Re: [Dnsmasq-discuss] Single-port mode for TFTP

On 31/12/2019 08:36, kvaps wrote: > On Tue, Dec 31, 2019 at 8:45 AM Kurt H Maier > wrote: > > If you need this kind of functionality in Kubernetes you're much better > off using a different CNI plugin to manage your networking.  There's no > inherent NAT requir

Re: [Dnsmasq-discuss] dnsmasq Debian 10 ipset nftables

Main dnsmasq maintainer here. I just looked at the nftables documentation, and it looks like all the support is needed to do the same sort of things we do with iptables, but it would take either an nftables expert or a lot of reading to get sufficiently familiar with the system to actually impleme

Re: [Dnsmasq-discuss] --proxy-dnssec?

On 20/12/2019 15:23, S.B. wrote: >   > Hi > > I did a few tests with the --proxy-dnssec option and according to my > tests it seems as if this feature is not working as documented. > > If I query a dnssec signed domain I get an ad flag from my unbound which > is my upstream server, but on every

Re: [Dnsmasq-discuss] Dnsmasq reading /etc/resolv.conf with 127.0.0.1 in it

On 20/12/2019 16:24, Kasper Grubbe wrote: > Hi, > > As I mentioned in my previous email I was looking into loops with > Dnsmasq, and I noticed something interesting when it booted: > >> Started DNS caching server.. >> Starting DNS caching server >> started, version 2.76 cachesize 150 >> compi

Re: [Dnsmasq-discuss] Listening on 0.0.0.0 and using bind-interfaces

On 20/12/2019 16:17, Kasper Grubbe wrote: > Hi, > > I'm currently trying to investigate some issues that I am seeing in the > logs: > dnsmasq: Maximum number of concurrent DNS queries reached (max: 150)  > > This is my configuration: > server=/consul/127.0.0.1#8600 > liste

Re: [Dnsmasq-discuss] dnsmasq sending truncated DHCPv6 packets

On 19/12/2019 14:09, Derek Higgins wrote: > On Tue, 3 Dec 2019 at 18:36, Simon Kelley wrote: >> >>> The patch to fix this is trivial: change the save_counter() call to >>> >>> save_counter(-1) >>> >>> I just checked, and this mistake

Re: [Dnsmasq-discuss] RFC 8735 and Dnsmasq

On 18/12/2019 11:19, john doe wrote: > On 12/18/2019 11:29 AM, Kurt H Maier wrote: >> On Wed, Dec 18, 2019 at 08:46:22AM +0100, john doe wrote: >>> Hi, >>> >>> I was wondering what is the state of (1) with regard to Dnsmasq? >>> >>> Any help is appriciated. >>> >>> 1) https://tools.ietf.org/html/r

Re: [Dnsmasq-discuss] dnsmasq sending truncated DHCPv6 packets

On 19/12/2019 14:09, Derek Higgins wrote: > Thanks for taking a look at this and sorry it's taken so long to get > back to you, > I've applied your patch to v2.76 and I'm afraid it doesn't appear to > have solved the problem. > > But I do have a little bit more info, I've noticed that this appear

Re: [Dnsmasq-discuss] Separate logging facilities for dns queries and "standard" logs

On 12/11/2019 20:04, Diane wrote: > Hello, > > I have a need regarding Dnsmasq: > > I want to have "standard" (i.e. logs that are enabled by defualt) logs > in syslog, and I also want to retrieve every DNS query / config / > response, as to be able to build some stats on them. > > I have the fol

Re: [Dnsmasq-discuss] Segmentation fault when providing invalid --dhcp-match command line option

On 03/12/2019 22:52, Klaus Eisentraut wrote: > Hi, > > I recently did some fuzzing with afl-fuzz in the config file parsing > part of dnsmasq. I know it is not very useful, but it was very easy to > start with. > > Anyway, I found a (non-exploitable) crash in dnsmasq which can be > triggered by p

Re: [Dnsmasq-discuss] "--all-servers" always on?

By default, dnsmasq send a query to all the upstream servers over 50 queries or every 20 seconds. If you're testing and doing queries slowly, the 20 second rule can make it look like _every_ query gets broadcast. If this is a problem, you can edit src/config.h and recompile. #define FORWARD_TEST

Re: [Dnsmasq-discuss] How to update ipv6 for own interface? (Updated info)

On 10/12/2019 03:31, John Siu wrote: > Ok, let me elaborate more. > > I have following setup: > > Linux router server: > - OS: Ubuntu 18.04 > - wide-dhcp-client on external(internet facing) nic > - dnsmasq on lan interface(hostname: router) as dns, ipv4 + ipv6 dhcp > - lan interface IPv6 configur

Re: [Dnsmasq-discuss] error: not giving name to the DHCP lease because the name exists in /etc/hosts

There's probably an existing lease for 192.168.0.121. Depending on exactly how the client behaves, these can be difficult to get rid of. Clearing the leases file is also more difficult than it might seem. TL;DR If it's working now, that's fine. Ignore it. Simon. On 10/12/2019 03:30, isidore

Re: [Dnsmasq-discuss] Out-of-bound heap write when parsing invalid --dhcp-mac option

On 10/12/2019 00:01, Klaus Eisentraut wrote: > Hi, > > I found another crash in parsing code of a configuration file or command > line options. To reproduce it, simply run > > dnsmasq --dhcp-mac=,A...A > > with "a lot of" A (>=89 with dnsmasq 2.80 on Linux 5.4.2-arch1-1). If > you run

Re: [Dnsmasq-discuss] dhcp-name-match ?

On 05/12/2019 22:48, Simon Kelley wrote: > On 15/11/2019 03:53, James Feeney wrote: >> Hey Simon >> >> On 11/8/19 4:36 PM, Simon Kelley wrote: >>> If there's no name configured in the dnsmasq configuration, then the >>> client-provided name

Re: [Dnsmasq-discuss] dhcp-name-match ?

On 15/11/2019 03:53, James Feeney wrote: > Hey Simon > > On 11/8/19 4:36 PM, Simon Kelley wrote: >> If there's no name configured in the dnsmasq configuration, then the >> client-provided name will be matched. However if there is a name >> configured in the dnsmas

Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification

On 28/11/2019 22:26, Geert Stappers wrote: > On Tue, Nov 26, 2019 at 06:18:02AM -0500, Brian J. Murrell wrote: >> On Tue, 2019-11-26 at 07:52 +0100, Which Nameserver wrote: >>> >> } But NOT what might be causing the inconsistancy. >>> I hope that OP digs deeper. >> >> Probably not. I moved the des

Re: [Dnsmasq-discuss] Caching seems to not work

On 04/12/2019 11:01, Simon Effenberg wrote: > Hi, > > I was trying to test dnsmasq (2.80) and I either miss a point or I cannot > find how to enable the caching while being in TCP mode. > > I was trying to use it in a --keep-in-forground mode with a setup like > > dnsmasq -k --port=1053 --log-f

Re: [Dnsmasq-discuss] dnsmasq sending truncated DHCPv6 packets

On 03/12/2019 18:16, Simon Kelley wrote: > Ignore previous suggestions, I think I see the problem. > > The code to send a packet is > > while (retry_send(sendto(daemon->dhcp6fd, daemon->outpacket.iov_base, > save_counter(0), 0,

Re: [Dnsmasq-discuss] CPU spinning bug, possibly related to SSHFP queries

On 30/11/2019 20:55, Simon Kelley wrote: > This makes sense, the code looks like this > > while (crecp = lookup(name)) > { > char *cname_target = cache_get_cname_target(crecp); > > if (some stuff) >{ >other_stuff() >

Re: [Dnsmasq-discuss] dnsmasq sending truncated DHCPv6 packets

Ignore previous suggestions, I think I see the problem. The code to send a packet is while (retry_send(sendto(daemon->dhcp6fd, daemon->outpacket.iov_base, save_counter(0), 0, (struct sockaddr *)&from, sizeof(from; where the length to send

Re: [Dnsmasq-discuss] dnsmasq sending truncated DHCPv6 packets

On 29/11/2019 15:55, Derek Higgins wrote: > Hi, > > I've been trying to track down the reason for intermittent PXE > failures while using DHCPv6, > the failed PXE attempts seem to correlate with incomplete dhcp6 > advertise packets. > > e.g. in this sequence, the advertise packet length is 62 (al

Re: [Dnsmasq-discuss] CPU spinning bug, possibly related to SSHFP queries

This makes sense, the code looks like this while (crecp = lookup(name)) { char *cname_target = cache_get_cname_target(crecp); if (some stuff) { other_stuff() strcpy(name, cname_target); } } Which means that if the if () clause fails, it loops forever

Re: [Dnsmasq-discuss] dhcp-name-match ?

On 07/11/2019 03:52, James Feeney wrote: > Hey Simon > > On 10/30/19 3:32 PM, Simon Kelley wrote: >> The question is, [if] the client-provided name and the dhcp-host name >> differ, which one should be matched? Since this is broken, there's no >> pre-exi

Re: [Dnsmasq-discuss] Different local domain per dhcp zone in dnsmasq

On 30/10/2019 07:33, Carlos Gustavo Sarmiento wrote: > Hey Everyone, > > I'm testing an installation of dnsmasq on Ubuntu with two separate DHCP > ranges that get assigned based on the mac address of the device. > > ``` > ... > dhcp-range=10.1.0.100,10.1.0.200,12h > dhcp-range=net:iot,10.1.60.1,1

Re: [Dnsmasq-discuss] dhcp-name-match ?

#x27;s the one that should be used. Patch in git now, fixing DHCPv4 and DHCPv6 http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=6ebdc95754cbae1cea376f4856634377566485c0 Cheers, Simon. > > > James > > > > On 10/22/19 4:31 PM, Simon Kelley wrote: >>

Re: [Dnsmasq-discuss] CNAME trouble with no AAAA

On 26/10/2019 03:47, Dominick C. Pastore wrote: > On Fri, Oct 25, 2019, at 4:48 PM, Simon Kelley wrote: >> On 20/10/2019 17:55, Dominick C. Pastore wrote: >>> I apologize for continuing the discussion on this. The patch (applied on >>> top of 2.80-1 provided by Debia

Re: [Dnsmasq-discuss] [PATCH] DHCPv6 IAID should be of unsigned type

On 22/10/2019 20:41, Roy Marples wrote: > On 22/10/2019 17:17, Normen Kowalewski wrote: >> FAIW - i was curious to see if RFC 8415 of November 2018, the update >> of the now officially obsoleted RFC 3315, uses some other wording, but >> it also just speaks about 4 octets that jointly are an unsigne

Re: [Dnsmasq-discuss] [PATCH] DHCPv6 IAID should be of unsigned type

On 20/10/2019 18:19, Dominik DL6ER wrote: > Dear mailing list, > > The proposed patch ensures that the DHCPv6 IAID is of unsigned type. > This is entirely uncritical, however, as the variable is already now > interpreted and handled as being of unsigned type in > * lease.c:read_leases(), > * helpe

Re: [Dnsmasq-discuss] CNAME trouble with no AAAA

the cache, sending one of the NODATA queries results in > NXDOMAIN. I can't reproduce this. Could you provide a simple example? > > Neither of these are actually causing problems in my case, but I suspect this > isn't intended behavior either, so it seemed worth mentionin

Re: [Dnsmasq-discuss] Server-specific cache settings

On 25/10/2019 20:37, Nate Collins wrote: > Hello, > > I was wondering if it's possible to specify different cache sizes for > different servers in dnsmasq.conf (or outright disable caching for one > server). For example, if two upstream nameservers were configured - a local > server which updat

Re: [Dnsmasq-discuss] dhcp-name-match ?

Looking at the code, the only obvious explanation is if you are over-riding the hostname in the dnsmasq configuration, ie with dhcp-host. In that case the client-provided name is ignored, including for the purposes of dhcp-name-match. (This may be a bug, but it is also an explanation.) Simon O

Re: [Dnsmasq-discuss] dns-loop-detect doesn't appear to be working

Good question. This code happened five years ago, and has not been touched since. Looking back at the changelog and through my old email doesn't provide any inspiration. My feeling is that the reason is that you can't necessarily expect to get back sensible answers from such servers to queries whic

Re: [Dnsmasq-discuss] CNAME trouble with no AAAA

astore wrote: > On Fri, Oct 18, 2019, at 7:41 AM, Simon Kelley wrote: >> I can see a strong argument that a query for a name which is configured >> as a CNAME in dnsmaq, but for a type which is not known to dnsmasq, >> should return a NODATA reply. >> >> In fact I c

Re: [Dnsmasq-discuss] CNAME trouble with no AAAA

On 18/10/2019 12:51, Simon Kelley wrote: > On 18/10/2019 12:41, Simon Kelley wrote: > >> The obvious way is to provide an record for the "local names". The >> problem with that is it has to be real, or timeouts and stuff will >> happen, so those hosts need t

Re: [Dnsmasq-discuss] rebind-domain-ok bug? Not whitelisiing 4 word domain.

On 14/10/2019 23:05, Michael wrote: > Hi Simon, > > I'm using ASUS Merlin 384.13, which is compiled with dnsmasq > 2.80-44-g608aa9f, on my router.   I have rebind protection on and want > to whitelist "universal-web-internal.production.gannettdigital.com" as > for some reason after upgrading to iO

Re: [Dnsmasq-discuss] dnsmasq 2.81 release plans?

On 13/10/2019 16:43, Matthias Andree wrote: > Simon, > > dnsmasq 2.80 is apparently nearing its anniversary - what are the plans > WRT stabilizing, touching up and releasing 2.81? It seems the Git has a > nice collection of regression and other bug fixes. > > FreeBSD releases quarterly according

Re: [Dnsmasq-discuss] CNAME trouble with no AAAA

On 17/10/2019 02:41, Dominick C. Pastore wrote: > Hello, > > I'm having a bit of a problem with the "cname" option in Dnsmasq. I have some > configuration options like these in dnsmasq.conf, where "host1" and "host2" > have IPv4 addresses from DHCP: > > domain=philadelphia.example.com > local=/

Re: [Dnsmasq-discuss] CNAME trouble with no AAAA

On 18/10/2019 12:41, Simon Kelley wrote: > The obvious way is to provide an record for the "local names". The > problem with that is it has to be real, or timeouts and stuff will > happen, so those hosts need to be dual-stack. > > I can see a strong argument that a

Re: [Dnsmasq-discuss] clang format

On 10/10/2019 22:00, Geert Stappers wrote: > > In-Reply-To: <55adb604-91a9-77a8-ed41-500363f4c...@mail.com> > Previous-Subject: Re: [Dnsmasq-discuss] [patch] empty empty lines > On Mon, Sep 30, 2019 at 07:18:12PM +0200, john doe wrote: >> On 9/30/2019 4:50 PM, Simon Kelle

Re: [Dnsmasq-discuss] (PATCH) catch up

l/dnsmasq-discuss/2019q2/013010.html > 4. > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q2/013013.html > 5. > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009520.html > > On 9/30/19 4:51 PM, Simon Kelley wrote: >> Now would be a good time

Re: [Dnsmasq-discuss] FreeBSD TFTP issue (failure to serve via IPv4) reported against 11.3/12.x

On 05/10/2019 09:44, Matthias Andree wrote: > Am 05.10.19 um 09:54 schrieb Geert Stappers: >> Questions: >> Which version of Dnsmasq did work? ( git bi-sect known good) >> Which version of Dnsmasq doesn't work? ( git bi-sect known bad) >> >> In case it is stated in >>>

Re: [Dnsmasq-discuss] [PATCH] Add dhcp-ignore-clid configuration option

On 10/10/2019 16:54, Florent Fourcot wrote: > Hello Simon, > > >> Of course, it involves enumerating the broken machines, rather than a >> blanket setting covering everything, but that's probably a good thing. >> It's what I wanted to provide with the tag extension I suggested, and >> rather rend

Re: [Dnsmasq-discuss] DNSSEC Retry causes SEGFAULT

d try it out, that would be great. Cheers. Simon. On 09/10/2019 19:55, Dominik DL6ER wrote: > FYI: Shared the requested PCAP file directly with Simon as it contains > sensitive information (browsing behavior). > > Best, > Dominik > > On Mon, 2019-10-07 at 17:58 +0100, Si

Re: [Dnsmasq-discuss] [PATCH] Add dhcp-ignore-clid configuration option

On 03/10/2019 06:52, Geert Stappers wrote: > On Mon, Sep 16, 2019 at 11:09:30PM +0100, Simon Kelley wrote: >> On 16/09/2019 08:03, Florent Fourcot wrote: >>> On 20/06/2019 10:26, Florent Fourcot wrote: >>>> The idea of this option was already discussed year

Re: [Dnsmasq-discuss] [PATCH v2] Change dhcp_release to use default address when no IP subnet matches

thing and still exit without error. I admit it would > be rare, as IPv4 address has to be missing on given device. Anyway, I > think showing error and returning error code does not hurt. > > Patch attached. > > Cheers, > Petr > > On 8/30/19 10:22 PM, Simon Kelley wrote: >

Re: [Dnsmasq-discuss] --addn-hosts and --hostsdir

On 02/10/2019 07:25, Geert Stappers wrote: > On Wed, Oct 02, 2019 at 11:16:18AM +0800, Hongyi Zhao wrote: >> Hi, >> >> The manpage said that: >> >> --- >> -H, --addn-hosts= >> Additional hosts file. Read the specified file as well >> as >> /etc/hosts. If

Re: [Dnsmasq-discuss] DNSSEC Retry causes SEGFAULT

On 05/10/2019 11:22, Dominik wrote: > Hey all, > > I'm reporting a bug on behold of another user that does not want to > contact this mailing list himself. > > Short summary: With DNSSEC enabled, the user sees a crash when dnsmasq > wants to retry a query after the upstream DNS server responded b

Re: [Dnsmasq-discuss] (PATCH) catch up

Now would be a good time to tell me all the stuff I should be dealing with. Simon On 24/09/2019 06:54, Geert Stappers wrote: > On Thu, Jan 03, 2019 at 08:12:43PM +0000, Simon Kelley wrote: >> Prodding me is fine, and has done the trick here. > > :-) > > >> In

Re: [Dnsmasq-discuss] [patch] empty empty lines

To be clear, I have no objection to this sort of patch/suggestion. It should be fairly clear, however, that my available time to work on dnsmasq at the moment is limited, and stuff like this is not a priority, and likely to be pushed to the back of the queue, possibly so far that it never emerges

Re: [Dnsmasq-discuss] [PATCH] Add dhcp-ignore-clid configuration option

On 16/09/2019 08:03, Florent Fourcot wrote: > Hello Simon, > > Could you have a look on this patch? Please let me know if something is > missing, I'm ready to work on a v2. Apologies for ignoring you. The principle is a good one, but it's worth making this conditional, so that only clients which

Re: [Dnsmasq-discuss] TCP queries are refused if upstream server is specified with interface

On 15/09/2019 08:00, Tore Anderson wrote: > * Simon Kelley > >> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=90d7c6b97dbae2c913e7bb7af9c6c0f874493092 >> >> should fix this, if I've understood it right. > > Hi Simon, > > Not quite. With th

Re: [Dnsmasq-discuss] TCP queries are refused if upstream server is specified with interface

On 14/09/2019 20:36, Simon Kelley wrote: > On 13/09/2019 13:37, Tore Anderson wrote: >> * Tore Anderson >> >>> Start out with the following /etc/dnsmasq.conf, replacing «wlp2s0» as >>> appropriate: >>> >>> log-queries >>> no-hosts >&

Re: [Dnsmasq-discuss] TCP queries are refused if upstream server is specified with interface

masq and send it a TCP query: >> >> $ src/dnsmasq -d -p 5333 > > Bisected: > > 305ffb5ef0ba5ab1df32ef80f266a4c9e395ca13 is the first bad commit > commit 305ffb5ef0ba5ab1df32ef80f266a4c9e395ca13 > Author: Simon Kelley > Date: Sat Mar 16 18:17:17 2019 + >

Re: [Dnsmasq-discuss] Insecure CNAME pointing to Secure name incorrectly validates as Bogus

On 04/09/2019 18:40, Tore Anderson wrote: > > (By the way, I did send the promised PCAP yesterday. However, because the > message was >40KB, it was queued for moderation by the mailing list > administrator.) > So you did, it's there, as are several others, which raises the question of why mail

Re: [Dnsmasq-discuss] dns flag day 2020

On 02/09/2019 19:52, Dave Taht wrote: > > Does anyone have an opinion on: > > https://github.com/dns-violations/dnsflagday/issues/125 > > (posteth not here, but on that thread) > Dnsmasq has code which tries to detect lost oversize UDP packets and reduces the maximum sent to 1280. If the powe

Re: [Dnsmasq-discuss] code style

a single tab or eight spaces are just alternate representations of the same thing, surely? Simon > > > > On Wed, Sep 11, 2019 at 2:05 PM Simon Kelley <mailto:si...@thekelleys.org.uk>> wrote: > > There seems to be confusion here between code style, and code

Re: [Dnsmasq-discuss] [BUG] [PATCH] RA are sent too fast and slows down the machine

14:32:25.293> prefix fc58:a22:180d:7800::/64dev simbr onlink autoconf > valid 1800 preferred 1800 > 14:32:27.317> 2: simbrinet6 > fc58:a22:180d:7800:6887:6dff:fe07:6f54/64 scope global dynamic mngtmpaddr > 14:32:27.318> valid_lft 1798sec preferred_lft 1798sec > >

Re: [Dnsmasq-discuss] code style

gt; >> >> > > I agree, consistent code is best, clear guideline could be usefull for > new code. > Simon Kelley, the belligerent dictator of the Dnsmasq project will need > to way in on such changes though. > > -- > John Doe > > _

Re: [Dnsmasq-discuss] Insecure CNAME pointing to Secure name incorrectly validates as Bogus

ipv6.org.uk is no DS >> [...] >> >> This query is repeated ~44 times in a tight loop. It makes a total of 50 >> queries before giving up, I guess it hits a built-in limit. >> >> PCAP attached. >> >> It seems to happen with *all* Insecure domain names

Re: [Dnsmasq-discuss] Insecure CNAME pointing to Secure name incorrectly validates as Bogus

ipv6.org.uk is no DS >> [...] >> >> This query is repeated ~44 times in a tight loop. It makes a total of 50 >> queries before giving up, I guess it hits a built-in limit. >> >> PCAP attached. >> >> It seems to happen with *all* Insecure domain names

Re: [Dnsmasq-discuss] Insecure CNAME pointing to Secure name incorrectly validates as Bogus

On 03/09/2019 15:45, Simon Kelley wrote: > On 31/08/2019 23:06, Tore Anderson wrote: >> I've noticed that Dnsmasq git master (2.80-68-gfef2f1c) will sometimes >> incorrectly return SERVFAIL and log a Bogus verdict when looking up domain >> names which are Insecure

Re: [Dnsmasq-discuss] Insecure CNAME pointing to Secure name incorrectly validates as Bogus

On 31/08/2019 23:06, Tore Anderson wrote: > I've noticed that Dnsmasq git master (2.80-68-gfef2f1c) will sometimes > incorrectly return SERVFAIL and log a Bogus verdict when looking up domain > names which are Insecure CNAMEs for a Secure names. > > For example: > > www.ipv6.org.uk. IN CNAME pr

Re: [Dnsmasq-discuss] [BUG] [PATCH] RA are sent too fast and slows down the machine

This is useful information, but what I don't understand, is where the flooding comes from. Sure, this confusion means that unsolicted ra will run every time there's a "new address" event, even if the new address isn't on the expected interface, but I can't see how it generates more "new address eve

Re: [Dnsmasq-discuss] [PATCH v2] Change dhcp_release to use default address when no IP subnet matches

That looks fine. Patch applied. Cheers, Simon. On 28/08/2019 21:13, haleyb@gmail.com wrote: > From: Brian Haley > > Currently, dhcp_release will only send a 'fake' release > when the address given is in the same subnet as an IP > on the interface that was given. > > This doesn't work i

Re: [Dnsmasq-discuss] Insecure DS reply received, do upstream DNS servers support DNSSEC?

On 29/08/2019 17:53, Tore Anderson wrote: > Hi Simon, > >> Now, it's certainly possible to verify that the DS record doesn't exist >> without relying on the data in the SOA record. BUT there is a problem: >> having determined securely that the DS record doesn't exist, dnsmasq >> caches that inform

Re: [Dnsmasq-discuss] Insecure DS reply received, do upstream DNS servers support DNSSEC?

On 24/08/2019 18:47, Tore Anderson wrote: > Some more information: > >> When the bug occurs, the error «Insecure DS reply received, do upstream DNS >> servers support DNSSEC?» is logged. > > I think that the problem might be caused by this query in frames 7-8 of the > PCAP: > > 7 0.00742

Re: [Dnsmasq-discuss] [PATCH] Change dhcp_release to use first address when no IP subnet matches

On 26/04/2019 21:03, Brian Haley wrote: > Currently, dhcp_release will only send a 'fake' release > when the address given is in the same subnet as an IP > on the interface that was given. > > This doesn't work in an environment where dnsmasq is > managing leases for remote subnets via a DHCP rela

Re: [Dnsmasq-discuss] localise-queries and IPv6

On 06/08/2019 18:14, Carsten Spieß wrote: > Hello Simon, > >>> I've added entries for a multi homed machine to the hosts file. >>> For IPv4 i get one address localized to the caller, >>> for IPv6 i get a list of all addresses. >>> >>> The man page notes for localise-queries 'Currently this facilit

Re: [Dnsmasq-discuss] try to setup RFC 2317 reverse DNS server

On 15/08/2019 14:19, Yangfl wrote: > Hi, > > I'm trying to setup my reverse DNS server which is sub-delegated from > the upstream by RFC 2317. However, I can not type any prefix len for > `--rev-server` other than 8, 16, 24, like > `--rev-server=192.0.2.0/25,192.0.2.1`, and I don't know how to mak

Re: [Dnsmasq-discuss] dhcp_lease_time utility not working

On 13/08/2019 06:39, Geert Stappers wrote: > On Mon, Aug 12, 2019 at 05:31:05PM -0700, Tomasz Szajner wrote: >> Hi, >> >> It looks like the dhcp_lease_time utility is not working anymore >> (after I upgraded to version 2.80). I tracked it down to commit >> 2b38e382, in the file contrib/lease-tools/

Re: [Dnsmasq-discuss] [PATCH dnsmasq] crypto: use nettle ecc_curve access functions

Vladislav's patch looks better, for backward compatibility reasons. Merged into git repo. Simon. On 11/08/2019 13:10, Dominik wrote: > Does this patch break compatibility with nettle < 3.4? > > The solution offered here seems to be better: > https://github.com/themiron/dnsmasq/commit/6fd9aba7ab

Re: [Dnsmasq-discuss] DNSSEC slow query / TCP/ truncated issue

On 14/08/2019 18:51, Dominic Preston wrote: > On Wed, 14 Aug 2019 at 18:43, Simon Kelley wrote: >> >> On 11/08/2019 21:01, Dominic Preston wrote: >>> Hi, >>> >>> I have a fresh installation of Ubuntu 18.04 on Google Cloud Platform. >>> I h

Re: [Dnsmasq-discuss] DNSSEC slow query / TCP/ truncated issue

On 11/08/2019 21:01, Dominic Preston wrote: > Hi, > > I have a fresh installation of Ubuntu 18.04 on Google Cloud Platform. > I have compiled the latest version of dnsmasq with the following > configuration: > > no-resolv > server=8.8.8.8 > conf-file=/usr/share/dnsmasq-base/trust-anchors.conf > d

Re: [Dnsmasq-discuss] localise-queries and IPv6

On 03/08/2019 18:11, Carsten Spieß wrote: > Hello, > > I've added entries for a multi homed machine to the hosts file. > For IPv4 i get one address localized to the caller, > for IPv6 i get a list of all addresses. > > The man page notes for localise-queries 'Currently this facility is limited >

Re: [Dnsmasq-discuss] leases file only contains a single entry

There's not quite enough information to be sure, but my guess is that each of the three clients is sending the SAME client-id, ff:00:d9:85:be:00:01:00:01:24:95:20:a9:52:54:00:d9:85:be If a client-id is provided, it's used in preference to the MAC address to identify the client. dnsmasq has therefo

Re: [Dnsmasq-discuss] [PATCH] fix build after y2038 changes in glibc

On 10/07/2019 07:32, Jiri Slaby wrote: > SIOCGSTAMP is defined in linux/sockios.h, not asm/sockios.h now. Patch applied. Thanks. Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/li

Re: [Dnsmasq-discuss] DNSSEC validation failing on Cloudflare test domain

answer. Cheers, Simon. > > > Thanks, > Hamish > > PS Did you mean to reply off-list? No, my mistake, I've added the list back. > > > On 18/7/19 7:03 pm, Simon Kelley wrote: >> Does is work if you use 8.8.8.8 instead if 1.1.1.1? I'm pretty sure this

Re: [Dnsmasq-discuss] DNSSEC validation failing on Cloudflare test domain

I'm not in a position to look at this for a few days, but in the meantime, http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q1/012910.html discusses a situation which looks, at least superficially, similar. It might be worth turning on DNS logging and seeing if the similarity goes d

Re: [Dnsmasq-discuss] crash with DNSSEC on 2.80

Ugh, that's nasty. Thanks for the good bug report. It this reproducible? A domain which when validated always prompts a crash would be very useful. From the information we have, the obvious problem is rrsetidx=27430912 which makes no sense, and will surely crash a buffer. That value is generated

[Dnsmasq-discuss] Server problems.

This post is partly to apologies for list server problems over the last few week, and partly to test if they are now fixed. Sorry for the noise. Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org

Re: [Dnsmasq-discuss] ubus problem

On 10/04/2019 17:55, Jan Willem Janssen wrote: > On Mon, 2019-04-08 at 20:41 +0100, Simon Kelley wrote: >>> I've to give it some thought about how we could support multiple Dnsmasq >>> instances in >>> combination with UBus. Not sure how the DBus im

Re: [Dnsmasq-discuss] ubus problem

> > I've to give it some thought about how we could support multiple Dnsmasq > instances in > combination with UBus. Not sure how the DBus implementation would handle > this... It doesn't: the path is a compile-time parameter. It's not clear that the entities on the other end of the UBus un

Re: [Dnsmasq-discuss] ubus problem

@Jan? (I suspect that nothing has changed, except that a previously silent error is now no longer silent, but it would be nice to confirm this, and maybe explicitly consider this case.) Simon On 08/04/2019 15:24, e9hack wrote: > Hi, > > I'm using the latest dnsmasq version with openwrt. There

Re: [Dnsmasq-discuss] misunderstanding negative caching

ver tried immediately, or c) just a > timeout within system defined time out? > > We are looking to avoid a delay with failing / overloaded DNS servers, > whence asking all those weird questions. > > Thanks again, > > On 4/4/2019 10:39 AM, Simon Kelley wrote: >&g

Re: [Dnsmasq-discuss] Netboot drops DNSMasq DHCP offer

pture happens before or after iptables, for the packet to be blocked, but still appear (as it did) in the packet capture, it would have to be before iptables. Cheers, Simon. On 04/04/2019 18:42, Conrad Kostecki wrote: > Hi Simon, > > Am 04.04.2019 16:10:32, "Simon Kelley" s

Re: [Dnsmasq-discuss] misunderstanding negative caching

On 27/03/2019 00:32, alexander.v.lit...@gmail.com wrote: > Dear list, > > I configured dnsmasq with enabled negative cache and neg-ttl 600.  I > attempted to use it with a query that times out (configured fake dns servers > in the config file).  When I ping a host, I have NXDOMAIN in logs.  Howev

Re: [Dnsmasq-discuss] Odd caching behaviour...

rder to test though. Not reproducible, then. That's a pity. Cheers, Simon. > > Cheers, > > John > > > > On Fri, 29 Mar 2019 at 22:43, Simon Kelley <mailto:si...@thekelleys.org.uk>> wrote: > > On 21/03/2019 11:01, John Robson wrote: > > OK, &

Re: [Dnsmasq-discuss] dnsmasq router advertisement/DHCPv6 configuration

On 29/03/2019 16:55, Marco Schuster wrote: > Hello all, > > I have a working IPv4 setup as follows: > 1) AVM FritzBox as DSL router > 2) Debian / dnsmasq 2.80-1 router, with eth0 being uplink to the > FritzBox and eth1.X the client VLANs (1-16) > 3) a couple dozen clients in the different VLANs >

Re: [Dnsmasq-discuss] Preferred vs Valid dhcpv6 lifetime

On 03/04/2019 04:56, Bryce Larson wrote: > In many dhcpv6 servers and on layer 3 switches, you can configure the > valid lifetime and the preferred lifetime separately for dhcpv6 leases.  > Does that functionality exist in dnsmasq?  It doesn't seem to be > documented in the man page.  Looking under

Re: [Dnsmasq-discuss] Netboot drops DNSMasq DHCP offer

On 03/04/2019 19:47, Conrad Kostecki wrote: > Hi, > in order to make PXE possible with older notebooks, I've compiled for > myself Netboot. > This is a piece of software, which starts from floppy, where you can > load your dos paket driver and start PXE. > Basically, it makes possible to boot with

Re: [Dnsmasq-discuss] 'shared-network' behavior would be huge

7.254 or .128.254, can I safely just > have a 'shared-network' config line for each even though one will be a > bit redundant (shared-network=192.168.127.254,192.168.127.0)? Yes, that should work fine. Cheers, Simon. > > So far, this is really great. Thank you so much

Re: [Dnsmasq-discuss] 'shared-network' behavior would be huge

ut it doesn't have enough information in this case. You can set tag in the dhcp-range, as before, and use it to control the DHCP options sent to the client (which should include router, as the normal default route option won't be sent. Simon. > On Fri, Mar 29, 2019 at 4:13 PM Simon

Re: [Dnsmasq-discuss] Odd caching behaviour...

On 21/03/2019 11:01, John Robson wrote: > OK, > > Maybe this does reveal something about the caching... > Which might be expected behaviour, but I am not convinced it's useful... > > Overnight monitoring has shown that the upstream server does > occasionally send back an incomplete (but perfectly

Re: [Dnsmasq-discuss] [PATCH] Improve UBus support

This all looks sensible, with one exception: the logging in set_ubus_listeners() and check_ubus_listeners() and associated with the calls to check_ubus_listeners can potentially massively span the logs - a long lived error will log multiple lines every time dnsmasq spins its event loop. It would be

Re: [Dnsmasq-discuss] Is wrapping close() in retry_send() required ?

On 26/03/2019 19:33, Pali Rohár wrote: > On Wednesday 27 February 2019 17:07:21 Simon Kelley wrote: >> On 27/02/2019 15:06, Bogdan Harjoc wrote: >>> There are 50 calls to close() in dnsmasq-2.80, and 10 of them are >>> wrapped in retry_send(). >>> >>>

Re: [Dnsmasq-discuss] 'shared-network' behavior would be huge

On 29/03/2019 20:36, Ryan Gray wrote: > Hello other humans, > > First, Simon Kelly, thank you for dnsmasq. > > I noticed here > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q4/012700.html > that there was discussion of the possibility of supporting behavior like > ISC's 'shared-ne

Re: [Dnsmasq-discuss] [PATCH] Fix cmsg(3) API usage on OpenBSD

Patch applied. Many thanks. There's another instance of the same problem the src/dhcp.c which I've fixed as a separate commit. Cheers, Simon. On 22/03/2019 10:36, Jeremie Courreges-Anglas wrote: > > Hi, > > an unpatched dnsmasq daemon fails on OpenBSD since 2016, since kernel > support was

Re: [Dnsmasq-discuss] Parsing limitation for big dns query responses in tcp

Could you give more details on exactly how you're testing this? Whereever that error is coming from, it's not from dnsmasq, which doesn't use the resolver library at all. Simon. On 20/03/2019 14:59, Philippe Lamhaut wrote: > Hello, > > I am using dnsmasq version 2.80 as dns client in an applic

Re: [Dnsmasq-discuss] Minimal capabilities for options

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=305ffb5ef0ba5ab1df32ef80f266a4c9e395ca13 is a first pass on this. I have a nasty feeling that there are configurations which need some of the capabilities and have had a free pass because they are always there, which I've missed (I only ju

<    2   3   4   5   6   7   8   9   10   11   >