[Dnsmasq-discuss] dns flag day 2020

Does anyone have an opinion on: https://github.com/dns-violations/dnsflagday/issues/125 (posteth not here, but on that thread) sort of spawned by that, though, are three questions, which perhaps we can answer here... 1) How much is the dnssec stuff in dnsmasq enabled? For example, although

Re: [Dnsmasq-discuss] localise-queries and IPv6, rtod

Roy Marples writes: > On 23/08/2019 06:31, For What It Worth wrote: >> Routing Tables of Death - rtod - a kernel, routing protocol, and routing >> daemon stress testing tool >> >>> See the README for how it works. >> >> https://github.com/dtaht/rtod/blob/master/README.md starts with >> >> rtod:

Re: [Dnsmasq-discuss] localise-queries and IPv6

Simon Kelley writes: > On 06/08/2019 18:14, Carsten Spieß wrote: >> Hello Simon, >> I've added entries for a multi homed machine to the hosts file. For IPv4 i get one address localized to the caller, for IPv6 i get a list of all addresses. The man page notes for

Re: [Dnsmasq-discuss] [PATCH] Accept /32 and /0 as valid CIDR prefixes for rev-server directive

On Tue, Feb 14, 2017 at 7:17 AM, Simon Kelley wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > That's an improvement, but I tend to agree that /0 doesn't make much > sense. If we're going to patch this, it seems to make more sense to > reject anything other

Re: [Dnsmasq-discuss] IDN (internationalized domain name) support

. göögle.com appears in the logs > göögle.com and not as xn--ggle-5qaa.com That jumps to a very interesting site, btw... And I guess a couple loggers and logger utilities need to be checked if they are 8 bit clean. > > Cheers, > > Simon. > > > > On 28/01/17 21:09, Dave Ta

[Dnsmasq-discuss] IDN (internationalized domain name) support

I am curious as to the deployment status of IDN in the field? and to how often others are building it into their default distro of dnsmasq, and any issues that may exist (other than improving the ease of domain name phishing) -- Dave Täht Let's go make home routers and wifi faster! With better

Re: [Dnsmasq-discuss] Bug forward upstream SERVFAIL

From a brief conversation with the bind9 maintainer: D: if bind gets a servfail, and has two forwarders, will it try the other forwarder? E: Yes. D: Even in the case of a dnssec query? E: Bind9 retries an authoritative answer because it might have been spoofed or one of the servers might be out

Re: [Dnsmasq-discuss] Got bad packet: bad compression pointer

s.cloudflare.com. 2023610183 1 2400 604800 3600 ;; Query time: 72 msec ;; SERVER: 172.26.16.1#53(172.26.16.1) ;; WHEN: Wed Jan 18 12:42:02 PST 2017 ;; MSG SIZE rcvd: 123 On Wed, Jan 18, 2017 at 12:01 PM, Dave Taht <dave.t...@gmail.com> wrote: > On Wed, Jan 18, 2017 at 11:48 AM

Re: [Dnsmasq-discuss] Got bad packet: bad compression pointer

dump of the upstream reply? Not yet. I'll touch bases with you later in the week. > > > Simon. > > > > On 18/01/17 07:31, Dave Taht wrote: >> so far I can only make it happen on mips. Doesn't happen on arm. >> Haven't tried harder yet. >> &

Re: [Dnsmasq-discuss] Got bad packet: bad compression pointer

so far I can only make it happen on mips. Doesn't happen on arm. Haven't tried harder yet. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Got bad packet: bad compression pointer

ord doesn't > need to be touched at all, if the order of the records varied, that > could expose bugs in this code. > > Not an answer, but some good clues.. Don't even know if it's over ipv4 or ipv6 at the moment. will check harder. Great clues, thx, I'll get on it after I resolv h

[Dnsmasq-discuss] Got bad packet: bad compression pointer

I am testing the dnsmasq-full build on current lede-project head, and enabled dnssec. Then : root@dancer:/# host flent-fremont.bufferbloat.net flent-fremont.bufferbloat.net has address 23.239.20.41 flent-fremont.bufferbloat.net has IPv6 address 2600:3c01::f03c:91ff:fe50:48d4 ;; Got bad packet:

[Dnsmasq-discuss] Fwd: strategies to mitigate DNS amplification attacks in ISP network

DNS cookies look kind of interesting... -- Forwarded message -- From: Mark Andrews Date: Wed, Dec 2, 2015 at 1:39 AM Subject: Re: strategies to mitigate DNS amplification attacks in ISP network To: Michael Hare Cc: "na...@nanog.org"

[Dnsmasq-discuss] Last call for signatures to the FCC on the wifi lockdown issue

?usp=sharing The principal signers (Dave Taht and Vint Cerf), are joined by many network researchers, open source developers, and dozens of developers of aftermarket firmware projects like OpenWrt. Prominent signers currently include: Jonathan Corbet, David P. Reed, Dan Geer, Jim Gettys, Phil

[Dnsmasq-discuss] Fwd: Important Info for signers of the FCC Letter from Dave Täht and CeroWrt

7, 2015 at 7:16 PM Subject: Important Info for signers of the FCC Letter from Dave Täht and CeroWrt To: Dave Taht <dave.t...@gmail.com> Thank you for endorsing our comments to the FCC about locking down Wi-Fi routers and other devices. Your signature is one of over 140 names at this time.

Re: [Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

on a comcast native ipv6 connection, 1232 from OSX (ping6 -s 1232 2001:4860:4860::) On the router *itself* I can't even ping6 -s 80 2001:4860:4860:: PING 2001:4860:4860:: (2001:4860:4860::): 80 data bytes ^C --- 2001:4860:4860:: ping statistics --- 1 packets transmitted,

Re: [Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

, May 6, 2015 at 11:22 AM, Dave Taht dave.t...@gmail.com wrote: nslookup www.ietf.org fails again... it did not fail a few days ago. chrome returns nxdomain -- Dave Täht Open Networking needs **Open Source Hardware** https://plus.google.com/u/0/+EricRaymond/posts/JqxCe2pFr67 -- Dave

[Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

nslookup www.ietf.org fails again... it did not fail a few days ago. chrome returns nxdomain -- Dave Täht Open Networking needs **Open Source Hardware** https://plus.google.com/u/0/+EricRaymond/posts/JqxCe2pFr67 ___ Dnsmasq-discuss mailing list

Re: [Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

...@darbyshire-bryant.me.uk Sent from my phone, apologies for brevity, spelling top posting On 6 May 2015, at 20:21, Dave Taht dave.t...@gmail.com wrote: nslookup www.ietf.org fails again... it did not fail a few days ago. chrome returns nxdomain -- Dave Täht Open Networking needs **Open

Re: [Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

prematurely sent that email. setting edns_packet_max to 1200 made it drop to tcp and work. I am going to argue that edns0 should be set to the bare minimum, by default, in dnsmasq, whatever it is, for it to fall back to tcp correctly. On Wed, May 6, 2015 at 12:09 PM, Dave Taht dave.t

Re: [Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

that next. Cheers, Simon. On 06/05/15 20:42, Dave Taht wrote: I retried it with edns0 set to 1500 bytes, and it worked (falling back to tcp). 1800 bytes did not. an osx box was the client. I did capture the transaction(s) this time, the failing queries and a working one are at: http

Re: [Dnsmasq-discuss] High Availability: Part Deux

Well the most elegant and simple solution we came up with was: https://tools.ietf.org/html/draft-taht-kelley-hunt-dhcpv4-to-slaac-naming-00 But the world did not go that way, preferring nothing that worked at all. On Fri, Apr 3, 2015 at 12:20 PM, Jonathan Fisher jonat...@springventuregroup.com

Re: [Dnsmasq-discuss] losing RRSIGS in dnsmasq 2.73rc3

On Thu, Apr 2, 2015 at 1:50 PM, Simon Kelley si...@thekelleys.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/15 21:43, Dave Taht wrote: On Thu, Apr 2, 2015 at 1:08 PM, Simon Kelley si...@thekelleys.org.uk wrote: I get a BOGUS validation because there's no DS record

Re: [Dnsmasq-discuss] losing RRSIGS in dnsmasq 2.73rc3

upstream resolvers. (Next up for me is hammering dnssec via as many ways as I can come up with over ipv6, btw) Cheers, Simon. On 02/04/15 20:10, Dave Taht wrote: So I am testing with the latest 2.73 release candidate3. I do TWO dnssec queries on the same domain. The first, does

[Dnsmasq-discuss] a little feedback on the new dnssec startup method in openwrt

A) Not clear what happens if it tries to write it while the jffs filesystem is still being cleaned B) the dnssec_timestamp file needs to go somewhere that can be written by nobody. B1) trying to create it to /etc/ fails and fails to startup dnsmasq (see A) Thu Apr 2 18:31:52 2015 daemon.info

Re: [Dnsmasq-discuss] [Cerowrt-devel] DNSSEC and www.ietf.org

I have trouble accessing ietf.org, also, with older versions of dnsmasq + dnssec, presently. On Mon, Mar 30, 2015 at 8:52 AM, Marc Petit-Huguenin m...@petit-huguenin.org wrote: Am I the only one who cannot access www.ietf.org since Cloudflare enabled DNSSEC? (with dnsmasq-full 2.73-3)

Re: [Dnsmasq-discuss] [Cerowrt-devel] DNSSEC and www.ietf.org

bug, should be fixed in 2.73rc3 pls shout if not. (the problem is that the clouldflare.bet zone includes the domains /003.cloudflare.net (that's ctrl-c at the start) and that was confusing dnsmasq.) Thanks. Dave, any chance to get a build of 2.73rc3? Simon. On 30/03/15 16:58, Dave Taht

Re: [Dnsmasq-discuss] High Availability: Part Deux

I too would like a more high availability form of DNS and dhcp in general. One thing that I do currently is use anycast in my (fairly complex, highly routed) campus network, so that the local dns servers are distributed via the babel routing protocol, and the closest one that is up responds.

Re: [Dnsmasq-discuss] [Babel-users] Looping in EAGAIN

I see this patch for EAGAIN on an interface going away did not make the babel-ss-merge branch apparently. (for those new to this bug, see: http://lists.alioth.debian.org/pipermail/babel-users/2014-October/001777.html for more details. ) No, I haven't had time to test this patch, nor have I come

Re: [Dnsmasq-discuss] dnsmasq 2.55 failures

On Mon, Mar 23, 2015 at 3:31 PM, John Knight john.kni...@belkin.com wrote: Hi, We use dnsmasq 2.55 in our Linksys routers. We have generally had few problems with dnsmasq, but recently one of our customers reported a failure that did not recover. I have seen a failure with dns for ipv6

Re: [Dnsmasq-discuss] DNAME or domain to domain transltion?

I have renewed hope then. On Mon, Mar 16, 2015 at 11:09 PM, Paul Vixie wrote: dname is not dead. it always included a synthesized cname. so a dname in the zone file can create an unlimited number of cnames in cache. re: Dave Taht dave.t...@gmail.com Tuesday, March 17, 2015 11:41 AM I

Re: [Dnsmasq-discuss] DNAME or domain to domain transltion?

I had had a lot of hope for DNAMEs, but they were shot down in the ietf years ago. Vestiges survive in bind, at least, but I suspect there is little application support. I would not mind an attempt to resurrect them. Naming in the face of being renumbered all the time by various ipv4 and ipv6

Re: [Dnsmasq-discuss] DNAME or domain to domain transltion?

On Mon, Mar 16, 2015 at 9:18 PM, Brad Smith b...@comstyle.com wrote: On 03/16/15 22:41, Dave Taht wrote: I had had a lot of hope for DNAMEs, but they were shot down in the ietf years ago. Vestiges survive in bind, at least, but I suspect there is little application support. I would

Re: [Dnsmasq-discuss] [Ow-tech] DNSSEC

On Wed, Feb 11, 2015 at 2:11 PM, Seth l...@sysfu.com wrote: On Tue, 10 Feb 2015 16:57:07 -0800, Ranganathan Krishnan r...@selwastor.com wrote: I am looking into ways to improve DNS on the openwireless router software. When I mentioned DNSSEC as one of the items to review, I received this

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

I was able to lock up this version of dnsmasq twice: 100% cpu usage. No syscalls were visible from strace during the lockup. Lockups occurred once on nearly at boot, and the second time, after a few hours of casual usage, with only ipv6 upstreams, on cero-3.10.50-1. furthermore, the only thing

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

I strongly suspect an ipv6 fragmentation handling bug in the kernel version cerowrt uses. Have tons of evidence pointing to that now, starting with some tests run last year from iwl and also the tests that netalyzer was doing. And: I just locked up the box completely while doing some dnssec stuff.

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

Wow, this thread goes back a ways. Is ds.test-ipv6.com still configured wrong, and does it pass now? It passes for me (but I am behind a more modern openwrt box right now) Is there another site that demonstrates this problem? BTW: For a while there (on comcast), in production, I ran with pure

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

Kelley si...@thekelleys.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/01/15 17:44, Dave Taht wrote: Wow, this thread goes back a ways. Is ds.test-ipv6.com still configured wrong, and does it pass now? It passes for me (but I am behind a more modern openwrt box right now

Re: [Dnsmasq-discuss] [homenet] sorting out the right ipv6 addr to choose and name in a source specific world

On Thu, Dec 18, 2014 at 2:06 PM, Brian E Carpenter brian.e.carpen...@gmail.com wrote: On 19/12/2014 04:07, Michael Richardson wrote: I am way behind on my mail (this thread) and will be away for the holidays. Merry Christmas, everyone, and to all a happy new year! Dave, my take is that

[Dnsmasq-discuss] sorting out the right ipv6 addr to choose and name in a source specific world

I have been wrestling with prefix coloring, where choosing a best prefix would be of use in (for example) reducing the problems induced by happy eyeballs when more than one ipv6 prefix is present and several other scenarios. There are many parts to this - one is in addressing, the other in DNS,

Re: [Dnsmasq-discuss] Trying to get hnetd working, trying to get distributed dns better

On Mon, Nov 24, 2014 at 1:25 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 23/11/14 17:16, Dave Taht wrote: I setup a bunch of picostations running openwrt barrier breaker to try and get hnetd working, some details here: https://plus.google.com/u/0/107942175615993706558/posts/jV9WJyEYGGP

Re: [Dnsmasq-discuss] rebind-protection vs servers-file

On Mon, Nov 24, 2014 at 1:02 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 22/11/14 23:06, Dave Taht wrote: I have been fiddling with improving my internal dns, by creating a file that has all my internal dns servers in it that I can easily copy everywhere. Example serversfile. server

[Dnsmasq-discuss] Trying to get hnetd working, trying to get distributed dns better

I setup a bunch of picostations running openwrt barrier breaker to try and get hnetd working, some details here: https://plus.google.com/u/0/107942175615993706558/posts/jV9WJyEYGGP Ran into problems also with getting reverse dns to work right. I think I should switch to blogging this stuff

[Dnsmasq-discuss] rebind-protection vs servers-file

I have been fiddling with improving my internal dns, by creating a file that has all my internal dns servers in it that I can easily copy everywhere. Example serversfile. server=/rossow.r.lupinlodge.org/172.23.143.9 rev-server=172.23.8.0/23,172.23.143.9

[Dnsmasq-discuss] dnsmasq deployed with dnssec

on cerowrt (ALONG with all the fq_codel, and ipv6 chocolately goodness) http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-2477-6d1fcde4-650e-45fa-8551 dnssec. working. after 12 years. /me happy THANK YOU SIMON FOR THIS IMPORTANT WORK! (I am puzzled about the edns0 result, tho.) --

Re: [Dnsmasq-discuss] Suggested configuration best practices for home net with dynamic ipv6 prefix?

On Mon, Sep 22, 2014 at 5:49 AM, Stephen Riehm dnsm...@opensauce.de wrote: Hi, I'm wondering if there are some 'typical' or 'best practice' configuration norms for configuring dnsmasq to provide A and DNS lookups for unqualified and qualified hostnames in an ipv6 home network without a

Re: [Dnsmasq-discuss] OpenWRT, modem restarts and lost dhcp leases

The simplest thing to do is merely move the dhcp leases file to persistent storage, if you are willing to live with the long term failure mode of flash becoming less long term. I don't honestly know the cycle lifetime of low end flash chips anymore - it was very bad when they first came out but

Re: [Dnsmasq-discuss] mdns support

As an outgrowth of the ietf homenet working group, the homewrt folk are attempting to blend together mdns, an mdns proxy, and improved address allocation schemes with dnsmasq in openwrt. They could use some more testers, coders, and help in general. I have long planned to integrate their work in

Re: [Dnsmasq-discuss] dnsmasq not working as DNS server for client machines

On May 22, 2014 3:37 PM, Chris Green c...@isbd.net wrote: On Thu, May 22, 2014 at 11:08:22PM +0100, Chris Green wrote: On Thu, May 22, 2014 at 10:46:46PM +0100, Chris Green wrote: I seem to have spoken too soon with my transfer of dnsmasq to a different machine. It's running on my

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

On Thu, May 1, 2014 at 1:26 PM, Rich Brown richb.hano...@gmail.com wrote: On May 1, 2014, at 2:37 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 30/04/14 18:26, Dave Taht wrote: On Tue, Apr 29, 2014 at 1:57 PM, Phil Pennock cerowrt-devel+p...@spodhuis.org wrote: snip, snip snip

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

On Tue, Apr 29, 2014 at 1:57 PM, Phil Pennock cerowrt-devel+p...@spodhuis.org wrote: On 2014-04-29 at 14:22 +0100, Simon Kelley wrote: secure no DS means that the original unsigned answer should be accepted, except that it shouldn't. There's no way to distinguish between secure lack of DS

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

On Mon, Apr 28, 2014 at 9:55 AM, Jim Gettys j...@freedesktop.org wrote: ​​Comcast recently lit up IPv6 native dual stack in the Boston area. The http://test-ipv6.com/ web site complains about DNS problems unless dnssec is disabled; if it is, I get various timeouts. Test with IPv4 DNS

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

. It is falling back to trying a recursive lookup on the default domain ( ipv6.test-ipv6.com.home.lan ) - which it does do a nxdomain for immediately... On Mon, Apr 28, 2014 at 10:03 AM, Dave Taht dave.t...@gmail.com wrote: On Mon, Apr 28, 2014 at 9:55 AM, Jim Gettys j...@freedesktop.org

Re: [Dnsmasq-discuss] [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

I see A and requests for for ds.test-ipv6.com that fail. On Mon, Apr 28, 2014 at 11:37 AM, Dave Taht dave.t...@gmail.com wrote: I have put a link up to two of jim's captures going to test-ipv6 via cero, one with dnssec enabled, captured at the local laptop http

Re: [Dnsmasq-discuss] [Cerowrt-devel] test-ipv6.com vs dnssec

for ds records to come from it, so that domain can't be fully signed. So it sounds to me as if negative proofs are not possible with registrars that lack this support? Simon. On Fri, Apr 25, 2014 at 1:39 PM, Dave Taht dave.t...@gmail.com wrote: jg tells me the test-ipv6.com site fails

Re: [Dnsmasq-discuss] [Cerowrt-devel] Had to disable dnssec today

On Sat, Apr 26, 2014 at 4:38 AM, Aaron Wood wood...@gmail.com wrote: Just too many sites aren't working correctly with dnsmasq and using Google's DNS servers. After 4 days of uptime, I too ended up with a wedged cerowrt 3.10.36-6 on wifi. The symptoms were dissimilar from what has been

Re: [Dnsmasq-discuss] [Cerowrt-devel] more dnssec failures

What does unbound or bind do? On Thu, Apr 24, 2014 at 5:35 AM, Aaron Wood wood...@gmail.com wrote: And if I use Free.fr's servers, the DS resolves (I'm running CeroWRT double-NAT behind a Freebox v6): dig @192.168.1.254 DS e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net ; DiG 9.8.5-P1

Re: [Dnsmasq-discuss] [Cerowrt-devel] more dnssec failures

I will argue that a better place to report dnssec validation errors is the dnsmasq list. On Wed, Apr 23, 2014 at 8:31 AM, Aaron Wood wood...@gmail.com wrote: Wed Apr 23 15:13:05 2014 daemon.info dnsmasq[29719]: query[A] e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net from 172.30.42.99 Wed

[Dnsmasq-discuss] dnssec and local caching dns in fedora and network manager

interesting long thread over at the fedora project this weekend: https://lists.fedoraproject.org/pipermail/devel/2014-April/197755.html -- Forwarded message -- From: Chuck Anderson c...@wpi.edu Date: Sun, Apr 13, 2014 at 10:59 AM Subject: Re: [Cerowrt-devel] Full blown DNSSEC

Re: [Dnsmasq-discuss] Does DNSSEC require nettle and gmp, or nettle with gmp?

On Wed, Apr 9, 2014 at 6:24 AM, /dev/rob0 r...@gmx.co.uk wrote: On Tue, Apr 01, 2014 at 11:54:28AM -0500, I wrote: ^^ On Tue, Mar 25, 2014 at 07:08:44PM -0400, Alex Xu wrote: On 25/03/14 07:03 PM, sven falempin wrote: my concern of nettle vs openssl is the amount of review and

Re: [Dnsmasq-discuss] DHCPv6 hostname resolving

On Wed, Apr 2, 2014 at 8:59 AM, Albert ARIBAUD albert.arib...@free.fr wrote: Le 02/04/2014 17:26, Quintus a écrit : Hi there, Hi Quintus, with DHPv4, dnsmasq properly converts the hostnames send to it to A records we can query for. It seems however that this is not the case with DHCPv6

Re: [Dnsmasq-discuss] Does DNSSEC require nettle and gmp, or nettle with gmp?

On Tue, Apr 1, 2014 at 9:54 AM, /dev/rob0 r...@gmx.co.uk wrote: On Tue, Mar 25, 2014 at 07:08:44PM -0400, Alex Xu wrote: On 25/03/14 07:03 PM, sven falempin wrote: my concern of nettle vs openssl is the amount of review and testing nettle did get compared to something more widely(!) used

Re: [Dnsmasq-discuss] Stats improvement

On Fri, Mar 28, 2014 at 9:35 AM, Dave Taht dave.t...@gmail.com wrote: On Thu, Mar 27, 2014 at 1:57 PM, Simon Kelley si...@thekelleys.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/03/14 05:12, Olivier Mauras wrote: Yes it should definitely be TXT records. Sounds really

Re: [Dnsmasq-discuss] [PATCH] dnsmasq-2.68 vs. dnsmasq-2.69rc1 Coverity scan diff

did you also compile with dhcpv6 support enabled? On Tue, Mar 25, 2014 at 7:33 AM, Tomas Hozza tho...@redhat.com wrote: - Original Message - On 24/03/14 13:51, Tomas Hozza wrote: Hi. I did a version diff scan between 2.68 and 2.69rc1 version. From my point of view there is one

Re: [Dnsmasq-discuss] Stats improvement

I would certainly like to have a standard way of getting these statistics, through the dns, perhaps one unified with whatever bind and unbound use (or don't use.) Not a lot of people seem to be aware of why dns caching forwarders are so great, although benchmarks like namebench against your

Re: [Dnsmasq-discuss] Setting dns domain name through dhcpv6

I'd like to note that we are trying to get away from resolve.conf.auto in a couple cases, notably when you have multiple upstreams and you want reverse queries to go to the right place. A search list doesn't cut it in that case. BUT supplying a search list makes sense to clients. On Mar 8, 2014

Re: [Dnsmasq-discuss] dnsmasq, NetworkManager and VPNs

Simon just added support for dynamically adding/removing an upstream dns server and reverse resolver in the upcoming release which I think will handle your use case. On Thu, Mar 6, 2014 at 1:39 AM, Tony Breeds t...@bakeyournoodle.com wrote: Hi All, I'm a new user of dnsmasq and I can't

Re: [Dnsmasq-discuss] Speed comparison dnsmasq - unbound?

On Sun, Feb 16, 2014 at 9:06 AM, /dev/rob0 r...@gmx.co.uk wrote: On Sun, Feb 16, 2014 at 07:38:37AM +0100, Oliver Rath wrote: did somebody some speed comparison tests for the dns caching functionality between dnsmasq and unbound (http://unbound.net/)? Compare apples to apples. You're not

[Dnsmasq-discuss] Fwd: [Cerowrt-devel] Fwd: Testers wanted: DNSSEC.

-- Forwarded message -- From: Toke Høiland-Jørgensen t...@toke.dk Date: Wed, Feb 5, 2014 at 12:10 PM Subject: Re: [Cerowrt-devel] Fwd: [Dnsmasq-discuss] Testers wanted: DNSSEC. To: Dave Taht dave.t...@gmail.com Cc: cerowrt-de...@lists.bufferbloat.net cerowrt-de

Re: [Dnsmasq-discuss] coping with ipv6 source routing and dns

On Thu, Jan 30, 2014 at 1:57 AM, Simon Kelley si...@thekelleys.org.uk wrote: On 29/01/14 19:22, Dave Taht wrote: I have been (mostly) happily fiddling with my new comcast ipv6 connection, trying to route all dns queries over ipv6 in particular, by disabling requesting the ipv4 dns addrs

[Dnsmasq-discuss] coping with ipv6 source routing and dns

I have been (mostly) happily fiddling with my new comcast ipv6 connection, trying to route all dns queries over ipv6 in particular, by disabling requesting the ipv4 dns addrs and relying on the dhcpv6 request to succeed. config interface eth0 option 'ifname' 'eth0' option 'proto'

Re: [Dnsmasq-discuss] DNSSEC enabled dnsmasq dies very quickly

Dnsmasq is barely in git with dnssec support, So it would help to clearly identify what commit number you are working from. ? And: Pull early, pull often. On Jan 26, 2014 5:47 PM, e9hack e9h...@gmail.com wrote: Hi, for testing purpose, I compile dnsmasq with option -DHAVE_DNSSEC. After a

Re: [Dnsmasq-discuss] dhcp-pd, and autoassigned internal interfaces issues

assigned address with prefix delegation as well. John Gorkos On 1/22/14, 6:37 AM, Simon Kelley wrote: Patch applied. Cheers, Simon. On 21/01/14 16:19, Dave Taht wrote: I have finally got my first-ever comcast ipv6 set of users up, and we have a problem with the interrelationship

Re: [Dnsmasq-discuss] dhcp-pd, and autoassigned internal interfaces issues

On Tue, Jan 21, 2014 at 5:13 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 21/01/14 16:19, Dave Taht wrote: I have finally got my first-ever comcast ipv6 set of users up, and we have a problem with the interrelationship between addresses assigned dynamically by dhcpv6-pd and other means

Re: [Dnsmasq-discuss] Can't ping when using FQDN

Using .local is generally reserved for multicast DNS. Don't do that. On Nov 8, 2013 1:37 AM, Guillaume Betous guillaume.bet...@gmail.com wrote: you must be right : domain domain.local nameserver my.isp.ip.address1 nameserver my.isp.ip.address2 2013/11/8 Albert ARIBAUD

Re: [Dnsmasq-discuss] Can't ping when using FQDN

On Nov 8, 2013 2:08 AM, Guillaume Betous guillaume.bet...@gmail.com wrote: what kind of local domain name can I use ? I thought the .local was reserved for local networks... See http://en.wikipedia.org/wiki/.local gUI 2013/11/8 Dave Taht dave.t...@gmail.com: Using .local is generally

[Dnsmasq-discuss] Fwd: [homenet] Fwd: WG Action: Formed Extensions for Scalable DNS Service Discovery (dnssd)

The problems cerowrt has with multicast dns over multiple interfaces are kind of universal. A new ietf working group is being formed to address the problems with service discovery beyond the local link and finally (I hope) re-unify mdns with regular DNS. See below for the announcement. One set of

Re: [Dnsmasq-discuss] dumping current dhcp leases without always updating the leasefile curing normal ?

On Mon, Oct 14, 2013 at 9:42 AM, Simon Kelley si...@thekelleys.org.uk wrote: On 11/10/13 16:37, Rick Jones wrote: On 10/11/2013 07:16 AM, Simon Kelley wrote: On 11/10/13 01:39, Rick Jones wrote: I am still on the steep learning slope for dnsmasq. The manpage lists a -l/--dhcp-leasefile

Re: [Dnsmasq-discuss] [Cerowrt-devel] Names not resolved on Wireless

wget the version of DNSmasq from this versions packages and forcibly apply it on top of 3.10.15-4 using opkg. -- David P. On Thu, Oct 10, 2013 at 8:01 PM, Dave Taht dave.t...@gmail.com wrote: 3.10.15-4 is now out there, containing sufficient patches to get dnsmasq to the current head of tree

Re: [Dnsmasq-discuss] [Cerowrt-devel] Names not resolved on Wireless

Dear Dr. Dnsmasq: When cerowrt made the jump between dnsmasq-2.67-test10 and dnsmasq-2.67-test17, detection of interfaces other than the first started failing. It seems to be related to interfaces that come up after dnsmasq starts, as restarting it after the device is fully booted works. Have

Re: [Dnsmasq-discuss] [Cerowrt-devel] Names not resolved on Wireless

://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.10.15-3/ I won't be in a position to test stuff myself til sunday but cero's devoted userbase seems to be hoovering over the reload button and will probably beat me to it Cheers, Simon. On 10/10/13 15:43, Dave Taht wrote: Dear Dr

Re: [Dnsmasq-discuss] [Cerowrt-devel] Names not resolved on Wireless

service on config lines. 2) Exactly one interface that dnsmasq should be listening on is around when it starts, but others arrive later. I can't explain why it just broke though, this bug has been around forever. Simon. On 10/10/13 19:30, Dave Taht wrote: On Thu, Oct 10, 2013 at 9:54