrying that that inhibits random ports and reduces security anyway. I don't think your patch makes it any worse. I think it's possible to iterate over all the servers that a query could have been sent to us

Re: [Dnsmasq-discuss] Problem with domain names containing 3 or more minus in a row

Dnsmasq can be linked with the IDN library, which deals with non-ascii characters in domain names and converst them to punycode. I suspect that the IDN library may well barf when given a name containing punycode already. dnsmasq -v should tell you if IDn is in use or not, in the compile time opti

Re: [Dnsmasq-discuss] How to add AAAA record for host with dynamic prefix?

On 01/03/2021 20:40, Fred F wrote: > Hi, > > On Sun, 28 Feb 2021 at 18:07, Simon Kelley wrote: >> It's actually rather easy to add an address field, such that >> >> interface-name=laptop.thekelleys.org.uk,[::2],eth0/6 >> >> and eth0 having 1:2:3:4::

Re: [Dnsmasq-discuss] Client retries broken in 2.84

On 11/03/2021 11:19, Petr Menšík wrote: > Hi Simon and Nicholas, > > I think dnsmasq relying on driving retries by clients is not great > design. When clients starts bombarding dnsmasq with requests, dnsmasq > will in turn bombard upstream server(s) too. It seems unnecessary to me. > And even wron

Re: [Dnsmasq-discuss] dnsmasq to return NODATA for an A query

On 14/03/2021 14:35, Aaron Jones wrote: > On 07/03/2021 08:57, Geert Stappers via Dnsmasq-discuss wrote: >> --host-record=foo.example.org,NODATA,fd00::1 >> >> Says what is wanted. >> >> In `hosts` file >> >> fd00::1 foo.example.org >> NO4DATA foo.example.org >> >> and allow >> >> 192.168.0.

Re: [Dnsmasq-discuss] feature request : NXDOMAIN all domains on network

On 15/03/2021 02:36, dnsmasqlist2...@rscubed.com wrote: > > Hello, > > Thanks for the many years of support for DNSMasq I have used it for a > long time as a filter for most of my machines and servers. > > Currently I think DNSMasq has the ability to sinkhole all domains on an > IP using the bog

Re: [Dnsmasq-discuss] RDNSS lifetime support

ses them to write a resolv.conf file. Dnsmasq will read a resolv.conf file and re-read it when it changes, so that's fine. https://linux.die.net/man/8/rdnssd Cheers, Simon. > On Sun, Feb 28, 2021 at 2:23 PM Simon Kelley <mailto:si...@thekelleys.org.uk>> wrote: > >

[Dnsmasq-discuss] Announce 2.85rc1 and security warning.

I've just created the first release candidate for dnsmasq-2.85. Since 2.84 this has a couple of stand-alone configuration enhancements, a fix for DNS retries which addresses a regression in 2.84, and a large fix which address a historic error. Way back, when Dan Kaminsky revealed the birthday att

  1   2   3   4   5   6   7   8   9   10   >