Re: [Dnsmasq-discuss] ubus problem

2019-04-11 Thread wkitty42

On 4/10/19 12:55 PM, Jan Willem Janssen wrote:

There's one solution I can think of: making the name under which we register
the UBus object configurable (with "dnsmasq" as default for backwards
compatibility). It would allow multiple instances to be configured each with
their own unique name.


this is exactly what i was thinking of in my post where i mistakenly wrote dbus 
instead of ubus...




We could extend the existing `enable-ubus` flag to allow this name to be
supplied from the command line/configuration file.


exactly the idea i proposed... what's that saying about like minds thinking in 
like manner? ;)



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] ubus problem

2019-04-08 Thread wkitty42

On 4/8/19 3:58 PM, wkitt...@gmail.com wrote:
is there some ID or signature that could be used to differentiate between 
separate dnsmasq instances? if so, one could specify that in the config and that 
could be used with dbus to separate the instances and how they communicate...



i mixed up ubus and dbus... sorry about that...

i still wonder if something like this might help with the problem, though...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] ubus problem

2019-04-08 Thread wkitty42

On 4/8/19 1:52 PM, Jan Willem Janssen wrote:

I've to give it some thought about how we could support multiple Dnsmasq
instances in combination with UBus. Not sure how the DBus implementation
would handle this...


is there some ID or signature that could be used to differentiate between 
separate dnsmasq instances? if so, one could specify that in the config and that 
could be used with dbus to separate the instances and how they communicate...


we have to do similar for snort (IDS/IPS) instances running on the same machine 
or feeding their logs to a central analysis tool...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] DHCP tag being ignored?

2019-04-06 Thread wkitty42

On 4/6/19 1:41 PM, Dave Thompson wrote:

I can see that the Windows 7 VM is requesting 104. Perhaps Dnsmasq is
honouring that and ignoring the config file?


i think you have to release the address, first... something so that the VM won't 
try to request the last address it had... if it requests a valid address that is 
not in current use, it will be allowed and accepted IIUC...


in the past we've renumbered the network addresses so the old numbers were not 
valid which forced the assignment of a new address which was the desired 
effect... when we renumbered the addresses, we basically just changed the 3rd 
octet...


eg: 192.168.0.*/24 -> 192.168.100.*/24

maybe you can do something similar to reach your desired objective?

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] The order of nameservers provided by `server=`

2019-03-25 Thread wkitty42

On 3/25/19 12:14 PM, John Robson wrote:
Don’t think dnsmasq cares what order they are in, it tests them all and chooses 
the fastest to use.



then what good is "strict-order"??


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Config Parcing Bug

2019-01-11 Thread wkitty42

On 1/11/19 7:22 PM, Tasnad Kernetzky wrote:

Hi all,

I wanted to report a bug (at least we belieave it is one). We had a
short discussion over at the archlinux bugtracker
(https://bugs.archlinux.org/task/60366).

In short:


echo 'address=/ab--c.example.com/#' | dnsmasq --test -C -



dnsmasq: error at line 1 of stdin


Althoug the URL is "forbidden":


host 'ab--c.example.com'
host: 'ab--c.example.com' is not a legal IDNA2008 name (string

contains forbidden two hyphens pattern), use +noidnin



is that a punycode domain name? all the one's i've seen are written as

  xn--codehere.invalid

firefox has a specific option we set so we don't get taken in by look-alike 
homographs... specifically the links with unicode characters in them are 
displayed in their punycode form, xn--blahblah... these links explain more if 
some folks don't know about this aspect of the DNS system...


https://en.wikipedia.org/wiki/Internationalized_domain_name#ASCII_spoofing_concerns
https://en.wikipedia.org/wiki/IDN_homograph_attack
https://en.wikipedia.org/wiki/Punycode#Internationalized_domain_names


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] DHCP, how to ignore the client MAC address?

2019-01-10 Thread wkitty42

On 1/10/19 3:26 PM, Michael Schleicher wrote:

As I said, for Linux VM's, I can set a uniq Client-ID that helps, but on
Windows you can not set define a Client-ID (as far as I know).


isn't this the machine name? when i was supporting winwhatever, the install 
generated a machine name... that is the name i saw used in DHCP requests... it 
is the name that was added to the DNS so queries on it would return its current 
IP...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Expand-host multiple domains?

2018-10-09 Thread wkitty42

On 10/09/2018 09:57 AM, Jarno Elonen wrote:

Is it possible to expand hosts file entries against multiple domains with
Dnsmasq? Or perhaps setup a DNAME-like aliasing of hosts in one domain to
another domain?

To clarify, if my "/etc/hosts" contained... 1.2.3.4 host1 4.5.6.7 host2 
...and my domains were "old-domain.com" and "new-domain.com", I'd like to

somehow configure dnsmasq to handle all these queries:
host1 --> 1.2.3.4
host2 --> 4.5.6.7
host1.old-domain.com --> 1.2.3.4
host2.old-domain.com --> 4.5.6.7
host1.new-domain.com --> 1.2.3.4
host2.new-domain.com --> 4.5.6.7


looks like a standard hosts file setup to me... but it could also be done
another way, as well...

eg:
server=/host1.new-domain.com/ip.num.ber.here
server=/host1.old-domain.com/ip.num.ber.here

i think that would work as well as entries in the hosts file for something like
this...

of course, this would only work for those systems looking up on that dnsmasq
instance...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Zone transfer fails without any error

2018-08-04 Thread wkitty42

On 08/04/2018 10:41 AM, Simon Kelley wrote:

OK, I'm confused about the serial problem. I just tested here, and it
works as I described.



do you mean that dnsmasq only increments the serial when a SIGHUP is received 
*OR* it increments the serial any time it is (re)started?



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Zone transfer fails without any error

2018-08-03 Thread wkitty42

On 08/03/2018 12:26 PM, Wojtek Swiatek wrote:

I know that this is not a signal but a restart of the service (I use signals
on a regular basis in my code as well).


ok... we (TINW) don't know your level of expertise ;)



My understanding is that this is a way to reload the configuration (as
mentioned by Simon) without stopping the service.


ummm... in all of the various service control methods i've seen and used in *nix 
over the last 20 or so years, using a restart option simply issues two 
commands... a terminate command followed by a startup command...


AFAIK, SIGHUP is how to tell dnsmasq to ""restart"" without actually 
restarting... if that makes sense...




Do you mean that the right / only way to increase the serial is by sending
the signal?


from what i've read over the years of following this list, it would seem so but 
i've not dug through dnsmasq's code, either...




I do not think so as it would make hosts management very awkward (one would
need not to forget to send the signal) and


that's easy with a script that starts the editor to edit the changes and then 
automatically issues the SIGHUP afterward... that or maybe a cron driven 
watchdog that keeps up with the timestamps on the config files and automatically 
issues SIGHUP or restart when they have changed...



another thread in the past mentioned that the serial is calculated in a smart 
way to always reflect changes.



yes, i remember that... my questions to you are these...

  1. where is the serial number stored?
  2. does dnsmasq issue a new serial each time it is started?
  3. does dnsmasq issue a new serial each time it is started and the config 
files have a different timestamp than the last time it was started?


in your situation, one might wonder what it would take for dnsmasq to work as a 
secondary (or tertiary or more) server... i don't know what is involved in that 
but it may be outside of dnsmasq's purpose/goal...


anyway, i'll be quiet now and read what simon and others have to offer on the 
problem...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Zone transfer fails without any error

2018-08-03 Thread wkitty42

On 08/03/2018 10:29 AM, Wojtek Swiatek wrote:

Le ven. 3 août 2018 à 16:24, Simon Kelley  a écrit :

After you've made changes to /etc/hosts, you need to send SIGHUP to the
dnsmasq process to get it to re-read the file. That  should also
increment the serial. Changes to DHCP allocated addresses should also
increment the serial.

Thank you. I restart the dnsmasq via

systemctl restart dnsmasq



this is not a SIGHUP... the following is one correct way... it is chosen for 
ease and not needing to find the process' PID...


  pkill -SIGHUP dnsmasq


here is another way... slightly more complicated because it does look up the 
PID...

  kill -SIGHUP ${pidof dnsmasq}


you may need to use sudo if you're doing these manually from the command line... 
you can use the signal name or number... the following will show you the list of 
signals, their numbers and a brief description...


  man 7 signal


HTH


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] domain blacklist API..

2018-07-31 Thread wkitty42

On 07/30/2018 10:43 PM, al so wrote:

Is there an API to blacklist certain DNS domains which should get resolved?



do you mean blacklist them with NXDOMAIN even though they do exist?

from dnsmasq.conf

# block these domains with NXDOMAIN
server=/example.com/
server=/facebook.com/
server=/fbcdn.net/
server=/fbcdn.com/
server=/facebook.net/



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Disable IPv6 (AAAA) queries

2018-06-26 Thread wkitty42

On 06/26/2018 04:18 AM, Angelo Ranieri wrote:

My question is about IPv6. Can i block  queries? I would that only A
queries is accept.


which are you asking about blocking?

  1. inbound LAN queries to your dnsmasq?
  2. inbound WAN queries to your dnsmasq?
  3. outbound queries from your dnsmasq to other dns servers on your LAN?
  4. outbound queries from your dnsmasq to other dns servers on the WAN?
  5. all of the above




--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] DHCPv6 with dnsmasq for automated deployments

2018-06-04 Thread wkitty42

On 06/04/2018 07:36 AM, Oliver Freyermuth wrote:

Right now, I only know one could:
- Stop dnsmasq.
- Purge the lease from the leases-file.
- Restart dnsmasq.



i think the process is:

  rewrite the leases file as needed
  HUP dnsmasq

but i'm not positive... if not HUB, maybe one of the other signals... if none of 
them, then something with DBUS...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] UPDATE - failed to create listening socket

2018-05-11 Thread wkitty42



please keep list discussions on the list... there is one answer inline below...


On 05/11/2018 12:03 PM, Pan, Peter wrote:

Thank you for your answer wkitty42
/
why are you trying to assign these addresses to your dnsmasq? from your hosts 
file, they appear to belong to other systems... //


//unless i'm mistaken, this line is the list of addresses on this box that will 
listen for connections... in other words, addresses belonging to this box...


/As far as I understand, I have to delete the IP from dnsmasq.conf
So the right configuration is:

list-address=127.0.0.1
resolv-file:/srv/dns/nameserver.conf

... because all other addresses belong to other systems. But my aim is, to set 
dnsmasq as DNS-Server in my homenetwork, to sum up, another computers shall use 
this DNS-Server too, and if i'm not mistaken, dnsmasq must listen for connection 
to this ip-adresses for the other computers too. As example: The DNS-Server of 
the E2-PC computer is 192.168.178.3, the RASPBERRY-PI-SERVER with dnsmasq.


/to explain the line further, if you have five addresses on this box, you can 
limit it responding to only three of those addresses if you want... //


//what is the local 192.168.178 address for this box? that is the address you 
would list along with localhost... /


Which box do you mean?



the box where you are running dnsmasq...


The local address of the fritzbox, the router (at the 
time the DNS-Server), which is connected with the RASBPERRY-PI, is 192.168.178.1
If I am thinking right, I have to set the IP of the fritzbox along or with 
localhost.


127.0.0.1        localhost
192.168.178.1    fritz.box
127.0.1.1        RASBPERRY-PI-SERVER

Thank you :)




Am 11.05.2018 um 16:50 schrieb wkitt...@gmail.com:

On 05/11/2018 07:08 AM, Pan, Peter wrote:
failed to create listening socket for 192.168.178.15 Cannot assign requested 
address

FAILED to start up
Failed to start dnsmasq - A lightweight DHCP and caching DNS server

My dnsmasq.conf:

listen-address=127.0.0.1,192.168.178.10,192.168.178.12,192.168.178.15


why are you trying to assign these addresses to your dnsmasq? from your hosts 
file, they appear to belong to other systems...


unless i'm mistaken, this line is the list of addresses on this box that will 
listen for connections... in other words, addresses belonging to this box...


to explain the line further, if you have five addresses on this box, you can 
limit it responding to only three of those addresses if you want...


what is the local 192.168.178 address for this box? that is the address you 
would list along with localhost...


[...]

My hosts file:

127.0.0.1   localhost
127.0.1.1   RASPBERRY-PI-SERVER

192.168.178.1   fritz.box.luna.lan fritz.box   ## Router 
FRITZ!Box 7430

192.168.178.10  e1-pc.luna.lan e1-pc   ## Laptop E1-PC
192.168.178.12  e2-pc.luna.lan e2-pc   ## Laptop E2-PC
192.168.178.15  erik-galaxay-a5-2017.luna.lan erik-galaxy-a5-2017 ## 
Smartphone Erik








--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] UPDATE - failed to create listening socket

2018-05-11 Thread wkitty42

On 05/11/2018 07:08 AM, Pan, Peter wrote:

failed to create listening socket for 192.168.178.15 Cannot assign requested 
address
FAILED to start up
Failed to start dnsmasq - A lightweight DHCP and caching DNS server

My dnsmasq.conf:

listen-address=127.0.0.1,192.168.178.10,192.168.178.12,192.168.178.15


why are you trying to assign these addresses to your dnsmasq? from your hosts 
file, they appear to belong to other systems...


unless i'm mistaken, this line is the list of addresses on this box that will 
listen for connections... in other words, addresses belonging to this box...


to explain the line further, if you have five addresses on this box, you can 
limit it responding to only three of those addresses if you want...


what is the local 192.168.178 address for this box? that is the address you 
would list along with localhost...


[...]

My hosts file:

127.0.0.1   localhost
127.0.1.1   RASPBERRY-PI-SERVER

192.168.178.1   fritz.box.luna.lan fritz.box   ## Router FRITZ!Box 
7430
192.168.178.10  e1-pc.luna.lan e1-pc   ## Laptop E1-PC
192.168.178.12  e2-pc.luna.lan e2-pc   ## Laptop E2-PC
192.168.178.15  erik-galaxay-a5-2017.luna.lan erik-galaxy-a5-2017 ## 
Smartphone Erik



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] [PATCH] Remove upper limit of 10, 000 for cache size

2018-05-10 Thread wkitty42

On 05/08/2018 05:16 PM, Dominik wrote:

Hey Simon,

removing the upper limit will not change anything except for the few
users that have set this value manually to a very large number. However,
if they did so they were surely not expecting that dnsmasq could just
ignore their setting.



agreed...

->8 snip /etc/dnsmasq.conf 8<-
# Configuration file for dnsmasq.
#Dnsmasq version 2.59  Copyright (c) 2000-2011 Simon Kelley
#Compile time options no-IPv6 GNU-getopt no-DBus no-i18n DHCP TFTP no-conntrack 
no-IDN

[...]
# Make the cache large enough to be useful
cache-size=5
[...]
->8 snip /etc/dnsmasq.conf 8<-


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Using a variable in the address option in dnsmasq.conf

2018-03-02 Thread wkitty42

On 03/02/2018 07:46 AM, Petr Menšík wrote:

and then generate your file any way you need. For example in bash

echo "# Autogenerated file, do not edit by hand" >
/etc/dnsmasq.d/blocked.conf
for DOMAIN in 2o7.net 2mdm.net
   do echo "address=/$DOMAIN/$MYIP" >> /etc/dnsmasq.d/blocked.conf
done



even better would be...


echo "# Autogenerated file, do not edit by hand" > /etc/dnsmasq.d/blocked.conf
for DOMAIN in 2o7.net 2mdm.net facebook.com fbcdn.net fbcdn.com facebook.net
  do echo "server=/$DOMAIN/" >> /etc/dnsmasq.d/blocked.conf
done


so dnsmasq will return NXDOMAIN for blocked domains :evilBOFHgrin:


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] [RFC] dns: add option to ban domains

2017-08-08 Thread wkitty42

On 08/08/2017 04:06 AM, Matteo Croce wrote:

2017-08-08 4:26 GMT+02:00  :

On 08/07/2017 06:02 PM, Matteo Croce wrote:


I propose adding an option to allow banning some domains.

add `--ban-hosts' which accepts a file name which contains a list of
domains to block, one per line.
Domains are blocked by simply returning NXDOMAIN.


is the following in dnsmasq.conf broken???

# block these domains with NXDOMAIN
server=/example.com/
server=/facebook.com/
server=/fbcdn.net/
server=/fbcdn.com/
server=/facebook.net/


Nope, but it's unpractical when the ban list is huge


impractical?


# wc -l /etc/banhosts
13090 /etc/banhosts

also, having it in a separate file will allow updating it without
messing with the configuration file



well, you asked for comments so i did... as for separate files, can't it be done 
in another file that is included in the main one? i can't remember if dnsmasq 
allows one to include additional files or not...


eg: include bannedhosts.conf


maybe i'm just not seeing the overall point as compared to existing 
capabilities?


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] [RFC] dns: add option to ban domains

2017-08-07 Thread wkitty42

On 08/07/2017 06:02 PM, Matteo Croce wrote:

I propose adding an option to allow banning some domains.

add `--ban-hosts' which accepts a file name which contains a list of
domains to block, one per line.
Domains are blocked by simply returning NXDOMAIN.



is the following in dnsmasq.conf broken???


# block these domains with NXDOMAIN
server=/example.com/
server=/facebook.com/
server=/fbcdn.net/
server=/fbcdn.com/
server=/facebook.net/



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Dnsmaq giving default gateway address as dns server on DHCP offer

2017-08-05 Thread wkitty42

On 08/05/2017 11:43 AM, /dev/rob0 wrote:
Yes, there is an option you can use in dnsmasq.conf to change the 
nameserver[s] given to DHCP clients, but why do you want that?  See the

dnsmasq(8) manual for details.


one possibility is on an AD network where all device DNS lookups go through the 
AD controller... the AD controller then talks to dnsmasq running on the 
perimeter firewall and handles the lookups to outside DNS servers... everything 
inside the AD network being restricted to the AD network so no individual 
devices can make lookups outside... they can only talk to the AD controller for 
DNS and the AD controller can only talk to dnsmasq for DNS... the AD controller 
is not the perimeter device for traffic headed outside of the AD network... the 
perimeter firewall running dnsmasq is, though...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list unless*
   *a signed and pre-paid contract is in effect with us.*

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] [PATCH] Nack requests for unknown leases.

2017-04-24 Thread wkitty42

On 04/24/2017 05:16 AM, Alin Năstac wrote:

On Sun, Apr 23, 2017 at 5:46 PM, Simon Kelley  wrote:

When the client sends the discovery packet, dnsmasq will notice that the
requested address is in use by another client, and offer a different
address instead.


You did not understood the scenario. The host that already use the requested
IP address is statically configured to use it (in other words dnsmasq does
not have a lease for the given IP address).

While at it, you might consider fixing the scenario in which a client fills a
DHCP discovery message with an option-50 containing an IP address that is
already used by another statically configured host.


in the above two paragraphs, you use the phrase "statically configured"... do 
you mean "pseudo-statically configured"?


"pseudo-static" where the DHCP gives the same IP to the same MAC all the time

versus

"static" where the machine is configured locally to use a specific IP address

in the first case, the system will be configured for DHCP and will have to ask 
for its address... in the second case, the system will never talk to the DHCP 
server...


something we found in a firewall product was that one must configure their 
dynamically assigned pool to exclude their static and pseudo-static IP address 
ranges otherwise there is the very real possibility that the DHCP server will 
hand out addresses already in use by other systems...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Making dnsmasq make OFFER faster than virtualbox NAT DHCP

2017-01-23 Thread wkitty42

On 01/23/2017 06:49 AM, Simon Kelley wrote:

Actually, it's permitted to have more than once DHCP server, but the client
is entitled to wait for some time to hear from them all, and then pick
whichever one it prefers,


that's interesting... i can't say that i've ever heard that before... maybe it 
has been corporate policy on all the networks i've dealt with over the years?


it is something that i may do more research on because i don't want to pass bad 
information as i have apparently just done... do you have any pointers to 
documentation on this aspect of DHCP servers?



so trying to implement server priority by speed-of-reply is doomed to
failure.


yup! seems to be that way :)

thanks for the clarification!

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Making dnsmasq make OFFER faster than virtualbox NAT DHCP

2017-01-22 Thread wkitty42

On 01/22/2017 08:02 PM, Sebastian Tarach wrote:

Hello,

I'm trying to make *dnsmasq* work on my Debian Virtualbox guest but I keep
getting reply from my VBox host DHCP first.


there should only ever be one DHCP server running on any net segments... turn 
off or otherwise disable all the others and you should see the results you desire...


FWIW: rogue DHCP servers are the bane of sysdamins everywhere...

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Sequential IP doesn't look for unused IPs

2016-12-24 Thread wkitty42

On 12/23/2016 08:04 PM, Alec Robertson wrote:

When using sequential IP, the IP allocation should start from the lowest
available IP address.


this depends on the implementation... some start at the bottom (lowest) and 
others start at the top (highest)... where they start does not really matter... 
the *nix systems i've worked with all started at the top when allocating IPs to 
non-psuedo-static systems... IIRC, winwhatever is the only one i've worked with 
that started at the bottom...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Windows ipv6 hostname

2016-12-20 Thread wkitty42

On 12/20/2016 07:26 PM, Markus Hartung wrote:

$ cat /var/lib/misc/dnsmasq.leases
1482365715 3e:XX:XX:XX:XX:02 192.168.1.184 * 01:3e:XX:XX:XX:XX:02
1482334524 00:YY:YY:YY:YY:67 192.168.1.133 hostname *

I have masked the MAC-address,



MACs are only good on the local link... once through a router, the original MACs 
are lost to anything further down stream... this is like masking RFC-1918 
addresses ;)



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] DNSMASQ fails to start on boot

2016-10-19 Thread wkitty42

On 10/19/2016 12:06 AM, David Griffiths wrote:

I found a discussion talking about the same problem on Ubuntu but the
recommended fix did not work for me :-(
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1531184

It is a case of DNSMASQ starting before the network is ready.

Any suggestions please?


you can't have your DNSMASQ start up script check to see if the network is up 
before starting DNSMASQ? systemd isn't involved in your RPi installation, is it? 
the older style init.d scripts (sysV??) should be much easier to work with... 
check the interfaces' statuses with the ip or ipconfig command and see if they 
are ready to be used...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Dnsmasq not resolving addresses for an hour

2016-10-14 Thread wkitty42

On 10/14/2016 02:52 AM, Vladislav Grishenko wrote:

Hi, Albert,


1. HAVE_BROKEN_RTC should be used for, well, broken RTCs. Here, we are
not dealing with broken RTC.


Root issue from original mail:

One of which acknowledges potential problem if the clock goes backwards...

As for me it's indeed broken RTC behavior, not?


not... what defines a "broken RTC"? the time can easily be set back during a NTP 
update... how far back can it be set before there's a problem? 1 millisecond? 1 
hundredth of a second? 1 tenth of a second? 1 second?



case in point: recovering from Hurricane Matthew... three days without power... 
while bring up the network, several machines had reverted to their default time 
settings in the BIOS... on several of them, that was back in 2002... the people 
bringing the machines up set the BIOS time manually and allowed the boot to 
continue... on some machines, NTP syncing is run from cron at some time 
period... others use NTP and adjust the clock by drift... manually setting the 
time and then allowing NTP to set it more accurately can easily result in the 
clock being set back by NTP... we won't even mention the problem of setting the 
clock to local time and the machine using UTC so when NTP syncs, there can be a 
huge (4, 5, 6, 7, 8+) hour jump backwards...



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Static IP client question

2016-08-07 Thread wkitty42

On 08/07/2016 10:29 AM, Edward Crosby wrote:

So, in the /etc/dnsmasq.conf file configure the DHCP settings to always give
a specific IP address to my PC? Sort of like a reserved IP in Windows DHCP
server?


it is called psuedo-static because it is static handed out by dhcp based on the 
MAC address... it is a trick some ISPs use when they sell you a static IP for 
$100US a year and it takes less than 2 minutes to put in the configuration... 
you have to remember, though, that if you change your NIC, you have to adjust 
the dhcp configuration for the new MAC, too...



we use psuedo-static here on all our systems... it makes it much easier to 
control when/if any network address renumbering has to be done... change the 
assigned IP numbers and let the lease expirations take care of the systems 
getting their new numbers... then maybe go around later and deal with shared 
resources that are using IP numbers instead of host names ;)



--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] dnsmasq to provide public DNS service

2016-07-15 Thread wkitty42



also replied off-list...


On 07/13/2016 08:21 PM, T o n g wrote:

After struggled for a few days, I finally decided that I should reply, to
bring some closure on this. Thank you for all these days of your tireless
help. However, my conclusion is still the same as my first post -- dnsmasq is
unable to provide public DNS service -- It can be used as DNS server for
local host, or local network, but just not for the general public. We've
ruled out everything possible, and the only thing left is dnsmasq.

I.e., if there is any probelm with my ISP or my hosting provider, I wouldn't
have been able to start a working second SSH session listening to port 53
(instead of 22).


you have missed the point... SSH is TCP... DNS is UDP... DNS switches to TCP 
/ONLY/ if the reply is too large... these other services you're switching in to 
test with are not UDP and that's the flaw in your testing... it is UDP on port 
53 that your ISP is apparently blocking... if you want to test properly, then 
you need to set up a UDP service on port 53 and see if it works from outside 
your ISP...



In other words, all else the same, swap in SSH to listen to port 53, it
works; swap in dnsmasq, and it fails. With all else the same, dnsmasq is the
only problem.


see above... you must compare apples and apples... you cannot compare TCP 
software against UDP software... that's apples and oranges and you will/have 
come to the wrong conclusion via improper testing and invalid results data...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] [PATCH] fix for netlink ENOBUF problem

2016-07-04 Thread wkitty42

On 07/04/2016 11:29 AM, Ivan Kokshaysky wrote:

To fix that we need to purge the netlink buffer on ENOBUF error. With the
appended patch dnsmasq is running flawlessly for about a month.


why are the messages not removed from the buffer when they are processed? or are 
they and there's simply too many messages coming in to handle?


how large is the buffer? can it be made larger to handle the larger amount of 
message traffic?


what problem(s) will requesting devices run into when there is no response to 
their query when the message is flushed?


would fixing/solving (one of?) the above be better than flushing?

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Sending a fake reply to client by dnsmasq

2016-06-14 Thread wkitty42

On 06/14/2016 08:30 AM, ravin goyal wrote:

Hi Sir

I actually need to do it in code rather than in the conf file itself.
Can you tell me that i am making changes at right function and in the right file
or should i do something else?

I hope you get the idea behind what i am trying to do here


can you be more explicit as to why you need/want to do this and why the address 
lines won't work in your use case?


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] dnscrypt -dnssec problems

2016-05-25 Thread wkitty42

On 05/25/2016 03:24 PM, Johnny Appleseed wrote:

dig +dnssec wikipedia.org
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.8.3-P1 <<>> +dnssec wikipedia.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33183
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096


why is this EDNS udp 4096 but

[...]

  dig +dnssec wikipedia.org

; <<>> DiG 9.8.3-P1 <<>> +dnssec wikipedia.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13239
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1280


this one is only 1280??

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] ProxyDHCP mode is broken for serving ipxe.efi to UEFI pxe clents

2016-05-08 Thread wkitty42

On 05/08/2016 06:52 AM, Dreamcat4 wrote:

But it is bad for each UEFI pc users going forwards to know to need to
manually specify:

pxe-skip-menu=X86-64_EFI
pxe-skip-menu=BC_EFI

Every time around. Because that is nearly everybody going forwards. How to
solve? Can we then make the option logic work better?


how about going the other way... reverse the logic so that those two are skipped 
all the time... then only if they are needed, add an option to enable them...


  pxe-add-menu=X86-64_EFI
  pxe-add-menu=BC_EFI

in this manner, ONLY those that need to support the above UEFI mess need add the 
option(s)... everyone else sails on clean clear waters none the wiser ;)


if other UEFIs are found needing to be skipped, they can be added to the next 
binary with new options like the above...


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] On a 64bit system, what switches create a 32bit binary.

2016-04-12 Thread wkitty42

On 04/11/2016 11:42 PM, Rob Townley wrote:

My name server runs on 32bit hardware, but all other machines are 64bit OS on
64bit hardware.

egrep -R -i '386|x86|32bit' did not come back with much relevant info.

dnsmasq runs on all kinds of disparate hardware, so i know it is done everyday.

(CentOS6 systems.)


what are you asking? how to cross-compile on one of your 64bit machines to 32bit 
so you can run your self-built dnsmasq over there??


--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] Why does dnsmasq append a local domain in DNS queries?

2016-01-08 Thread wkitty42

On 01/08/2016 07:29 AM, Mikhail Morfikov wrote:

Also, though I don't see further log, I suspect that there were no requests like

That's the full log. I mean, this is what happened after trying to use
"ping dupaa.com".


perhaps you should have used "ping dupaa.com." instead?

in one of my other lives we learned that if you don't also want the local domain 
to be searched, you must add the trailing dot to signify that that is the end of 
the domain and no additional searches should be done... we see this with all 
manner of DNS clients...


just tossing that out there... maybe it will help?

--
 NOTE: No off-list assistance is given without prior approval.
   *Please keep mailing list traffic on the list* unless
   private contact is specifically requested and granted.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss