Re: [Dnsmasq-discuss] override DNS server for particular hosts on IPv6
On 2021-03-25 15:14, Erik Edwards via Dnsmasq-discuss wrote: The line "enable-ra" is directing dnsmasq to act as a "router advertising daemon". The advertisement sent will include the RDNSS default address(es). This is how IPv6 works. If the __client__ can ignore the RDNSS in the RA packet then the DHCPv6 might have a chance of doing what you want. In Fedora, using NetworkManager, use the option to do IPv6 "Automatic (Address only)", then using dhcp6c, would be something to investigate. IIRC Windows can also do "Address only" via automatic/SLAAC configuration then use DHCPv6 for all the other info. Android still has a ways to go to live happily in the IPv6 world, as of Android 10 - too many show stopping bugs. (keeps dropping and reconnecting to the WiFi). If your Android version will allow the granularity, the "Automatic (address only)" option may help. On 3/25/21 3:50 AM, Hamish Moffatt wrote: I'm attempting to override the DNS server for a few hosts on both IPv4 and IPv6. I've tagged the hosts and applied dhcp-option to that tag and it's working correctly for IPv4, but I'm not having much luck with IPv6. I'll admit right now that I don't fully understand the use of DHCPv6 and how DNS servers are discovered, so it might be that this is just not possible, at least for all types of clients. My dnsmasq is at ::1, and I want to use the DNS server at ::18 on the same prefix. What I have is: dhcp-option=tag:adblock,6,192.168.42.18 dhcp-option=tag:adblock,option6:dns-server,[::18],[::18] dhcp-range=set:lan,192.168.42.20,192.168.42.239,255.255.255.0,12h ra-param=br-lan,0,7200 dhcp-range=set:lan,::1000,::,constructor:br-lan,slaac,ra-names,12h dhcp-option=lan,option6:dns-server,[::] enable-ra quiet-ra What I see is that Android just has the ::1 address as its DNS server. A Linux client using NetworkManager has ::1 as well as the two override servers. Even when I set ::18 as the server in the dhcp-option clause for the whole network, the devices still learned the ::1 address. If I remove the dhcp-option clause for the whole network then Android shows it's using the link local address for ::1 instead. How is Android always learning of the dnsmasq server itself as the DNS server, and can I fix it? Thanks Hamish Android to my knowledge does not support DHCPv6, therefore it only retrieves DNS servers via RDNSS of RAs. RAs are generic and not per client, therefore assigning different DNS servers via RDNSS/RA is not possible. Even if dnsmasq could disable RDNSS for RAs you will still fail with Android as long as it does not support DHCPv6. Only idea I have is to use a separate ULA in a separate WLAN/LAN network for those devices, and for this ULA use the adblock settings as defaults. Kind regards Maddes ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] How to add AAAA record for host with dynamic prefix?
On 2021-02-13 20:22, Fred F wrote: Dear all, I'd like to bump this question. Isn't there anybody who is using dnsmasq in IPv6 networks with dynamic prefixes? Regards, Frederik On Sat, 10 Oct 2020 at 16:59, Fred F wrote: Hi, I am using dnsmasq in an environment with a dynamic IPv6 prefix. On a few of my servers I am using statically assigned IP addresses for IPv4 and static interface tokens for IPv6 (through systemd-networkd). This way the machines will always have predictable v4 and v6 addresses without DHCP or SLAAC in the following format: v4: 192:168.1.1 v6: dead::beef:192:168:1:1 (where dead::beef if the current IPv6 prefix). Now I'd like to add records for these hostnames in dnsmasq. When defining DHCP/SLAAC ranges in dnsmasq there is the "constructor:infname" syntax which automagically uses the interface's current IPv6 prefix. Is there something like that for host records? Something like this would be super cool, but I cannot get it to work: host-record=laptop,laptop.thekelleys.org,192.168.1.1,::192.168.1.1,constructor:eth0 Is there any other way to do what I am doing? I know about the "ra-names" feature but unfortunately it's not compatible with IPv6 interface tokens other than the MAC address (a.k.a. default SLAAC). Best regards Frederik Hello Frederik, IPv4 and IPv6 have different philosophies and you may get seduced to adopt your IPv4 knowledge to IPv6. Took me some time to get this sorted out myself. Actually your question is about IPv6 in general and not really dnsmasq specific. IPv6 is by default multi-homed with multiple IPv6 addresses (SLAAC, temporary private, DHCPv6, etc.) of multiple IPv6 networks (GUA, ULA, LLA). In general GUAs are for WAN communications, ULAs for LAN/VPN communications and LLA for configuration less on-link communication. * LLA; Prefix fe80::/10; RFC 4291<3513<2373<1884 * ULA; Prefix fc00::/7 typcially fd00::/8; RFC 4193 * Side note: SLAs are deprecated and superseeded by ULAs. * GUA; Prefix 2000::/3; RFC 4291<3513<2373<1884 For local IPv6 addresses define yourself a random(!) ULA network (fdxx:::::/64) and assign static IPv6 addresses to your services/servers (SLAAC, temporary private, DHCPv6 in addition as it fits your needs). ULAs allow you to route traffic from/to ULAs (LAN/VPN) and also from/to GUAs without having a WAN connection on the servers/services, while LLA is not routed by design. Even if you want the service to be reachable from outside via its GUA address, then you should still define static ULA addresses to be locally independent from your ISP service. Static addresses also allow you to contact your services/servers even when DHCP is down. I myself additionally setup a DHCP entry for them with their static IP addresses, so that they get their usual/planned IPv6 addresses during their setup or when running a live system from USB/CD/DVD. My private local home office setup has 2 ULAs (one "production" ULA from my dnsmasq server, one fallback ULA from my FritzBox router) plus 1 GUA (from my Fritzbox router). dnsmasq serves the static addresses from its /etc/hosts. But these are just my personal preferences. Hope this points you to the right directions. Kind regards Matthias Bücher ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Announce: dnsmasq-2.84 - sort and semantic versioning
On 2021-01-26 17:41, M. Buecher wrote:
On 2021-01-26 00:43, Lonnie Abelbeck wrote:
On Jan 25, 2021, at 5:21 PM, Lonnie Abelbeck
wrote:
Get it here:
http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.84.tar.gz
The version string generated is "2.84rc2"
$ cat dnsmasq-2.84/VERSION
(HEAD -> master, tag: v2.84rc2, tag: v2.84, origin/master,
origin/HEAD)
This patch solves the problem:
--- dnsmasq-2.84/bld/get-version.orig 2021-01-25 17:35:04.882908877
-0600
+++ dnsmasq-2.84/bld/get-version2021-01-25 17:35:58.658467974 -0600
@@ -28,7 +28,7 @@
vers=`cat $1/VERSION | sed 's/[(), ]/,/ g' | tr ',' '\n' | grep
^v[0-9]`
if [ $? -eq 0 ]; then
- echo "${vers}" | sort -r | head -n 1 | sed 's/^v//'
+ echo "${vers}" | sort | head -n 1 | sed 's/^v//'
else
cat $1/VERSION
fi
Actually sort is not good at sorting semantic versions [1].
In some cases '-r' will work (2.84, 2.83-post1, 2.83) and in others it
won't (2.84-rc1, 2.84, 2.83). Same applies for sort without '-r'.
[1] https://semver.org/
Just my two cents
Maddes
Forgot to reference the details for sort's -V|--version-sort option at
https://www.gnu.org/software/coreutils/manual/coreutils.html#Implementation-Details
Other wrote scripts in other languages like php, Python, etc., e.g.
https://gist.github.com/andkirby/54204328823febad9d34422427b1937b
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] adding domain suffix search to dns forward
Note that DHCP <> DNS Kind regards Matthias On 2020-08-17 21:15, Dave Sullivan wrote: > Hi All, > > Is there a way to get dnsmasq to provide additional search domain suffix to > an 'A' query and forward that query to any number of added search domains. > > Seems like dhcp-option would be the right place per [0] > > "DHCP option 15: specifies the domain name that client should use as suffix > when resolving hostnames via the Domain Name System" > > However, when doing a dig/nslookup using a shortname and looking at the > dnsmasq.log it doesn't seem to add the domain suffix. > > Am I missing something here? > > Maybe dhcp-option is only for dhcp requests and not implied for dns forward. > > Any ideas? > > Thanks, > > Dave > > [0] https://www.efficientip.com/glossary/dhcp-option/ > > -- > > == > Dave Sullivan RHCE Email: dsull...@redhat.com > Sr. OpenShift And Middleware Technical Account Manager > > +1 312 660 3525 (Office) > +1 804 837 8924 (Cell) > == > Red Hat, Inc. | 100 East Davie St | Raleigh, NC | 27601 > > Partnering with you to help achieve your business goals. > > http://www.redhat.com > http://access.redhat.com > http://www.opensource.com > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] code style
On 2019-09-07 09:02, Shota Hino wrote: >> On Fri, Sep 06, 2019 at 10:09:51PM -0700, Shota Hino wrote: >>> It seems the use of tabs are not consistent. >>> On some IDE, the lines are misaligned and very difficult to read. >>> >>> Could you please run code formatter? >> >> Which code formatter have you in mind? >> Does it have a default setting? >> >> Groeten >> Geert Stappers > http://uncrustify.sourceforge.net/ is one, but any reasonable code formatter > should be able to replace leading white-spaces with tabs or vice versa. > > I am surprised that nobody complained about this. I had got experience with astyle in some projects: http://astyle.sourceforge.net/ Just my two cents Maddes___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Can mulitple --conf-dir be specified?
On 2019-05-31 22:12, Geert Stappers wrote: On Fri, May 31, 2019 at 12:45:01AM +0200, M. Buecher wrote: On 2019-05-30 23:37, Geert Stappers wrote: > On Thu, May 30, 2019 at 09:47:34PM +0200, M. Buecher wrote: > > Hi all, > > > > just thinking about a new dnsmasq setup, > > OK, acknowledge. > > > > and I would like to read .conf files from multiple directories. > > Why? > What would be the benefit over multiple files? I'm always using a modular approach, therefore I already use multiple conf files inside a conf dir per instance. Now I want to use a common conf dir plus separate conf dirs for my multiple dnsmasq instances. That does not answer > What would be the benefit over multiple files? I do not use a monolithic conf file, but a lot of small conf files. Re-using config dirs, and therefore all conf files in it, for different dnsmasq instances is the benefit. As you ask for it, so it is not possible right now? > > So, is it possible to specify multiple --conf-dir and does this > > work? Either via console parameter or via .conf file. > > The man page only talks from a single directory, but does not > > explicitly deny or allow multiple ones. http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=343b7b4ad0e49cd23d41d78fe2a69be3603db502 Groeten Geert Stappers ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Can mulitple --conf-dir be specified?
On 2019-05-30 23:37, Geert Stappers wrote: On Thu, May 30, 2019 at 09:47:34PM +0200, M. Buecher wrote: Hi all, just thinking about a new dnsmasq setup, OK, acknowledge. and I would like to read .conf files from multiple directories. Why? What would be the benefit over multiple files? I'm always using a modular approach, therefore I already use multiple conf files inside a conf dir per instance. Now I want to use a common conf dir plus separate conf dirs for my multiple dnsmasq instances. So, is it possible to specify multiple --conf-dir and does this work? Either via console parameter or via .conf file. The man page only talks from a single directory, but does not explicitly deny or allow multiple ones. Groeten Geert Stappers ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Can mulitple --conf-dir be specified?
Hi all, just thinking about a new dnsmasq setup, and I would like to read .conf files from multiple directories. So, is it possible to specify multiple --conf-dir and does this work? Either via console parameter or via .conf file. The man page only talks from a single directory, but does not explicitly deny or allow multiple ones. Regards Maddes ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Multiple instances of dnsmasq on Debian with systemd
On 2018-12-02 01:01, M. Buecher wrote:
I spent some time on how to keep backward compatibility for current
configurations.
The simplest solution would be to provide 2 systemd unit files:
1. An updated dnsmasq.service file for the main/default/standard
"instance", that reflects the fix for checking the configuration (see
attached file).
2. The new dnsmasq@.service file from the previous post for additional
instances.
This way nothing would change for people running just a single dnsmasq
instance. No need to rename or sym-link /etc/default/dnsmasq to
dnsmasq.main (or similar).
Still people could easily create extra instances with the new
dnsmasq@.service file and a corresponding
/etc/default/dnsmasq. file.
Got some time to look at the upstream repo.
Updated init.d script to current state plus renamed files for upstream
repo.
# This file has six functions:
# 1) to completely disable starting this dnsmasq instance
# 2) to set DOMAIN_SUFFIX by running `dnsdomainname`
# 3) to select an alternative config file
#by setting DNSMASQ_OPTS to --conf-file=
# 4) to tell dnsmasq to read the files in /etc/dnsmasq.d for
#more configuration variables.
# 5) to stop the resolvconf package from controlling dnsmasq's
#idea of which upstream nameservers to use.
# 6) to avoid using this dnsmasq instance as the system's default resolver
#by setting DNSMASQ_EXCEPT="lo"
# For upgraders from very old versions, all the shell variables set
# here in previous versions are still honored by the init script
# so if you just keep your old version of this file nothing will break.
#DOMAIN_SUFFIX=`dnsdomainname`
#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
# Whether or not to run the dnsmasq daemon; set to 0 to disable.
ENABLED=1
# By default search this drop directory for configuration options.
# Libvirt leaves a file here to make the system dnsmasq play nice.
# Comment out this line if you don't want this. The dpkg-* are file
# endings which cause dnsmasq to skip that file. This avoids pulling
# in backups made by dpkg.
CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
# If the resolvconf package is installed, dnsmasq will use its output
# rather than the contents of /etc/resolv.conf to find upstream
# nameservers. Uncommenting this line inhibits this behaviour.
# Note that including a "resolv-file=" line in
# /etc/dnsmasq.conf is not enough to override resolvconf if it is
# installed: the line below must be uncommented.
#IGNORE_RESOLVCONF=yes
# If the resolvconf package is installed, dnsmasq will tell resolvconf
# to use dnsmasq under 127.0.0.1 as the system's default resolver.
# Uncommenting this line inhibits this behaviour.
#DNSMASQ_EXCEPT="lo"
#!/bin/sh
### BEGIN INIT INFO
# Provides: dnsmasq
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Description:DHCP and DNS server
### END INIT INFO
# Don't exit on error status
set +e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/dnsmasq
NAME=dnsmasq
DESC="DNS forwarder and DHCP server"
INSTANCE="${2}"
# Most configuration options in /etc/default/dnsmasq are deprecated
# but still honoured.
ENABLED=1
if [ -r /etc/default/${NAME}${INSTANCE:+.${INSTANCE}} ]; then
. /etc/default/${NAME}${INSTANCE:+.${INSTANCE}}
fi
# Get the system locale, so that messages are in the correct language, and the
# charset for IDN is correct
if [ -r /etc/default/locale ]; then
. /etc/default/locale
export LANG
fi
# The following test ensures the dnsmasq service is not started, when the
# package 'dnsmasq' is removed but not purged, even if the dnsmasq-base
# package is still in place.
test -e /usr/share/dnsmasq/installed-marker || exit 0
test -x ${DAEMON} || exit 0
# Provide skeleton LSB log functions for backports which don't have LSB functions.
if [ -f /lib/lsb/init-functions ]; then
. /lib/lsb/init-functions
else
log_warning_msg () {
echo "${@}."
}
log_success_msg () {
echo "${@}."
}
log_daemon_msg () {
echo -n "${1}: ${2}"
}
log_end_msg () {
if [ "${1}" -eq 0 ]; then
echo "."
elif [ "${1}" -eq 255 ]; then
/bin/echo -e " (warning)."
else
/bin/echo -e " failed!"
fi
}
fi
# RESOLV_CONF:
# If the resolvconf package is installed then use the resolv conf file
# that it provides as the default. Otherwise use /etc/resolv.conf as
# the default.
#
# If IGNORE_RESOLVCONF is set in /etc/default/dnsmasq or an explicit
# filename is set there then this inhibits the use of the resolvconf-provided
# information.
#
# Note that if the resolvconf package is installed it is not possible to
# override it just by configuration in /etc/dnsmasq.conf, it is necessary
#
Re: [Dnsmasq-discuss] Multiple instances of dnsmasq on Debian with systemd
On 2018-12-01 16:19, Geert Stappers wrote: On Sat, Dec 01, 2018 at 01:20:58PM +0100, M. Buecher wrote: [Unit] Description=dnsmasq (%i) - A lightweight DHCP and caching DNS server Requires=network.target Wants=nss-lookup.target Before=nss-lookup.target The "Wants" and the "Before" have the same targets. That feels odd to me. Wants= is a weaker version of Requires=, which tries to start those additional services but a failure of them doesn't stop the dnsmasq service from starting. Before= just manages the start order of the services. My changes only added support for instances and didn't change the dependencies. Thanks for checking Maddes ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Multiple instances of dnsmasq on Debian with systemd
Hello Simon, on my first tries to start multiple dnsmasq instances on Debian 9 "Stretch" with systemd I faced several issues and created Debian bug report #914305 [1]. Yesterday I finally managed to spend several hours on the issue and found a clean solution for it. While preparing the text for the bug report I recognized that you're the maintainer of the Debian packages, so I decided to write to the dnsmasq mailing list first. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914305 systemd unit files [2] allow to be used for multiple instances when the service unit file name ends with the at symbol (@). Then the service can be enabled with an instance name following the at symbol, e.g. `systemctl enable dnsmasq@main.service`. The instance name is available in an escaped format in variable %i (lower case) when the unit file is processed. The attached unit file dnsmasq@.service passes the escaped instance name to the init.d script (minor changes to the code plus `mv -v /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq@.service`). The 2nd attached file is the updated init.d script for dnsmasq. It now recognizes the instance name via the second script paramater and uses it wherever needed or possible (default file, pid file, resolvconf protocol, log entries). Additionally three special cases had to be handled when running multiple instances of dnsmasq: a) The original systemd unit file wants to check the configuration before starting the service but does not honor the settings from the default file (conf file and dir). Therefore the option checkconfig was added to the init.d script. I don't know if there's a common SysInit V standard name for such a function [3]. b) `mkdir /run/dnsmasq` in the init.d script can fail as unit files are run in parallel, so the directory has to be checked again if mkdir failed. c) Only one dnsmasq instance should be the dns resolver for the local system and should bind to localhost. Therefore revived DNSMASQ_EXCEPT="lo" in the default file (3rd attached file). Additional changes to the files are typo corrections. [2] https://www.freedesktop.org/software/systemd/man/systemd.unit.html [3] https://www.debian.org/doc/debian-policy/ch-opersys.html#writing-the-scripts For testing I installed openresolv and dnsmasq on latest Debian 9 "Stretch" and created some virtual network interfaces via systemd [4]. The main dnsmasq instance shall run on the real NIC while special instances shall run on the extra virtual NICs (dnsextra*). Stopped and disabled the original service from the Debian dnsmasq package: `systemctl stop dnsmasq.service` `systemctl disable dnsmasq.service` `systemctl status dnsmasq.service` Prepared dnsmasq systemd unit file for instances by renaming and updating it: `mv -v /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq@.service` As instance enabled systemd unit files have to be used with an instance name I decided to name the default dnsmasq instance simply "main". Not to break SysInit V compatibility a symbol link was used for the "renaming" of the default file. `ln -s -T dnsmasq /etc/default/dnsmasq.main` (P.S. Other idea would be to default INSTANCE in init.d to 'main' when instance name not given.) Updated also init.d script and normal default file. Then prepared two dnsmasq instances: 1. Default file for main instance (/etc/default/dnsmasq.main) Changed to DNSMASQ_OPTS="--bind-dynamic --except-interface=dnsextra*" This way it will avoid binding to the extra virtual NICs while still recognizing new addresses and other new NICs, and it will also be the DNS resolver for the local system. 2. New default file for first extra instance (/etc/default/dnsmasq.extra01) Copied from default file of main instance via `cp /etc/default/dnsmasq /etc/default/dnsmasq.extra01` Changed the following settings for this extra instance: * DNSMASQ_OPTS="--bind-dynamic --interface=dnsextra01 --address=/heise.de/192.168.0.250" Binds to one explicit interface while still recognizing new addresses. One modified address resolution for testing with dig. * IGNORE_RESOLVCONF=yes Always using /etc/resolv.conf therefore either using the dnsmasq main instance (if it is started) as upstream dns server or the upstream server from resolvconf (e.g. via DHCP). * DNSMASQ_EXCEPT="lo" Avoid binding to localhost and also not being used as the DNS resolver for the local system. With this setup I could start/stop any dnsmasq instance while keeping a working DNS setup. Additionally I could assign an explicit dnsmasq instance to any dhcp client. [4] https://gist.github.com/maddes-b/e487d1f95f73f5d40805315f0232d5d9 I hope that I explained everything understandably, completely and in correct English. Any feedback is welcome and it would be great to see this in Debian 10 :) Kind regards Maddes [Unit] Description=dnsmasq (%i) - A lightweight DHCP and caching DNS server
Re: [Dnsmasq-discuss] [Feature Request] Tagged server and address configuration
On 2018-11-22 21:24, Simon Kelley wrote: On 19/11/2018 21:07, M. Buecher wrote: Hello Simon and dnsmasq fellows, I blacklist several domains via host files and wanted to skip the blacklist for my testing client. Unfortunately I couldn't find a solution for this in the man page, or maybe I just didn't see the correct config combination. Or did I miss a way to configure this with the existing features? So I came up with the idea of tag-matching server and address configuration, like... --server=[tag:[,tag:],][/[]/[domain/]][[#][@|[#]] --address=[tag:[,tag:],]/[/...]/[] This would provide a highly flexible way to blacklist/whitelist domains for specific clients. But I assume it may be an ugly coding hell to implement. The problem lies in the fact that there's nothing in the DNS part of dnsmasq to determine the tags - the taq-set that's used in the DHCP part of dnsmasq is determined dynamically during each DHCP transaction: there's no way to make it long-lived and associate it with DNS request that arrives later. Cheers, Simon. Thanks for the info. Right now I'm trying to find out how to run multiple dnsmasq instances for different interfaces on Debian with systemd. The second interface shall be a virtual one on the real one with a different ip address, so that I can distribute "a different DNS server" to my test client. Thanks for your time Maddes ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] [Feature Request] Tagged server and address configuration
Hello Simon and dnsmasq fellows, I blacklist several domains via host files and wanted to skip the blacklist for my testing client. Unfortunately I couldn't find a solution for this in the man page, or maybe I just didn't see the correct config combination. Or did I miss a way to configure this with the existing features? So I came up with the idea of tag-matching server and address configuration, like... --server=[tag:[,tag:],][/[]/[domain/]][[#][@|[#]] --address=[tag:[,tag:],]/[/...]/[] This would provide a highly flexible way to blacklist/whitelist domains for specific clients. But I assume it may be an ugly coding hell to implement. Kind regards Maddes ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] duplicate dhcp-host IP address
Hi Simon, sorry for this "Me too" mail, but +1. Never got to request that feature myself. Regards Maddes On 2018-11-12 16:12, Roy Marples wrote: Hi List dnsmasq has this lovely piece of code http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/option.c;h=462796996ef208bd013eece70fce51e7dc1a45ad;hb=HEAD#l3240 This effectively stops me using dnsmasq to give the same IP address to wired and wireless interfaces (which are on the same network) of my laptop. The laptop in question runs NetBSD + dhcpcd can is more than capable of having the same address UP on >1 interface. Can this be removed, or an option added to disable the check please? I want to enjoy a persitent ssh shell from/to it while swapping between wired/wireless without it droping due to changing the IP address. Thanks Roy ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DHCPV6
Hi there, IPv6 is by definition "multi-homed", so you would do Global Unicast Addresses (GUA; Prefix 2000::/3; RFC 4291) via your router and Unique Local Addresses (ULA; Prefix fc00::/7; RFC 4193) via dnsmasq. If you want to manager GUA also via dnsmasq, then you need to do DHCP-PD from dnsmasq to your router. What kind of prefix do you get from your ISP? /48, /56, /60, /64? Regards Maddes On 2018-05-06 01:48, Merell Matlock wrote: > Hoping for some help/insight it my attempting to setup IPV6 DHCP; I must > not seem to be able to input the right search terms, because I keep > going around in circles. > > My Setup: > > ISP <> Modem <> Router <> home network > > DNS/DHCP on an RPi3 (DNSMASQ/Pi-hole, behind the router). > > V4 DHCP from the RPi works flawlessly. > > My router is pulling V6 from the ISP via DHCP-PD, and I can't fine-tune > the routers' RA to only send out route info, and if I disable the RA > from the router, no IPV6 at all (ifconfig/ipconfig only shows link-local > addresses), no matter what I try with DNSMASQ. > > IPV6 pass-through on the router has the same result. > > Here is what I have from .conf files (all from pi-hole interface): > > enable-ra > dhcp-option=option6:dns-server,[::] > dhcp-range=::100,::1ff,constructor:eth0,ra-names,slaac,168h > ra-param=*,high,60,0 > > I changed the ra-param in an attempt to bypass the routers' RA. > > Option6 is working as expected. > > Any ideas, or am I just looking at a pipe dream (wanting host names in > the pi-hole query log, instead of IPV6 addresses). > > Thank you, > > Merell Matlock > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Using a variable in the address option in dnsmasq.conf
On 2018-02-19 21:28, Steve Lloyd wrote:
> Is it possilbe to set a variable and then use it as follows? or is there a
> way to set and use a variable in the conf file for address entries?
>
> myip=10.0.1.6
> address=/2o7.net/$myip [1]
> address=/2mdm.net/$myip [2]
>
> instead of
> address=/2o7.net/10.0.1.6 [3]
> address=/2mdm.net/10.0.1.6 [4]
+1 for such a feature as this would easy my playground setup a lot, in
my case:
dhcp-host=aa:bb:cc:dd:ee:ff,${NETWORK4NET1PREFIX}.27,[${NETWORK6ULA1PREFIX}::1b],my-host
Links:
--
[1] http://2o7.net/$myip
[2] http://2mdm.net/$myip
[3] http://2o7.net/10.0.1.6
[4] http://2mdm.net/10.0.1.6___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Reload dnsmasq when systemd-networkd.service receives a new IPv6 prefix and assigns IPv6 address for it
Hi everybody, dnsmasq is used in my small LAN at home and it provides static interface ids to a few servers for Global Unicast Addresses (GUA, 2000::/3) too. The GUA prefix from my ISP is advertised via RA by my router (M+O+A flags set). As the prefix from my ISP changes from time to time I restart dnsmasq manually so that it reads the new prefix via the dhcp-range constructor method. Of course I would prefer that this would happen automatically. Has anyone setup such an similar automatic reloading on a new prefix? OS is Raspbian 9.0 "Stretch" (Debian derivative). Network config via systemd-networkd.service and *not* Debian's default ifupdown legacy compatibility networking.service. Another possible alternative would be dhcpcd [https://roy.marples.name]. Kind regards Maddes /etc/systemd/network/ethernet.network: [Match] Name=en* [Network] IPv6AcceptRA=yes LinkLocalAddressing=ipv6 IPv6Token=::a:b:c:d IPv6PrivacyExtensions=yes [Address] ## ULA Address=fd00:1:2:3:a:b:c:d/64 /lib/systemd/system/dnsmasq.service: [Unit] Description=dnsmasq - A lightweight DHCP and caching DNS server Requires=network.target Wants=nss-lookup.target Before=nss-lookup.target After=network.target [Service] Type=forking PIDFile=/run/dnsmasq/dnsmasq.pid # Test the config file and refuse starting if it is not valid. ExecStartPre=/usr/sbin/dnsmasq --test # We run dnsmasq via the /etc/init.d/dnsmasq script which acts as a # wrapper picking up extra configuration files and then execs dnsmasq # itself, when called with the "systemd-exec" function. ExecStart=/etc/init.d/dnsmasq systemd-exec # The systemd-*-resolvconf functions configure (and deconfigure) # resolvconf to work with the dnsmasq DNS server. They're called liek # this to get correct error handling (ie don't start-resolvconf if the # dnsmasq daemon fails to start. ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Feature Request: IPv6: Enable RA and set its options per dhcp-range
dnsmasq 2.76 (Debian 8 "Jessie" package) enables RA for all dhcp-ranges, even if a subnet that dnsmasq got from the dhcp-range constructor method is handled by a different router. This creates multiple RAs for the same subnet, which may cause routing issues. Current workaround is to set the router's priority to high, so that its RA superseeds then one of dnsmasq. Therefore this feature request for an option to enable/disable RA per dhcp-range configuration (either explicitly or via tagging). Additionally it would be great to specify the RA options per dhcp-range configuration too. Easiest way to reproduce is to assign an ULA and a GUA from your other router via RA on the NIC (here eth0). Then use the "constructor" on your NIC. Example config: ## Unique Local Addresses (ULA) with dynamic+static DHCPv6, no SLAAC (="no mode" specified) dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:,64,12h ## sent Router Advertisments (with M[anaged] flag) so that all clients create routing information for the ULA; necessary for Windows, most Linux clients will automatically create the route via DHCPv6 enable-ra ## Global Unicast Addresses (GUA) and other subnets only with static DHCPv6, no SLAAC dhcp-range=set:gua6,::1:0,::1:,constructor:eth0,static,64,12h Results: Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on ::0.1.255.255, lease time 12h, template for eth0 Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on eth0 Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, IP range fd7a:d:e:f::1:0 -- fd7a:d:e:f::1:, lease time 12h Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on fd7a:d:e:f:: Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on 2003:a:b:c::1:, lease time 12h, constructed for eth0 Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on 2003:a:b:c::, constructed for eth0 Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on fd7a:d:e:f::1:, lease time 12h, constructed for eth0 Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on fd7a:d:e:f::, constructed for eth0 Aug 20 14:02:36 dnsmasq-dhcp[22348]: RTR-ADVERT(eth0) 2003:a:b:c:: Aug 20 14:02:36 dnsmasq-dhcp[22348]: RTR-ADVERT(eth0) fd7a:d:e:f:: Aug 20 14:02:36 dnsmasq-dhcp[22348]: IPv6 router advertisement enabled Kind regards Matthias Bücher On 2017-08-20 14:06, M. Buecher wrote: On 2017-08-18 15:38, M. Buecher wrote: Hello dnsmasq fellows, Hello Simon, I want to assign additional static DHCPv6 global unicast addresses (GUA) to some machines (mainly servers). Yet I have failed to do so with dnsmasq. Got it working. Indeed it was working. The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" [3]. Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is middle. And it is the standard gateway for Internet connections. dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4]. It is the only DNSv4/v6 server in the LAN and serves the local domain. All other requests are forwarded by dnsmasq via IPv4 to the DNS relay of the router, this way those requests are resolved by the ISP's DNS servers. It also advertises the Unique Local Addresses (ULA) [2] for the LAN via RA and assigns addresses via DHCPv6 only. The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's RA. Test machine is Windows 10 with latest updates. It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the router's RA. Additionally a second GUA is present due to Windows' IPv6 privacy extensions for outgoing connections. *But* it doesn't have it's static GUA from dnsmasq! Am I missing something in my dnsmasq configuration (see below)? Or do I have to configure the clients in another way? Any other enhancements for my configuration? If you run "ipconfig /renew6 " on Windows (here 10), then Windows only requests the existing IPv6 addresses to be renewed. To also get new addresses for the Windows you have to release all IPv6 addresses before with "ipconfig /release6 ". So on Windows always do the following for testing in an admin/elevated command prompt or Powershell: ipconfig /release [Name Pattern] ipconfig /renew [Name Pattern] If this doesn't help, then deactivate and re-activate the interface via netsh to start afresh: netsh interface set interface admin=disabled netsh interface set interface admin=enabled By the way: Does dnsmasq also send a RA for the second/GUA dhcp range? How can I avoid this? I would prefer to handle RA settings per dhcp-range via tags. Yes, sends RA for each IPv6 DHCP range it manages. Couldn't find an option to disable or enable it for a specific dhcp range. Additionally if a dhcp range is defined multiple times, it also sends the RA multiple times. Will create to feature requests for these issues in separate posts. Configuration: 1. File /etc/default/dnsmasq (Debian sp
Re: [Dnsmasq-discuss] Bug/Feature Request: IPv6: Recognize each prefix only once
dnsmasq 2.76 (Debian 8 "Jessie" package) doesn't recognize if a prefix has already been specified explicitly and handles it multiple times. I don't know if this behaviour is useful in other situations, then this would be a feature request for a new option of the dhcp-range constructor method to ignore already defined dhcp ranges (either explicitly or via tagging). In my case this is unwanted due to different modes (dynamic+static leases for ULA vs. static leases only for GUA and other subnets). Easiest way to reproduce is to assign an ULA and GUA on the NIC (here eth0). Explicitly specify the ULA DHCPv6 range in dnsmasq and then use the "constructor" method on the NIC (here eth0). Example config: ## Unique Local Addresses (ULA) with dynamic+static DHCPv6, no SLAAC (="no mode" specified) dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:,64,12h ## sent Router Advertisments (with M[anaged] flag) so that all clients create routing information for the ULA; necessary for Windows, most Linux clients will automatically create the route via DHCPv6 enable-ra ## Global Unicast Addresses (GUA) and other subnets only with static DHCPv6, no SLAAC dhcp-range=set:gua6,::1:0,::1:,constructor:eth0,static,64,12h Results: Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on ::0.1.255.255, lease time 12h, template for eth0 Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on eth0 Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, IP range fd7a:d:e:f::1:0 -- fd7a:d:e:f::1:, lease time 12h Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on fd7a:d:e:f:: Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on 2003:a:b:c::1:, lease time 12h, constructed for eth0 Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on 2003:a:b:c::, constructed for eth0 Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on fd7a:d:e:f::1:, lease time 12h, constructed for eth0 Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on fd7a:d:e:f::, constructed for eth0 Aug 20 14:02:36 dnsmasq-dhcp[22348]: RTR-ADVERT(eth0) 2003:a:b:c:: Aug 20 14:02:36 dnsmasq-dhcp[22348]: RTR-ADVERT(eth0) fd7a:d:e:f:: Aug 20 14:02:36 dnsmasq-dhcp[22348]: IPv6 router advertisement enabled Kind regards Matthias Bücher On 2017-08-20 14:06, M. Buecher wrote: On 2017-08-18 15:38, M. Buecher wrote: Hello dnsmasq fellows, Hello Simon, I want to assign additional static DHCPv6 global unicast addresses (GUA) to some machines (mainly servers). Yet I have failed to do so with dnsmasq. Got it working. Indeed it was working. The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" [3]. Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is middle. And it is the standard gateway for Internet connections. dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4]. It is the only DNSv4/v6 server in the LAN and serves the local domain. All other requests are forwarded by dnsmasq via IPv4 to the DNS relay of the router, this way those requests are resolved by the ISP's DNS servers. It also advertises the Unique Local Addresses (ULA) [2] for the LAN via RA and assigns addresses via DHCPv6 only. The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's RA. Test machine is Windows 10 with latest updates. It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the router's RA. Additionally a second GUA is present due to Windows' IPv6 privacy extensions for outgoing connections. *But* it doesn't have it's static GUA from dnsmasq! Am I missing something in my dnsmasq configuration (see below)? Or do I have to configure the clients in another way? Any other enhancements for my configuration? If you run "ipconfig /renew6 " on Windows (here 10), then Windows only requests the existing IPv6 addresses to be renewed. To also get new addresses for the Windows you have to release all IPv6 addresses before with "ipconfig /release6 ". So on Windows always do the following for testing in an admin/elevated command prompt or Powershell: ipconfig /release [Name Pattern] ipconfig /renew [Name Pattern] If this doesn't help, then deactivate and re-activate the interface via netsh to start afresh: netsh interface set interface admin=disabled netsh interface set interface admin=enabled By the way: Does dnsmasq also send a RA for the second/GUA dhcp range? How can I avoid this? I would prefer to handle RA settings per dhcp-range via tags. Yes, sends RA for each IPv6 DHCP range it manages. Couldn't find an option to disable or enable it for a specific dhcp range. Additionally if a dhcp range is defined multiple times, it also sends the RA multiple times. Will create to feature requests for these issues in separate posts. Configuration: 1. File /etc/default/dnsmasq (Debian specific) #DOMAIN_SUFFIX=`dnsdomainname` #DNSMASQ_OPTS="-
Re: [Dnsmasq-discuss] IPv6: Router with RA + static DHCPv6 from dnsmasq on separate host
On 2017-08-20 14:06, M. Buecher wrote: On 2017-08-18 15:38, M. Buecher wrote: Hello dnsmasq fellows, Hello Simon, I want to assign additional static DHCPv6 global unicast addresses (GUA) to some machines (mainly servers). Yet I have failed to do so with dnsmasq. Got it working. Indeed it was working. The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" [3]. Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is middle. And it is the standard gateway for Internet connections. dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4]. It is the only DNSv4/v6 server in the LAN and serves the local domain. All other requests are forwarded by dnsmasq via IPv4 to the DNS relay of the router, this way those requests are resolved by the ISP's DNS servers. It also advertises the Unique Local Addresses (ULA) [2] for the LAN via RA and assigns addresses via DHCPv6 only. The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's RA. Test machine is Windows 10 with latest updates. It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the router's RA. Additionally a second GUA is present due to Windows' IPv6 privacy extensions for outgoing connections. *But* it doesn't have it's static GUA from dnsmasq! Am I missing something in my dnsmasq configuration (see below)? Or do I have to configure the clients in another way? Any other enhancements for my configuration? If you run "ipconfig /renew6 " on Windows (here 10), then Windows only requests the existing IPv6 addresses to be renewed. To also get new addresses for the Windows you have to release all IPv6 addresses before with "ipconfig /release6 ". So on Windows always do the following for testing in an admin/elevated command prompt or Powershell: ipconfig /release [Name Pattern] ipconfig /renew [Name Pattern] Sorry, had copied the IPv4 instrcutions to the mail. Of course it should be: ipconfig /release6 [Name Pattern] ipconfig /renew6 [Name Pattern] If this doesn't help, then deactivate and re-activate the interface via netsh to start afresh: netsh interface set interface admin=disabled netsh interface set interface admin=enabled By the way: Does dnsmasq also send a RA for the second/GUA dhcp range? How can I avoid this? I would prefer to handle RA settings per dhcp-range via tags. Yes, sends RA for each IPv6 DHCP range it manages. Couldn't find an option to disable or enable it for a specific dhcp range. Additionally if a dhcp range is defined multiple times, it also sends the RA multiple times. Will create to feature requests for these issues in separate posts. Configuration: 1. File /etc/default/dnsmasq (Debian specific) #DOMAIN_SUFFIX=`dnsdomainname` #DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt" ENABLED=1 CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new IGNORE_RESOLVCONF=yes 2. dnsmasq configuration # IPv4 options: router, dns, ntp dhcp-option=tag:lan4,3,10.0.0.254 dhcp-option=tag:lan4,6,0.0.0.0 dhcp-option=tag:lan4,42,10.0.0.254 # IPv6 options: dns, domain dhcp-option=option6:dns-server,[fd00::] dhcp-option=tag:ula6,option6:domain-search,local.domain dhcp-authoritative domain-needed strict-order no-resolv localise-queries bogus-priv expand-hosts local-service domain=local.domain local=/local.domain/ addn-hosts=/etc/hosts.static addn-hosts=/etc/hosts.block stop-dns-rebind rebind-localhost-ok dhcp-broadcast=tag:needs-broadcast server=10.0.0.254 ### IPv4 range dhcp-range=set:lan4,10.0.0.100,10.0.0.199,255.255.255.0,12h ### IPv6 ranges dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:,64,12h dhcp-range=set:gua6,2003:a:b:c00::1:0,2003:a:b:c00::1:,static,64,12h enable-ra dhcp-host=00:50:56:39:1d:3e,10.0.0.50,[::32],test-machine Kind regards Maddes [1] Telekom native IPv6 Internet connection IPv6 prefix: 2003:a:b:c00::/56 (c|00 = 256 subnets possible) IPv6 adresses: 2003:a:x:y:1:2:3:4 (External IPv6 address from ISP subnet) [2] Unique Local Addresses ULA: fd7a:d:e:f::/64 [3] Router AVM FRITZ!Box 7490 FRITZ!OS: 06.83 (German) DHCPv6 for LAN: Off Standard-Gateway for Internet: On DNS via RA: Off (RFC 5006) RA: Enabled with M and O flag, SLAAC allowed (=A flag); DNS not advertised https://en.avm.de/service/fritzbox/fritzbox-7490/overview/ https://en.avm.de/products/fritzbox/fritzbox-7490/ [4] Raspberry Pi 2 OS: Raspbian, Derivative of Debian 8 "Jessie", build from Raspberry Pi Foundation https://www.raspberrypi.org/products/raspberry-pi-2-model-b/ https://www.raspberrypi.org/downloads/raspbian/ https://www.raspbian.org/ ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] IPv6: Router with RA + static DHCPv6 from dnsmasq on separate host
On 2017-08-18 15:38, M. Buecher wrote: Hello dnsmasq fellows, Hello Simon, I want to assign additional static DHCPv6 global unicast addresses (GUA) to some machines (mainly servers). Yet I have failed to do so with dnsmasq. Got it working. Indeed it was working. The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" [3]. Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is middle. And it is the standard gateway for Internet connections. dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4]. It is the only DNSv4/v6 server in the LAN and serves the local domain. All other requests are forwarded by dnsmasq via IPv4 to the DNS relay of the router, this way those requests are resolved by the ISP's DNS servers. It also advertises the Unique Local Addresses (ULA) [2] for the LAN via RA and assigns addresses via DHCPv6 only. The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's RA. Test machine is Windows 10 with latest updates. It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the router's RA. Additionally a second GUA is present due to Windows' IPv6 privacy extensions for outgoing connections. *But* it doesn't have it's static GUA from dnsmasq! Am I missing something in my dnsmasq configuration (see below)? Or do I have to configure the clients in another way? Any other enhancements for my configuration? If you run "ipconfig /renew6 " on Windows (here 10), then Windows only requests the existing IPv6 addresses to be renewed. To also get new addresses for the Windows you have to release all IPv6 addresses before with "ipconfig /release6 ". So on Windows always do the following for testing in an admin/elevated command prompt or Powershell: ipconfig /release [Name Pattern] ipconfig /renew [Name Pattern] If this doesn't help, then deactivate and re-activate the interface via netsh to start afresh: netsh interface set interface admin=disabled netsh interface set interface admin=enabled By the way: Does dnsmasq also send a RA for the second/GUA dhcp range? How can I avoid this? I would prefer to handle RA settings per dhcp-range via tags. Yes, sends RA for each IPv6 DHCP range it manages. Couldn't find an option to disable or enable it for a specific dhcp range. Additionally if a dhcp range is defined multiple times, it also sends the RA multiple times. Will create to feature requests for these issues in separate posts. Configuration: 1. File /etc/default/dnsmasq (Debian specific) #DOMAIN_SUFFIX=`dnsdomainname` #DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt" ENABLED=1 CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new IGNORE_RESOLVCONF=yes 2. dnsmasq configuration # IPv4 options: router, dns, ntp dhcp-option=tag:lan4,3,10.0.0.254 dhcp-option=tag:lan4,6,0.0.0.0 dhcp-option=tag:lan4,42,10.0.0.254 # IPv6 options: dns, domain dhcp-option=option6:dns-server,[fd00::] dhcp-option=tag:ula6,option6:domain-search,local.domain dhcp-authoritative domain-needed strict-order no-resolv localise-queries bogus-priv expand-hosts local-service domain=local.domain local=/local.domain/ addn-hosts=/etc/hosts.static addn-hosts=/etc/hosts.block stop-dns-rebind rebind-localhost-ok dhcp-broadcast=tag:needs-broadcast server=10.0.0.254 ### IPv4 range dhcp-range=set:lan4,10.0.0.100,10.0.0.199,255.255.255.0,12h ### IPv6 ranges dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:,64,12h dhcp-range=set:gua6,2003:a:b:c00::1:0,2003:a:b:c00::1:,static,64,12h enable-ra dhcp-host=00:50:56:39:1d:3e,10.0.0.50,[::32],test-machine Kind regards Maddes [1] Telekom native IPv6 Internet connection IPv6 prefix: 2003:a:b:c00::/56 (c|00 = 256 subnets possible) IPv6 adresses: 2003:a:x:y:1:2:3:4 (External IPv6 address from ISP subnet) [2] Unique Local Addresses ULA: fd7a:d:e:f::/64 [3] Router AVM FRITZ!Box 7490 FRITZ!OS: 06.83 (German) DHCPv6 for LAN: Off Standard-Gateway for Internet: On DNS via RA: Off (RFC 5006) RA: Enabled with M and O flag, SLAAC allowed (=A flag); DNS not advertised https://en.avm.de/service/fritzbox/fritzbox-7490/overview/ https://en.avm.de/products/fritzbox/fritzbox-7490/ [4] Raspberry Pi 2 OS: Raspbian, Derivative of Debian 8 "Jessie", build from Raspberry Pi Foundation https://www.raspberrypi.org/products/raspberry-pi-2-model-b/ https://www.raspberrypi.org/downloads/raspbian/ https://www.raspbian.org/ ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] IPv6: Router with RA + static DHCPv6 from dnsmasq on separate host
Hello dnsmasq fellows, Hello Simon, I want to assign additional static DHCPv6 global unicast addresses (GUA) to some machines (mainly servers). Yet I have failed to do so with dnsmasq. The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" [3]. Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is middle. And it is the standard gateway for Internet connections. dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4]. It is the only DNSv4/v6 server in the LAN and serves the local domain. All other requests are forwarded by dnsmasq via IPv4 to the DNS relay of the router, this way those requests are resolved by the ISP's DNS servers. It also advertises the Unique Local Addresses (ULA) [2] for the LAN via RA and assigns addresses via DHCPv6 only. The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's RA. Test machine is Windows 10 with latest updates. It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the router's RA. Additionally a second GUA is present due to Windows' IPv6 privacy extensions for outgoing connections. *But* it doesn't have it's static GUA from dnsmasq! Am I missing something in my dnsmasq configuration (see below)? Or do I have to configure the clients in another way? Any other enhancements for my configuration? By the way: Does dnsmasq also send a RA for the second/GUA dhcp range? How can I avoid this? I would prefer to handle RA settings per dhcp-range via tags. Configuration: 1. File /etc/default/dnsmasq (Debian specific) #DOMAIN_SUFFIX=`dnsdomainname` #DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt" ENABLED=1 CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new IGNORE_RESOLVCONF=yes 2. dnsmasq configuration # IPv4 options: router, dns, ntp dhcp-option=tag:lan4,3,10.0.0.254 dhcp-option=tag:lan4,6,0.0.0.0 dhcp-option=tag:lan4,42,10.0.0.254 # IPv6 options: dns, domain dhcp-option=option6:dns-server,[fd00::] dhcp-option=tag:ula6,option6:domain-search,local.domain dhcp-authoritative domain-needed strict-order no-resolv localise-queries bogus-priv expand-hosts local-service domain=local.domain local=/local.domain/ addn-hosts=/etc/hosts.static addn-hosts=/etc/hosts.block stop-dns-rebind rebind-localhost-ok dhcp-broadcast=tag:needs-broadcast server=10.0.0.254 ### IPv4 range dhcp-range=set:lan4,10.0.0.100,10.0.0.199,255.255.255.0,12h ### IPv6 ranges dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:,64,12h dhcp-range=set:gua6,2003:a:b:c00::1:0,2003:a:b:c00::1:,static,64,12h enable-ra dhcp-host=00:50:56:39:1d:3e,10.0.0.50,[::32],test-machine Kind regards Maddes [1] Telekom native IPv6 Internet connection IPv6 prefix: 2003:a:b:c00::/56 (c|00 = 256 subnets possible) IPv6 adresses: 2003:a:x:y:1:2:3:4 (External IPv6 address from ISP subnet) [2] Unique Local Addresses ULA: fd7a:d:e:f::/64 [3] Router AVM FRITZ!Box 7490 FRITZ!OS: 06.83 (German) DHCPv6 for LAN: Off Standard-Gateway for Internet: On DNS via RA: Off (RFC 5006) RA: Enabled with M and O flag, SLAAC allowed (=A flag); DNS not advertised https://en.avm.de/service/fritzbox/fritzbox-7490/overview/ https://en.avm.de/products/fritzbox/fritzbox-7490/ [4] Raspberry Pi 2 OS: Raspbian, Derivative of Debian 8 "Jessie", build from Raspberry Pi Foundation https://www.raspberrypi.org/products/raspberry-pi-2-model-b/ https://www.raspberrypi.org/downloads/raspbian/ https://www.raspbian.org/ ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
