Re: [Dnsmasq-discuss] Ability to not bind :: for DNS when binding wildcard
On 06/07/2020 14:05, Matthias May wrote: > Hi Dominik > > Well the system in question has > net.ipv6.conf.all.disable_ipv6 = 1 > thus the expected output would be that no IPv6 bindings exist at all. > I kind of understand that when IPv6 is disabled, that one would not expect to > see :::53 in netstat -nlp > On the other hand i also see that if no IPv6 address exist on the system, > there is not much that can be done with :::53. > In the end probably more a cosmetic issue. > I was thinking into the direction that create_wildcard_listeners checks by > itself if the system has IPv6 > enabled/disabled, and also expose this as a manual know for an user to set. > I'd rather have something that checked the value of net.ipv6.conf.all.disable_ipv6 than yet another configuration option. A patch which 1) Added a function in src/util.c to check the value of something under /proc/sys 2) Added code to call that and avoid the bind in create_wildcard_listeners both taking into account that this has to compile on platforms other than linux (#ifdef HAVE_LINUX_NETWORK) would be fine. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Ability to not bind :: for DNS when binding wildcard
On Mon, Jul 06, 2020 at 03:05:28PM +0200, Matthias May wrote: > On 06/07/2020 14:54, Dominik wrote: > > On 06.07.20 14:09, Matthias May wrote: > >> Hi List > >> > >> I have run into the situation, that a customer wants to only bind the DNS > >> service to 0.0.0.0 but not to :: > >> > >> I'm not sure this is possible. > >> While i was able to make a config which binds only to 0.0.0.0 through a > >> combination of > >> --use-interfaces and --except-interface this results in a dnsmasq instance > >> which does not handle DHCP anymore. > >> I'm think i understand why this does not work. > >> > >> However i want to check with the list, if this is a reasonable need, and > >> if i should send a patch > >> which adds support for something like: > >> --disable-ipv6-on-wildcard and --disable-ipv4-on-wildcard > >> which would change the behaviour of > >> void create_wildcard_listeners(void) > >> so it doesn't unconditionally bind ipv4 and ipv6. > >> > > > > more out of curiosity than anything else: What is a proper reason to > > bind only to IPv4 but not IPv6 (or vice versa)? > > Just checking here that your customer doesn't maybe want something silly > > and you should rather explain to them why they actually don't want this. > > > > Well the system in question has > net.ipv6.conf.all.disable_ipv6 = 1 > thus the expected output would be that no IPv6 bindings exist at all. > I kind of understand that when IPv6 is disabled, that one would not expect to > see :::53 in netstat -nlp Me too ... > On the other hand i also see that if no IPv6 address exist on the > system, there is not much that can be done with :::53. In the end > probably more a cosmetic issue. I do call it plain ugly :-) > I was thinking into the direction that create_wildcard_listeners > checks by itself if the system has IPv6 enabled/disabled, and also > expose this as a manual know for an user to set. Eat your heart out. Do feel free to share the patches with the mailing. Wouldn't is be easier to compile with IPv6 disabled? Regards Geert Stappers P.S. Thanks for making it possible to read in the discussion order -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Ability to not bind :: for DNS when binding wildcard
On 06/07/2020 14:54, Dominik wrote: > Hey Matthias, > > more out of curiosity than anything else: What is a proper reason to > bind only to IPv4 but not IPv6 (or vice versa)? > Just checking here that your customer doesn't maybe want something silly > and you should rather explain to them why they actually don't want this. > > Best, > Dominik > > On 06.07.20 14:09, Matthias May wrote: >> Hi List >> >> I have run into the situation, that a customer wants to only bind the DNS >> service to 0.0.0.0 but not to :: >> >> I'm not sure this is possible. >> While i was able to make a config which binds only to 0.0.0.0 through a >> combination of >> --use-interfaces and --except-interface this results in a dnsmasq instance >> which does not handle DHCP anymore. >> I'm think i understand why this does not work. >> >> However i want to check with the list, if this is a reasonable need, and if >> i should send a patch >> which adds support for something like: >> --disable-ipv6-on-wildcard and --disable-ipv4-on-wildcard >> which would change the behaviour of >> void create_wildcard_listeners(void) >> so it doesn't unconditionally bind ipv4 and ipv6. >> >> BR >> Matthias >> >> >> ___ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss@lists.thekelleys.org.uk >> https://urldefense.com/v3/__http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss__;!!I9LPvj3b!V_9ABHu8eKgVy3xd9I6XSvL3h1FgWCD-d4ldIkDUtXrgG4q0UMBxPwUTFAZdoUgQyyo$ >> Hi Dominik Well the system in question has net.ipv6.conf.all.disable_ipv6 = 1 thus the expected output would be that no IPv6 bindings exist at all. I kind of understand that when IPv6 is disabled, that one would not expect to see :::53 in netstat -nlp On the other hand i also see that if no IPv6 address exist on the system, there is not much that can be done with :::53. In the end probably more a cosmetic issue. I was thinking into the direction that create_wildcard_listeners checks by itself if the system has IPv6 enabled/disabled, and also expose this as a manual know for an user to set. BR Matthias ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Ability to not bind :: for DNS when binding wildcard
Hey Matthias, more out of curiosity than anything else: What is a proper reason to bind only to IPv4 but not IPv6 (or vice versa)? Just checking here that your customer doesn't maybe want something silly and you should rather explain to them why they actually don't want this. Best, Dominik On 06.07.20 14:09, Matthias May wrote: > Hi List > > I have run into the situation, that a customer wants to only bind the DNS > service to 0.0.0.0 but not to :: > > I'm not sure this is possible. > While i was able to make a config which binds only to 0.0.0.0 through a > combination of > --use-interfaces and --except-interface this results in a dnsmasq instance > which does not handle DHCP anymore. > I'm think i understand why this does not work. > > However i want to check with the list, if this is a reasonable need, and if i > should send a patch > which adds support for something like: > --disable-ipv6-on-wildcard and --disable-ipv4-on-wildcard > which would change the behaviour of > void create_wildcard_listeners(void) > so it doesn't unconditionally bind ipv4 and ipv6. > > BR > Matthias > > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Ability to not bind :: for DNS when binding wildcard
Hi List I have run into the situation, that a customer wants to only bind the DNS service to 0.0.0.0 but not to :: I'm not sure this is possible. While i was able to make a config which binds only to 0.0.0.0 through a combination of --use-interfaces and --except-interface this results in a dnsmasq instance which does not handle DHCP anymore. I'm think i understand why this does not work. However i want to check with the list, if this is a reasonable need, and if i should send a patch which adds support for something like: --disable-ipv6-on-wildcard and --disable-ipv4-on-wildcard which would change the behaviour of void create_wildcard_listeners(void) so it doesn't unconditionally bind ipv4 and ipv6. BR Matthias ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss