Re: [Dnsmasq-discuss] Patch for IANA KSK 2024

[wkitty42]

On 8/16/24 3:15 AM, Loganaden Velvindron wrote:

Dear All,

Please find attached the patch for IANA. Feedback welcomed. It will
become active in 2026. It would be better for distributors to get it
now rather than wait until the last minute. We can then switch off the
2017 TA later.


there appears to be a misspelling in the very last line of the patch... 
shouldn't it be "anchor" instead of "achcor"??



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq with Active Directory

[wkitty42]

On 11/10/23 3:57 PM, Matus UHLAR - fantomas wrote:

On 10.11.23 13:41, Rick Gutierrez wrote:

Hi list, A few days ago I configured dnsmasq so that my internal users
would use it as the main DNS, but I have some problems, if I try to
connect a PC with Windows to the active directory it cannot do so.


AFAIK Active Directory requires/includes DNS and if you use AD, you should use 
AD's DNS servers.


this ^^^
when we used AD, we configured it to pass external DNS lookups to dnsmasq 
sitting on the perimeter... the AD handled everything inside and dnsmasq handled 
all the external lookups... all internal machines looked to the AD for 
everything and had no idea about dnsmasq...




If dnsmasq forwards all requests to AD servers, it COULD work, but
why to have dnsmasq then?

there are still requests that can be changed/responded by dnsmasq, which may 
cause your troubles.



my Active Directory is windows server 2019 and it is my main dns, for
computers with windows 10/11.

This is the configuration for dnsmasq to work with active directory:

more /etc/dnsmasq.d/ad2019.domain.conf

# forward lookups
server=/ad2019.domain.com/172.16.8.32

# PTR/reverse lookups
server=/16.172.in-addr.arpa/172.16.8.32
server=/17.172.in-addr.arpa/172.16.8.32
server=/168.192.in-addr.arpa/172.16.8.32

ip active directory: 172.16.8.32

config of file dnsmasq.conf

local=/domain.com
domain=domain.com

any help or experience in this scenario?






--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Confused about simple subdomain authoritative server (re: home network)

[wkitty42]

On 11/6/23 8:22 AM, John Klimek wrote:
Here is the dnsmasq.conf I'm using.  It seems to return authoritative responses 
for home.mydomain.com  but if I query anything else it 
returns REFUSED:


i think no-resolv might cause that...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Having dnsmasq coexist with other dhcp server

[wkitty42]

On 10/18/23 3:58 AM, Luigi Baldoni via Dnsmasq-discuss wrote:

   Hello,
I'm having a hard time making dnsmasq run together with kea-dhcp4-server on the 
same machine.
Even though they listen on different interfaces, the first one prevents the 
other from starting.
With the old isc-dhcp-server, "bind-interfaces" was enough. But now strace shows
'bind(4, {sa_family=AF_INET, sin_port=htons(67), 
sin_addr=inet_addr("0.0.0.0")}, 16) = -1 EADDRINUSE (Address already in use)'
no matter how much I tinker with the configuration.


how is it being started? could the startup procedures be protecting the config 
by rewriting it to a known state during startup?



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq is offering ip from different pool

[wkitty42]

On 8/9/23 10:58 AM, shashikumar Shashi wrote:
2) Put the client on vlan9. Client gets IP from vlan9 pool (e.g. 192.168.9.10) 
by executing “dhclient -4 eth1”.


3) Put the same client on vlan19. Client releases previously acquired IP (e.g. 
192.168.9.10) by executing “dhclient -4 eth1 -r”.


4) The same client tries to get the IP by executing “dhclient -4 eth1”.



my question is if step 3's release is done before the client is actually moved 
to the new network...


if no, does the client actually transmit the release to the server? if it does, 
how does that release packet get to the original server if the client is now on 
a different network?


admittedly, these questions may not matter due to the apparent nature of the 
possible bug being discussed... i may also be being too simplistic and somewhat 
ignorant of how a DHCP address release really works...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dhcp-lease-max is only for DHCPv4?

[wkitty42]

On 5/22/23 3:25 PM, Geert Stappers wrote:

On Mon, May 22, 2023 at 07:18:49PM +0800, Linyih Teng wrote:

Hello,

I'm using dnsmasq2.89 and testing the maximum lease count of the DHCPv6
server with the *dhcp-lease-max* option.

For the testing, I'm using below configuration:

*dhcp-lease-max* = 512
*dhcp-range*=tag:pool0,2022::1,2022::1f:::fffe,64,120m
tag-if=set:pool0,tag:intfv0



And how to test at  client  side?



my eWAG of the day is that 513 clients would be needed and the last one should 
not get an address...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] assigning IP addresses to secondary subnets on the same vlan via dhcp relay

[wkitty42]

On 11/20/22 11:18 AM, znu...@gmail.com wrote:

As these things go, obviously after struggling with this issue for
years, as soon as I inquire about it I end up finding the solution
myself in the next 30 minutes.


don't ya love it?


The issue was me not completely understanding the "shared-network"
option. Once I've set this to:

shared-network=AA.AA.152.1,BB.BB.93.0

It worked right out of the gate.


:applause:


My only confusion right now is if this is a repeatable option and if I
have to specify all my secondary/tertiary etc. subnets with this
option. I didn't exactly understand it from the man page.


it is repeatable... someone else was working with them in the last few weeks... 
if you can search the archives, you should find their thread...


i don't have a link but the subject is "Multiple Shared Networks" on 2022 Oct 31 
and simon's answer is


[quote="Simon Kelly"]
Yes, there are no limits on the number of shared-network statements.
[/quote]

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Reserved IP Addresses for Specific DHCP Clients without a Connection to the Subnet

[wkitty42]

On 10/26/22 8:34 PM, Rich Otero via Dnsmasq-discuss wrote:
In this new config, rack7-pdu1 does receive DHCP responses from dnsmasq and it 
gets a lease. It's just the /wrong/ lease, one from the DHCP pool, not the 
reserved IP address that we expect it to get.


is it possible that offering leases reserved by MAC don't work across network 
segments? AFAIK, MAC addresses only travel within the current segment... once 
the traffic crosses a segment boundary, the MAC in the packet is replaced with 
the MAC of the boundary device... or am i remembering some ancient thing that no 
longer applies?


i also don't recall seeing anything about DHCP-passthrough, DHCP-proxy, or 
similar in your original post... could it be that one of these is needed to 
facilitate this change so the address assignment can be made based on the MAC?


just a couple of pre-c0ffee spitballs 5 minutes after wakeup...

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq 2.86 seems to stop reading from one of its dns sockets after a period of time under load

[wkitty42]

On 5/18/22 2:57 AM, Geert Stappers via Dnsmasq-discuss wrote:

On Fri, May 13, 2022 at 08:15:42PM -0400, wkitt...@gmail.com wrote:

On 5/13/22 3:48 PM, Simon Kelley wrote:

So queries are being received, and answered, but the reply is being
dropped by the kernel because the send queue is full of replies to dead
hosts? If the hosts are dead, where are the queries coming from to
generate these blocked replies?


reading the OP and the following responses, i almost wonder if there's some
sort of "reflection attack" going on...



Thanks for raising awareness of malicious factors.

After reading https://en.wikipedia.org/wiki/Reflection_attack I fail to
see why this particular kind attack could be in play.
Which authentication does dnsmasq with what?


there are several types of "reflection attack"... the one i was thinking of is 
the one where the originating address in UDP packets is spoofed so the reply is 
sent to another address than that of the attacker... it is better know as "DNS 
amplification" and is a type of DDOS as well as reflection attack...


"DNS amplification is a type of reflection attack which manipulates 
publically-accessible domain name systems, making them flood a target with large 
quantities of UDP packets."


consider the situation where DNS amplification is used and the source addresses 
are spoofed to be those of dead systems... you'll get the same effect of the 
replies being dropped in the kernel... if sufficient quantity of these packets 
are received, you have a DOS on the DNS server... band a bunch of attacking 
systems together and you have a DDOS on the DNS server...


i apologize for not using the proper term for what i was thinking of in my first 
post... i blame a lack of c0ffee and a having just woken ;)



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] static-y IP management

[wkitty42]

On 5/16/22 5:46 PM, Carl Karsten wrote:

I know of a few ways of doing this, but they all involve generating 10
lines of .conf file.  I have no problem creating a little csv and
writing about 10 lines of python to generate the file.   But anything
that involves "generate" seems clunky. I am hoping dnsmasq has a
provision for what I am doing.


can't you create the .conf one time and leave it be for inclusion with the other 
dnsmasq conf files? maybe i'm not understanding? is there some sort of dynamic 
nature you've not mentioned?


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq 2.86 seems to stop reading from one of its dns sockets after a period of time under load

[wkitty42]

On 5/13/22 3:48 PM, Simon Kelley wrote:
So queries are being received, and answered, but the reply is being dropped by 
the kernel because the send queue is full of replies to dead hosts? If the hosts 
are dead, where are the queries coming from to generate these blocked replies?


reading the OP and the following responses, i almost wonder if there's some sort 
of "reflection attack" going on...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq on large scale network

[wkitty42]

On 12/5/21 1:44 PM, Fabian Druschke wrote:
Does someone have experience with such a scenario, and is there a proper tool to 
benchmark DHCP ?


perhaps something like this is what you are looking for? listed in no specific 
order... i've never worked with any of these...


https://www.ncad.co.jp/~prodhcp/dhcpperf/readme-en.html
http://manpages.ubuntu.com/manpages/xenial/man8/perfdhcp.8.html

the above found via this search: 
https://www.google.com/search?q=linux+how+to+load+test+dhcp+server


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Option 12 hostname sent to RPi seems incorrect

[wkitty42]

On 10/27/21 12:15 PM, Geoff Back wrote:

You said, earlier on:

/"Nothing on the server is configured to set the same.  The Raspberry Pi client 
is netbooting, so nothing on the client side could be setting it."/


That's an invalid configuration.  All Linux-based systems - in fact all POSIX 
systems - have a hostname, even if it is only "(none)" and pretty much 
everything will break if there is not something set. The same applies to 
Windows, if you are netbooting that, and in fact every other OS I have ever 
encountered that uses IP (which is a lot).


i agree with this... i've never ever installed a linux that did not ask for a 
host name as part of the basic installation process... the host name is always 
asked within a few steps of the install asking for the (first) user name and 
password to use...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Option 12 hostname sent to RPi seems incorrect

[wkitty42]

On 10/21/21 7:05 AM, Shrenik Bhura wrote:

DHCP Request

 >           Server-ID (54), length 4: 192.168.67.1
 >           Requested-IP (50), length 4: 192.168.67.53
 >           Hostname (12), length 13: "192.168.67.53"

Client says "My hostname is '192.168.67.53'"


[...]

 >           Hostname (12), length 3: "192"

Server says "Your hostname is '192'"

May be the code that logs this line needs to be checked if it is just printing 
part of the complete hostname i.e. IP address.


the problem here is the client looks to be misconfigured if it is telling the 
server its name is an IP address... they are very different...


i have, however, seen malicious clients doing the same in years past when they 
have been accessing my servers... they were attempting to throw off 
investigation about their origins... some even tried to say they were 127.0.0.1 
to throw off investigations... it was at this time that both host names and 
actual origin IPs were logged and the truth was found out...


then there's the malicious DNS servers that also serve up wrong addresses and 
host names in attempts to hide their true identities... we see a lot of that 
from certain spaces when wearing our various network security hats and doing 
deep analysis of malicious traffic... especially from spammers and some botnets...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Noob question

[wkitty42]

On 8/30/21 6:00 PM, rrandom via Dnsmasq-discuss wrote:

Thank you. Btw why dnsmasq redirects that connections but doesn't just drop
them? Honestly, I don't know much about networking but simple dropping seems
like easier for resources.
dropping connections is outside of dnsmasq's purview... dnsmasq only handles 
looking up hosts and IPs in the dns (internet phone book) and issuing IPs if 
acting as a DHCP server... you would not expect the telephone operator to just 
hang up on you if you were trying to call a blocked number, would you? ;)


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] OT client q: both static and dhcp

[wkitty42]

On 6/28/21 8:59 AM, Carl Karsten wrote:

On Mon, Jun 28, 2021 at 7:07 AM  wrote:
because the two management NICs and crossover cable are your own and can be 
set
so you always have access no matter what the other network is if you even 
have
access to another network at the time...

in other words, you will always have your own separate and private network
between your two devices no matter if there is any other network connection 
on
the other NICs... this solution is a separation of your devices connection
between themselves and any other network... it provides you a dedicated
connection between your two devices always...

That isn't better, it is equivalent.


not really... it certainly keeps your ""command and control"" traffic from being 
snooped by anyone else on the wire...



no... you still use the venue cabling for the regular connections... the 
NICs
i'm speaking of are solely for your use between your two machines and solely
for
your use in managing your two machines when you may have to reconfigure them
for
a new network on the other NIC... if this reconfiguring is not needed, it 
still
provides you a dedicated network between the two machines without any other
traffic from any other network... your command and control stays within your
private network and the traffic you generate that needs to go externally
does so
on the existing NICs and venue cabling...

Normally there is no command and control traffic.


there is when you have to reconfigure the one device for the new network but 
ok... most of the time there isn't... that's fine... this does provide a private 
connection for all of your other traffic between the two devices, though... and 
that prevents others from snooping on your traffic...



you'll never know without trying it but first you need to be able to 
visualize
it and the separation it brings... i mean, you're only talking about maybe
another $30US investment in two NICs and another cable or two... so it isn't
that expensive... and if your two machines are placed close together (as i
assume them to be) then a 3foot to 6foot cable is all that is needed between
the
two NICs... and you can easily mark the NICs with RED coloring as well as 
your
cable with RED so you know the RED ones are the ones that get connected...

The machines are at the front and back of a lecture hall.  or a meeting room,  
so the distance varies.


that was not really apparent but it is understandable... perhaps the venue has 
another spare cable you can use? one that you plug into only your devices for 
the private network setup i'm describing? either that or maybe directional 
wireless but that brings its own possible problems to the table...


i should have noted that i'm also looking at this from a security standpoint and 
keeping your traffic between your devices private and secure from others 
snooping the traffic...


in any case, i've tried... you can try it or not... i'm not going to try to push 
you one way or the other... with all that said, i'm out... good luck and have 
fun! ;)



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] OT client q: both static and dhcp

[wkitty42]

On 6/27/21 3:26 PM, Carl Karsten wrote:

On Sun, Jun 27, 2021 at 2:12 PM  wrote:

put another NIC in it and dedicat that NIC to your management access... 
assign
it an IP in a weird RFC1918 block and you should be ok... this way you can
always access it even if the other general purpose NIC is not connected to a
network...

how is this better than my current solution?


because the two management NICs and crossover cable are your own and can be set 
so you always have access no matter what the other network is if you even have 
access to another network at the time...


in other words, you will always have your own separate and private network 
between your two devices no matter if there is any other network connection on 
the other NICs... this solution is a separation of your devices connection 
between themselves and any other network... it provides you a dedicated 
connection between your two devices always...



never connect this dedicated NIC to any other network outside of your
complete control... 

That means I can't use venu lan and have to run my own cables.  Sometimes I run 
my own cable, but If I don't have to it is nice to jack into existing wiring.


no... you still use the venue cabling for the regular connections... the NICs 
i'm speaking of are solely for your use between your two machines and solely for 
your use in managing your two machines when you may have to reconfigure them for 
a new network on the other NIC... if this reconfiguring is not needed, it still 
provides you a dedicated network between the two machines without any other 
traffic from any other network... your command and control stays within your 
private network and the traffic you generate that needs to go externally does so 
on the existing NICs and venue cabling...



be sure to carry a crossover cable with you so you can
connect that NIC with the one in your other device..

"Newer routers, hubs and switches (including some 10/100, and all 1-gigabit or 
10-gigabit devices in practice) use auto MDI-X for 10/100 Mbit connections to 
automatically switch to the proper configuration once a cable is connected." 
https://en.wikipedia.org/wiki/Medium-dependent_interface#Auto-MDIX


that's all fine and good if you get NICs that can do that... i prefer to be sure 
to have all the possibly necessary tools in my bag of majik tricks... i've 
learned the hard way over the 30+ years i've been doing support in the industry...



. in fact, you might want to
use a dedicated management NIC in both devices so they can be set up with
specific static IPs and always be accessible to each other...

More hardware and more cables and make sure the right cables go to the right 
hardware.  this does not sound better ;)


you'll never know without trying it but first you need to be able to visualize 
it and the separation it brings... i mean, you're only talking about maybe 
another $30US investment in two NICs and another cable or two... so it isn't 
that expensive... and if your two machines are placed close together (as i 
assume them to be) then a 3foot to 6foot cable is all that is needed between the 
two NICs... and you can easily mark the NICs with RED coloring as well as your 
cable with RED so you know the RED ones are the ones that get connected...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] OT client q: both static and dhcp

[wkitty42]

On 6/27/21 1:01 PM, Carl Karsten wrote:
If I do not have access to the venue network, then my networking needs are just 
my 2 devices.  This is the  case I am trying to provide for, without having to edit
a config file.  the Opsis PC is often headless,  so editing is done via ssh from 
the voctomix pc, which is hard if the 2 don't have networking setup.


put another NIC in it and dedicat that NIC to your management access... assign 
it an IP in a weird RFC1918 block and you should be ok... this way you can 
always access it even if the other general purpose NIC is not connected to a 
network... never connect this dedicated NIC to any other network outside of your 
complete control... be sure to carry a crossover cable with you so you can 
connect that NIC with the one in your other device... in fact, you might want to 
use a dedicated management NIC in both devices so they can be set up with 
specific static IPs and always be accessible to each other...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dhcp-host precedence request due multiple matches

[wkitty42]

On 6/21/21 12:09 PM, Jesus M Diaz wrote:
I never talked of VM on purpose, because they are not VM (hence, no hypervisor 
or any other controller plane).



but you did, sir... here's the quote from your original message...

On 6/21/21 3:05 AM, Jesus M Diaz wrote:> Not an answer, actually.
>
[...]
> - *My point of view:   Each computer has a (dnsmasq) DNS entry, the entry gets
> in DNS by DHCP of dnsmasq*. What a computer is? the physical instance or the
> virtual one? the hardware or the software? [...]


your statement "or the virtual one" indicates virtual machines (aka VMs) in 
use...

with that said, i'm bowing out of the discussion... sorry for my intrusion and 
attempt to clarify that "computer == device" where "device" means virtual 
machine, phone, computer, or any similar device that needs an IP address for 
digital comms...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dhcp-host precedence request due multiple matches

[wkitty42]

On 6/21/21 8:42 AM, Jesus M Diaz wrote:
so, if I have two virtual computers running over the same hardware, what should 
be used as identifier for dnsmasq? the physical mac-address (just one, as it is 
just one physical card)? the dhcp-client-id or hostname (configurable as per 
logical device level)?


each VM has its own MAC on its own (possibly) virtual NIC ;)


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dhcp-host precedence request due multiple matches

[wkitty42]

On 6/21/21 3:05 AM, Jesus M Diaz wrote:
- *My point of view:   Each computer has a (dnsmasq) DNS entry, the entry gets 
in DNS by DHCP of dnsmasq*. What a computer is? the physical instance or the 
virtual one? the hardware or the software? This is the key to my scenario. And I 
totally agree with you: each computer should have one entry, the problem is the 
definition of 'each computer'.


computers are devices and devices are computers... virtual or otherwise... it is 
not so hard a definition ;)


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] "multiple MAC addresses in a single dhcp-host" vs "multiple dhcp-host lines with the same IP address"

[wkitty42]

On 5/17/21 5:30 AM, Jesus M Diaz wrote:

dhcp-host=*:*:*:d0:4d:e3,set:mobile,192.168.0.217,xiaomi-a2


i have to wonder if using wildcards counts as "multiple mac addresses"...

what happens if you explicitly set all four* of the possible mac addresses 
instead of using the asterisk wildcards?




* IIRC from the original thread of your's you have a mesh with three APs and the 
main router where the three AP's change the first three octets of the MAC to be 
the same as the first three of their mac...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Re: --server=/example/8.8.8.8 --server=/example/9.9.9.9 behaviour

[wkitty42]

On 5/4/21 4:00 PM, Petr Menšík wrote:

[...] With some hierarchy, it could reduce number of entries compared. Binary
tree implementation still might be better, but harder to implement well.
why is that? btree libraries have been around for decades and should be easy 
enough to add and use... we used them fairly often back in my PASCAL days but 
the world has changed a bit since then...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Problem with domain names containing 3 or more minus in a row

[wkitty42]

On 3/8/21 3:31 AM, psycl...@web.de wrote:
Therefore I use lists called "Shalla's Blacklists" that happen to have domains 
with multiple minus in a form like this XX.XX.1596.hk. (This is not the 
actual domain, since it is malicious I changed one letter to X).


eWAG in progress:
on first read, "punycode" comes to mind... it appears that you are trying to 
block domains which use non-latin characters in their domain names... have you 
tried using the actual characters instead of the punycode equivalents?


for more info on "punycode" here's a link i found in a quick search...
https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/comment-page-1/

personally speaking, i don't know how dnsmasq works with non-latin character 
domain names... i don't recall reading anything specific about it in the last 
years i've been on the list... i look forward, with anticipation, on further 
discussion about this and how dnsmasq can work with the original and punycode 
formats for the same domain name...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Can I tell dnsmasq not to use one isolated address in a DHCP range

[wkitty42]

On 12/26/20 8:57 AM, Chris Green wrote:

Is it possible to tell dnsmasq not to use one IP address in a
dhcp-range assignment? I have a user on my LAN who has set
192.168.1.121 in their system as their IP address and it's in my
dhcp-range=192.168.1.80,192.168.1.223,12h


not that i know of... my first reaction when reading this is the user needs to 
be educated to not use IPs in the DHCP range as static IPs... if they want/need 
a static IP, there should be a procedure for requesting one... depending on the 
OS, there may be remote management controls that can be used to adjust that 
setting and prevent them from doing this in the future...



(I think they originally used dnsmasq's DHCP to get 192.168.1.121 so
it's unlikely to get re-assigned but better safe than sorry)


that's possible... we've seen similar here and they set the static so their 
drive mappings would work properly... this mainly because some use IPs instead 
of host names for their drive mapping linkages...



As a follow-up I guess that if I want dnsmasq to return a system name
for 192.168.1.121 (which it hasn't assigned itself) I'll need to add
it to /etc/hosts on the dnsmasq system.


yes, i believe this is correct...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Setting multiple tags

[wkitty42]

On 8/4/20 7:15 AM, Geert Stappers wrote:

Please try
} 
--dhcp-host="02:00:ac:10:00:0a,id:*,set:foo:bar:baz,172.16.0.10,node1,infinite
and report back.



if this is the correct format, shouldn't the related example command line 
example be


  [,set:[::]]

or similar?



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNS64 support

[wkitty42]

On 7/31/20 8:19 PM, Neal P. Murphy wrote:

On Fri, 31 Jul 2020 15:29:06 +0200 Trey Sis  wrote:

may I suggest adding an option for DNS64, i.e. synthesizing of  records
given a specified prefix for IPv4-only hostnames? I see this has been
brought up, but almost 10 years ago. With dnsmasq being widely in use on
many home routers, I think this would be a valuable addition. Especially as
it is much leaner than "bind" and "totd" is very outdated. >

I still plan to do something like this in order to have a single
configuration set for DHCP/DNS/firewall. Configure IPv4 addresses and static
IPv4 assignments, and provide /64 IPv6 prefixes for the several LANs. Then
have the DHCP and DNS servers synthesize IPv6 addresses using the IPv4 addrs.
And have the firewall generating code synthesize IPv6 addresses from internal
IPv4 addresses as needed. The two stacks remain separate (no translators
between them) and internal network administration is simplified.


somehow this sounds familiar but seems a little clearer in this context than it 
did when originally read elsewhere some time back...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] multiple upstream servers

[wkitty42]

On 7/29/20 7:59 PM, Dan Schaper wrote:

You've told dnsmasq to send a lease with option 6 (DNS) set to
10.88.13.3. Where dnsmasq forwards the queries to is not relevant to
your issue, you only have one upstream server configured.


are you saying that this


dhcp-option=tag:red,option:dns-server,10.88.13.3
dhcp-option=tag:green,option:dns-server,10.88.13.4


is not defining two upstream servers?


dhcp-option=option:dns-server,10.88.13.4
server=10.88.13.4#53


or is one of both of these overriding that?


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] multiple upstream servers

[wkitty42]

On 7/29/20 1:21 PM, S Irlapati wrote:

dhcp-host=00:a1:b0:08:61:67,floater,tag:red,192.168.13.109
dhcp-host=00:c0:a8:be:ed:d0,Ziong,tag:green,192.168.13.110

dhcp-option=tag:red,option:dns-server,10.88.13.3
dhcp-option=tag:green,option:dns-server,10.88.13.4
server=10.88.13.4#53

The above does not work. I can make query from floater and it still uses sever 
10.88.13.4



what happens if you move the server line higher? do the others override it, 
then?


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] No DHCPOffer back but DHCPDiscover is being received by machine

[wkitty42]

On 4/15/20 7:18 AM, Josh H wrote:


Working on ISC but not dnsmasq reinforces my diagnosis: dhcpd bypasses
iptables for such packets, dnsmasq doesn't.

I have no rules on either of the machines with iptables:


what about nftables if you are using a recent version of linux? many seem to be 
moving to nftables from iptables...


https://linuxhandbook.com/iptables-vs-nftables/


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list*


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] : Dns lookup failures if one of the upstream servers are down (P Elaborate)

[wkitty42]

please quote relevant text and respond inline...

please also trim irrelevant text... especially when replying to digests ;)


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] how to force dnsmasq to stop ignoring nameserver it thinks is on a local interface

[wkitty42]

On 1/25/20 8:04 AM, Jonathan Knoll wrote:
I run dnsmasq in a kubernetes pod with some forwarding rules that include some 
kubernetes service IPs (172.31.*).  In a recent kubernetes update, it seems that 
kubernetes configures all of those service addresses as IPVS interfaces in the 
pod, and I believe dnsmasq is not ignoring those forwarding rules because it 



typo? "is not ignoring" or "is now ignoring"??


believes they are all local interfaces.  Is there a way to force dnsmasq to use 
the nameservers?




--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Struggling with multiple nameservers

[wkitty42]

On 1/7/20 2:10 PM, Harry Moyes wrote:

dnsmasq very usefully reports the compiled in options with the -v flag.

The pihole derivative has lost that rather useful feature, so exactly what 
options it has been complied with is hard to tell.



personally speaking, i'd see what it would take to regain that functionality by 
contacting the pihole devs and bringing this defect to their attention and 
possibly use your situation as an example...


[/two cents from peanut gallery]

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dhcp-name-match ?

[wkitty42]

On 11/17/19 9:58 AM, James Feeney wrote:

On 11/14/19 10:17 PM, Geert Stappers wrote:

I look forward to the change proposal.


Learn to read English for comprehension, and then refer back to the post you 
quoted.



he's saying submit a patch and see what happens ;)


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] ubus problem

[wkitty42]

On 4/10/19 12:55 PM, Jan Willem Janssen wrote:

There's one solution I can think of: making the name under which we register
the UBus object configurable (with "dnsmasq" as default for backwards
compatibility). It would allow multiple instances to be configured each with
their own unique name.


this is exactly what i was thinking of in my post where i mistakenly wrote dbus 
instead of ubus...




We could extend the existing `enable-ubus` flag to allow this name to be
supplied from the command line/configuration file.


exactly the idea i proposed... what's that saying about like minds thinking in 
like manner? ;)



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] ubus problem

[wkitty42]

On 4/8/19 3:58 PM, wkitt...@gmail.com wrote:
is there some ID or signature that could be used to differentiate between 
separate dnsmasq instances? if so, one could specify that in the config and that 
could be used with dbus to separate the instances and how they communicate...



i mixed up ubus and dbus... sorry about that...

i still wonder if something like this might help with the problem, though...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] ubus problem

[wkitty42]

On 4/8/19 1:52 PM, Jan Willem Janssen wrote:

I've to give it some thought about how we could support multiple Dnsmasq
instances in combination with UBus. Not sure how the DBus implementation
would handle this...


is there some ID or signature that could be used to differentiate between 
separate dnsmasq instances? if so, one could specify that in the config and that 
could be used with dbus to separate the instances and how they communicate...


we have to do similar for snort (IDS/IPS) instances running on the same machine 
or feeding their logs to a central analysis tool...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP tag being ignored?

[wkitty42]

On 4/6/19 1:41 PM, Dave Thompson wrote:

I can see that the Windows 7 VM is requesting 104. Perhaps Dnsmasq is
honouring that and ignoring the config file?


i think you have to release the address, first... something so that the VM won't 
try to request the last address it had... if it requests a valid address that is 
not in current use, it will be allowed and accepted IIUC...


in the past we've renumbered the network addresses so the old numbers were not 
valid which forced the assignment of a new address which was the desired 
effect... when we renumbered the addresses, we basically just changed the 3rd 
octet...


eg: 192.168.0.*/24 -> 192.168.100.*/24

maybe you can do something similar to reach your desired objective?

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] The order of nameservers provided by `server=`

[wkitty42]

On 3/25/19 12:14 PM, John Robson wrote:
Don’t think dnsmasq cares what order they are in, it tests them all and chooses 
the fastest to use.



then what good is "strict-order"??


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Config Parcing Bug

[wkitty42]

On 1/11/19 7:22 PM, Tasnad Kernetzky wrote:

Hi all,

I wanted to report a bug (at least we belieave it is one). We had a
short discussion over at the archlinux bugtracker
(https://bugs.archlinux.org/task/60366).

In short:


echo 'address=/ab--c.example.com/#' | dnsmasq --test -C -



dnsmasq: error at line 1 of stdin


Althoug the URL is "forbidden":


host 'ab--c.example.com'
host: 'ab--c.example.com' is not a legal IDNA2008 name (string

contains forbidden two hyphens pattern), use +noidnin



is that a punycode domain name? all the one's i've seen are written as

  xn--codehere.invalid

firefox has a specific option we set so we don't get taken in by look-alike 
homographs... specifically the links with unicode characters in them are 
displayed in their punycode form, xn--blahblah... these links explain more if 
some folks don't know about this aspect of the DNS system...


https://en.wikipedia.org/wiki/Internationalized_domain_name#ASCII_spoofing_concerns
https://en.wikipedia.org/wiki/IDN_homograph_attack
https://en.wikipedia.org/wiki/Punycode#Internationalized_domain_names


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP, how to ignore the client MAC address?

[wkitty42]

On 1/10/19 3:26 PM, Michael Schleicher wrote:

As I said, for Linux VM's, I can set a uniq Client-ID that helps, but on
Windows you can not set define a Client-ID (as far as I know).


isn't this the machine name? when i was supporting winwhatever, the install 
generated a machine name... that is the name i saw used in DHCP requests... it 
is the name that was added to the DNS so queries on it would return its current 
IP...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Expand-host multiple domains?

[wkitty42]

On 10/09/2018 09:57 AM, Jarno Elonen wrote:

Is it possible to expand hosts file entries against multiple domains with
Dnsmasq? Or perhaps setup a DNAME-like aliasing of hosts in one domain to
another domain?

To clarify, if my "/etc/hosts" contained... 1.2.3.4 host1 4.5.6.7 host2 
...and my domains were "old-domain.com" and "new-domain.com", I'd like to

somehow configure dnsmasq to handle all these queries:
host1 --> 1.2.3.4
host2 --> 4.5.6.7
host1.old-domain.com --> 1.2.3.4
host2.old-domain.com --> 4.5.6.7
host1.new-domain.com --> 1.2.3.4
host2.new-domain.com --> 4.5.6.7


looks like a standard hosts file setup to me... but it could also be done
another way, as well...

eg:
server=/host1.new-domain.com/ip.num.ber.here
server=/host1.old-domain.com/ip.num.ber.here

i think that would work as well as entries in the hosts file for something like
this...

of course, this would only work for those systems looking up on that dnsmasq
instance...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Zone transfer fails without any error

[wkitty42]

On 08/04/2018 10:41 AM, Simon Kelley wrote:

OK, I'm confused about the serial problem. I just tested here, and it
works as I described.



do you mean that dnsmasq only increments the serial when a SIGHUP is received 
*OR* it increments the serial any time it is (re)started?



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Zone transfer fails without any error

[wkitty42]

On 08/03/2018 12:26 PM, Wojtek Swiatek wrote:

I know that this is not a signal but a restart of the service (I use signals
on a regular basis in my code as well).


ok... we (TINW) don't know your level of expertise ;)



My understanding is that this is a way to reload the configuration (as
mentioned by Simon) without stopping the service.


ummm... in all of the various service control methods i've seen and used in *nix 
over the last 20 or so years, using a restart option simply issues two 
commands... a terminate command followed by a startup command...


AFAIK, SIGHUP is how to tell dnsmasq to ""restart"" without actually 
restarting... if that makes sense...




Do you mean that the right / only way to increase the serial is by sending
the signal?


from what i've read over the years of following this list, it would seem so but 
i've not dug through dnsmasq's code, either...




I do not think so as it would make hosts management very awkward (one would
need not to forget to send the signal) and


that's easy with a script that starts the editor to edit the changes and then 
automatically issues the SIGHUP afterward... that or maybe a cron driven 
watchdog that keeps up with the timestamps on the config files and automatically 
issues SIGHUP or restart when they have changed...



another thread in the past mentioned that the serial is calculated in a smart 
way to always reflect changes.



yes, i remember that... my questions to you are these...

  1. where is the serial number stored?
  2. does dnsmasq issue a new serial each time it is started?
  3. does dnsmasq issue a new serial each time it is started and the config 
files have a different timestamp than the last time it was started?


in your situation, one might wonder what it would take for dnsmasq to work as a 
secondary (or tertiary or more) server... i don't know what is involved in that 
but it may be outside of dnsmasq's purpose/goal...


anyway, i'll be quiet now and read what simon and others have to offer on the 
problem...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Zone transfer fails without any error

[wkitty42]

On 08/03/2018 10:29 AM, Wojtek Swiatek wrote:

Le ven. 3 août 2018 à 16:24, Simon Kelley  a écrit :

After you've made changes to /etc/hosts, you need to send SIGHUP to the
dnsmasq process to get it to re-read the file. That  should also
increment the serial. Changes to DHCP allocated addresses should also
increment the serial.

Thank you. I restart the dnsmasq via

systemctl restart dnsmasq



this is not a SIGHUP... the following is one correct way... it is chosen for 
ease and not needing to find the process' PID...


  pkill -SIGHUP dnsmasq


here is another way... slightly more complicated because it does look up the 
PID...

  kill -SIGHUP ${pidof dnsmasq}


you may need to use sudo if you're doing these manually from the command line... 
you can use the signal name or number... the following will show you the list of 
signals, their numbers and a brief description...


  man 7 signal


HTH


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] domain blacklist API..

[wkitty42]

On 07/30/2018 10:43 PM, al so wrote:

Is there an API to blacklist certain DNS domains which should get resolved?



do you mean blacklist them with NXDOMAIN even though they do exist?

from dnsmasq.conf

# block these domains with NXDOMAIN
server=/example.com/
server=/facebook.com/
server=/fbcdn.net/
server=/fbcdn.com/
server=/facebook.net/



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Disable IPv6 (AAAA) queries

[wkitty42]

On 06/26/2018 04:18 AM, Angelo Ranieri wrote:

My question is about IPv6. Can i block  queries? I would that only A
queries is accept.


which are you asking about blocking?

  1. inbound LAN queries to your dnsmasq?
  2. inbound WAN queries to your dnsmasq?
  3. outbound queries from your dnsmasq to other dns servers on your LAN?
  4. outbound queries from your dnsmasq to other dns servers on the WAN?
  5. all of the above




--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCPv6 with dnsmasq for automated deployments

[wkitty42]

On 06/04/2018 07:36 AM, Oliver Freyermuth wrote:

Right now, I only know one could:
- Stop dnsmasq.
- Purge the lease from the leases-file.
- Restart dnsmasq.



i think the process is:

  rewrite the leases file as needed
  HUP dnsmasq

but i'm not positive... if not HUB, maybe one of the other signals... if none of 
them, then something with DBUS...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] UPDATE - failed to create listening socket

[wkitty42]

please keep list discussions on the list... there is one answer inline below...


On 05/11/2018 12:03 PM, Pan, Peter wrote:

Thank you for your answer wkitty42
/
why are you trying to assign these addresses to your dnsmasq? from your hosts 
file, they appear to belong to other systems... //


//unless i'm mistaken, this line is the list of addresses on this box that will 
listen for connections... in other words, addresses belonging to this box...


/As far as I understand, I have to delete the IP from dnsmasq.conf
So the right configuration is:

list-address=127.0.0.1
resolv-file:/srv/dns/nameserver.conf

... because all other addresses belong to other systems. But my aim is, to set 
dnsmasq as DNS-Server in my homenetwork, to sum up, another computers shall use 
this DNS-Server too, and if i'm not mistaken, dnsmasq must listen for connection 
to this ip-adresses for the other computers too. As example: The DNS-Server of 
the E2-PC computer is 192.168.178.3, the RASPBERRY-PI-SERVER with dnsmasq.


/to explain the line further, if you have five addresses on this box, you can 
limit it responding to only three of those addresses if you want... //


//what is the local 192.168.178 address for this box? that is the address you 
would list along with localhost... /


Which box do you mean?



the box where you are running dnsmasq...


The local address of the fritzbox, the router (at the 
time the DNS-Server), which is connected with the RASBPERRY-PI, is 192.168.178.1
If I am thinking right, I have to set the IP of the fritzbox along or with 
localhost.


127.0.0.1        localhost
192.168.178.1    fritz.box
127.0.1.1        RASBPERRY-PI-SERVER

Thank you :)




Am 11.05.2018 um 16:50 schrieb wkitt...@gmail.com:

On 05/11/2018 07:08 AM, Pan, Peter wrote:
failed to create listening socket for 192.168.178.15 Cannot assign requested 
address

FAILED to start up
Failed to start dnsmasq - A lightweight DHCP and caching DNS server

My dnsmasq.conf:

listen-address=127.0.0.1,192.168.178.10,192.168.178.12,192.168.178.15


why are you trying to assign these addresses to your dnsmasq? from your hosts 
file, they appear to belong to other systems...


unless i'm mistaken, this line is the list of addresses on this box that will 
listen for connections... in other words, addresses belonging to this box...


to explain the line further, if you have five addresses on this box, you can 
limit it responding to only three of those addresses if you want...


what is the local 192.168.178 address for this box? that is the address you 
would list along with localhost...


[...]

My hosts file:

127.0.0.1   localhost
127.0.1.1   RASPBERRY-PI-SERVER

192.168.178.1   fritz.box.luna.lan fritz.box   ## Router 
FRITZ!Box 7430

192.168.178.10  e1-pc.luna.lan e1-pc   ## Laptop E1-PC
192.168.178.12  e2-pc.luna.lan e2-pc   ## Laptop E2-PC
192.168.178.15  erik-galaxay-a5-2017.luna.lan erik-galaxy-a5-2017 ## 
Smartphone Erik








--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] UPDATE - failed to create listening socket

[wkitty42]

On 05/11/2018 07:08 AM, Pan, Peter wrote:

failed to create listening socket for 192.168.178.15 Cannot assign requested 
address
FAILED to start up
Failed to start dnsmasq - A lightweight DHCP and caching DNS server

My dnsmasq.conf:

listen-address=127.0.0.1,192.168.178.10,192.168.178.12,192.168.178.15


why are you trying to assign these addresses to your dnsmasq? from your hosts 
file, they appear to belong to other systems...


unless i'm mistaken, this line is the list of addresses on this box that will 
listen for connections... in other words, addresses belonging to this box...


to explain the line further, if you have five addresses on this box, you can 
limit it responding to only three of those addresses if you want...


what is the local 192.168.178 address for this box? that is the address you 
would list along with localhost...


[...]

My hosts file:

127.0.0.1   localhost
127.0.1.1   RASPBERRY-PI-SERVER

192.168.178.1   fritz.box.luna.lan fritz.box   ## Router FRITZ!Box 
7430
192.168.178.10  e1-pc.luna.lan e1-pc   ## Laptop E1-PC
192.168.178.12  e2-pc.luna.lan e2-pc   ## Laptop E2-PC
192.168.178.15  erik-galaxay-a5-2017.luna.lan erik-galaxy-a5-2017 ## 
Smartphone Erik



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Remove upper limit of 10, 000 for cache size

[wkitty42]

On 05/08/2018 05:16 PM, Dominik wrote:

Hey Simon,

removing the upper limit will not change anything except for the few
users that have set this value manually to a very large number. However,
if they did so they were surely not expecting that dnsmasq could just
ignore their setting.



agreed...

->8 snip /etc/dnsmasq.conf 8<-
# Configuration file for dnsmasq.
#Dnsmasq version 2.59  Copyright (c) 2000-2011 Simon Kelley
#Compile time options no-IPv6 GNU-getopt no-DBus no-i18n DHCP TFTP no-conntrack 
no-IDN

[...]
# Make the cache large enough to be useful
cache-size=5
[...]
->8 snip /etc/dnsmasq.conf 8<-


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Using a variable in the address option in dnsmasq.conf

[wkitty42]

On 03/02/2018 07:46 AM, Petr Menšík wrote:

and then generate your file any way you need. For example in bash

echo "# Autogenerated file, do not edit by hand" >
/etc/dnsmasq.d/blocked.conf
for DOMAIN in 2o7.net 2mdm.net
   do echo "address=/$DOMAIN/$MYIP" >> /etc/dnsmasq.d/blocked.conf
done



even better would be...


echo "# Autogenerated file, do not edit by hand" > /etc/dnsmasq.d/blocked.conf
for DOMAIN in 2o7.net 2mdm.net facebook.com fbcdn.net fbcdn.com facebook.net
  do echo "server=/$DOMAIN/" >> /etc/dnsmasq.d/blocked.conf
done


so dnsmasq will return NXDOMAIN for blocked domains :evilBOFHgrin:


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [RFC] dns: add option to ban domains

[wkitty42]

On 08/08/2017 04:06 AM, Matteo Croce wrote:

2017-08-08 4:26 GMT+02:00  :

On 08/07/2017 06:02 PM, Matteo Croce wrote:


I propose adding an option to allow banning some domains.

add `--ban-hosts' which accepts a file name which contains a list of
domains to block, one per line.
Domains are blocked by simply returning NXDOMAIN.


is the following in dnsmasq.conf broken???

# block these domains with NXDOMAIN
server=/example.com/
server=/facebook.com/
server=/fbcdn.net/
server=/fbcdn.com/
server=/facebook.net/


Nope, but it's unpractical when the ban list is huge


impractical?


# wc -l /etc/banhosts
13090 /etc/banhosts

also, having it in a separate file will allow updating it without
messing with the configuration file



well, you asked for comments so i did... as for separate files, can't it be done 
in another file that is included in the main one? i can't remember if dnsmasq 
allows one to include additional files or not...


eg: include bannedhosts.conf


maybe i'm just not seeing the overall point as compared to existing 
capabilities?


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [RFC] dns: add option to ban domains

[wkitty42]

On 08/07/2017 06:02 PM, Matteo Croce wrote:

I propose adding an option to allow banning some domains.

add `--ban-hosts' which accepts a file name which contains a list of
domains to block, one per line.
Domains are blocked by simply returning NXDOMAIN.



is the following in dnsmasq.conf broken???


# block these domains with NXDOMAIN
server=/example.com/
server=/facebook.com/
server=/fbcdn.net/
server=/fbcdn.com/
server=/facebook.net/



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmaq giving default gateway address as dns server on DHCP offer

[wkitty42]

On 08/05/2017 11:43 AM, /dev/rob0 wrote:
Yes, there is an option you can use in dnsmasq.conf to change the 
nameserver[s] given to DHCP clients, but why do you want that?  See the

dnsmasq(8) manual for details.


one possibility is on an AD network where all device DNS lookups go through the 
AD controller... the AD controller then talks to dnsmasq running on the 
perimeter firewall and handles the lookups to outside DNS servers... everything 
inside the AD network being restricted to the AD network so no individual 
devices can make lookups outside... they can only talk to the AD controller for 
DNS and the AD controller can only talk to dnsmasq for DNS... the AD controller 
is not the perimeter device for traffic headed outside of the AD network... the 
perimeter firewall running dnsmasq is, though...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Change dns result for FACEBOOK.COM

[wkitty42]

On 05/29/2017 07:18 AM, Jorge Bastos wrote:

Howdy,

I'd like to change the result of some dns query's, in particular, I want to 
change the result of the query for FACEBOOK.COM.


Is this possible with dnsmasq?


absolutely...

in your dnsmasq.conf file, add the following lines...

# block these domains with NXDOMAIN
server=/example.com/
server=/facebook.com/
server=/fbcdn.net/
server=/fbcdn.com/
server=/facebook.net/


and you should look in the manual about the use of this config verb so that you 
understand it more fully than this simple example can provide ;)


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Nack requests for unknown leases.

[wkitty42]

On 04/24/2017 05:16 AM, Alin Năstac wrote:

On Sun, Apr 23, 2017 at 5:46 PM, Simon Kelley  wrote:

When the client sends the discovery packet, dnsmasq will notice that the
requested address is in use by another client, and offer a different
address instead.


You did not understood the scenario. The host that already use the requested
IP address is statically configured to use it (in other words dnsmasq does
not have a lease for the given IP address).

While at it, you might consider fixing the scenario in which a client fills a
DHCP discovery message with an option-50 containing an IP address that is
already used by another statically configured host.


in the above two paragraphs, you use the phrase "statically configured"... do 
you mean "pseudo-statically configured"?


"pseudo-static" where the DHCP gives the same IP to the same MAC all the time

versus

"static" where the machine is configured locally to use a specific IP address

in the first case, the system will be configured for DHCP and will have to ask 
for its address... in the second case, the system will never talk to the DHCP 
server...


something we found in a firewall product was that one must configure their 
dynamically assigned pool to exclude their static and pseudo-static IP address 
ranges otherwise there is the very real possibility that the DHCP server will 
hand out addresses already in use by other systems...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Making dnsmasq make OFFER faster than virtualbox NAT DHCP

[wkitty42]

On 01/23/2017 06:49 AM, Simon Kelley wrote:

Actually, it's permitted to have more than once DHCP server, but the client
is entitled to wait for some time to hear from them all, and then pick
whichever one it prefers,


that's interesting... i can't say that i've ever heard that before... maybe it 
has been corporate policy on all the networks i've dealt with over the years?


it is something that i may do more research on because i don't want to pass bad 
information as i have apparently just done... do you have any pointers to 
documentation on this aspect of DHCP servers?



so trying to implement server priority by speed-of-reply is doomed to
failure.


yup! seems to be that way :)

thanks for the clarification!

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Making dnsmasq make OFFER faster than virtualbox NAT DHCP

[wkitty42]

On 01/22/2017 08:02 PM, Sebastian Tarach wrote:

Hello,

I'm trying to make *dnsmasq* work on my Debian Virtualbox guest but I keep
getting reply from my VBox host DHCP first.


there should only ever be one DHCP server running on any net segments... turn 
off or otherwise disable all the others and you should see the results you desire...


FWIW: rogue DHCP servers are the bane of sysdamins everywhere...

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Sequential IP doesn't look for unused IPs

[wkitty42]

On 12/23/2016 08:04 PM, Alec Robertson wrote:

When using sequential IP, the IP allocation should start from the lowest
available IP address.


this depends on the implementation... some start at the bottom (lowest) and 
others start at the top (highest)... where they start does not really matter... 
the *nix systems i've worked with all started at the top when allocating IPs to 
non-psuedo-static systems... IIRC, winwhatever is the only one i've worked with 
that started at the bottom...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Windows ipv6 hostname

[wkitty42]

On 12/20/2016 07:26 PM, Markus Hartung wrote:

$ cat /var/lib/misc/dnsmasq.leases
1482365715 3e:XX:XX:XX:XX:02 192.168.1.184 * 01:3e:XX:XX:XX:XX:02
1482334524 00:YY:YY:YY:YY:67 192.168.1.133 hostname *

I have masked the MAC-address,



MACs are only good on the local link... once through a router, the original MACs 
are lost to anything further down stream... this is like masking RFC-1918 
addresses ;)



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNSMASQ fails to start on boot

[wkitty42]

On 10/19/2016 12:06 AM, David Griffiths wrote:

I found a discussion talking about the same problem on Ubuntu but the
recommended fix did not work for me :-(
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1531184

It is a case of DNSMASQ starting before the network is ready.

Any suggestions please?


you can't have your DNSMASQ start up script check to see if the network is up 
before starting DNSMASQ? systemd isn't involved in your RPi installation, is it? 
the older style init.d scripts (sysV??) should be much easier to work with... 
check the interfaces' statuses with the ip or ipconfig command and see if they 
are ready to be used...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmasq not resolving addresses for an hour

[wkitty42]

On 10/14/2016 02:52 AM, Vladislav Grishenko wrote:

Hi, Albert,


1. HAVE_BROKEN_RTC should be used for, well, broken RTCs. Here, we are
not dealing with broken RTC.


Root issue from original mail:

One of which acknowledges potential problem if the clock goes backwards...

As for me it's indeed broken RTC behavior, not?


not... what defines a "broken RTC"? the time can easily be set back during a NTP 
update... how far back can it be set before there's a problem? 1 millisecond? 1 
hundredth of a second? 1 tenth of a second? 1 second?



case in point: recovering from Hurricane Matthew... three days without power... 
while bring up the network, several machines had reverted to their default time 
settings in the BIOS... on several of them, that was back in 2002... the people 
bringing the machines up set the BIOS time manually and allowed the boot to 
continue... on some machines, NTP syncing is run from cron at some time 
period... others use NTP and adjust the clock by drift... manually setting the 
time and then allowing NTP to set it more accurately can easily result in the 
clock being set back by NTP... we won't even mention the problem of setting the 
clock to local time and the machine using UTC so when NTP syncs, there can be a 
huge (4, 5, 6, 7, 8+) hour jump backwards...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Static IP client question

[wkitty42]

On 08/07/2016 10:29 AM, Edward Crosby wrote:

So, in the /etc/dnsmasq.conf file configure the DHCP settings to always give
a specific IP address to my PC? Sort of like a reserved IP in Windows DHCP
server?


it is called psuedo-static because it is static handed out by dhcp based on the 
MAC address... it is a trick some ISPs use when they sell you a static IP for 
$100US a year and it takes less than 2 minutes to put in the configuration... 
you have to remember, though, that if you change your NIC, you have to adjust 
the dhcp configuration for the new MAC, too...



we use psuedo-static here on all our systems... it makes it much easier to 
control when/if any network address renumbering has to be done... change the 
assigned IP numbers and let the lease expirations take care of the systems 
getting their new numbers... then maybe go around later and deal with shared 
resources that are using IP numbers instead of host names ;)



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq to provide public DNS service

[wkitty42]

also replied off-list...


On 07/13/2016 08:21 PM, T o n g wrote:

After struggled for a few days, I finally decided that I should reply, to
bring some closure on this. Thank you for all these days of your tireless
help. However, my conclusion is still the same as my first post -- dnsmasq is
unable to provide public DNS service -- It can be used as DNS server for
local host, or local network, but just not for the general public. We've
ruled out everything possible, and the only thing left is dnsmasq.

I.e., if there is any probelm with my ISP or my hosting provider, I wouldn't
have been able to start a working second SSH session listening to port 53
(instead of 22).


you have missed the point... SSH is TCP... DNS is UDP... DNS switches to TCP 
/ONLY/ if the reply is too large... these other services you're switching in to 
test with are not UDP and that's the flaw in your testing... it is UDP on port 
53 that your ISP is apparently blocking... if you want to test properly, then 
you need to set up a UDP service on port 53 and see if it works from outside 
your ISP...



In other words, all else the same, swap in SSH to listen to port 53, it
works; swap in dnsmasq, and it fails. With all else the same, dnsmasq is the
only problem.


see above... you must compare apples and apples... you cannot compare TCP 
software against UDP software... that's apples and oranges and you will/have 
come to the wrong conclusion via improper testing and invalid results data...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] fix for netlink ENOBUF problem

[wkitty42]

On 07/04/2016 11:29 AM, Ivan Kokshaysky wrote:

To fix that we need to purge the netlink buffer on ENOBUF error. With the
appended patch dnsmasq is running flawlessly for about a month.


why are the messages not removed from the buffer when they are processed? or are 
they and there's simply too many messages coming in to handle?


how large is the buffer? can it be made larger to handle the larger amount of 
message traffic?


what problem(s) will requesting devices run into when there is no response to 
their query when the message is flushed?


would fixing/solving (one of?) the above be better than flushing?

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Sending a fake reply to client by dnsmasq

[wkitty42]

On 06/14/2016 08:30 AM, ravin goyal wrote:

Hi Sir

I actually need to do it in code rather than in the conf file itself.
Can you tell me that i am making changes at right function and in the right file
or should i do something else?

I hope you get the idea behind what i am trying to do here


can you be more explicit as to why you need/want to do this and why the address 
lines won't work in your use case?


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnscrypt -dnssec problems

[wkitty42]

On 05/25/2016 03:24 PM, Johnny Appleseed wrote:

dig +dnssec wikipedia.org
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.8.3-P1 <<>> +dnssec wikipedia.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33183
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096


why is this EDNS udp 4096 but

[...]

  dig +dnssec wikipedia.org

; <<>> DiG 9.8.3-P1 <<>> +dnssec wikipedia.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13239
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1280


this one is only 1280??

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] ProxyDHCP mode is broken for serving ipxe.efi to UEFI pxe clents

[wkitty42]

On 05/08/2016 06:52 AM, Dreamcat4 wrote:

But it is bad for each UEFI pc users going forwards to know to need to
manually specify:

pxe-skip-menu=X86-64_EFI
pxe-skip-menu=BC_EFI

Every time around. Because that is nearly everybody going forwards. How to
solve? Can we then make the option logic work better?


how about going the other way... reverse the logic so that those two are skipped 
all the time... then only if they are needed, add an option to enable them...


  pxe-add-menu=X86-64_EFI
  pxe-add-menu=BC_EFI

in this manner, ONLY those that need to support the above UEFI mess need add the 
option(s)... everyone else sails on clean clear waters none the wiser ;)


if other UEFIs are found needing to be skipped, they can be added to the next 
binary with new options like the above...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] On a 64bit system, what switches create a 32bit binary.

[wkitty42]

On 04/11/2016 11:42 PM, Rob Townley wrote:

My name server runs on 32bit hardware, but all other machines are 64bit OS on
64bit hardware.

egrep -R -i '386|x86|32bit' did not come back with much relevant info.

dnsmasq runs on all kinds of disparate hardware, so i know it is done everyday.

(CentOS6 systems.)


what are you asking? how to cross-compile on one of your 64bit machines to 32bit 
so you can run your self-built dnsmasq over there??


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Why does dnsmasq append a local domain in DNS queries?

[wkitty42]

On 01/08/2016 07:29 AM, Mikhail Morfikov wrote:

Also, though I don't see further log, I suspect that there were no requests like

That's the full log. I mean, this is what happened after trying to use
"ping dupaa.com".


perhaps you should have used "ping dupaa.com." instead?

in one of my other lives we learned that if you don't also want the local domain 
to be searched, you must add the trailing dot to signify that that is the end of 
the domain and no additional searches should be done... we see this with all 
manner of DNS clients...


just tossing that out there... maybe it will help?

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss