Re: [Dnsmasq-discuss] dnsmasq v2.86?

> On 12 Aug 2021, at 10:06, Simon Kelley wrote: > > This is useful information, but the backtraces are puzzling: the code > isn't in tight loop, certainly. > > > I wonder if the v4only.arpa thing is not a coincidence? > > Some things to try, please. > > 1) When the dnsmasq process is faulte

Re: [Dnsmasq-discuss] dnsmasq v2.86?

Hi Andre, This is curious ‘cos I’ve just been running 2.88test6 for the past 28 days (I was away in Japan for a month and was banned from touching the openwrt router whilst I was away) with stubby without any problems. My stubby config is different: # Autogenerated configuration from uci data

Re: [Dnsmasq-discuss] feature: dictionary order import of addn-hosts dirs?

> On 8 Aug 2021, at 14:54, Ed W wrote: > > > Quoting from https://www.dictionary.com/browse/condescending > > "To be condescending is to interact with others in a way that implies that > you’re superior to them. > It especially refers to when this is done in an arrogant or patronizing way" >

Re: [Dnsmasq-discuss] Regarding: (Dnsmasq-discuss) localise-queries on ipv6 server does not work with ipv4-only hosts

> On 17 Jul 2021, at 01:32, f...@gmx.de wrote: > > > > Am 16.07.2021 um 13:42 schrieb Geert Stappers: >> ... > All your messages are not helpfull and off topic. > > Please consider to use twitter or Facebook in the future I agree. I have long bitten my tongue on the antics of Geert from when

Re: [Dnsmasq-discuss] file not found messages from tftp

> On 8 Jul 2021, at 20:46, Kevin Darbyshire-Bryant > wrote: > > It does now! See attached patch - unbelievably this compiled 1st time for me > which is unbelievable with my history on C typos - not actually run tested. V2 with a manpage tweak at no extra charge Cheers,

Re: [Dnsmasq-discuss] file not found messages from tftp

> On 8 Jul 2021, at 18:30, Kevin Darbyshire-Bryant > wrote: > > Signed PGP part > > >> On 8 Jul 2021, at 17:10, Aleksander Mazur wrote: >> > >> I'm sorry but I don't understand your point. >> AFAIK valid DNS query requests are alrea

Re: [Dnsmasq-discuss] file not found messages from tftp

> On 8 Jul 2021, at 17:10, Aleksander Mazur wrote: > > I'm sorry but I don't understand your point. > AFAIK valid DNS query requests are already completely hidden (not even under > DEBUG). Does it feel wrong as well? > > Anyway, those fake TFTP errors turn my syslog into dnsmasq's verbose tra

[Dnsmasq-discuss] Change in behaviour of --server

Hi Simon, An eager OpenWrt tester of current dnsmasq master has noticed the following change in behaviour: Openwrt uses a conf file containing a list of RFC6761 domains that are considered undesirable to forward, reducing load on upstream servers etc. This conf file contains lines such as "se

Re: [Dnsmasq-discuss] [BUG] dnsmasq rewriting NXDOMAIN to NOERROR

> On 5 Jul 2021, at 21:12, Simon Kelley wrote: > > On 05/07/2021 19:31, Kevin Darbyshire-Bryant wrote: >> >> >>> On 5 Jul 2021, at 16:53, Dominik DL6ER wrote: >>> >>> Hey Simon, >>> >>> the current dnsmasq master version co

Re: [Dnsmasq-discuss] [BUG] dnsmasq rewriting NXDOMAIN to NOERROR

> On 5 Jul 2021, at 16:53, Dominik DL6ER wrote: > > Hey Simon, > > the current dnsmasq master version contains a bug rewriting all > NXDOMAIN replies from upstream with NOERROR. > > The error has been introduced in commit > d0ae3f5a4dc094e8fe2a3c607028c1c59f42f473 (see attached diff) and is >

Re: [Dnsmasq-discuss] blocklists, blocking servers, rebind attacks & general aaarrggh

> I looked at the code that determines private addresses for --bogus-priv > and rebind: It's a bit unruly for IPv6, so I've rationalised things and > included :: and 0.0.0.0 in the --rebind-localhost-ok coverage, which at > least avoids the log spam. > > > I wonder if bogus-nxdomain should be ex

Re: [Dnsmasq-discuss] Maybe there is a typo in build_server_array()

Hi Xingcong, > On 1 Jul 2021, at 03:06, Xingcong Li wrote: > > Hello, Is there a typo in function build_server_array()? (in file > domain-match.c) I agree with your analysis and fix. I’ve attached a ‘git formatted’ patch that hopefully Simon can just apply. You’re good at spotting these sor

[Dnsmasq-discuss] blocklists, blocking servers, rebind attacks & general aaarrggh

As an ‘experiment’ I tried switching from my own local ‘adblocking’ solution to using an upstream adblocking resolver, eg. cloudflare’s 1.1.1.2 or 1.1.1.3 service. The local adblock solution uses (multiple!) ‘—address/naughtydomain.foo/‘ lines that cause dnsmasq to return ’NXDOMAIN’ - fair enou

[Dnsmasq-discuss] [PATCH 2/2] rfc3315: fix incorrect logical '&&' warning

rfc3315.c:1711:28: warning: use of logical '&&' with constant operand [-Wconstant-logical-operand] if (!(addr_list->flags && ADDRLIST_DECLINED) || ^ ~ It's a flag bit so should be bitwise '&'

[Dnsmasq-discuss] [PATCH 1/2] suppress non linux network unused var warnings

Signed-off-by: Kevin Darbyshire-Bryant --- src/dnsmasq.c | 4 +++- src/network.c | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/dnsmasq.c b/src/dnsmasq.c index 10f19ea..286a1cd 100644 --- a/src/dnsmasq.c +++ b/src/dnsmasq.c @@ -1860,7 +1860,8 @@ static void

[Dnsmasq-discuss] [PATCH] option.c: fix NO_DHCP6 build error

;addr6 = NULL; ^ addr Wrap new code in ifdef HAVE_DHCP6 Signed-off-by: Kevin Darbyshire-Bryant --- src/option.c | 4 1 file changed, 4 insertions(+) diff --git a/src/option.c b/src/option.c index 6e8bb8b..f8ba616 100644 --- a/src/option.c +++ b/src/option.c @@ -1036,6 +1036,7 @@

Re: [Dnsmasq-discuss] dnsmaq on OpenWRT, configuration question

> On 27 Jul 2019, at 16:34, Art Greenberg wrote: > > I had been running dnsmasq on a machine on my network and using addn-hosts > for ad blocking. My router was configured with my ISP's DNS servers. > > I used "net:red" to assign the router as DNS server for certain devices (Roku > streamers

Re: [Dnsmasq-discuss] dnsmasq compilation and dependencies: compilation macros and help

> On 12 Jun 2019, at 19:56, SALA MASSIMO wrote: > > Hi Geert > > Ehm ... I mistyped writing the email. > > I check my script: > make COPTS="-DNO_AUTH -DNO_DHCP -DNO_INOTIFY -DNO_IPV6 -DNO_SCRIPT > -DNO_TFTP" > > A quick glance at the source code: it seem to me the help arguments aren't

[Dnsmasq-discuss] Insecure DS reply warning - false positives?

Hi All, Part of the reason for submitting http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q2/013026.html "[PATCH] dnssec: add hostname info to insecure DS warning” was to easily find out what domain was prompting the warning. Some of my mystery ‘Insecure DS reply’ turns out to be

Re: [Dnsmasq-discuss] [PATCH] DHCPv6: Honor assigning IPv6 address based on MAC address

> On 6 Apr 2019, at 12:01, Geert Stappers wrote: > > On Mon, Apr 01, 2019 at 01:02:20AM +0200, Pali Rohár wrote: >> On Tuesday 12 February 2019 13:41:43 Geert Stappers wrote: >>> On 06-02-2019 21:29, Pali Rohár wrote: On Friday 11 January 2019 17:52:43 Pali Rohár wrote: > On Monday 17

[Dnsmasq-discuss] [PATCH] dnssec: add hostname info to insecure DS warning

From: Kevin Darbyshire-Bryant Make the existing "insecure DS received" warning more informative by reporting the domain name reporting the issue. This may help identify a problem with a specific domain or server configuration. Signed-off-by: Kevin Darbyshire-Bryant --- src/dnssec.c

Re: [Dnsmasq-discuss] Query forwarding behaviour with multiple name servers.

Aha! I know this (it’s a Unix system… /) > On 8 Feb 2019, at 09:49, John Robson wrote: > > Hi all, > > I'm trying to understand the mechanism by which dnsmasq uses the resolvers > specified (in this case they are all specified in /etc/resolv.conf). > Specifically I am trying to work out why dn

Re: [Dnsmasq-discuss] [PATCH] fix entries in /etc/hosts disabling static leases

> On 12 Jan 2019, at 21:55, Steven Siloti wrote: > > It is possible for a config entry to have one address family specified by a > dhcp-host directive and the other added from /etc/hosts. This is especially > common on OpenWrt because it uses odhcpd for DHCPv6 and IPv6 leases are > imported int

Re: [Dnsmasq-discuss] DHCP problem when moving from one WiFi SSID to another

> On 27 Dec 2018, at 08:45, Chris Green wrote: > >>> >>> >>> My laptop seems to lose its IP address whenever I move from one >>> Draytek's WiFi to the other but only when the IP is assigned by >>> dnsmasq. If I connect to my guest network (192.168.6.x) then I get a >>> IP address assigned by

Re: [Dnsmasq-discuss] [PATCH] Re: dhcp-boot & dhcp-reply-delay optional tag fixes

> On 14 Dec 2018, at 16:10, Petr Mensik wrote: > > Hi Kevin et al, > > sure, your fix is correct one. I just found one more place where tags > were required. Your pointer handling is not as hopeless as you are > saying. :) He he - It’s always good to get a second opinion though :-) And you s

[Dnsmasq-discuss] dhcp-boot & dhcp-reply-delay optional tag fixes

Hi Simon et al, It looks like Petr’s "Free config file values on parsing errors” commit turned the optional tags on dhcp-boot & dhcp-reply-delay to non-optional. Attached is a patch that fixes it according to my testing but my ‘c’ and pointer handling is somewhat hopeless so could do with a pro

[Dnsmasq-discuss] fix ipv6 ipset bug in master

Hi Simon, Another one fallen out of the openwrt tree shake :-) ipv6 ipset addresses weren’t being set correctly. patch attached Cheers, Kevin D-B 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A 0001-ipset-fix-ternary-order-swap.patch Description: 0001-ipset-fix-ternary-order-swap.patc

[Dnsmasq-discuss] build failure on master with NO_DHCPv6 and fix....

Hi Simon, master has a build error when building without HAVE_DHCPv6 option.c: In function 'dhcp_context_free': option.c:1042:15: error: 'struct dhcp_context' has no member named 'template_interface' free(ctx->template_interface); Sadly, need to put in a little conditional compilation if

Re: [Dnsmasq-discuss] static lease issues?

> On 6 Nov 2018, at 20:44, Simon Kelley wrote: > > Look at the tags on the first and second DHCPDISCOVERs. The first one is > in "known" and the second is "known-othernet". > > "known" means that the host has a dhcp-host or similar configuration > which provides an address, and the address in

[Dnsmasq-discuss] static lease issues?

Hi Simon, Hi List, I’m hearing rumblings from the openwrt community that something isn’t right with static leases. The behaviour manifests itself as the statically assigned host being unable to renew its lease. e.g. -this is okay Nov 4 15:29:29 192.168.0.254 dnsmasq-dhcp[2378]: 424644159 av

Re: [Dnsmasq-discuss] Compile-time options - taming the combinatorial explosion.

> On 25 Oct 2018, at 21:38, Kevin Darbyshire-Bryant > wrote: > > I think Openwrt is safe. There will be a loud scream from me if it isn’t :-) > > Cheers, > > Kevin D-B > In fact to prove it to myself I had a go at removing the NO_FORK compile time option

Re: [Dnsmasq-discuss] Compile-time options - taming the combinatorial explosion.

> On 25 Oct 2018, at 20:33, Shankar Unni wrote: > > On Oct 24, 2018, at 2:49 PM, Simon Kelley wrote: > >> […] >> The next option in my sights is NO_FORK. This produces a >> mostly-functional binary that never forks any new processes. It was >> added long ago to support uclinux, the MMU-less v

Re: [Dnsmasq-discuss] CVE-2017-14495 PoC causes high CPU usage and denial of service against dnsmasq v2.79

> On 8 Oct 2018, at 02:58, Mouath Ibrahim wrote: > > Hello, > > I ran the PoC supplied by Google research team found here: https://github.com/ > google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/ > CVE-2017-14495.py > > and noticed immediately that dnsmasq process uses up 100

Re: [Dnsmasq-discuss] Seg. fault in cache.c after commt b6f926fb

> On 19 Sep 2018, at 08:59, Kristian Evensen wrote: > > Hi Simon, > > Thanks for a quick reply. > > On Wed, Sep 19, 2018 at 12:23 AM Simon Kelley wrote: >> Thanks for the report. The obvious explanation is that whine_malloc() is >> returning NULL, and the code should handle that. whine_mallo

Re: [Dnsmasq-discuss] ubus FTBFS fix

> On 29 Jul 2018, at 22:34, Simon Kelley wrote: > > Gah, thanks. I broke the cardinal rule: never commit code you've tweaked > and not compiled. lol - we’ve all done it :-) > I've modified my "dogfood" openWRT build to enable the UBUS code now, so > I should pick this stuff up in future. My

[Dnsmasq-discuss] Google's DNS and Insecure DS reply received, do upstream DNS servers support DNSSEC?

Greetings! This isn’t a new problem but curiosity/frustration has now got the better of me. I’ve a QNAP NAS box which registers itself under ‘waldorfdb.myqnapcloud.com’ with both IPv4 & IPv6 addresses. My home lan router provides DHCP & DNS service courtesy dnsmasq. Sometimes my local browse

[Dnsmasq-discuss] ubus FTBFS fix

Hi Simon, A couple of FTBFS typos in master at the moment related to ubus integration. Fix attached, though not actually run tested..yet. Cheers, Kevin D-B 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A 0005-dnsmasq.c-fix-OPT_UBUS-option-usage.patch Description: Binary data signature.

Re: [Dnsmasq-discuss] DHCPv6 with dnsmasq for automated deployments

> On 25 May 2018, at 13:07, Oliver Freyermuth > wrote: > > Dear dnsmasqers, > > I fear the following is a design issue of DHCPv6, but I wonder if there's a > way to overcome it with dnsmasq... Hi Oliver, I’ve a similar/same problem when rebooting some QNAP NAS boxen, first boot/introduct

Re: [Dnsmasq-discuss] upstream server selection algorithm - bug?

> On 15 May 2018, at 17:00, Dominik DL6ER wrote: > > Dear Kevin, >> Obviously it has to at least try the others occasionally to check it’s made >> the correct choice. But I’m seeing dnsmasq make the same request to *ALL* >> servers quite frequently and am curious as to why? > > dnsmasq is

[Dnsmasq-discuss] dnssec queries with --bogus-priv

Here’s another one of those innocent questions caused by looking at a logfile :-) I have ‘—bogus-priv’ set so in theory I’m not going to ask upstream questions about RFC1918 addresses, which I don’t, except I see these…. dnssec-query[DS] 10.in-addr.arpa to 8.8.8.8 dnssec-query[DS] 168.192.in-ad

[Dnsmasq-discuss] upstream server selection algorithm - bug?

This is one of my classic ‘look in a logfile…. h’ moments. dnsmasq is configured with 4 upstream resolvers, google, both IPv4 & 6. Manpage states: -o, --strict-order By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are kno

Re: [Dnsmasq-discuss] ubus and metrics

> On 24 Apr 2018, at 04:52, Kurt H Maier wrote: > > On Tue, Apr 24, 2018 at 12:07:09AM +0100, Simon Kelley wrote: >> >> I edit using emacs, and never see a problem. A massive edit would >> generate a huge number of spurious changes in the git repository. I use >> "git blame" quite often and do

[Dnsmasq-discuss] [PATCH] Makefile: Stop creating '-d' directory

the stray directory. Signed-off-by: Kevin Darbyshire-Bryant --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 98ec760..da82868 100644 --- a/Makefile +++ b/Makefile @@ -100,7 +100,8 @@ clean : mostly_clean install : all install-comm

Re: [Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2

> On 15 Jan 2018, at 23:27, Simon Kelley wrote: > > >> >> Beyond “gaaahh why didn’t I think of SIGINT”….. excellent. Understand >> the reasoning, agree, running chez Kevin and backport for LEDE master >> submitted. >> > > and there's still SIGQUIT available! > > Out of interest, how

Re: [Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2

> On 14 Jan 2018, at 22:12, Simon Kelley wrote: > > Right, I thought about this again, and concluded that whilst sharing the > "now use the time" function with something other than "reload loads of > stuff" is an improvement, it doesn't really get us that much farther to > share with something

Re: [Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2

> > > Am I waiting on you or are you waiting on me (to produce some laughably awful > code that you’ll fix up anyway) :-) And for the purposes of a jolly good laugh….. :-) 0001-dnsmasq-user-select-dnssec-time-valid-signal.patch Description: Binary data signature.asc Description: Message s

Re: [Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2

> On 3 Jan 2018, at 14:34, Kevin Darbyshire-Bryant > wrote: > >> If we move to SIGUSR2, the backwards compatibility objection could >> addressed by making the signal to be used an argument to >> --dnssec-no-timecheck >> >> --dnssec-no-timecheck=sigusr2

Re: [Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2

> On 3 Jan 2018, at 12:34, Simon Kelley wrote: > > Happy new year all. > > > "Ideally dnsmasq would have some other IPC mechanism for indicating > 'time is valid, go check dnssec timestamps'" > > > I suspect I know that answer to this, but dnsmasq _does_ have another > IPC mechanism, DBus.

[Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2

Hi Simon, Happy New Year! I suspect this patch is going to get quite a push back in the name of backwards compatibility, however the problem is real and getting worse on some platforms - from the patch submitted to the LEDE/Openwrt platform: "Move 'check dnssec timestamp enable' from SIGHUP ha

Re: [Dnsmasq-discuss] [PATCH] Remove NULL check for intname.

On 05/10/17 06:20, ros...@gmail.com wrote: On Wed, 2017-10-04 at 20:43 -0700, Kurt H Maier wrote: On Wed, Oct 04, 2017 at 07:23:22PM -0700, Rosen Penev wrote: - if (intname && strlen(intname) != 0) + if (!strlen(intname)) ifindex = if_nametoindex(intname); /* index == 0 when not bi

Re: [Dnsmasq-discuss] pick authoritative server

On 25/09/17 00:24, Vic wrote: > Hi, Can I select a domain filter or such: > > I send all requests to 8.8.8.8 except for > > mydomain1.org and mydomain2.org -- that goes to my local name servers. > > Yes? How? Yes. Something like: server=/mydomain1.org/ip.address.of.mydomain1.auth.server __

[Dnsmasq-discuss] Thanks - Recent fixes

Hi Simon, Thanks for the recent fixes for the SIGSEGV CVE 2017-13704 and followup http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928 http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=a3303e196e5d304ec955c4d63afb923ade66c6e8 I backported t

Re: [Dnsmasq-discuss] reproducible segmentation fault - bisected!

On 28/08/17 17:27, Christian Kujau wrote: On Mon, 28 Aug 2017, Christian Kujau wrote: On Mon, 28 Aug 2017, Kevin Darbyshire-Bryant wrote: My workaround is to only call memset if the difference between buffer begin and buffer limit is bigger than the query length, thus it retains Simon&#

Re: [Dnsmasq-discuss] reproducible segmentation fault - bisected!

I've a *much* better fix for this. Will submit once I've collected someone from the station! Mad busy life, Kevin On 28/08/17 17:27, Christian Kujau wrote: On Mon, 28 Aug 2017, Christian Kujau wrote: On Mon, 28 Aug 2017, Kevin Darbyshire-Bryant wrote: My workaround is to only c

Re: [Dnsmasq-discuss] reproducible segmentation fault - bisected!

to be regarded as a sticking plaster rather than real fix but that needs far greater minds than I to understand the code & intent :-) Hope this helps someone. Kevin >From 340a26f915d8c3bb54c44f58d432cc7240631a74 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Mon, 28 Aug

Re: [Dnsmasq-discuss] reproducible segmentation fault

On 28/08/17 09:27, Juan Manuel Fernandez wrote: Hi, Last weeks we were fuzzing dnsmasq and found this crash (https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11597.html ) . We tried to

Re: [Dnsmasq-discuss] IPv6: Router with RA + static DHCPv6 from dnsmasq on separate host

On 18/08/17 19:54, David Kerr wrote: Maddes, This looks very similar to a question I asked a few days ago... http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011677.html dnsmasq DHCPv6 server onl

Re: [Dnsmasq-discuss] [RFC] dns: add option to ban domains

On 08/08/17 09:23, wkitt...@gmail.com wrote: On 08/08/2017 04:06 AM, Matteo Croce wrote: 2017-08-08 4:26 GMT+02:00 : On 08/07/2017 06:02 PM, Matteo Croce wrote: I propose adding an option to allow banning some domains. add `--ban-hosts' which accepts a file name which contains a list of d

Re: [Dnsmasq-discuss] dnsmasqd crash

Probably best to reply to the list as well where there are much better experts than me. On 19/06/17 22:39, Justin Jose wrote: Hi Kevin, Thank you for the response. Here are my answers for your questions. Q. What version of dnsmasq? [Ans] The dnsmasq version I am using is 2.55. 2.55 is some

Re: [Dnsmasq-discuss] dnsmasqd crash

On 19/06/17 01:02, Justin Jose wrote: ​​​Hi, I got a couple of dnsmasqd crash and on investigating I found the crash is due to accessing a NULL pointer. What version of dnsmasq? I have a fix for this problem and attached with this mail. Would you have any suggestion for this fix? ho

Re: [Dnsmasq-discuss] [PATCH] fix dns failover when dns server returns REFUSED

This seems like an important fix to get in the next 'patch' release or whatever it's to be called, a bit like the pxe filename whoops :-) Remarkably simple fix too...hopefully not too simple. Cheers, Kevin On 14/06/17 14:46, Hans Dedecker wrote: If a DNS server replies REFUSED for a given DN

Re: [Dnsmasq-discuss] problem with loopback and 2.77test5

On 15/05/17 11:06, Bastian Bittorf wrote: * Simon Kelley [12.05.2017 08:33]: Oops. "It compiles - ship it" bites back. 2.77rc3 fixes this, and we're currently eating the dog-food chez Kelley. just to mention it, the loopback-thingy is working fine now on my side with rc3. Thanks a lot! C

Re: [Dnsmasq-discuss] problem with loopback and 2.77test5

On 11/05/17 21:09, Simon Kelley wrote: Oops. "It compiles - ship it" bites back. 2.77rc3 fixes this, and we're currently eating the dog-food chez Kelley. Woof! Currently building a LEDE release, assuming no obvious issue pops up, a pull request into LEDE master will follow...and then...th

Re: [Dnsmasq-discuss] problem with loopback and 2.77test5

On 10/05/17 22:31, Simon Kelley wrote: Just committed a patch which should make this work again without needing --no-ping. I've tagged it as 2.77rc2, so please could a LEDE package be built, and this behaviour tested. I tried rc2 and think there's a problem with DHCPv4 leasesie. It does

Re: [Dnsmasq-discuss] Intermittent SIGSEGV crash of dnsmasq-full

On 09/05/17 22:42, Simon Kelley wrote: Never trust a git commit which happened in the early hours :) Thanks for a second excellent bug report. This was much easier to find. Sorry for keeping you up till the wee small hours with your bug hunting outfit on :-) Guido does all the hard work w

Re: [Dnsmasq-discuss] Intermittent SIGSEGV crash of dnsmasq-full

details&task_id=766#comment2589 I really hope to get out a 2.77 release soon. Cheers, Simon. On 08/05/17 13:30, Kevin Darbyshire-Bryant wrote: Hi Simon, Got a report in LEDE land about a SIGSEGV issue, I'm able to replicate easily as described. Thoughts? Cheers, Ke

[Dnsmasq-discuss] Intermittent SIGSEGV crash of dnsmasq-full

Hi Simon, Got a report in LEDE land about a SIGSEGV issue, I'm able to replicate easily as described. Thoughts? Cheers, Kevin Forwarded Message Subject: [FS#766] Intermittent SIGSEGV crash of dnsmasq-full Date: Mon, 08 May 2017 05:57:18 + From: LEDE Bugs Reply-To: l

Re: [Dnsmasq-discuss] [PATCH] Nack requests for unknown leases.

On 28/04/17 22:20, Simon Kelley wrote: That's the bug here, I think. I was worried that a client sending a DHCPDISCOVER when it thinks it knows that address, might respond to ICMP pings, but at least for ISC dhclient on Linux, that's not the case. Patch is here, and was much more trouble than i

Re: [Dnsmasq-discuss] bug: trunk DHCP offer/replies being ignored by some devices

On 07/04/17 23:00, Simon Kelley wrote: On 06/04/17 14:01, Pedro MG Palmeiro wrote: Dnsmasq trunk replies are being ignored by some devices, in my case, two epson printers (AL-M200). Dnsmasq 2.76 works fine. This could be related with http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit; =8

Re: [Dnsmasq-discuss] [PATCH] decrease the amount of individual sites listed in log

Oooh that's a useful tidy'upper! Like it. Kevin On 07/02/17 18:03, Hannu Nyman wrote: By default 30 first servers are listed individually to system log, and then a count of the remaining items. With e.g. a NXDOMAIN based adblock service, dnsmasq lists 30 unnecessary ad sites every time when dn

Re: [Dnsmasq-discuss] interface-name records vs localise-queries

://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=d42d4706bbcce3 b5a40ad778a5a356a997db6b34 Have fun. Cheers, Simon. On 01/02/17 13:41, Kevin Darbyshire-Bryant wrote: On 17/01/17 04:05, Eric Luehrsen wrote: Hi Kevin, Reading the man page, I would expect the primary address is returned (localized) and

Re: [Dnsmasq-discuss] interface-name records vs localise-queries

of localised queries not working, it would be perfect. I wonder if Simon could be persuaded to look into this ready for 2.77? :-) Kevin Kevin Darbyshire-Bryant Wed, 11 Jan 2017 10:24:34 -0800 Hello All, Recently LEDE changed the way it allocates names to interfaces, now using '-inter

Re: [Dnsmasq-discuss] IDN (internationalized domain name) support

On 31/01/17 16:57, Simon Kelley wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 It's included in the Debian, (and therefore Ubuntu) packaging. Of course the only difference it makes is to the interpretation of domain names in /etc/hosts and friends and config files. - IDNs get cached a

[Dnsmasq-discuss] interface-name records vs localise-queries

Hello All, Recently LEDE changed the way it allocates names to interfaces, now using '-interface-name' rather than putting names in /etc/hosts or similar. Unfortunately this new method appears incompatible with 'localise-queries' in that all interfaces/aliases are included in the reply to 'n

Re: [Dnsmasq-discuss] DHCPv6 ULA & Global address allocation & Apple devices

On 21/11/16 15:52, Kevin Darbyshire-Bryant wrote: PS: As a total hack, I got dnsmasq to ignore any requested addresses. Dnsmasq replies with both ULA & Global addresses in the reply...and my iPad is happy...it takes the global address. Nope, the above worked temporarily by luck ra

Re: [Dnsmasq-discuss] DHCPv6 ULA & Global address allocation & Apple devices

I've got some packet captures now that have helped answer some of the questions. 1) The DHCPADVERTISE in the log are included in just one packet. 2) The solicits from my ipad and the advertises are identical except dnsmasq presents the ULA address first whereas odhcpd presents the global addr

[Dnsmasq-discuss] DHCPv6 ULA & Global address allocation & Apple devices

Hi All, This problem has been around a while (forever?) but it's only just annoyed me sufficiently to investigate. The box in question is running a recent version LEDE and in my case dnsmasq git head bleeding edge. LEDE normally uses its homegrown odhcpd to hand out DHCPv6 addresses, wherea

Re: [Dnsmasq-discuss] DNSSEC check unsigned vs sharepoint.com

Thank you one & all for that. I've tried to explain it to Microsoftandgiven up. I just won't use 'Onedrive for Business' or 'sharepoint'. On 09/09/2016 21:09, Simon Kelley wrote: > On 09/09/16 19:35, /dev/rob0 wrote: >> On Fri, Sep 09, 2016 a

Re: [Dnsmasq-discuss] Hiding/obscuring version.bind

Hmm. Ideally then with 'NO_ID' we shouldn't forward Chaosnet queries for *.bind. Can we just get away with the equivalent of 'local=/bind/' or is that too broad a brush to apply by default in the code? I can see me digging into how the code for 'local' works in my near future :-) On 09/09/1

[Dnsmasq-discuss] DNSSEC check unsigned vs sharepoint.com

Hi All, Having some issues with my 'onedrive for business' application which in turn uses 'sharepoint.com'. Short version: dnsmasq 2.76 thinks sharepoint.com is bogus. Directly querying upstream servers is okay: # drill -D @8.8.8.8 sharepoint.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, i

Re: [Dnsmasq-discuss] Hiding/obscuring version.bind

something like a NO_ID compile time option that suppresses the whole .bind domain thing? Certainly happy to take the patch. Cheers, Simon. On 06/09/16 16:14, Kevin Darbyshire-Bryant wrote: Hi Simon & all, There has been a bit of activity on the security front in LEDE and a recent c

[Dnsmasq-discuss] [PATCH] dnsmasq: compile time option NO_ID

Some consider it good practice to obscure software version numbers to clients. Compiling with -DNO_ID removes the *.bind info structure. This includes: version, author, copyright, cachesize, cache insertions, evictions, misses & hits, auth & servers. Signed-off-by: Kevin Darbyshir

[Dnsmasq-discuss] Hiding/obscuring version.bind

Hi Simon & all, There has been a bit of activity on the security front in LEDE and a recent change proposed removing version numbers from software to avoid it leaking to 'the bad guys'. I'll say upfront that I'm not a fan of this approach feeling that it's more of the 'security through obscur

Re: [Dnsmasq-discuss] Dnsmasq doesn't reply to queries made over (link-local) IPv6

On 04/09/16 12:14, Toke Høiland-Jørgensen wrote: Simon Kelley writes: OK, naive attempts to reproduce this have failed entirely, it just works for me :-) I see something similar: recvmsg(10, {msg_name={sa_family=AF_INET6, sin6_port=htons(50214), inet_pton(AF_INET6, "fe80::c23f:d5ff:fe62:

Re: [Dnsmasq-discuss] dnsmasq does crash

On 30/08/16 23:08, Simon Kelley wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sorry about this. Putative fix pushed to git. Cheers, Simon. Looks good. It doesn't go bang anymore on my system :-) ___ Dnsmasq-discuss mailing list Dnsma

Re: [Dnsmasq-discuss] dnsmasq does crash

On 29/08/16 20:30, e9hack wrote: Hi, I've trouble with this commit, independently that it looks simple: Suppress useless warning about DHCP packets of interfaces without addresses. Starting with this commit, dnsmasq does crash shortly after start: Mon Aug 29 21:18:40 2016 kern.info kernel:

Re: [Dnsmasq-discuss] Compile Error.

Or use 'make COPTS=-DNO_INOTIFY' to compile without the inotify handling, since early kernels (as used by many router manufacturers) don't have inotify support. On 24/08/16 17:14, Chris Novakovic wrote: On 24/08/16 16:31, Tony White wrote: inotify.c:92: error: ‘IN_NONBLOCK’ undeclared (first

Re: [Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

On 11/07/16 21:05, Simon Kelley wrote: Ah yes, I see the problem. Patch applied. Sorry it took so long :-( Cheers, Simon. No problem. Glad to have helped solve it :-) Cheers, Kevin ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekell

[Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

-check-unsigned that could prove 'challenging' :-) The patch matches the behaviour as is documented in the manpage. kind regards, Kevin >From f94c6d70aaaea0511ef3c7667093b4b54952804e Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Fri, 27 May 2016 10:23:47 +0100 Su

Re: [Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

On 27/05/16 13:37, Kevin Darbyshire-Bryant wrote: Hi Simon, Please could you consider the attached patch. It solves a problem that using dnssec-timestamp also effectively enabled dnssec-no-timecheck. Any thoughts? Kevin ___ Dnsmasq-discuss

[Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

-check-unsigned that could prove 'challenging' :-) The patch matches the behaviour is as documented in the manpage. kind regards, Kevin >From f94c6d70aaaea0511ef3c7667093b4b54952804e Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Fri, 27 May 2016 10:23:47 +0100 Su

Re: [Dnsmasq-discuss] HELP: gives BOGUS for valid RR with no DNNSEC

On 25/05/16 19:07, Johnny Appleseed wrote: Im using the -DNSSEC option and it keeps giving me BOGUS for sites like wikipedia.org or others. If i stop /restart sometimes it clear up, or i remove the check no-sign flag, but then Im not checking unsigned websites for RR. Is the system clock set c

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

The mystery is at least partially solved. It looks like I'd somehow enabled Remote Routing and Access services within Windows Home Server for VPN access. It looks like it tries to grab a few addresses for potential VPN clients from a DHCP server, that's why I was seeing 'RRAS.Micrsoft' as a user

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

: 4 option: 44 netbios-ns 192.168.219.1 What the hell is this box doing?! :-/ Kevin On 02/05/2016 17:24, Simon Kelley wrote: > On 30/04/16 11:32, Kevin Darbyshire-Bryant wrote: >> Further clues maybe: So initially when kermit comes up it grabs an IPv4 >> address and I se

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

? Kevin On 02/05/2016 17:24, Simon Kelley wrote: > On 30/04/16 11:32, Kevin Darbyshire-Bryant wrote: >> Further clues maybe: So initially when kermit comes up it grabs an IPv4 >> address and I see this entry in dnsmasq's lease database: >> 1462055024 e0:3f:49:a

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

quest it gets changed to 1462055060 e0:3f:49:a1:d4:aa 192.168.219.4 Kermit 01:52:41:53:20:e0:3f:49:a1:d4:aa:00:00:09:00:00:00 There are also syslog messages of "abandoning lease to e0:3f:49:a1:d4:aa of 192.168.219.4" which I don't get at all. On 29/04/16 12:27, Kevin Darbyshire-

[Dnsmasq-discuss] IPv6 dhcp strangeness

Hi All, I've just noticed some strange/different behaviour with regard to dhcpv6 address allocation. I've a couple of 'internal' machines that I'd like to have fixed ip addresses. To that end, and it used to work I've got lines similar to: dhcp-host=E0:3F:49:A1:D4:AA,192.168.219.4,[::0:4],Kerm

Re: [Dnsmasq-discuss] Wildcard Domain resolving does not work with DNSSEC

On 04/01/2016 16:05, Uwe Schindler wrote: > Hi, > > Was there a change in dnsmasq related to this? Would be good to get some > feedback. I'll try this version now. Currently I am running 2.75 (Debian > testing pkg 2.75-1) Yes. BIG changes. See the git log: http://thekelleys.org.uk/gitweb/?p=d

Re: [Dnsmasq-discuss] Wildcard Domain resolving does not work with DNSSEC

On 04/01/16 14:48, Uwe Schindler wrote: > Hi, > > I found out that resolving of DNSSEC signed wildcard domains does not work > correctly with dnsmasq. I think the problem is that it looks for a signature > of the requested domain name and not the wildcard. > > > > ;; Query time: 0 msec > ;; SER

Re: [Dnsmasq-discuss] CPU spin in master

Router survived the night. No obvious problems noted :-) -- Cheers, Kevin Sent from my phone, apologies for brevity, spelling & top posting > On 2 Jan 2016, at 17:20, Kevin Darbyshire-Bryant > wrote: > > > >> On 01/01/16 20:27, Simon Kelley wrote: >>> O

  1   2   >