Re: [Dnsmasq-discuss] dnsmasq using 100% of cpu

Very suspicious of listen-address=127.0.0.9. Are you sure you've not created a loop where dnsmasq is send queries back to itself? Enabling logging, and/or --dns-loop-detect would be useful. Cheers, Simon. On 5/1/24 23:47, Kenneth Berland wrote: On March 2, 2020 (possibly causing the

Re: [Dnsmasq-discuss] Noisy DHCPv6 DHCPADVERTISE

The message can be important (think a mismatch between the address of the receiving interface and a dhcp-range, so I wouldn't like to suppress it. It might be sensible to detect the situation you have (static range in scope, no host configured) and suppress it then. It's slightly more

Re: [Dnsmasq-discuss] DHCPv6 Not Working on Linux 6.6.13

On 28/02/2024 10:29, Robert Sharp wrote: I have been using Dnsmasq for many years and I am now trying to include ipv6. Unfortunately, I cannot seem to get DHCPv6 to work, which I believe I need in order to be able to look up hosts using DNS. My ISP has allocated me with a /48 prefix and I

Re: [Dnsmasq-discuss] dhcp-script and netboot pi

On 25/02/2024 23:24, Carl Karsten wrote: Either dhcp-script isn't doing what it is expected, or I'd like it to do more. I am netbooting raspberry pi. so some dhcp client in the pi firmware get's an IP and netboot params, then tftp client gets files. the dhcp traffic happens and is shown in

Re: [Dnsmasq-discuss] Fwd: no-ping

capability NET_ADMIN  - --no-ping + --dhcp-broadcast=mgmt: dnsmasq: process is missing required capability NET_ADMIN  - --no-ping + --dhcp-broadcast: works fine Best regards, Martin On Wed, Feb 21, 2024 at 1:07 AM Simon Kelley <mailto:si...@thekelleys.org.uk>> wrote: That woul

Re: [Dnsmasq-discuss] erroneously filtering A records after calling "SetFilterA false" over dbus

On 20/02/2024 19:06, Clayton Craft via Dnsmasq-discuss wrote: Using dnsmasq 2.90 + the patch to fix the infinite loop, it seems like filtering is applied when calling e.g., "SetFilterA false" over dbus. In the script below, the first lookup succeeds but subsequent lookups after the initial

Re: [Dnsmasq-discuss] Fwd: no-ping

; -      need_cap_net_admin = 1; +      if (!option_bool(OPT_NO_PING) || daemon->force_broadcast == NULL || daemon->force_broadcast->list != NULL) +        need_cap_net_admin = 1;  #   endif      } Best regards, Martin On Tue, Feb 20, 2024 at 10:21 AM Simon Kelley <mailto:si...@thekelleys.org.uk>&g

Re: [Dnsmasq-discuss] Similar to bfefd6e38c6e, fix error introduced in 51471cafa5a4

Patch applied. Thanks. Simon. On 20/02/2024 08:32, renmingshuai via Dnsmasq-discuss wrote: From 81ed4df0eb1d70fc1ac5f94b5839f8cb45602ed0 Mon Sep 17 00:00:00 2001 From: renmingshuai Date: Tue, 20 Feb 2024 16:13:11 +0800 Subject: [PATCH] Fix error introduced in

Re: [Dnsmasq-discuss] Fwd: no-ping

r 52:54:00:00:02:01 brd ff:ff:ff:ff:ff:ff     inet10.0.2.1/24 <http://10.0.2.1/24> metric 1024 brd 10.0.2.255 scope global dynamic enp0s3        valid_lft 3525sec preferred_lft 3525sec Best regards, Martin On Tue, Feb 20, 2024 at 1:46 AM Simon Kelley <mailto:si...@thekelleys.or

Re: [Dnsmasq-discuss] Fwd: no-ping

If you're doing DHCP, even if you're not sending ICMP ping packets, you still need CAP_NET_ADMIN, because the DHCP server has to be able to manipulate the ARP table. I guess you're starting dnsmasq without CAP_NET_ADMIN, dnsmasq is determining that it needs CPA_NET_ADMIN to run the DHCP

Re: [Dnsmasq-discuss] rr_on_list stuck in infinite loop, dnsmasq unresponsive

Wow, excellent bug report, thank you. Took me straight to the stupid error. src/dbus.c around line 834. The code block controlled by "if (!done)" should include the line "done = 1;" Same thing below for filter . I'll push the patch directly. Cheers, Simon. On 19/02/2024 21:29,

Re: [Dnsmasq-discuss] rr_on_list stuck in infinite loop, dnsmasq unresponsive

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=89aad014685161318318737dc0e350ee4dae982d should fix this. Simon. On 19/02/2024 23:16, Simon Kelley wrote: Wow, excellent bug report, thank you. Took me straight to the stupid error. src/dbus.c around line 834. The code block

Re: [Dnsmasq-discuss] dhcp-ignore with tags from ranges

On 16/02/2024 13:24, Matthias Lay via Dnsmasq-discuss wrote: Hi List, I am trying to set the *dhcp-ignore* option for a single dhcp-range only. after reading the manpage my setup is like this: dhcp-range=set:8,22.22.22.1,22.22.22.100 dhcp-ignore=tag:8,tag:!known this doesnt seem to work.

[Dnsmasq-discuss] Announce: dnsmasq-2.90.

I've just released 2.90. The motivation for this a security announcement today of an attack known as keytrap, which is a generic attack on all DNSSEC validators - it's a failure of the specification rather than of the implementations. If DNSSEC validation is enabled, then an attacker who can

Re: [Dnsmasq-discuss] New option --no-ANY

On 08/02/2024 12:01, Petr Menšík wrote: I do not think this is good approach. One thing is any queries need to be handled by upstream resolver somehow. Whatever it is, dnsmasq will reply whatever upstream resolvers chosen to do that. The only exception is local data, for example

Re: [Dnsmasq-discuss] DHCPv6 with multiple IA

On 06/02/2024 22:29, Bertrand Jacquin wrote: Hi, As per RFC8415 section 21.6, IA Address option 5 offered by the server specifying (temporary or not) address, may appear more than once so the client can be offered more than one address to use. This is supported by AWS EC2 (aws ec2

Re: [Dnsmasq-discuss] [PATCH] Easier custom lua version

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=summary On 03/02/2024 08:56, Geert Stappers wrote: On Wed, Jan 24, 2024 at 11:41:57AM +0100, Petr Menšík wrote: Date: Wed, 24 Jan 2024 11:28:38 +0100 Subject: [PATCH] Make lua version more easy to customize If distribution making lua-enabled

Re: [Dnsmasq-discuss] [PATCH] d/rules: Install D-Bus policy in /usr instead of /etc

On 23/01/2024 19:55, Sven Geuer wrote: On Mon, 2024-01-22 at 12:58 +0100, Gioele Barabucci wrote: On 22/01/24 00:09, Simon Kelley wrote: I've just committed a major overhaul to the Debian packaging which eliminates the very ancient and crusty scripts in favour of debhelper. Debhelper

Re: [Dnsmasq-discuss] [PATCH] d/rules: Install D-Bus policy in /usr instead of /etc

Thanks for the patch, and apologies for taking so long to reply. I've just committed a major overhaul to the Debian packaging which eliminates the very ancient and crusty scripts in favour of debhelper. Debhelper, predictably, gets this right, so the problem is moot. Cheers, Simon. On

Re: [Dnsmasq-discuss] [PATCH] Minor typo fix in the man page

Patch applied. Thanks. Simon. On 19/10/2023 22:07, Geert Stappers wrote: The manual page had "list or RR-types", changed it into "list of RR-types". Reported-by: Justin --- man/dnsmasq.8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/dnsmasq.8 b/man/dnsmasq.8

Re: [Dnsmasq-discuss] [PATCH] Introduce local-service=host specialization

Apologies for the delay. Patch applied. Simon. On 09/01/2024 14:45, Petr Menšík wrote: Kind reminder for this change. There seems to be no opposition for this change. Can it get merged then, please? Cheers, Petr On 12/3/23 19:29, Simon Kelley wrote: Looks sensible to me. Very much

Re: [Dnsmasq-discuss] Occasional "communications error", how to diagnose?

On 13/12/2023 15:25, Chris Green wrote: I run dnsmasq version 2.89 on my laptop which is running [x]ubuntu 23.04. I have systemd.resolvd disabled. I'm occasionally seeing the following error when getting a host's IP:- chris$ host homepi ;; communications error to 127.0.0.1#53:

Re: [Dnsmasq-discuss] Dnsmasq IPv6 NXDOMAIN issue when using synth-domain for IPv4

The problem is well known, and the solution (rewrite NXDOMAIN replies from upstream to NODATA) has been done for a long time. Unfortunately, an oversight missed out --synth-domain from the code which determines if a query for another rr-type is capable of eliciting an answer and triggers the

Re: [Dnsmasq-discuss] [PATCH] Introduce local-service=host specialization

Looks sensible to me. Very much in the spirit of the original --local-service option flag. I'm minded to commit this unless anyone has an objection. Simon. On 30/11/2023 17:59, Petr Menšík wrote: Hello! I have sent similar proposal already in year 2021 [1]. But I have reworked that a bit

Re: [Dnsmasq-discuss] Domain not applied correctly when reading DHCP lease file

You're pretty much correct. the code that reads the leases file runs (for good reasons) before the code which looks at the addresses of the local interfaces, so domain configs which are predicated on the interface come out wrong.

Re: [Dnsmasq-discuss] [PATCH] Add number of forks for TCP to metrics and dump

Looks good. Patch applied. Cheers, Simon. On 24/11/2023 11:13, Damian Sawicki via Dnsmasq-discuss wrote: Hello dnsmasq experts, Following up on the recent addition of the flag --max-tcp-connections, I'd like to propose a patch with monitoring of the number of TCP connections. This way,

Re: [Dnsmasq-discuss] Does the --interface option to dnsmasq also apply to incoming broadcast DHCP requests?

On 29/11/2023 23:09, Chris Friesen via Dnsmasq-discuss wrote: Hi, I was just wondering whether the --interface and --except-interface options to dnsmasq would also apply to messages like DHCPDISCOVER and DHCPREQUEST which are broadcast to 255.255.255.255. In my particular case I have an

Re: [Dnsmasq-discuss] [PATCH] Re: Issues with dnsmasq under NM and domain redirection: REFUSED

On 31/10/2023 16:39, Petr Menšík wrote: I am still not sure what exactly causes this problem, but I have hit it again. I am sure it happens sometimes, when I disconnect from my Lenovo docking station and then connect back to it. Interesting thing I have found is it gets unblocked by sending

Re: [Dnsmasq-discuss] [PATCH] Refuse to start with EADDRINUSE in --bind-dynamic mode

, the only error from bind() that should be ignored is EADDRNOTAVAIL. everything else should be a fatal error during startup or logged once the daemon is running. I've just pushed a patch to that effect. Cheers, Simon. More below... On 11/23/23 13:47, Simon Kelley wrote: That's a good point

Re: [Dnsmasq-discuss] [PATCH] Refuse to start with EADDRINUSE in --bind-dynamic mode

to investigate you first have to know something unusual has happened. On 23. 11. 23 0:29, Simon Kelley wrote: Isn't this sufficient to fix the problem? Not calling die() when bind-dynamic is set is intended to handle the case that  bind returns EADDRNOTAVAIL because you've configured --listen

Re: [Dnsmasq-discuss] [PATCH] Refuse to start with EADDRINUSE in --bind-dynamic mode

Isn't this sufficient to fix the problem? Not calling die() when bind-dynamic is set is intended to handle the case that bind returns EADDRNOTAVAIL because you've configured --listen-address=1.2.3.4 but there's not a local interface with that address. dnsmasq runs anyway in the expectation

Re: [Dnsmasq-discuss] runtime error: left shift of 128 by 24 places cannot be represented in type 'int'

Thanks for that. I don't think this bug has any practical effect. If the hash is calculated wrongly, it's only ever compared to another has calculated the same way, so the code will still work as designed. I think that this patch fixes things. Please could you test?

Re: [Dnsmasq-discuss] dnsmasq page fault

I just pushed a putative fix. Apologies for missing this. Simon. On 10/11/2023 19:46, e9hack wrote: Hi, I think tcp_init() must be execute outside of if (daemon->port != 0) {}. I've two instances running. The crashing instance acts as dhcp server only. Regards, Hartmut Am 10.11.2023 um

Re: [Dnsmasq-discuss] Having dnsmasq coexist with other dhcp server

On 18/10/2023 08:58, Luigi Baldoni via Dnsmasq-discuss wrote: Hello, I'm having a hard time making dnsmasq run together with kea-dhcp4-server on the same machine. Even though they listen on different interfaces, the first one prevents the other from starting. With the old

Re: [Dnsmasq-discuss] DHCPv6 doesn't work on Linux interfaces enslaved to a VRF

On 10/10/2023 11:25, Luci Stanescu wrote: Hi Simon, On 10 Oct 2023, at 00:17, Simon Kelley wrote: I've implemented option 1 here and it's currently running and dogfood on my home network. There are no VRF interfaces there: this is a test mainly to check that nothing breaks. So far, so good

Re: [Dnsmasq-discuss] [PATCH] Fix DHCPv6 "NotOnlink" response which previously failed to set the message type correctly

Thanks for finding that. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3868066085f4f73055d303ad2af59ad66245cf27 is basically the same fix, but does logging right. Cheers, Simon. On 10/10/2023 11:23, renmingshuai via Dnsmasq-discuss wrote: My dhclient process received a Confirm

Re: [Dnsmasq-discuss] DHCPv6 doesn't work on Linux interfaces enslaved to a VRF

On 09/10/2023 11:40, Luci Stanescu wrote: Hi Simon, Thank you for your response and your openness to this issue! My thoughts below, inline (and apologies for the rather long email). On 9 Oct 2023, at 01:05, Simon Kelley wrote: 1) Even if this is a kernel bug, kernel bugs fixes take a long

Re: [Dnsmasq-discuss] [PATCH] Set pointers to NULL after memory is freed

On 08/10/2023 09:44, renmingshuai via Dnsmasq-discuss wrote: Set pointers to NULL after memory is freed to reduce dangling pointers, although they are later set to new values. From 5567d99099191f0cdb2922555e6ade2634f94f30 Mon Sep 17 00:00:00 2001 From: renmingshuai Date: Sun, 8 Oct 2023

Re: [Dnsmasq-discuss] Memory leak for SRV records with TTL=0 in v2.88

On 05/10/2023 16:56, Damian Sawicki via Dnsmasq-discuss wrote: Hello dnsmasq experts, There seems to be a memory leak in v2.88. The reproduction steps are as follows: insert an SRV record with TTL=0 in an upstream DNS server and query dnsmasq for this record. I inserted a record with name

Re: [Dnsmasq-discuss] DHCPv6 doesn't work on Linux interfaces enslaved to a VRF

On 07/10/2023 14:02, Luci Stanescu via Dnsmasq-discuss wrote: Hi, I've discovered that DHCPv6 doesn't work on Linux interfaces enslaved to a VRF. Now, I believe this to be a bug in the kernel and I've reported it, but in case you'd like to implement a workaround in dnsmasq, this is quite

Re: [Dnsmasq-discuss] IPv6 addresses are (almost) immediately deprecated

On 22/09/2023 21:48, Graham Leggett via Dnsmasq-discuss wrote: On 22 Sep 2023, at 20:27, Geert Stappers wrote: I have a dnsmasq config on a development machine that looks like this: dhcp-range=fd33:::1::, ra-only, 24h The intention is for this development machine to announce to

Re: [Dnsmasq-discuss] [PATCH] Fix DHCPv6 options memory leaks

Patch applied. The problem is clear and the fix is good. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=d16b995756dc079b1fdc2e63665793979f766a26 Thanks for your contribution. Cheers, Simon. On 28/09/2023 09:28, renmingshuai via Dnsmasq-discuss wrote: When I repeatedly reloaded

Re: [Dnsmasq-discuss] [PATCH] Fix DHCPv6 options memory leaks

On 01/10/2023 18:55, Geert Stappers wrote: That looks good to me. However: |$ git am |Applying: Fix DHCPv6 options memory leaks |error: corrupt patch at line 11 |Patch failed at 0001 Fix DHCPv6 options memory leaks |hint: Use 'git am --show-current-patch=diff' to see the failed patch |When

Re: [Dnsmasq-discuss] Blockdata SIGSEGV on master

On 05/09/2023 06:46, Geert Stappers wrote: On Sun, Sep 03, 2023 at 08:38:00PM +0100, Simon Kelley wrote: On 01/09/2023 20:28, Dominik Derigs wrote: Dear Simon, CC mailing list, today I've received a report of latest dnsmasq embedded into Pi-hole crashing when www.facebook.com is visited

Re: [Dnsmasq-discuss] Blockdata SIGSEGV on master

Dear list, Offline, we've found this one. The patch is in git now. It needs arbitrary RR caching to be enabled, and some fairly bad luck in what actually gets cached, but Facebook obliges every once in a while. Cheers, Simon. On 01/09/2023 20:28, Dominik Derigs wrote: Dear Simon, CC

Re: [Dnsmasq-discuss] Corrupted query causing FORMERR?

On 17/08/2023 18:08, John Horne wrote: Hello, We have for some time had reports of intermittent DNS query failures. For the servers concerned, a client on the server causes a query to be sent (via resolv.conf) to 127.0.0.1 which is the dnsmasq process. If the query is not in the cache, then

Re: [Dnsmasq-discuss] Do we have good way to register SLAAC clients?

Dnsmasq has a feature, enabled by "ra-names" which attempts to solve this problem for dual-stack hosts. It works like this. When a host gets a DHCPv4 address, dnsmasq calculates the address that the client would assign itself using SLAAC, and pings that address. If it gets a reply it adds

Re: [Dnsmasq-discuss] [PATCH] TCP client timeout setting

On 26/05/2023 17:19, Simon Kelley wrote: The long delay awaiting a connection from a non-responsive server may be improved by reducing the value of the TCP_SYNCNT socket option, at least on Linux. Setting TCP_SYNCNT to 2 limits the delay for a non responsive address to about 8 seconds

Re: [Dnsmasq-discuss] [PATCH] TCP client timeout setting

On 25/05/2023 20:32, Petr Menšík wrote: This problem is best tested by an example, taken from [2] but a bit modified. Let's create hepothetical network issue with one forwarder, which worked fine a while ago. $ sudo iptables -I INPUT -i lo -d 127.0.0.255 -j DROP Now start dnsmasq and

Re: [Dnsmasq-discuss] DNSMASQ DHCP Options for CAPPORT or RFC8908 [PATCH]

What I can't get from a quick reading of the RFCs it how the captive-portal URI is derived from the client characteristics. The RFCs imply that the final, encoded part of the URI is an opaque identifier that's returned by the DHCP part of the captive portal and then accepted by the http part.

Re: [Dnsmasq-discuss] dhcp-lease-max is only for DHCPv4?

are remaining at 512, and all after clients will not appear in the lease file. Thanks, Lin Geert Stappers mailto:stapp...@stappers.nl>> 於 2023年5月23日 週二 下午1:59寫道： On Tue, May 23, 2023 at 12:05:08AM +0100, Simon Kelley wrote: > On 22/05/2023 12:18, Linyih T

Re: [Dnsmasq-discuss] dhcp-lease-max is only for DHCPv4?

There's a possible difference between the number of clients and the number of DHCP leases, since leases can expire to be deleted by the client. Are you saying that the number of simultaneous DHCP leases increases without bound, or that the 513th client gets a lease? Have you checked the

Re: [Dnsmasq-discuss] use-stale-cache may failed to refresh record from certain upstream

On 30/04/2023 20:42, Justin wrote: Hello devs in order to use DOH/DOT, a proxy upstream is configured, when dnsmasq enables use-stale-cache, some upstream may return error when dnsmasq tries to refresh the record from upstream after stale cache is sent to client. i reported the issue

Re: [Dnsmasq-discuss] dnsmasq sending advertise packets for the packet containing server id

On 24/04/2023 05:41, shashikumar Shashi wrote: Hi, I am using dnsmasq-2.80, IN this I am observing dnsmasq sending the advertising packets for the packet containing the Server id. This is a violation of the RFC - https://www.rfc-editor.org/rfc/rfc3315#section-15.2

Re: [Dnsmasq-discuss] Confusion about "no address range available for DHCPv6 request via ..."

On 18/04/2023 09:40, Daniel Farina wrote: Hello everyone, I have been trying to set up an IPv6-only network for a virtual machine with route advertisements and DHCP configuration. I've had some success, but I have a question. I have a dnsmasq.conf that looks like this, to delegate a /80

Re: [Dnsmasq-discuss] --server=/#/1.2.3.4 behavior

On 26/04/2023 12:26, Aleksey Vasenev wrote: I found some information in the changelog: "Of course --server=/#/1.2.3.4 is exactly equivalent to --server=1.2.3.4. Special request from Josh Howlett." But this is not true. --server=/#/1.2.3.4 takes precedence over --server=1.2.3.4. Moreover,

Re: [Dnsmasq-discuss] Behavior on DHCP denied

On 18/04/2023 16:35, 0zl wrote: Hello, This is an issue I've experienced with ESP8266 and proxy ARP on my WiFi network. I was able to work around it by assigning the devices an infinite lease, however I think dnsmasq's behavior is undesirable. In short, ESP8266 is on a network with proxy

Re: [Dnsmasq-discuss] [PATCH] DBus watchers change can trigger crash

Both patches applied. Cheers, Simon. On 17/04/2023 12:30, Petr Menšík wrote: Hi! Interesting crash in dnsmasq were reported to me. I can reproduce it reliably on RHEL9, but not anymore on the most recent Fedora. But the difference seems to be based on used dbus library, not depending on

Re: [Dnsmasq-discuss] Add more dhcp log about finding dhcp-config failed

I've committed an alternative patch which does the same thing, but only in the DHCPv6 code path. Cheers, Simon. On 17/04/2023 12:56, renmingshuai via Dnsmasq-discuss wrote: Hi ! When dnsmasq attempts to search for the configured DHCPv6 address based on the MAC address, it will send NS

Re: [Dnsmasq-discuss] proxy-dnssec, how does it work (with unbound as upstream)

, and I can't think of others that need more explicit control. DO you have any? Cheers, Simon. On 4/13/23 23:15, Simon Kelley wrote: I'm not clear where the EDE in a reply fits in to this. I agree, it seems to be all about AD bit in reality. --proxy-dnssec does only one thing: it stops

Re: [Dnsmasq-discuss] proxy-dnssec, how does it work (with unbound as upstream)

I'm not clear where the EDE in a reply fits in to this. --proxy-dnssec does only one thing: it stops dnsmasq from zeroing the authenticated data (AD) bit in replies before returning them to clients. This means that clients can rely on the AD bit to tell if the answer is secure, with a couple

Re: [Dnsmasq-discuss] proxy-dnssec, how does it work (with unbound as upstream)

On 13/04/2023 07:37, Peter Russel wrote: Hi Simon Unfortunately, it looks like I've been shouting victory a little soon. The results are perfect when using dig, however, when using a browser (firefox, edge) the results are unreliable / inconsistent. The assumption is that adding the

Re: [Dnsmasq-discuss] "no address range available for DHCP request via br0" when using for IPv6 RA

here's more than one possible option, which one actually gets used is undefined. Simon. thanks! On Mon, Apr 10, 2023 at 4:29 PM Simon Kelley <mailto:si...@thekelleys.org.uk>> wrote: On 05/04/2023 19:04, Ben Hendin wrote: > Thanks Simon (apologies - my first reply went to

Re: [Dnsmasq-discuss] proxy-dnssec, how does it work (with unbound as upstream)

On 09/04/2023 18:50, Peter Russel wrote: SOLVED The developers added code to pihole-FTL, which is the latest dnsmasq + features (to make pi-hole the better solution). full story (pi-hole forum) here: https://discourse.pi-hole.net/t/dnssec-discussion-support-for-proxy-dnssec/62217 That

Re: [Dnsmasq-discuss] Understand logging - don't find details

On 11/04/2023 17:21, web...@manfbraun.de wrote: Hello! I want to find out the response time from clients request up to dnsmasq's response (including the external answer!) to the client. But a look into the logfile - thought, easy to make a wrapper, because I am missing dnstap support -

Re: [Dnsmasq-discuss] "no address range available for DHCP request via br0" when using for IPv6 RA

HCPv6 it looks like we need --no-dhcpv4-interface and --no-dhcpv6-interface. That would certainly solve your problem. Cheers, Simon. On Wed, Apr 5, 2023 at 12:33 PM Simon Kelley <mailto:si...@thekelleys.org.uk>> wrote: On 03/04/2023 16:54, Ben Hendin wrote: > I'm

Re: [Dnsmasq-discuss] "no address range available for DHCP request via br0" when using for IPv6 RA

On 03/04/2023 16:54, Ben Hendin wrote: I'm running Dnsmasq version 2.85-openssl-5-g989ee98 on an embedded device (Entware installation) I am seeing log entries that state the following when clients come onto the network to request IP addresses via DHCP: "no address range available for

Re: [Dnsmasq-discuss] State of blocking type=65 requests?

On 05/04/2023 14:32, Ed W wrote: On 17/03/2023 17:54, Simon Kelley wrote: On 16/03/2023 16:04, Petr Menšík wrote: I think it should be fixed on the side of clients instead. If they ask for all addresses, just give them when they do exist. If the network is very expensive (can you be more

Re: [Dnsmasq-discuss] [PATCH] Report filtered A or AAAA records via EDE code

. Cheers, Simon. [1] https://gitlab.isc.org/isc-projects/bind9/-/issues/3979 On 3/31/23 09:25, Dominik Derigs via Dnsmasq-discuss wrote: Hey Simon, On Thu, 2023-03-30 at 18:28 +0100, Simon Kelley wrote: I just merged the branch I've been working on for the last week which includes this patch

Re: [Dnsmasq-discuss] [PATCH] Report filtered A or AAAA records via EDE code

On 31/03/2023 08:25, Dominik Derigs wrote: Hey Simon, On Thu, 2023-03-30 at 18:28 +0100, Simon Kelley wrote: I just merged the branch I've been working on for the last week which includes this patch, but much modified because the surrounding code has changed. The function is unaltered

Re: [Dnsmasq-discuss] dhcp-fqdn bug

On 30/03/2023 22:00, 0zl wrote: Greetings, I believe this might be a bug in dnsmasq. When using the shorthand `domain=mydomain.com,local` and `dhcp-fqdn`, dnsmasq fails with: `there must be a default domain when --dhcp-fqdn is set` I'm not sure if this is intended behavior or not, but

Re: [Dnsmasq-discuss] [PATCH] Report filtered A or AAAA records via EDE code

a bit of code cleanup in the affected code paths too. Simon. On 21/03/2023 12:05, Petr Menšík wrote: On 3/17/23 19:08, Simon Kelley wrote: I think that looks like a sensible change. I'm slightly worried about the definition of EDE_FILTERED 4.18. Extended DNS Error Code 17 - Filtered

Re: [Dnsmasq-discuss] log-queries and NXDOMAINS

On 26/03/2023 14:34, Ercolino de Spiacico wrote: In the context of adblock/domain-filtering I was trying to find a way to log all the blocked queries only. We currently use a custom config formatted like: local=baddomain.com/ which returns NXDOMAIN. The issue is that if we enable

Re: [Dnsmasq-discuss] "reply query is duplicate" failure

On 22/03/2023 21:18, Manish Shakya wrote: Hi there, I am using v2.89 dnsmasq with openwrt. Evenever dnsmasq shows the following logs, the getaddrinfo() function fails and has to be retried. ^^ Missed this in my first

Re: [Dnsmasq-discuss] "reply query is duplicate" failure

On 22/03/2023 21:18, Manish Shakya wrote: Hi there, I am using v2.89 dnsmasq with openwrt. Evenever dnsmasq shows the following logs, the getaddrinfo() function fails and has to be retried. Wed Mar 22 20:54:41 2023 daemon.info dnsmasq[1]: 45 127.0.0.1/46942

Re: [Dnsmasq-discuss] State of blocking type=65 requests?

On 16/03/2023 16:04, Petr Menšík wrote: I do not like attempts to filter out valid queries from clients on the side of dns cache. It should cache the HTTPS type, which it currently does not. That makes those kind of queries much more expensive. Agree about HTTPS caching. I think it should

Re: [Dnsmasq-discuss] Method to get Dnsmasq serve address of a host from interface address

This is really the function of the dnsmasq.conf.example file that's ditsributed with the source code for dnsmasq. Unfortunately that has become rather out-of-date. It could do with a major overhaul. Simon. On 14/03/2023 07:55, Olivier wrote: Hello, Could it be possible to add an example

Re: [Dnsmasq-discuss] State of blocking type=65 requests?

On 11/03/2023 17:34, Ed W wrote: On 07/03/2023 21:50, Simon Kelley wrote: On 06/03/2023 22:36, Ed W wrote: Hi, can I get a leg up in understanding the options for blocking dns queries for a specific resource type, specifically type 65 queries My motivation for needing this is that we

Re: [Dnsmasq-discuss] [PATCH] Value stored to 'outmsgtype' is never read

Yes, that's a bug. I prefer to goto theend of the function rather than duplicate the scary code that sets the message type. By reordering some code there, the logging works better too. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=00be8b39e240934e404533deda08cbae2aae25a8

Re: [Dnsmasq-discuss] Method to get Dnsmasq serve address of a host from interface address

On 13/03/2023 17:01, Simon Kelley wrote: Thanks for the bug report, it's definitely not noise. The history of line 363 is interesting. When the dynamic-host option was added, it looked like if (netmask.s_addr == 0x) and stayed like that until October 2022 when it got changed

Re: [Dnsmasq-discuss] Method to get Dnsmasq serve address of a host from interface address

Thanks for the bug report, it's definitely not noise. The history of line 363 is interesting. When the dynamic-host option was added, it looked like if (netmask.s_addr == 0x) and stayed like that until October 2022 when it got changed to the current version if (netmask.s_addr ==

Re: [Dnsmasq-discuss] [PATCH v2] dbus: allow setting filter-A and filter-AAAA options

Apologies for ignoring you. Patch looks fine. Applied to git repo. Cheers, Simon. On 07/03/2023 23:20, Clayton Craft wrote: On Thu, 23 Feb 2023 21:40:10 -0800 Clayton Craft wrote: On Fri, 10 Feb 2023 13:53:05 -0800 Clayton Craft wrote: Any chance this could get merged? Being able to set

Re: [Dnsmasq-discuss] State of blocking type=65 requests?

On 06/03/2023 22:36, Ed W wrote: Hi, can I get a leg up in understanding the options for blocking dns queries for a specific resource type, specifically type 65 queries I see there was a patch to implement a "filter-http" option here:     https://github.com/rozahp/dnsmasq It possibly

Re: [Dnsmasq-discuss] Segfault when no uplink dns server is available

5dc14b6e05f39a5ab0dc02e376b1d7da2fda5bc1 (HEAD -> master, tag: v2.89) On Mon, 2023-03-06 at 16:11 +0000, Simon Kelley wrote: Thanks for the comprehensive analysis. You don't mention what version of dnsmasq you were testing. I think that this was fixed in release 2.88, the commit is: https://thekelleys.org.uk/gitweb

Re: [Dnsmasq-discuss] [PATCH] Fix --rev-server option

Patch applied. Cheers, Simon. On 03/03/2023 17:17, Dominik Derigs wrote: Hey Simon, CC list, the --rev-server option is currently broken in the released version of dnsmasq for any non-dividable-by-eight CIDR subnets. It got broken in commit 1db9943 when resolving upstream servers by name

Re: [Dnsmasq-discuss] Segfault when no uplink dns server is available

Thanks for the comprehensive analysis. You don't mention what version of dnsmasq you were testing. I think that this was fixed in release 2.88, the commit is: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2fc904111d9b6ec45fc1e4ec9f1f8b43c1e67b9b If you were testing 2.88 or

Re: [Dnsmasq-discuss] Feature Request: DNS over TLS or HTTPS

If you were to implement this in dnsmasq, by far the best way would be to put proxy in front of dnsmasq. The existing dnsmasq concurrency model just doesn't support the implementation. If relies on most queries happening over UDP, and the context for such queries being very minimal. Anything

Re: [Dnsmasq-discuss] How to set no gateway

On 25/02/2023 00:05, Donald Muller wrote: Thank you for responding Matus. It worked perfectly! This behavior should really be documented. My first reaction to this was "I'm sure it is!" but actually it isn't, except in the example config file. I've added a paragraph to the man page to fix

Re: [Dnsmasq-discuss] consider adding a `dnsmasq --no-read-or-load-any-config` feature?

How does it differ from --conf-file=/dev/null Simon. On 04/03/2023 21:22, Johnny Utahh wrote: Is this worth considering? Proposal: add a `dnsmasq --no-read-or-load-any-config` feature. Details: 1.

Re: [Dnsmasq-discuss] ipv6 slaac or stateless - No address or no address range available

On 27/02/2023 20:10, Eric Fahlgren wrote: Does 'option6:3' translate this from DHCPv4's 'router' to an RA, or does it consider it to be DHCPv6 'OPTION_IA_NA'?  Does the 'option6:6' (OPTION_ORO) use DHCPv4 dns-server semantics, or does it interpret it as DHCPv6 23, OPTION_DNS_SERVERs, or

Re: [Dnsmasq-discuss] ipv6 slaac or stateless - No address or no address range available

On 27/02/2023 20:10, Eric Fahlgren wrote: On Mon, Feb 27, 2023 at 8:15 AM Simon Kelley <mailto:si...@thekelleys.org.uk>> wrote: On 25/02/2023 16:19, Daniel via Dnsmasq-discuss wrote: > dhcp-option=tag:computer6,option6:3,fd99:1234:beef:cafe::2 > dhcp-optio

Re: [Dnsmasq-discuss] ipv6 slaac or stateless - No address or no address range available

On 25/02/2023 16:19, Daniel via Dnsmasq-discuss wrote: Hi, I'm banging my head with a KVM VM only ipv6 who can't get stateless dhcpv6 address. Always getting messages like shown below: Configuration being enable-ra ra-param=lan,high,60,60

Re: [Dnsmasq-discuss] Is leasquery supported in Dnsmasq

src/rfc2131.c has all the relevant code: add code to handle DHCPLEASEQUERY to the switch in dhcp_repy(); HOWEVER. Whilst the RFC sort of makes this sound like a general query system, it's actually a hack to solve a specific problem that access concentrators don't have persistent storage, so

Re: [Dnsmasq-discuss] Query on "strict-order"

On 23/02/2023 13:58, Gomathi Shankar P S wrote: Hi Simon, Thanks for the response. We have updated resolv.dnsmasq file with couple of false nameservers (just to experiment) at the top. With pinging /google.com /, we could observe that the dnsmasq (with *strict-order*)

Re: [Dnsmasq-discuss] Query on "strict-order"

OK, I can belive that behaves in the way you've seen, and there's not way to alter that. You should try the latest release, and also configure fast-retry, that might give your better behaviour. It's still the case that "strict-order" is not really compatible with dealing with unreliable

Re: [Dnsmasq-discuss] Query on "strict-order"

What release of dnsmasq are you using? The behaviour around SERVFAIL has changed several times over the years. Simon. On 21/02/2023 10:39, Gomathi Shankar P S wrote: Hello, Sorry for asking a basic question. I was experimenting with "strict-order" and I could see that dnsmasq reaches out

Re: [Dnsmasq-discuss] DHCPv6 - Relay-reply dhcpv6.option.type 79 Client Link-Layer Address with zero length

On 12/02/2023 16:19, Harald Jensas wrote: On 2/11/23 23:39, Simon Kelley wrote: Is dnsmasq acting as the relay or as the DHCP server in that pcap? Simon. dnsmasq is acting as the DHCP server in the attached pcap. I'm confused. The code in dnsmasq to handle a dhcpv6 packet which has

Re: [Dnsmasq-discuss] DHCPv6 - Relay-reply dhcpv6.option.type 79 Client Link-Layer Address with zero length

Is dnsmasq acting as the relay or as the DHCP server in that pcap? Simon. On 10/02/2023 17:01, Harald Jensas wrote: Hi, The router is dropping relay replies from dnsmasq because it sees the Option 79 with lenght of 0 as invalie, i.e less that minimum length. I have attached a pcap file

Re: [Dnsmasq-discuss] logging DHCPDISCOVER

If you set the log-dhcp option in the dnsmasq config, it will log all the options being sent to the client, which should include a copy of the vendor-class received from the client. Cheers, Simon. On 09/02/2023 20:54, Carl Karsten wrote: I want to gather stats on how often I don't get a

Re: [Dnsmasq-discuss] Can't get tags to apply with dhcp-circuitid

Luckily, we have the complete data being added by the relay option: 82 agent-id 01:04:00:64:00:02:02:06:5c:f4:ab:af:6f:9c That's at circuit-ID (01) of length four (04) value 00:64:00:02 and a remote-id (02) length six (06) value 5c:f4:ab:af:6f:9c So you can either match against the remote-id

  1   2   3   4   5   6   7   8   9   10   >