Re: [Dnsmasq-discuss] dnsmasq compilation and dependencies: compilation macros and help

2019-06-12 Thread Kevin Darbyshire-Bryant
> On 12 Jun 2019, at 19:56, SALA MASSIMO wrote: > > Hi Geert > > Ehm ... I mistyped writing the email. > > I check my script: > make COPTS="-DNO_AUTH -DNO_DHCP -DNO_INOTIFY -DNO_IPV6 -DNO_SCRIPT > -DNO_TFTP" > > A quick glance at the source code: it seem to me the help arguments aren't

[Dnsmasq-discuss] Insecure DS reply warning - false positives?

2019-05-13 Thread Kevin Darbyshire-Bryant
Hi All, Part of the reason for submitting http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q2/013026.html "[PATCH] dnssec: add hostname info to insecure DS warning” was to easily find out what domain was prompting the warning. Some of my mystery ‘Insecure DS reply’ turns out to be

Re: [Dnsmasq-discuss] [PATCH] DHCPv6: Honor assigning IPv6 address based on MAC address

2019-05-11 Thread Kevin Darbyshire-Bryant
> On 6 Apr 2019, at 12:01, Geert Stappers wrote: > > On Mon, Apr 01, 2019 at 01:02:20AM +0200, Pali Rohár wrote: >> On Tuesday 12 February 2019 13:41:43 Geert Stappers wrote: >>> On 06-02-2019 21:29, Pali Rohár wrote: On Friday 11 January 2019 17:52:43 Pali Rohár wrote: > On Monday 17

[Dnsmasq-discuss] [PATCH] dnssec: add hostname info to insecure DS warning

2019-05-11 Thread Kevin Darbyshire-Bryant
From: Kevin Darbyshire-Bryant Make the existing "insecure DS received" warning more informative by reporting the domain name reporting the issue. This may help identify a problem with a specific domain or server configuration. Signed-off-by: Kevin Darbyshire-Bryant --- src/dnssec.c

Re: [Dnsmasq-discuss] Query forwarding behaviour with multiple name servers.

2019-02-08 Thread Kevin Darbyshire-Bryant
Aha! I know this (it’s a Unix system… /) > On 8 Feb 2019, at 09:49, John Robson wrote: > > Hi all, > > I'm trying to understand the mechanism by which dnsmasq uses the resolvers > specified (in this case they are all specified in /etc/resolv.conf). > Specifically I am trying to work out why

Re: [Dnsmasq-discuss] [PATCH] fix entries in /etc/hosts disabling static leases

2019-01-16 Thread Kevin Darbyshire-Bryant
> On 12 Jan 2019, at 21:55, Steven Siloti wrote: > > It is possible for a config entry to have one address family specified by a > dhcp-host directive and the other added from /etc/hosts. This is especially > common on OpenWrt because it uses odhcpd for DHCPv6 and IPv6 leases are > imported

Re: [Dnsmasq-discuss] DHCP problem when moving from one WiFi SSID to another

2018-12-27 Thread Kevin Darbyshire-Bryant
> On 27 Dec 2018, at 08:45, Chris Green wrote: > >>> >>> >>> My laptop seems to lose its IP address whenever I move from one >>> Draytek's WiFi to the other but only when the IP is assigned by >>> dnsmasq. If I connect to my guest network (192.168.6.x) then I get a >>> IP address assigned

Re: [Dnsmasq-discuss] [PATCH] Re: dhcp-boot & dhcp-reply-delay optional tag fixes

2018-12-15 Thread Kevin Darbyshire-Bryant
> On 14 Dec 2018, at 16:10, Petr Mensik wrote: > > Hi Kevin et al, > > sure, your fix is correct one. I just found one more place where tags > were required. Your pointer handling is not as hopeless as you are > saying. :) He he - It’s always good to get a second opinion though :-) And you

[Dnsmasq-discuss] dhcp-boot & dhcp-reply-delay optional tag fixes

2018-12-14 Thread Kevin Darbyshire-Bryant
Hi Simon et al, It looks like Petr’s "Free config file values on parsing errors” commit turned the optional tags on dhcp-boot & dhcp-reply-delay to non-optional. Attached is a patch that fixes it according to my testing but my ‘c’ and pointer handling is somewhat hopeless so could do with a

[Dnsmasq-discuss] fix ipv6 ipset bug in master

2018-12-12 Thread Kevin Darbyshire-Bryant
Hi Simon, Another one fallen out of the openwrt tree shake :-) ipv6 ipset addresses weren’t being set correctly. patch attached Cheers, Kevin D-B 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A 0001-ipset-fix-ternary-order-swap.patch Description:

[Dnsmasq-discuss] build failure on master with NO_DHCPv6 and fix....

2018-12-10 Thread Kevin Darbyshire-Bryant
Hi Simon, master has a build error when building without HAVE_DHCPv6 option.c: In function 'dhcp_context_free': option.c:1042:15: error: 'struct dhcp_context' has no member named 'template_interface' free(ctx->template_interface); Sadly, need to put in a little conditional compilation

Re: [Dnsmasq-discuss] static lease issues?

2018-11-06 Thread Kevin Darbyshire-Bryant
> On 6 Nov 2018, at 20:44, Simon Kelley wrote: > > Look at the tags on the first and second DHCPDISCOVERs. The first one is > in "known" and the second is "known-othernet". > > "known" means that the host has a dhcp-host or similar configuration > which provides an address, and the address in

[Dnsmasq-discuss] static lease issues?

2018-11-04 Thread Kevin Darbyshire-Bryant
Hi Simon, Hi List, I’m hearing rumblings from the openwrt community that something isn’t right with static leases. The behaviour manifests itself as the statically assigned host being unable to renew its lease. e.g. -this is okay Nov 4 15:29:29 192.168.0.254 dnsmasq-dhcp[2378]: 424644159

Re: [Dnsmasq-discuss] Compile-time options - taming the combinatorial explosion.

2018-10-25 Thread Kevin Darbyshire-Bryant
> On 25 Oct 2018, at 21:38, Kevin Darbyshire-Bryant > wrote: > > I think Openwrt is safe. There will be a loud scream from me if it isn’t :-) > > Cheers, > > Kevin D-B > In fact to prove it to myself I had a go at removing the NO_FORK compile time opti

Re: [Dnsmasq-discuss] Compile-time options - taming the combinatorial explosion.

2018-10-25 Thread Kevin Darbyshire-Bryant
> On 25 Oct 2018, at 20:33, Shankar Unni wrote: > > On Oct 24, 2018, at 2:49 PM, Simon Kelley wrote: > >> […] >> The next option in my sights is NO_FORK. This produces a >> mostly-functional binary that never forks any new processes. It was >> added long ago to support uclinux, the MMU-less

Re: [Dnsmasq-discuss] CVE-2017-14495 PoC causes high CPU usage and denial of service against dnsmasq v2.79

2018-10-08 Thread Kevin Darbyshire-Bryant
> On 8 Oct 2018, at 02:58, Mouath Ibrahim wrote: > > Hello, > > I ran the PoC supplied by Google research team found here: https://github.com/ > google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/ > CVE-2017-14495.py > > and noticed immediately that dnsmasq process uses up

Re: [Dnsmasq-discuss] Seg. fault in cache.c after commt b6f926fb

2018-09-19 Thread Kevin Darbyshire-Bryant
> On 19 Sep 2018, at 08:59, Kristian Evensen wrote: > > Hi Simon, > > Thanks for a quick reply. > > On Wed, Sep 19, 2018 at 12:23 AM Simon Kelley wrote: >> Thanks for the report. The obvious explanation is that whine_malloc() is >> returning NULL, and the code should handle that.

Re: [Dnsmasq-discuss] ubus FTBFS fix

2018-07-30 Thread Kevin Darbyshire-Bryant
> On 29 Jul 2018, at 22:34, Simon Kelley wrote: > > Gah, thanks. I broke the cardinal rule: never commit code you've tweaked > and not compiled. lol - we’ve all done it :-) > I've modified my "dogfood" openWRT build to enable the UBUS code now, so > I should pick this stuff up in future. My

[Dnsmasq-discuss] Google's DNS and Insecure DS reply received, do upstream DNS servers support DNSSEC?

2018-07-28 Thread Kevin Darbyshire-Bryant
Greetings! This isn’t a new problem but curiosity/frustration has now got the better of me. I’ve a QNAP NAS box which registers itself under ‘waldorfdb.myqnapcloud.com’ with both IPv4 & IPv6 addresses. My home lan router provides DHCP & DNS service courtesy dnsmasq. Sometimes my local

[Dnsmasq-discuss] ubus FTBFS fix

2018-07-28 Thread Kevin Darbyshire-Bryant
Hi Simon, A couple of FTBFS typos in master at the moment related to ubus integration. Fix attached, though not actually run tested..yet. Cheers, Kevin D-B 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A 0005-dnsmasq.c-fix-OPT_UBUS-option-usage.patch Description: Binary data

Re: [Dnsmasq-discuss] DHCPv6 with dnsmasq for automated deployments

2018-05-25 Thread Kevin Darbyshire-Bryant
> On 25 May 2018, at 13:07, Oliver Freyermuth > wrote: > > Dear dnsmasqers, > > I fear the following is a design issue of DHCPv6, but I wonder if there's a > way to overcome it with dnsmasq... Hi Oliver, I’ve a similar/same problem when rebooting some QNAP

Re: [Dnsmasq-discuss] upstream server selection algorithm - bug?

2018-05-15 Thread Kevin Darbyshire-Bryant
> On 15 May 2018, at 17:00, Dominik DL6ER wrote: > > Dear Kevin, >> Obviously it has to at least try the others occasionally to check it’s made >> the correct choice. But I’m seeing dnsmasq make the same request to *ALL* >> servers quite frequently and am curious as to why?

[Dnsmasq-discuss] dnssec queries with --bogus-priv

2018-05-15 Thread Kevin Darbyshire-Bryant
Here’s another one of those innocent questions caused by looking at a logfile :-) I have ‘—bogus-priv’ set so in theory I’m not going to ask upstream questions about RFC1918 addresses, which I don’t, except I see these…. dnssec-query[DS] 10.in-addr.arpa to 8.8.8.8 dnssec-query[DS]

[Dnsmasq-discuss] upstream server selection algorithm - bug?

2018-05-15 Thread Kevin Darbyshire-Bryant
This is one of my classic ‘look in a logfile…. h’ moments. dnsmasq is configured with 4 upstream resolvers, google, both IPv4 & 6. Manpage states: -o, --strict-order By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are

Re: [Dnsmasq-discuss] ubus and metrics

2018-04-24 Thread Kevin Darbyshire-Bryant
> On 24 Apr 2018, at 04:52, Kurt H Maier wrote: > > On Tue, Apr 24, 2018 at 12:07:09AM +0100, Simon Kelley wrote: >> >> I edit using emacs, and never see a problem. A massive edit would >> generate a huge number of spurious changes in the git repository. I use >> "git blame"

[Dnsmasq-discuss] [PATCH] Makefile: Stop creating '-d' directory

2018-04-06 Thread Kevin Darbyshire-Bryant
. Signed-off-by: Kevin Darbyshire-Bryant <l...@darbyshire-bryant.me.uk> --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 98ec760..da82868 100644 --- a/Makefile +++ b/Makefile @@ -100,7 +100,8 @@ clean : mostly_clean install : all i

Re: [Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2

2018-01-15 Thread Kevin Darbyshire-Bryant
> On 15 Jan 2018, at 23:27, Simon Kelley wrote: > > >> >> Beyond “gaaahh why didn’t I think of SIGINT”….. excellent. Understand >> the reasoning, agree, running chez Kevin and backport for LEDE master >> submitted. >> > > and there's still SIGQUIT available!

Re: [Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2

2018-01-15 Thread Kevin Darbyshire-Bryant
> On 14 Jan 2018, at 22:12, Simon Kelley wrote: > > Right, I thought about this again, and concluded that whilst sharing the > "now use the time" function with something other than "reload loads of > stuff" is an improvement, it doesn't really get us that much farther

Re: [Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2

2018-01-08 Thread Kevin Darbyshire-Bryant
> > > Am I waiting on you or are you waiting on me (to produce some laughably awful > code that you’ll fix up anyway) :-) And for the purposes of a jolly good laugh….. :-) 0001-dnsmasq-user-select-dnssec-time-valid-signal.patch Description: Binary data signature.asc Description: Message

Re: [Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2

2018-01-03 Thread Kevin Darbyshire-Bryant
> On 3 Jan 2018, at 12:34, Simon Kelley wrote: > > Happy new year all. > > > "Ideally dnsmasq would have some other IPC mechanism for indicating > 'time is valid, go check dnssec timestamps'" > > > I suspect I know that answer to this, but dnsmasq _does_ have

[Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2

2018-01-03 Thread Kevin Darbyshire-Bryant
Hi Simon, Happy New Year! I suspect this patch is going to get quite a push back in the name of backwards compatibility, however the problem is real and getting worse on some platforms - from the patch submitted to the LEDE/Openwrt platform: "Move 'check dnssec timestamp enable' from SIGHUP

Re: [Dnsmasq-discuss] [PATCH] Remove NULL check for intname.

2017-10-05 Thread Kevin Darbyshire-Bryant
On 05/10/17 06:20, ros...@gmail.com wrote: On Wed, 2017-10-04 at 20:43 -0700, Kurt H Maier wrote: On Wed, Oct 04, 2017 at 07:23:22PM -0700, Rosen Penev wrote: - if (intname && strlen(intname) != 0) + if (!strlen(intname)) ifindex = if_nametoindex(intname); /* index == 0 when not

Re: [Dnsmasq-discuss] pick authoritative server

2017-09-25 Thread Kevin Darbyshire-Bryant
On 25/09/17 00:24, Vic wrote: > Hi, Can I select a domain filter or such: > > I send all requests to 8.8.8.8 except for > > mydomain1.org and mydomain2.org -- that goes to my local name servers. > > Yes? How? Yes. Something like: server=/mydomain1.org/ip.address.of.mydomain1.auth.server

[Dnsmasq-discuss] Thanks - Recent fixes

2017-09-10 Thread Kevin Darbyshire-Bryant
Hi Simon, Thanks for the recent fixes for the SIGSEGV CVE 2017-13704 and followup http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928 http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=a3303e196e5d304ec955c4d63afb923ade66c6e8 I backported

Re: [Dnsmasq-discuss] reproducible segmentation fault - bisected!

2017-08-29 Thread Kevin Darbyshire-Bryant
On 28/08/17 17:27, Christian Kujau wrote: On Mon, 28 Aug 2017, Christian Kujau wrote: On Mon, 28 Aug 2017, Kevin Darbyshire-Bryant wrote: My workaround is to only call memset if the difference between buffer begin and buffer limit is bigger than the query length, thus it retains Simon's

Re: [Dnsmasq-discuss] reproducible segmentation fault - bisected!

2017-08-29 Thread Kevin Darbyshire-Bryant
I've a *much* better fix for this. Will submit once I've collected someone from the station! Mad busy life, Kevin On 28/08/17 17:27, Christian Kujau wrote: On Mon, 28 Aug 2017, Christian Kujau wrote: On Mon, 28 Aug 2017, Kevin Darbyshire-Bryant wrote: My workaround is to only call memset

Re: [Dnsmasq-discuss] reproducible segmentation fault - bisected!

2017-08-28 Thread Kevin Darbyshire-Bryant
mpling. This is to be regarded as a sticking plaster rather than real fix but that needs far greater minds than I to understand the code & intent :-) Hope this helps someone. Kevin >From 340a26f915d8c3bb54c44f58d432cc7240631a74 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant <

Re: [Dnsmasq-discuss] reproducible segmentation fault

2017-08-28 Thread Kevin Darbyshire-Bryant
On 28/08/17 09:27, Juan Manuel Fernandez wrote: Hi, Last weeks we were fuzzing dnsmasq and found this crash (https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11597.html ) . We tried

Re: [Dnsmasq-discuss] IPv6: Router with RA + static DHCPv6 from dnsmasq on separate host

2017-08-19 Thread Kevin Darbyshire-Bryant
On 18/08/17 19:54, David Kerr wrote: Maddes, This looks very similar to a question I asked a few days ago... http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011677.html dnsmasq DHCPv6 server

Re: [Dnsmasq-discuss] [RFC] dns: add option to ban domains

2017-08-08 Thread Kevin Darbyshire-Bryant
On 08/08/17 09:23, wkitt...@gmail.com wrote: On 08/08/2017 04:06 AM, Matteo Croce wrote: 2017-08-08 4:26 GMT+02:00 : On 08/07/2017 06:02 PM, Matteo Croce wrote: I propose adding an option to allow banning some domains. add `--ban-hosts' which accepts a file name which

Re: [Dnsmasq-discuss] dnsmasqd crash

2017-06-20 Thread Kevin Darbyshire-Bryant
Probably best to reply to the list as well where there are much better experts than me. On 19/06/17 22:39, Justin Jose wrote: Hi Kevin, Thank you for the response. Here are my answers for your questions. Q. What version of dnsmasq? [Ans] The dnsmasq version I am using is 2.55. 2.55 is

Re: [Dnsmasq-discuss] dnsmasqd crash

2017-06-19 Thread Kevin Darbyshire-Bryant
On 19/06/17 01:02, Justin Jose wrote: ​​​Hi, I got a couple of dnsmasqd crash and on investigating I found the crash is due to accessing a NULL pointer. What version of dnsmasq? I have a fix for this problem and attached with this mail. Would you have any suggestion for this fix?

Re: [Dnsmasq-discuss] [PATCH] fix dns failover when dns server returns REFUSED

2017-06-15 Thread Kevin Darbyshire-Bryant
This seems like an important fix to get in the next 'patch' release or whatever it's to be called, a bit like the pxe filename whoops :-) Remarkably simple fix too...hopefully not too simple. Cheers, Kevin On 14/06/17 14:46, Hans Dedecker wrote: If a DNS server replies REFUSED for a given

Re: [Dnsmasq-discuss] problem with loopback and 2.77test5

2017-05-15 Thread Kevin Darbyshire-Bryant
On 15/05/17 11:06, Bastian Bittorf wrote: * Simon Kelley [12.05.2017 08:33]: Oops. "It compiles - ship it" bites back. 2.77rc3 fixes this, and we're currently eating the dog-food chez Kelley. just to mention it, the loopback-thingy is working fine now on my side

Re: [Dnsmasq-discuss] problem with loopback and 2.77test5

2017-05-11 Thread Kevin Darbyshire-Bryant
On 11/05/17 21:09, Simon Kelley wrote: Oops. "It compiles - ship it" bites back. 2.77rc3 fixes this, and we're currently eating the dog-food chez Kelley. Woof! Currently building a LEDE release, assuming no obvious issue pops up, a pull request into LEDE master will follow...and

Re: [Dnsmasq-discuss] problem with loopback and 2.77test5

2017-05-11 Thread Kevin Darbyshire-Bryant
On 10/05/17 22:31, Simon Kelley wrote: Just committed a patch which should make this work again without needing --no-ping. I've tagged it as 2.77rc2, so please could a LEDE package be built, and this behaviour tested. I tried rc2 and think there's a problem with DHCPv4 leasesie. It

Re: [Dnsmasq-discuss] Intermittent SIGSEGV crash of dnsmasq-full

2017-05-10 Thread Kevin Darbyshire-Bryant
On 09/05/17 22:42, Simon Kelley wrote: Never trust a git commit which happened in the early hours :) Thanks for a second excellent bug report. This was much easier to find. Sorry for keeping you up till the wee small hours with your bug hunting outfit on :-) Guido does all the hard work

Re: [Dnsmasq-discuss] Intermittent SIGSEGV crash of dnsmasq-full

2017-05-09 Thread Kevin Darbyshire-Bryant
#comment2589 I really hope to get out a 2.77 release soon. Cheers, Simon. On 08/05/17 13:30, Kevin Darbyshire-Bryant wrote: Hi Simon, Got a report in LEDE land about a SIGSEGV issue, I'm able to replicate easily as described. Thoughts? Cheers, Kevin Forwarded Message

[Dnsmasq-discuss] Intermittent SIGSEGV crash of dnsmasq-full

2017-05-08 Thread Kevin Darbyshire-Bryant
Hi Simon, Got a report in LEDE land about a SIGSEGV issue, I'm able to replicate easily as described. Thoughts? Cheers, Kevin Forwarded Message Subject: [FS#766] Intermittent SIGSEGV crash of dnsmasq-full Date: Mon, 08 May 2017 05:57:18 + From: LEDE Bugs

Re: [Dnsmasq-discuss] [PATCH] Nack requests for unknown leases.

2017-04-29 Thread Kevin Darbyshire-Bryant
On 28/04/17 22:20, Simon Kelley wrote: That's the bug here, I think. I was worried that a client sending a DHCPDISCOVER when it thinks it knows that address, might respond to ICMP pings, but at least for ISC dhclient on Linux, that's not the case. Patch is here, and was much more trouble than

Re: [Dnsmasq-discuss] bug: trunk DHCP offer/replies being ignored by some devices

2017-04-08 Thread Kevin Darbyshire-Bryant
On 07/04/17 23:00, Simon Kelley wrote: On 06/04/17 14:01, Pedro MG Palmeiro wrote: Dnsmasq trunk replies are being ignored by some devices, in my case, two epson printers (AL-M200). Dnsmasq 2.76 works fine. This could be related with http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;

Re: [Dnsmasq-discuss] [PATCH] decrease the amount of individual sites listed in log

2017-02-08 Thread Kevin Darbyshire-Bryant
Oooh that's a useful tidy'upper! Like it. Kevin On 07/02/17 18:03, Hannu Nyman wrote: By default 30 first servers are listed individually to system log, and then a count of the remaining items. With e.g. a NXDOMAIN based adblock service, dnsmasq lists 30 unnecessary ad sites every time when

Re: [Dnsmasq-discuss] interface-name records vs localise-queries

2017-02-02 Thread Kevin Darbyshire-Bryant
://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=d42d4706bbcce3 b5a40ad778a5a356a997db6b34 Have fun. Cheers, Simon. On 01/02/17 13:41, Kevin Darbyshire-Bryant wrote: On 17/01/17 04:05, Eric Luehrsen wrote: Hi Kevin, Reading the man page, I would expect the primary address is returned (localized

Re: [Dnsmasq-discuss] interface-name records vs localise-queries

2017-02-01 Thread Kevin Darbyshire-Bryant
not working, it would be perfect. I wonder if Simon could be persuaded to look into this ready for 2.77? :-) Kevin Kevin Darbyshire-Bryant Wed, 11 Jan 2017 10:24:34 -0800 Hello All, Recently LEDE changed the way it allocates names to interfaces, now using '-interface-name' rather than putting

Re: [Dnsmasq-discuss] IDN (internationalized domain name) support

2017-01-31 Thread Kevin Darbyshire-Bryant
On 31/01/17 16:57, Simon Kelley wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 It's included in the Debian, (and therefore Ubuntu) packaging. Of course the only difference it makes is to the interpretation of domain names in /etc/hosts and friends and config files. - IDNs get cached

[Dnsmasq-discuss] interface-name records vs localise-queries

2017-01-11 Thread Kevin Darbyshire-Bryant
Hello All, Recently LEDE changed the way it allocates names to interfaces, now using '-interface-name' rather than putting names in /etc/hosts or similar. Unfortunately this new method appears incompatible with 'localise-queries' in that all interfaces/aliases are included in the reply to

Re: [Dnsmasq-discuss] DHCPv6 ULA & Global address allocation & Apple devices

2016-11-21 Thread Kevin Darbyshire-Bryant
On 21/11/16 15:52, Kevin Darbyshire-Bryant wrote: PS: As a total hack, I got dnsmasq to ignore any requested addresses. Dnsmasq replies with both ULA & Global addresses in the reply...and my iPad is happy...it takes the global address. Nope, the above worked temporarily by luck ra

Re: [Dnsmasq-discuss] DHCPv6 ULA & Global address allocation & Apple devices

2016-11-21 Thread Kevin Darbyshire-Bryant
I've got some packet captures now that have helped answer some of the questions. 1) The DHCPADVERTISE in the log are included in just one packet. 2) The solicits from my ipad and the advertises are identical except dnsmasq presents the ULA address first whereas odhcpd presents the global

[Dnsmasq-discuss] DHCPv6 ULA & Global address allocation & Apple devices

2016-11-21 Thread Kevin Darbyshire-Bryant
Hi All, This problem has been around a while (forever?) but it's only just annoyed me sufficiently to investigate. The box in question is running a recent version LEDE and in my case dnsmasq git head bleeding edge. LEDE normally uses its homegrown odhcpd to hand out DHCPv6 addresses,

Re: [Dnsmasq-discuss] DNSSEC check unsigned vs sharepoint.com

2016-09-17 Thread Kevin Darbyshire-Bryant
Thank you one & all for that. I've tried to explain it to Microsoftandgiven up. I just won't use 'Onedrive for Business' or 'sharepoint'. On 09/09/2016 21:09, Simon Kelley wrote: > On 09/09/16 19:35, /dev/rob0 wrote: >> On Fri, Sep 09, 2016 at 03:24:34PM +0100, Kevin Darb

Re: [Dnsmasq-discuss] Hiding/obscuring version.bind

2016-09-10 Thread Kevin Darbyshire-Bryant
Hmm. Ideally then with 'NO_ID' we shouldn't forward Chaosnet queries for *.bind. Can we just get away with the equivalent of 'local=/bind/' or is that too broad a brush to apply by default in the code? I can see me digging into how the code for 'local' works in my near future :-) On

[Dnsmasq-discuss] DNSSEC check unsigned vs sharepoint.com

2016-09-09 Thread Kevin Darbyshire-Bryant
Hi All, Having some issues with my 'onedrive for business' application which in turn uses 'sharepoint.com'. Short version: dnsmasq 2.76 thinks sharepoint.com is bogus. Directly querying upstream servers is okay: # drill -D @8.8.8.8 sharepoint.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR,

Re: [Dnsmasq-discuss] Hiding/obscuring version.bind

2016-09-07 Thread Kevin Darbyshire-Bryant
like a NO_ID compile time option that suppresses the whole .bind domain thing? Certainly happy to take the patch. Cheers, Simon. On 06/09/16 16:14, Kevin Darbyshire-Bryant wrote: Hi Simon & all, There has been a bit of activity on the security front in LEDE and a recent change prop

[Dnsmasq-discuss] [PATCH] dnsmasq: compile time option NO_ID

2016-09-07 Thread Kevin Darbyshire-Bryant
Some consider it good practice to obscure software version numbers to clients. Compiling with -DNO_ID removes the *.bind info structure. This includes: version, author, copyright, cachesize, cache insertions, evictions, misses & hits, auth & servers. Signed-off-by: Kevin Darbyshire-Br

[Dnsmasq-discuss] Hiding/obscuring version.bind

2016-09-06 Thread Kevin Darbyshire-Bryant
Hi Simon & all, There has been a bit of activity on the security front in LEDE and a recent change proposed removing version numbers from software to avoid it leaking to 'the bad guys'. I'll say upfront that I'm not a fan of this approach feeling that it's more of the 'security through

Re: [Dnsmasq-discuss] Dnsmasq doesn't reply to queries made over (link-local) IPv6

2016-09-04 Thread Kevin Darbyshire-Bryant
On 04/09/16 12:14, Toke Høiland-Jørgensen wrote: Simon Kelley writes: OK, naive attempts to reproduce this have failed entirely, it just works for me :-) I see something similar: recvmsg(10, {msg_name={sa_family=AF_INET6, sin6_port=htons(50214),

Re: [Dnsmasq-discuss] dnsmasq does crash

2016-08-31 Thread Kevin Darbyshire-Bryant
On 30/08/16 23:08, Simon Kelley wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sorry about this. Putative fix pushed to git. Cheers, Simon. Looks good. It doesn't go bang anymore on my system :-) ___ Dnsmasq-discuss mailing list

Re: [Dnsmasq-discuss] dnsmasq does crash

2016-08-30 Thread Kevin Darbyshire-Bryant
On 29/08/16 20:30, e9hack wrote: Hi, I've trouble with this commit, independently that it looks simple: Suppress useless warning about DHCP packets of interfaces without addresses. Starting with this commit, dnsmasq does crash shortly after start: Mon Aug 29 21:18:40 2016 kern.info kernel:

Re: [Dnsmasq-discuss] Compile Error.

2016-08-25 Thread Kevin Darbyshire-Bryant
Or use 'make COPTS=-DNO_INOTIFY' to compile without the inotify handling, since early kernels (as used by many router manufacturers) don't have inotify support. On 24/08/16 17:14, Chris Novakovic wrote: On 24/08/16 16:31, Tony White wrote: inotify.c:92: error: ‘IN_NONBLOCK’ undeclared

Re: [Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

2016-07-12 Thread Kevin Darbyshire-Bryant
On 11/07/16 21:05, Simon Kelley wrote: Ah yes, I see the problem. Patch applied. Sorry it took so long :-( Cheers, Simon. No problem. Glad to have helped solve it :-) Cheers, Kevin ___ Dnsmasq-discuss mailing list

[Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

2016-07-11 Thread Kevin Darbyshire-Bryant
-check-unsigned that could prove 'challenging' :-) The patch matches the behaviour as is documented in the manpage. kind regards, Kevin >From f94c6d70aaaea0511ef3c7667093b4b54952804e Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant <ke...@darbyshire-bryant.me.uk> Date: Fri, 27 May 2

Re: [Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

2016-06-05 Thread Kevin Darbyshire-Bryant
On 27/05/16 13:37, Kevin Darbyshire-Bryant wrote: Hi Simon, Please could you consider the attached patch. It solves a problem that using dnssec-timestamp also effectively enabled dnssec-no-timecheck. Any thoughts? Kevin ___ Dnsmasq-discuss

[Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

2016-05-27 Thread Kevin Darbyshire-Bryant
-check-unsigned that could prove 'challenging' :-) The patch matches the behaviour is as documented in the manpage. kind regards, Kevin >From f94c6d70aaaea0511ef3c7667093b4b54952804e Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant <ke...@darbyshire-bryant.me.uk> Date: Fri, 27 May 2

Re: [Dnsmasq-discuss] HELP: gives BOGUS for valid RR with no DNNSEC

2016-05-25 Thread Kevin Darbyshire-Bryant
On 25/05/16 19:07, Johnny Appleseed wrote: Im using the -DNSSEC option and it keeps giving me BOGUS for sites like wikipedia.org or others. If i stop /restart sometimes it clear up, or i remove the check no-sign flag, but then Im not checking unsigned websites for RR. Is the system clock set

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-05-04 Thread Kevin Darbyshire-Bryant
The mystery is at least partially solved. It looks like I'd somehow enabled Remote Routing and Access services within Windows Home Server for VPN access. It looks like it tries to grab a few addresses for potential VPN clients from a DHCP server, that's why I was seeing 'RRAS.Micrsoft' as a

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-05-03 Thread Kevin Darbyshire-Bryant
: 4 option: 44 netbios-ns 192.168.219.1 What the hell is this box doing?! :-/ Kevin On 02/05/2016 17:24, Simon Kelley wrote: > On 30/04/16 11:32, Kevin Darbyshire-Bryant wrote: >> Further clues maybe: So initially when kermit comes up it grabs an IPv4 >> address and I

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-05-03 Thread Kevin Darbyshire-Bryant
, Simon Kelley wrote: > On 30/04/16 11:32, Kevin Darbyshire-Bryant wrote: >> Further clues maybe: So initially when kermit comes up it grabs an IPv4 >> address and I see this entry in dnsmasq's lease database: >> 1462055024 e0:3f:49:a1:d4:aa 192.168.219.4 Kermit 01:e0:3f:49

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-04-30 Thread Kevin Darbyshire-Bryant
it gets changed to 1462055060 e0:3f:49:a1:d4:aa 192.168.219.4 Kermit 01:52:41:53:20:e0:3f:49:a1:d4:aa:00:00:09:00:00:00 There are also syslog messages of "abandoning lease to e0:3f:49:a1:d4:aa of 192.168.219.4" which I don't get at all. On 29/04/16 12:27, Kevin Darbyshire-Bryant wro

[Dnsmasq-discuss] IPv6 dhcp strangeness

2016-04-29 Thread Kevin Darbyshire-Bryant
Hi All, I've just noticed some strange/different behaviour with regard to dhcpv6 address allocation. I've a couple of 'internal' machines that I'd like to have fixed ip addresses. To that end, and it used to work I've got lines similar to:

Re: [Dnsmasq-discuss] Wildcard Domain resolving does not work with DNSSEC

2016-01-04 Thread Kevin Darbyshire-Bryant
On 04/01/2016 16:05, Uwe Schindler wrote: > Hi, > > Was there a change in dnsmasq related to this? Would be good to get some > feedback. I'll try this version now. Currently I am running 2.75 (Debian > testing pkg 2.75-1) Yes. BIG changes. See the git log:

Re: [Dnsmasq-discuss] Wildcard Domain resolving does not work with DNSSEC

2016-01-04 Thread Kevin Darbyshire-Bryant
On 04/01/16 14:48, Uwe Schindler wrote: > Hi, > > I found out that resolving of DNSSEC signed wildcard domains does not work > correctly with dnsmasq. I think the problem is that it looks for a signature > of the requested domain name and not the wildcard. > > > > ;; Query time: 0 msec > ;;

Re: [Dnsmasq-discuss] CPU spin in master

2016-01-03 Thread Kevin Darbyshire-Bryant
Router survived the night. No obvious problems noted :-) -- Cheers, Kevin Sent from my phone, apologies for brevity, spelling & top posting > On 2 Jan 2016, at 17:20, Kevin Darbyshire-Bryant > <ke...@darbyshire-bryant.me.uk> wrote: > > > >> On 01/01/16 20:27

Re: [Dnsmasq-discuss] CPU spin in master

2016-01-02 Thread Kevin Darbyshire-Bryant
On 01/01/16 20:27, Simon Kelley wrote: > On 01/01/16 11:28, Kevin Darbyshire-Bryant wrote: >> Hi Simon, >> >> So this is a pretty vague report of something lurking in very recent code.# > It's pretty good really. I stared at the ARP-caching code and found a > fa

[Dnsmasq-discuss] CPU spin in master

2016-01-01 Thread Kevin Darbyshire-Bryant
Hi Simon, First off, Happy New Year! I compiled master ec0628c4b2a06e1fc21216091bb040d61a43b271 on OpenWrt (mips Archer C7 v2 platform Linux 4.1) a few hours ago and have experienced dnsmasq going into a tight cpu loop. Running strace showed no syscalls, so is spinning in dnsmasq somewhere.

Re: [Dnsmasq-discuss] dnsmasq 2.75 build options

2015-12-07 Thread Kevin Darbyshire-Bryant
On 07/12/15 04:39, Shane Manjarres wrote: > Looking at the build options listed in /src/config.h it states the > following: > > *The default set of options to build* > > HAVE_DHCP > HAVE_DHCP6 > HAVE_TFTP > HAVE_SCRIPT > HAVE_AUTH > HAVE_IPSET > HAVE_LOOP > > *In the same config.h file is

Re: [Dnsmasq-discuss] Enable bogus-priv by default

2015-10-21 Thread Kevin Darbyshire-Bryant
On 20/10/15 21:35, Simon Kelley wrote: > To add to the list of canonical uses for dnsmasq: DHCP and DNS services > to VMs and containers in things like OpenStack. These typically use > RFC1918 addresses (there's no point in being able to spin a new VM in > seconds if you have to go buy it a real

[Dnsmasq-discuss] RFC6303 support - especially IPv6

2015-10-19 Thread Kevin Darbyshire-Bryant
From abe37dd25e466f813b4bc5864c1bd7ad676ba6c8 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant <ke...@darbyshire-bryant.me.uk> Date: Mon, 19 Oct 2015 13:27:15 +0100 Subject: [PATCH] Update ipv4 bogus-priv to RFC6303 zones RFC6303 specifies & recommends following zones not be forwarded to g

[Dnsmasq-discuss] Enable bogus-priv by default

2015-10-19 Thread Kevin Darbyshire-Bryant
Hi Simon & list, Ok, here's the controversial idea. Can we consider enabling 'bogus-priv' by default and have an additional option say 'allow-priv' to now disable? My feeling is that not forwarding 'link-local' type requests upstream by default is a cleaner way of having things configured.

Re: [Dnsmasq-discuss] No IPv6

2015-09-17 Thread Kevin Darbyshire-Bryant
On 16/09/15 15:48, Nickolai Dobrynin wrote: > Hello world! > > I can't get IPv6 working with dnsmasq. My ISP supports IPv6 "natively", > but when I run 'ping6 -c 1 google.com' on a client, I get "Network > unreachable". > When I ping a host that's IPv4-only, the message becomes "unknown host".

[Dnsmasq-discuss] dhcp-option 0.0.0.0 address interpretation possible bug?

2015-09-10 Thread Kevin Darbyshire-Bryant
Hi All, dnsmasq 2.75 Putting 'dhcp-option=ntp-server,0.0.0.0' in dnsmasq.conf is throwing an error "bad dhcp-option at line 73 of /etc/dnsmasq.conf" Replacing it with 'dhcp-option=42,0.0.0.0' allows dnsmasq to start and behave properly. I've noticed similar behaviour with 'netbios-ns' (option

[Dnsmasq-discuss] RFC 5908 - DHCPv6 NTP option 56

2015-09-10 Thread Kevin Darbyshire-Bryant
Hi All, I've been looking at providing NTP server addresses to my DHCPv6 clients using dnsmasq. 2 RFCs seem applicable, Simple NTP provision RFC4075 defines option 31 and known to dnsmasq as 'sntp-server'. RFC5908 defines a more flexible/complicated provision mechanism using option 56, known to

Re: [Dnsmasq-discuss] dhcp-option 0.0.0.0 address interpretation possible bug?

2015-09-10 Thread Kevin Darbyshire-Bryant
On 10/09/15 22:13, Simon Kelley wrote: > On 10/09/15 10:39, Kevin Darbyshire-Bryant wrote: >> Hi All, >> >> dnsmasq 2.75 >> >> Putting 'dhcp-option=ntp-server,0.0.0.0' in dnsmasq.conf is throwing an >> error "bad dhcp-option at line 73 of /etc/dnsm

[Dnsmasq-discuss] fe80/10 link local dns forwarding

2015-09-07 Thread Kevin Darbyshire-Bryant
Hi All, After enabling dnsmasq's dns logging the other day I was a little surprised to see queries for fe80:: being forwarded to my ISP's resolvers. I'd say that they're extremely unlikely to know anything about my link local stuff so as a solution I've added the following to my config:

Re: [Dnsmasq-discuss] fe80/10 link local dns forwarding

2015-09-07 Thread Kevin Darbyshire-Bryant
plementation of that recommendations, it could depend on > auth support, since it enables zone support. > > Best Regards, Vladislav Grishenko > >> -Original Message- >> From: Dnsmasq-discuss [mailto:dnsmasq-discuss- >> boun...@lists.thekelleys.org.uk] On Behalf

Re: [Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

2015-05-07 Thread Kevin Darbyshire-Bryant
On 07/05/2015 13:54, Simon Kelley wrote: On 07/05/15 10:41, Toke Høiland-Jørgensen wrote: Simon Kelley si...@thekelleys.org.uk writes: It's difficult to see how that would work in practise for DNS. Take the Google-public-DNS example. It's clearly not sane for Google's servers to do PMTU on

Re: [Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

2015-05-06 Thread Kevin Darbyshire-Bryant
Continues to work here on my iPhone hiding behind openwrt cc trunk dnsmasq2.73rc7 Were I not on the iPhone I could do some dig'age :-) -- Cheers, ke...@darbyshire-bryant.me.uk Sent from my phone, apologies for brevity, spelling top posting On 6 May 2015, at 20:21, Dave Taht

Re: [Dnsmasq-discuss] a little feedback on the new dnssec startup method in openwrt

2015-04-02 Thread Kevin Darbyshire-Bryant
Chaps, If I may interject: On 02/04/2015 22:21, Dave Taht wrote: On Thu, Apr 2, 2015 at 1:20 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 02/04/15 19:41, Dave Taht wrote: A) Not clear what happens if it tries to write it while the jffs filesystem is still being cleaned Not sure I

Re: [Dnsmasq-discuss] DHCP Request Flood

2015-02-25 Thread Kevin Darbyshire-Bryant
On 25/02/2015 09:14, Gavin Hill wrote: As a quick update, I tried changing dhcp-range=192.168.1.1,192.168.1.99,static,48h to dhcp-range=192.168.1.1,192.168.1.99,static,infinite Things slowed down a little and I’m seeing fewer log entries, but it still doesn’t explain why the 48h entry

Re: [Dnsmasq-discuss] dnssec-no-timecheck enhancement idea

2015-02-14 Thread Kevin Darbyshire-Bryant
On 14 Feb 2015, at 14:47, Simon Kelley si...@thekelleys.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/02/15 12:01, Kevin Darbyshire-Bryant wrote: The principle I agree with. I'm wondering about the mechanics of accessing this NVRAM 'last good time

Re: [Dnsmasq-discuss] dnssec-no-timecheck enhancement idea

2015-02-12 Thread Kevin Darbyshire-Bryant
On 11 Feb 2015, at 22:02, Simon Kelley si...@thekelleys.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/02/15 18:28, Kevin Darbyshire-Bryant wrote: On 09/02/2015 16:02, Simon Kelley wrote: On 09/02/15 13:21, Kevin Darbyshire-Bryant wrote: Further to my

  1   2   >