Can you please unsubscribe me from your mailing list? Thanks!
On Tue, Jul 9, 2019 at 6:05 AM < dnsmasq-discuss-requ...@lists.thekelleys.org.uk> wrote: > Send Dnsmasq-discuss mailing list submissions to > dnsmasq-discuss@lists.thekelleys.org.uk > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > or, via email, send a message with subject or body 'help' to > dnsmasq-discuss-requ...@lists.thekelleys.org.uk > > You can reach the person managing the list at > dnsmasq-discuss-ow...@lists.thekelleys.org.uk > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Dnsmasq-discuss digest..." > > > Today's Topics: > > 1. Improvement: new disabled logging facility (Alexandre Besnard) > 2. REFUSED PTR queries without recursion desired (Chiang Fong Lee) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 8 Jul 2019 14:51:17 +0200 > From: Alexandre Besnard <alexandre.besn...@softathome.com> > To: dnsmasq-discuss@lists.thekelleys.org.uk > Subject: [Dnsmasq-discuss] Improvement: new disabled logging facility > Message-ID: <17175a23-0175-99ba-c3c3-80ab2943e...@softathome.com> > Content-Type: text/plain; charset=utf-8; format=flowed > > Hello everyone, > > here is an improvement proposal for logs, which I may implement if it > makes sense. > > > As I understand it, disabling logs for dnsmasq is usually done by > disabling the log-queries, whatever the selected facility. > > As far as I looked into the code, there is no 'no output' facility to > select. > > Would it make sense to add such a facility, which entirely disables > logging when selected? > > In my opinion, that would make the 'no logging' wish a bit clearer and > cleaner (it may even gain a tiny little bit of performance?), with a > pretty simple implementation. > > > Thanks for your opinion, > > > Alexandre > > > > ------------------------------ > > Message: 2 > Date: Tue, 9 Jul 2019 18:24:30 +0800 > From: Chiang Fong Lee <mys...@cflee.net> > To: dnsmasq-discuss@lists.thekelleys.org.uk > Subject: [Dnsmasq-discuss] REFUSED PTR queries without recursion > desired > Message-ID: <7f61687a-4b32-44d3-9ba2-aa11700b5...@cflee.net> > Content-Type: text/plain; charset=utf-8 > > Hello, > > I?m having some trouble getting dnsmasq to respond to PTR queries without > recursion desired, even when authoritative mode is enabled. > > Given the following config: > domain-needed > bogus-priv > no-resolv > no-hosts > port=10053 > server=/example.com/ > log-queries > host-record=host1.example.com,10.2.3.4 > > Observed results: > Query host1.example.com A (with recursion) - NOERROR, returns answer > Query host1.example.com A (without recursion) - REFUSED > Query 4.3.2.10.in-addr.arpa PTR (with recursion) - NOERROR, returns answer > Query 4.3.2.10.in-addr.arpa PTR (without recursion) - REFUSED > > Given the above config, plus the following two lines to enable > authoritative mode: > auth-server=ns1.example.com > auth-zone=example.com,10.0.0.0/8 > > Observed results: > Query host1.example.com A (with recursion) - NOERROR, returns answer > Query host1.example.com A (without recursion) - NOERROR, returns answer > Query 4.3.2.10.in-addr.arpa PTR (with recursion) - NOERROR, returns answer > Query 4.3.2.10.in-addr.arpa PTR (without recursion) - REFUSED > > Expected results: > Enabling auth mode for the zone, and specifying the subnet, would result > in the last PTR query being accepted instead of refused. > > The log lines seen when the REFUSED occurs are: > dnsmasq_1 | Jul 9 09:42:06 dnsmasq[1]: query[PTR] 4.3.2.10.in-addr.arpa > from 172.19.0.1 > dnsmasq_1 | Jul 9 09:42:06 dnsmasq[1]: config error is REFUSED > > Version info: > Dnsmasq version 2.80 Copyright (c) 2000-2018 Simon Kelley > Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 > no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile > > I was looking through the source and I?m guessing that PTR queries don?t > ever trigger the auth zone path, since the query ends in ?in-addr.arpa? > instead of the auth-zone domain like ?example.com?. Once it reaches the > regular answer_request path, it immediately returns since the RD flag is > not set, without checking host-records, and proceeds to forward the query > instead. > > Is this intended behaviour? The 2.79 CHANGELOG states that this > always-SERVFAIL (or forward, in 2.80) behaviour for queries without > recursion desired should always happen ?UNLESS acting as an authoritative > DNS server?, without a caveat that it only works for non-reverse DNS > queries. > > Thanks, > Chiang Fong > > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > ------------------------------ > > End of Dnsmasq-discuss Digest, Vol 170, Issue 5 > *********************************************** > -- Jayke Peters jaykepet...@gmail.com +1 (320) 428-0505
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss