Re: [Dnsmasq-discuss] Change in dnsmasq.leases behaviour?

2013-02-10 Thread Kevin Darbyshire-Bryant
On 10/02/2013 15:49, Vladislav Grishenko wrote: Hi, Kevin probably it's because while dnsmasq upgrading, tomato-specific patches were rollbacked/missed, one of them includes custom lease expiration time. if you're interested, take a look at dnsmasq changes in recent asuswrt fws. thay have

Re: [Dnsmasq-discuss] Enable HAVE_IPSET by default

2013-03-21 Thread Kevin Darbyshire-Bryant
On 21/03/2013 10:08, Simon Kelley wrote: snip Finally, if it's going to be on by default, and given the limited size delta/lack of library definitions, there's an argument for not making it compile-time selectable at all. Every compile-time switch contributes to the combinatorial explosion

[Dnsmasq-discuss] Config file behaviour - change/bug/feature - comments

2013-03-27 Thread Kevin Darbyshire-Bryant
Hi Simon, As previously mentioned I got 2.66test16 into a recent version of Tomato router firmware which means it's now out in the wild and being used. An obscure corner case change in behaviour has been observed, relating to disabling and then re-enabling dhcp service on an interface, and

Re: [Dnsmasq-discuss] Config file behaviour - change/bug/feature - comments

2013-03-27 Thread Kevin Darbyshire-Bryant
On 27/03/2013 17:40, Kevin Darbyshire-Bryant wrote: Hi Simon, snip Right, now that I've had the problem further clarified to me, here's the real issue. In essence, dnsmasq when parsing options uses the values from the first instance of a parameter and not (as before) the last. Bug? Feature

Re: [Dnsmasq-discuss] Config file behaviour - change/bug/feature - comments

2013-03-29 Thread Kevin Darbyshire-Bryant
snip Ahh, but there's the rub, the first instance of dhcp-option=br0,... is generated automatically by the router software and cannot be changed, it's why we need to be able to override it. Ok. will have to think harder about this, in that case. Sorry! But I'm now concerned about your

[Dnsmasq-discuss] Apple iOS beating hell out of DHCP

2013-04-08 Thread Kevin Darbyshire-Bryant
Does anyone else see Apple iDevices making lots of repeated DHCP renewal requests in their dnsmasq log files? Kevin smime.p7s Description: S/MIME Cryptographic Signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk

Re: [Dnsmasq-discuss] IPv6 constructor option - confused!

2013-05-02 Thread Kevin Darbyshire-Bryant
On 02/05/2013 09:36, Simon Kelley wrote: On 01/05/13 16:26, Kevin Darbyshire-Bryant wrote: Hi Simon, I find myself confused by the use of the constructor option for building DHCPv6 address ranges. edited dnsmasq.conf file: enable-ra dhcp-range=tag:br0,::1, ::, constructor:br0, ra

Re: [Dnsmasq-discuss] IPv6 constructor option - confused!

2013-05-02 Thread Kevin Darbyshire-Bryant
On 02/05/2013 13:02, Kevin Darbyshire-Bryant wrote: Specifying the router's LAN IPv6 address as the start of the range was not how I anticipated this option to work. And I don't think you do either based upon your above description. So is this an oversight or some tomato based wierdness

Re: [Dnsmasq-discuss] IPv6 constructor option - confused!

2013-05-02 Thread Kevin Darbyshire-Bryant
On 02/05/2013 13:09, Kevin Darbyshire-Bryant wrote: Ahhh! Right, a clue: Changing enable-ra dhcp-range=tag:br0,::100, :::::, constructor:br0, ra-names, 12h to enable-ra dhcp-range=::100, :::::, constructor:br0, ra-names, 12h makes it work as expected

Re: [Dnsmasq-discuss] IPv6 constructor option - confused!

2013-05-02 Thread Kevin Darbyshire-Bryant
On 02/05/2013 17:00, Simon Kelley wrote: It is how I expected it to work, exactly. DHCP-PD client gets prefix, and assigns prefix::1 to LAN interface. dnsmasq gives addresses between prefix::2 and prefix::whateveryouwant to clients on the LAN. Which (contrived case) isn't ideal if for

Re: [Dnsmasq-discuss] IPv6 constructor option - confused!

2013-05-07 Thread Kevin Darbyshire-Bryant
On 02/05/2013 17:54, Kevin Darbyshire-Bryant wrote: Suggest an alternative, given that constructing a DHCP range based on any address in a prefix is not desirable. H, what about seeing if the interface in question has an address inside the DHCP constructed range and if it does then use

Re: [Dnsmasq-discuss] replace dnsmaq by radvd

2013-05-15 Thread Kevin Darbyshire-Bryant
Sorry top posted I know. However constructor options requires interface to have host address match the start point of your constructor option before it will pick up the prefix. So BR-private must have address prefix::1 so it matches the constructor range. Hope that helps Kevin -- Cheers,

Re: [Dnsmasq-discuss] replace dnsmaq by radvd

2013-05-23 Thread Kevin Darbyshire-Bryant
On 22/05/2013 22:43, Moritz Warning wrote: Sorry for the delay - life is busy. :) Actually the ip address of br-private is of type prefix::1 root@OpenWrt:~# ip -6 address show dev br-private 8: br-private: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 inet6 fdef:17a0:ffb1:1::1/64 scope

[Dnsmasq-discuss] Clarification of prefix length field in dhcp-range

2013-10-05 Thread Kevin Darbyshire-Bryant
Hi All, dnsmasq2.67rc3 - possibly odd behaviour, probably I misunderstand :-) I have an interface that has a /64 on it. dnsmasq.conf has amongst other things dhcp-range=::100, ::F::, constructor:br0, ra-names, 64, 12h enable-ra This picks up the /64 prefix, allocates a DHCPv6 range

Re: [Dnsmasq-discuss] Clarification of prefix length field in dhcp-range

2013-10-06 Thread Kevin Darbyshire-Bryant
On 05/10/2013 22:43, Quintus wrote: Am Sat, 5 Oct 2013 14:21:26 +0100 schrieb Kevin Darbyshire-Bryant ke...@darbyshire-bryant.me.uk: Hi All, Hi Kevin, dnsmasq2.67rc3 - possibly odd behaviour, probably I misunderstand :-) I have an interface that has a /64 on it. dnsmasq.conf has amongst

Re: [Dnsmasq-discuss] Clarification of prefix length field in dhcp-range

2013-10-08 Thread Kevin Darbyshire-Bryant
On 08/10/2013 11:42, Simon Kelley wrote: This is definitely a bug. Sorry Simon! Historically, the prefix-length in the dhcp-range has had to match the prefix length configured into the interface. This was carried over from DHCPv4. If, as an experiment, you stop using constructed ranges and

Re: [Dnsmasq-discuss] gatway

2013-10-09 Thread Kevin Darbyshire-Bryant
On 08/10/2013 12:09, Vladislav Grishenko wrote: snip Since RA can be very frequent, is it ever worth to log with LOG_INFO level every unsolicited RTR-ADVERT? It just floods syslog and has no other meaning in my opinion. Best Regards, Vladislav Grishenko

[Dnsmasq-discuss] Bug in dhcpv4 quiet-dhcp option

2013-10-23 Thread Kevin Darbyshire-Bryant
Hi Simon, I think there's a bug in the quiet-dhcp option. In essence no dhcpv4 logging is performed unless the log option is also enabled. I think the code should be: diff --git a/src/rfc2131.c b/src/rfc2131.c index 0ee7c90..dd67509 100644 --- a/src/rfc2131.c +++ b/src/rfc2131.c @@

Re: [Dnsmasq-discuss] dnsmasq 2.62-3 as DHCPv6-Server and RA-Server: Bug sending router's link-local instead of global address as gateway and DNS-server?

2014-01-21 Thread Kevin Darbyshire-Bryant
On 21/01/2014 10:40, Martin Babutzka wrote: Hello, We are using this great piece of software so far as DNS cacher but want to implement it also as IPv6 server by now. DHCPv4 is handled by another software at the moment (isc-dhcp-server) but we think the dnsmasq 2.62-3 is quite suitable for

Re: [Dnsmasq-discuss] dnsmasq using 100% cpu on router

2014-04-24 Thread Kevin Darbyshire-Bryant
On 24/04/2014 20:49, Simon Kelley wrote: On 24/04/14 20:41, David Joslin wrote: Thanks for the reply, Simon. DNSSEC isn't enabled. I wonder if the pattern of the problem gives any clues... As I said, on a normal day with around 40-50 clients on the network there is no problem at all with

Re: [Dnsmasq-discuss] dnsmasq using 100% cpu on router

2014-04-28 Thread Kevin Darbyshire-Bryant
On 25/04/2014 09:37, David Joslin wrote: Hi Kevin and thanks for the help. Apologies for delay in reply. Is it possible to upgrade the dnsmasq version on the router without waiting for the author of the tomato firmware to include a later version in a release of his firmware (and you mentioned

Re: [Dnsmasq-discuss] Inotify code older linux

2015-01-24 Thread Kevin Darbyshire-Bryant
On 23/01/2015 14:07, Simon Kelley wrote: Yes, that's fine. It'll be a couple of days before I have time to do the work. Cheers, Simon. On 22/01/15 09:09, Kevin Darbyshire-Bryant wrote: Hi Simon I'm wondering if you'd consider putting the new 'inotify' related code as a compile time

[Dnsmasq-discuss] dnssec-no-timecheck enhancement idea

2015-02-07 Thread Kevin Darbyshire-Bryant
Hi Simon, I've no idea how to go about coding this but I've an idea/requirement for something along these lines. It's similar to 'dnssec-no-timecheck' chicken egg but a bit more automated. 1) Set a 'check signature time' flag as false. 2) If flag is false, then check the current time of day.

[Dnsmasq-discuss] Inotify code older linux

2015-01-22 Thread Kevin Darbyshire-Bryant
Hi Simon I'm wondering if you'd consider putting the new 'inotify' related code as a compile time option please. Unfortunately there are a few router based projects that rely on old kernels without inotify support. I've included a patch that I've hopefully generated coded correctly that wraps

Re: [Dnsmasq-discuss] Inotify code older linux

2015-01-25 Thread Kevin Darbyshire-Bryant
On 22/01/2015 09:09, Kevin Darbyshire-Bryant wrote: In addition: include the inotify build status as part of the version string: diff --git a/src/config.h b/src/config.h index cdca231..eaa0423 100644 --- a/src/config.h +++ b/src/config.h @@ -425,6 +425,10 @@ static char *compile_opts

Re: [Dnsmasq-discuss] dnssec-no-timecheck enhancement idea

2015-02-09 Thread Kevin Darbyshire-Bryant
On 09/02/2015 16:02, Simon Kelley wrote: On 09/02/15 13:21, Kevin Darbyshire-Bryant wrote: Further to my previous email I've cobbled something together, and it even appears to work. There's quite a bit of coding guesswork going on here and I really shouldn't be let anywhere near a C

Re: [Dnsmasq-discuss] dnssec-no-timecheck enhancement idea

2015-02-14 Thread Kevin Darbyshire-Bryant
On 14 Feb 2015, at 14:47, Simon Kelley si...@thekelleys.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/02/15 12:01, Kevin Darbyshire-Bryant wrote: The principle I agree with. I'm wondering about the mechanics of accessing this NVRAM 'last good time

Re: [Dnsmasq-discuss] dnssec-no-timecheck enhancement idea

2015-02-09 Thread Kevin Darbyshire-Bryant
Further to my previous email I've cobbled something together, and it even appears to work. There's quite a bit of coding guesswork going on here and I really shouldn't be let anywhere near a C compiler. Either way a new option '-dnssec_tvalid=integer' where integer is number of seconds since

Re: [Dnsmasq-discuss] dnssec-no-timecheck enhancement idea

2015-02-09 Thread Kevin Darbyshire-Bryant
Sorry, I told you I shouldn't be let anywhere near a C compiler. Here's a patch that actually works! (previously missing a return in dnssec.c) diff --git a/src/dnsmasq.h b/src/dnsmasq.h index 40323ed..1687305 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -239,7 +239,8 @@ struct event_desc {

Re: [Dnsmasq-discuss] dnssec-no-timecheck enhancement idea

2015-02-12 Thread Kevin Darbyshire-Bryant
On 11 Feb 2015, at 22:02, Simon Kelley si...@thekelleys.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/02/15 18:28, Kevin Darbyshire-Bryant wrote: On 09/02/2015 16:02, Simon Kelley wrote: On 09/02/15 13:21, Kevin Darbyshire-Bryant wrote: Further to my

Re: [Dnsmasq-discuss] DHCP Request Flood

2015-02-25 Thread Kevin Darbyshire-Bryant
On 25/02/2015 09:14, Gavin Hill wrote: As a quick update, I tried changing dhcp-range=192.168.1.1,192.168.1.99,static,48h to dhcp-range=192.168.1.1,192.168.1.99,static,infinite Things slowed down a little and I’m seeing fewer log entries, but it still doesn’t explain why the 48h entry

Re: [Dnsmasq-discuss] a little feedback on the new dnssec startup method in openwrt

2015-04-02 Thread Kevin Darbyshire-Bryant
Chaps, If I may interject: On 02/04/2015 22:21, Dave Taht wrote: On Thu, Apr 2, 2015 at 1:20 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 02/04/15 19:41, Dave Taht wrote: A) Not clear what happens if it tries to write it while the jffs filesystem is still being cleaned Not sure I

Re: [Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

2015-05-06 Thread Kevin Darbyshire-Bryant
Continues to work here on my iPhone hiding behind openwrt cc trunk dnsmasq2.73rc7 Were I not on the iPhone I could do some dig'age :-) -- Cheers, ke...@darbyshire-bryant.me.uk Sent from my phone, apologies for brevity, spelling top posting On 6 May 2015, at 20:21, Dave Taht

Re: [Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

2015-05-07 Thread Kevin Darbyshire-Bryant
On 07/05/2015 13:54, Simon Kelley wrote: On 07/05/15 10:41, Toke Høiland-Jørgensen wrote: Simon Kelley si...@thekelleys.org.uk writes: It's difficult to see how that would work in practise for DNS. Take the Google-public-DNS example. It's clearly not sane for Google's servers to do PMTU on

[Dnsmasq-discuss] RFC6303 support - especially IPv6

2015-10-19 Thread Kevin Darbyshire-Bryant
From abe37dd25e466f813b4bc5864c1bd7ad676ba6c8 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant <ke...@darbyshire-bryant.me.uk> Date: Mon, 19 Oct 2015 13:27:15 +0100 Subject: [PATCH] Update ipv4 bogus-priv to RFC6303 zones RFC6303 specifies & recommends following zones not be forwarded to g

[Dnsmasq-discuss] Enable bogus-priv by default

2015-10-19 Thread Kevin Darbyshire-Bryant
Hi Simon & list, Ok, here's the controversial idea. Can we consider enabling 'bogus-priv' by default and have an additional option say 'allow-priv' to now disable? My feeling is that not forwarding 'link-local' type requests upstream by default is a cleaner way of having things configured.

Re: [Dnsmasq-discuss] Enable bogus-priv by default

2015-10-21 Thread Kevin Darbyshire-Bryant
On 20/10/15 21:35, Simon Kelley wrote: > To add to the list of canonical uses for dnsmasq: DHCP and DNS services > to VMs and containers in things like OpenStack. These typically use > RFC1918 addresses (there's no point in being able to spin a new VM in > seconds if you have to go buy it a real

[Dnsmasq-discuss] fe80/10 link local dns forwarding

2015-09-07 Thread Kevin Darbyshire-Bryant
Hi All, After enabling dnsmasq's dns logging the other day I was a little surprised to see queries for fe80:: being forwarded to my ISP's resolvers. I'd say that they're extremely unlikely to know anything about my link local stuff so as a solution I've added the following to my config:

Re: [Dnsmasq-discuss] fe80/10 link local dns forwarding

2015-09-07 Thread Kevin Darbyshire-Bryant
plementation of that recommendations, it could depend on > auth support, since it enables zone support. > > Best Regards, Vladislav Grishenko > >> -Original Message- >> From: Dnsmasq-discuss [mailto:dnsmasq-discuss- >> boun...@lists.thekelleys.org.uk] On Behalf

[Dnsmasq-discuss] dhcp-option 0.0.0.0 address interpretation possible bug?

2015-09-10 Thread Kevin Darbyshire-Bryant
Hi All, dnsmasq 2.75 Putting 'dhcp-option=ntp-server,0.0.0.0' in dnsmasq.conf is throwing an error "bad dhcp-option at line 73 of /etc/dnsmasq.conf" Replacing it with 'dhcp-option=42,0.0.0.0' allows dnsmasq to start and behave properly. I've noticed similar behaviour with 'netbios-ns' (option

[Dnsmasq-discuss] RFC 5908 - DHCPv6 NTP option 56

2015-09-10 Thread Kevin Darbyshire-Bryant
Hi All, I've been looking at providing NTP server addresses to my DHCPv6 clients using dnsmasq. 2 RFCs seem applicable, Simple NTP provision RFC4075 defines option 31 and known to dnsmasq as 'sntp-server'. RFC5908 defines a more flexible/complicated provision mechanism using option 56, known to

Re: [Dnsmasq-discuss] dhcp-option 0.0.0.0 address interpretation possible bug?

2015-09-10 Thread Kevin Darbyshire-Bryant
On 10/09/15 22:13, Simon Kelley wrote: > On 10/09/15 10:39, Kevin Darbyshire-Bryant wrote: >> Hi All, >> >> dnsmasq 2.75 >> >> Putting 'dhcp-option=ntp-server,0.0.0.0' in dnsmasq.conf is throwing an >> error "bad dhcp-option at line 73 of /etc/dnsm

Re: [Dnsmasq-discuss] No IPv6

2015-09-17 Thread Kevin Darbyshire-Bryant
On 16/09/15 15:48, Nickolai Dobrynin wrote: > Hello world! > > I can't get IPv6 working with dnsmasq. My ISP supports IPv6 "natively", > but when I run 'ping6 -c 1 google.com' on a client, I get "Network > unreachable". > When I ping a host that's IPv4-only, the message becomes "unknown host".

Re: [Dnsmasq-discuss] dnsmasq 2.75 build options

2015-12-07 Thread Kevin Darbyshire-Bryant
On 07/12/15 04:39, Shane Manjarres wrote: > Looking at the build options listed in /src/config.h it states the > following: > > *The default set of options to build* > > HAVE_DHCP > HAVE_DHCP6 > HAVE_TFTP > HAVE_SCRIPT > HAVE_AUTH > HAVE_IPSET > HAVE_LOOP > > *In the same config.h file is

Re: [Dnsmasq-discuss] CPU spin in master

2016-01-02 Thread Kevin Darbyshire-Bryant
On 01/01/16 20:27, Simon Kelley wrote: > On 01/01/16 11:28, Kevin Darbyshire-Bryant wrote: >> Hi Simon, >> >> So this is a pretty vague report of something lurking in very recent code.# > It's pretty good really. I stared at the ARP-caching code and found a > fa

Re: [Dnsmasq-discuss] CPU spin in master

2016-01-03 Thread Kevin Darbyshire-Bryant
Router survived the night. No obvious problems noted :-) -- Cheers, Kevin Sent from my phone, apologies for brevity, spelling & top posting > On 2 Jan 2016, at 17:20, Kevin Darbyshire-Bryant > <ke...@darbyshire-bryant.me.uk> wrote: > > > >> On 01/01/16 20:27

Re: [Dnsmasq-discuss] Wildcard Domain resolving does not work with DNSSEC

2016-01-04 Thread Kevin Darbyshire-Bryant
On 04/01/2016 16:05, Uwe Schindler wrote: > Hi, > > Was there a change in dnsmasq related to this? Would be good to get some > feedback. I'll try this version now. Currently I am running 2.75 (Debian > testing pkg 2.75-1) Yes. BIG changes. See the git log:

[Dnsmasq-discuss] CPU spin in master

2016-01-01 Thread Kevin Darbyshire-Bryant
Hi Simon, First off, Happy New Year! I compiled master ec0628c4b2a06e1fc21216091bb040d61a43b271 on OpenWrt (mips Archer C7 v2 platform Linux 4.1) a few hours ago and have experienced dnsmasq going into a tight cpu loop. Running strace showed no syscalls, so is spinning in dnsmasq somewhere.

Re: [Dnsmasq-discuss] Wildcard Domain resolving does not work with DNSSEC

2016-01-04 Thread Kevin Darbyshire-Bryant
On 04/01/16 14:48, Uwe Schindler wrote: > Hi, > > I found out that resolving of DNSSEC signed wildcard domains does not work > correctly with dnsmasq. I think the problem is that it looks for a signature > of the requested domain name and not the wildcard. > > > > ;; Query time: 0 msec > ;;

Re: [Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

2016-06-05 Thread Kevin Darbyshire-Bryant
On 27/05/16 13:37, Kevin Darbyshire-Bryant wrote: Hi Simon, Please could you consider the attached patch. It solves a problem that using dnssec-timestamp also effectively enabled dnssec-no-timecheck. Any thoughts? Kevin ___ Dnsmasq-discuss

Re: [Dnsmasq-discuss] HELP: gives BOGUS for valid RR with no DNNSEC

2016-05-25 Thread Kevin Darbyshire-Bryant
On 25/05/16 19:07, Johnny Appleseed wrote: Im using the -DNSSEC option and it keeps giving me BOGUS for sites like wikipedia.org or others. If i stop /restart sometimes it clear up, or i remove the check no-sign flag, but then Im not checking unsigned websites for RR. Is the system clock set

[Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

2016-05-27 Thread Kevin Darbyshire-Bryant
-check-unsigned that could prove 'challenging' :-) The patch matches the behaviour is as documented in the manpage. kind regards, Kevin >From f94c6d70aaaea0511ef3c7667093b4b54952804e Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant <ke...@darbyshire-bryant.me.uk> Date: Fri, 27 May 2

[Dnsmasq-discuss] IPv6 dhcp strangeness

2016-04-29 Thread Kevin Darbyshire-Bryant
Hi All, I've just noticed some strange/different behaviour with regard to dhcpv6 address allocation. I've a couple of 'internal' machines that I'd like to have fixed ip addresses. To that end, and it used to work I've got lines similar to:

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-04-30 Thread Kevin Darbyshire-Bryant
it gets changed to 1462055060 e0:3f:49:a1:d4:aa 192.168.219.4 Kermit 01:52:41:53:20:e0:3f:49:a1:d4:aa:00:00:09:00:00:00 There are also syslog messages of "abandoning lease to e0:3f:49:a1:d4:aa of 192.168.219.4" which I don't get at all. On 29/04/16 12:27, Kevin Darbyshire-Bryant wro

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-05-03 Thread Kevin Darbyshire-Bryant
: 4 option: 44 netbios-ns 192.168.219.1 What the hell is this box doing?! :-/ Kevin On 02/05/2016 17:24, Simon Kelley wrote: > On 30/04/16 11:32, Kevin Darbyshire-Bryant wrote: >> Further clues maybe: So initially when kermit comes up it grabs an IPv4 >> address and I

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-05-03 Thread Kevin Darbyshire-Bryant
, Simon Kelley wrote: > On 30/04/16 11:32, Kevin Darbyshire-Bryant wrote: >> Further clues maybe: So initially when kermit comes up it grabs an IPv4 >> address and I see this entry in dnsmasq's lease database: >> 1462055024 e0:3f:49:a1:d4:aa 192.168.219.4 Kermit 01:e0:3f:49

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-05-04 Thread Kevin Darbyshire-Bryant
The mystery is at least partially solved. It looks like I'd somehow enabled Remote Routing and Access services within Windows Home Server for VPN access. It looks like it tries to grab a few addresses for potential VPN clients from a DHCP server, that's why I was seeing 'RRAS.Micrsoft' as a

Re: [Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

2016-07-12 Thread Kevin Darbyshire-Bryant
On 11/07/16 21:05, Simon Kelley wrote: Ah yes, I see the problem. Patch applied. Sorry it took so long :-( Cheers, Simon. No problem. Glad to have helped solve it :-) Cheers, Kevin ___ Dnsmasq-discuss mailing list

[Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

2016-07-11 Thread Kevin Darbyshire-Bryant
-check-unsigned that could prove 'challenging' :-) The patch matches the behaviour as is documented in the manpage. kind regards, Kevin >From f94c6d70aaaea0511ef3c7667093b4b54952804e Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant <ke...@darbyshire-bryant.me.uk> Date: Fri, 27 May 2

Re: [Dnsmasq-discuss] interface-name records vs localise-queries

2017-02-02 Thread Kevin Darbyshire-Bryant
://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=d42d4706bbcce3 b5a40ad778a5a356a997db6b34 Have fun. Cheers, Simon. On 01/02/17 13:41, Kevin Darbyshire-Bryant wrote: On 17/01/17 04:05, Eric Luehrsen wrote: Hi Kevin, Reading the man page, I would expect the primary address is returned (localized

Re: [Dnsmasq-discuss] interface-name records vs localise-queries

2017-02-01 Thread Kevin Darbyshire-Bryant
not working, it would be perfect. I wonder if Simon could be persuaded to look into this ready for 2.77? :-) Kevin Kevin Darbyshire-Bryant Wed, 11 Jan 2017 10:24:34 -0800 Hello All, Recently LEDE changed the way it allocates names to interfaces, now using '-interface-name' rather than putting

Re: [Dnsmasq-discuss] [PATCH] decrease the amount of individual sites listed in log

2017-02-08 Thread Kevin Darbyshire-Bryant
Oooh that's a useful tidy'upper! Like it. Kevin On 07/02/17 18:03, Hannu Nyman wrote: By default 30 first servers are listed individually to system log, and then a count of the remaining items. With e.g. a NXDOMAIN based adblock service, dnsmasq lists 30 unnecessary ad sites every time when

Re: [Dnsmasq-discuss] IDN (internationalized domain name) support

2017-01-31 Thread Kevin Darbyshire-Bryant
On 31/01/17 16:57, Simon Kelley wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 It's included in the Debian, (and therefore Ubuntu) packaging. Of course the only difference it makes is to the interpretation of domain names in /etc/hosts and friends and config files. - IDNs get cached

Re: [Dnsmasq-discuss] Compile Error.

2016-08-25 Thread Kevin Darbyshire-Bryant
Or use 'make COPTS=-DNO_INOTIFY' to compile without the inotify handling, since early kernels (as used by many router manufacturers) don't have inotify support. On 24/08/16 17:14, Chris Novakovic wrote: On 24/08/16 16:31, Tony White wrote: inotify.c:92: error: ‘IN_NONBLOCK’ undeclared

[Dnsmasq-discuss] Hiding/obscuring version.bind

2016-09-06 Thread Kevin Darbyshire-Bryant
Hi Simon & all, There has been a bit of activity on the security front in LEDE and a recent change proposed removing version numbers from software to avoid it leaking to 'the bad guys'. I'll say upfront that I'm not a fan of this approach feeling that it's more of the 'security through

[Dnsmasq-discuss] [PATCH] dnsmasq: compile time option NO_ID

2016-09-07 Thread Kevin Darbyshire-Bryant
Some consider it good practice to obscure software version numbers to clients. Compiling with -DNO_ID removes the *.bind info structure. This includes: version, author, copyright, cachesize, cache insertions, evictions, misses & hits, auth & servers. Signed-off-by: Kevin Darbyshire-Br

Re: [Dnsmasq-discuss] Hiding/obscuring version.bind

2016-09-07 Thread Kevin Darbyshire-Bryant
like a NO_ID compile time option that suppresses the whole .bind domain thing? Certainly happy to take the patch. Cheers, Simon. On 06/09/16 16:14, Kevin Darbyshire-Bryant wrote: Hi Simon & all, There has been a bit of activity on the security front in LEDE and a recent change prop

Re: [Dnsmasq-discuss] Dnsmasq doesn't reply to queries made over (link-local) IPv6

2016-09-04 Thread Kevin Darbyshire-Bryant
On 04/09/16 12:14, Toke Høiland-Jørgensen wrote: Simon Kelley writes: OK, naive attempts to reproduce this have failed entirely, it just works for me :-) I see something similar: recvmsg(10, {msg_name={sa_family=AF_INET6, sin6_port=htons(50214),

Re: [Dnsmasq-discuss] dnsmasq does crash

2016-08-31 Thread Kevin Darbyshire-Bryant
On 30/08/16 23:08, Simon Kelley wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sorry about this. Putative fix pushed to git. Cheers, Simon. Looks good. It doesn't go bang anymore on my system :-) ___ Dnsmasq-discuss mailing list

Re: [Dnsmasq-discuss] dnsmasq does crash

2016-08-30 Thread Kevin Darbyshire-Bryant
On 29/08/16 20:30, e9hack wrote: Hi, I've trouble with this commit, independently that it looks simple: Suppress useless warning about DHCP packets of interfaces without addresses. Starting with this commit, dnsmasq does crash shortly after start: Mon Aug 29 21:18:40 2016 kern.info kernel:

[Dnsmasq-discuss] DNSSEC check unsigned vs sharepoint.com

2016-09-09 Thread Kevin Darbyshire-Bryant
Hi All, Having some issues with my 'onedrive for business' application which in turn uses 'sharepoint.com'. Short version: dnsmasq 2.76 thinks sharepoint.com is bogus. Directly querying upstream servers is okay: # drill -D @8.8.8.8 sharepoint.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR,

Re: [Dnsmasq-discuss] Hiding/obscuring version.bind

2016-09-10 Thread Kevin Darbyshire-Bryant
Hmm. Ideally then with 'NO_ID' we shouldn't forward Chaosnet queries for *.bind. Can we just get away with the equivalent of 'local=/bind/' or is that too broad a brush to apply by default in the code? I can see me digging into how the code for 'local' works in my near future :-) On

Re: [Dnsmasq-discuss] DNSSEC check unsigned vs sharepoint.com

2016-09-17 Thread Kevin Darbyshire-Bryant
Thank you one & all for that. I've tried to explain it to Microsoftandgiven up. I just won't use 'Onedrive for Business' or 'sharepoint'. On 09/09/2016 21:09, Simon Kelley wrote: > On 09/09/16 19:35, /dev/rob0 wrote: >> On Fri, Sep 09, 2016 at 03:24:34PM +0100, Kevin Darb

Re: [Dnsmasq-discuss] DHCPv6 ULA & Global address allocation & Apple devices

2016-11-21 Thread Kevin Darbyshire-Bryant
On 21/11/16 15:52, Kevin Darbyshire-Bryant wrote: PS: As a total hack, I got dnsmasq to ignore any requested addresses. Dnsmasq replies with both ULA & Global addresses in the reply...and my iPad is happy...it takes the global address. Nope, the above worked temporarily by luck ra

[Dnsmasq-discuss] DHCPv6 ULA & Global address allocation & Apple devices

2016-11-21 Thread Kevin Darbyshire-Bryant
Hi All, This problem has been around a while (forever?) but it's only just annoyed me sufficiently to investigate. The box in question is running a recent version LEDE and in my case dnsmasq git head bleeding edge. LEDE normally uses its homegrown odhcpd to hand out DHCPv6 addresses,

Re: [Dnsmasq-discuss] DHCPv6 ULA & Global address allocation & Apple devices

2016-11-21 Thread Kevin Darbyshire-Bryant
I've got some packet captures now that have helped answer some of the questions. 1) The DHCPADVERTISE in the log are included in just one packet. 2) The solicits from my ipad and the advertises are identical except dnsmasq presents the ULA address first whereas odhcpd presents the global

[Dnsmasq-discuss] interface-name records vs localise-queries

2017-01-11 Thread Kevin Darbyshire-Bryant
Hello All, Recently LEDE changed the way it allocates names to interfaces, now using '-interface-name' rather than putting names in /etc/hosts or similar. Unfortunately this new method appears incompatible with 'localise-queries' in that all interfaces/aliases are included in the reply to

Re: [Dnsmasq-discuss] bug: trunk DHCP offer/replies being ignored by some devices

2017-04-08 Thread Kevin Darbyshire-Bryant
On 07/04/17 23:00, Simon Kelley wrote: On 06/04/17 14:01, Pedro MG Palmeiro wrote: Dnsmasq trunk replies are being ignored by some devices, in my case, two epson printers (AL-M200). Dnsmasq 2.76 works fine. This could be related with http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;

Re: [Dnsmasq-discuss] [PATCH] Nack requests for unknown leases.

2017-04-29 Thread Kevin Darbyshire-Bryant
On 28/04/17 22:20, Simon Kelley wrote: That's the bug here, I think. I was worried that a client sending a DHCPDISCOVER when it thinks it knows that address, might respond to ICMP pings, but at least for ISC dhclient on Linux, that's not the case. Patch is here, and was much more trouble than

Re: [Dnsmasq-discuss] [RFC] dns: add option to ban domains

2017-08-08 Thread Kevin Darbyshire-Bryant
On 08/08/17 09:23, wkitt...@gmail.com wrote: On 08/08/2017 04:06 AM, Matteo Croce wrote: 2017-08-08 4:26 GMT+02:00 : On 08/07/2017 06:02 PM, Matteo Croce wrote: I propose adding an option to allow banning some domains. add `--ban-hosts' which accepts a file name which

Re: [Dnsmasq-discuss] IPv6: Router with RA + static DHCPv6 from dnsmasq on separate host

2017-08-19 Thread Kevin Darbyshire-Bryant
On 18/08/17 19:54, David Kerr wrote: Maddes, This looks very similar to a question I asked a few days ago... http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011677.html dnsmasq DHCPv6 server

Re: [Dnsmasq-discuss] problem with loopback and 2.77test5

2017-05-15 Thread Kevin Darbyshire-Bryant
On 15/05/17 11:06, Bastian Bittorf wrote: * Simon Kelley [12.05.2017 08:33]: Oops. "It compiles - ship it" bites back. 2.77rc3 fixes this, and we're currently eating the dog-food chez Kelley. just to mention it, the loopback-thingy is working fine now on my side

Re: [Dnsmasq-discuss] Intermittent SIGSEGV crash of dnsmasq-full

2017-05-10 Thread Kevin Darbyshire-Bryant
On 09/05/17 22:42, Simon Kelley wrote: Never trust a git commit which happened in the early hours :) Thanks for a second excellent bug report. This was much easier to find. Sorry for keeping you up till the wee small hours with your bug hunting outfit on :-) Guido does all the hard work

Re: [Dnsmasq-discuss] problem with loopback and 2.77test5

2017-05-11 Thread Kevin Darbyshire-Bryant
On 10/05/17 22:31, Simon Kelley wrote: Just committed a patch which should make this work again without needing --no-ping. I've tagged it as 2.77rc2, so please could a LEDE package be built, and this behaviour tested. I tried rc2 and think there's a problem with DHCPv4 leasesie. It

Re: [Dnsmasq-discuss] problem with loopback and 2.77test5

2017-05-11 Thread Kevin Darbyshire-Bryant
On 11/05/17 21:09, Simon Kelley wrote: Oops. "It compiles - ship it" bites back. 2.77rc3 fixes this, and we're currently eating the dog-food chez Kelley. Woof! Currently building a LEDE release, assuming no obvious issue pops up, a pull request into LEDE master will follow...and

Re: [Dnsmasq-discuss] Intermittent SIGSEGV crash of dnsmasq-full

2017-05-09 Thread Kevin Darbyshire-Bryant
#comment2589 I really hope to get out a 2.77 release soon. Cheers, Simon. On 08/05/17 13:30, Kevin Darbyshire-Bryant wrote: Hi Simon, Got a report in LEDE land about a SIGSEGV issue, I'm able to replicate easily as described. Thoughts? Cheers, Kevin Forwarded Message

Re: [Dnsmasq-discuss] dnsmasqd crash

2017-06-20 Thread Kevin Darbyshire-Bryant
Probably best to reply to the list as well where there are much better experts than me. On 19/06/17 22:39, Justin Jose wrote: Hi Kevin, Thank you for the response. Here are my answers for your questions. Q. What version of dnsmasq? [Ans] The dnsmasq version I am using is 2.55. 2.55 is

Re: [Dnsmasq-discuss] [PATCH] fix dns failover when dns server returns REFUSED

2017-06-15 Thread Kevin Darbyshire-Bryant
This seems like an important fix to get in the next 'patch' release or whatever it's to be called, a bit like the pxe filename whoops :-) Remarkably simple fix too...hopefully not too simple. Cheers, Kevin On 14/06/17 14:46, Hans Dedecker wrote: If a DNS server replies REFUSED for a given

Re: [Dnsmasq-discuss] dnsmasqd crash

2017-06-19 Thread Kevin Darbyshire-Bryant
On 19/06/17 01:02, Justin Jose wrote: ​​​Hi, I got a couple of dnsmasqd crash and on investigating I found the crash is due to accessing a NULL pointer. What version of dnsmasq? I have a fix for this problem and attached with this mail. Would you have any suggestion for this fix?

[Dnsmasq-discuss] Intermittent SIGSEGV crash of dnsmasq-full

2017-05-08 Thread Kevin Darbyshire-Bryant
Hi Simon, Got a report in LEDE land about a SIGSEGV issue, I'm able to replicate easily as described. Thoughts? Cheers, Kevin Forwarded Message Subject: [FS#766] Intermittent SIGSEGV crash of dnsmasq-full Date: Mon, 08 May 2017 05:57:18 + From: LEDE Bugs

Re: [Dnsmasq-discuss] [PATCH] Remove NULL check for intname.

2017-10-05 Thread Kevin Darbyshire-Bryant
On 05/10/17 06:20, ros...@gmail.com wrote: On Wed, 2017-10-04 at 20:43 -0700, Kurt H Maier wrote: On Wed, Oct 04, 2017 at 07:23:22PM -0700, Rosen Penev wrote: - if (intname && strlen(intname) != 0) + if (!strlen(intname)) ifindex = if_nametoindex(intname); /* index == 0 when not

[Dnsmasq-discuss] Thanks - Recent fixes

2017-09-10 Thread Kevin Darbyshire-Bryant
Hi Simon, Thanks for the recent fixes for the SIGSEGV CVE 2017-13704 and followup http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928 http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=a3303e196e5d304ec955c4d63afb923ade66c6e8 I backported

Re: [Dnsmasq-discuss] pick authoritative server

2017-09-25 Thread Kevin Darbyshire-Bryant
On 25/09/17 00:24, Vic wrote: > Hi, Can I select a domain filter or such: > > I send all requests to 8.8.8.8 except for > > mydomain1.org and mydomain2.org -- that goes to my local name servers. > > Yes? How? Yes. Something like: server=/mydomain1.org/ip.address.of.mydomain1.auth.server

Re: [Dnsmasq-discuss] reproducible segmentation fault

2017-08-28 Thread Kevin Darbyshire-Bryant
On 28/08/17 09:27, Juan Manuel Fernandez wrote: Hi, Last weeks we were fuzzing dnsmasq and found this crash (https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11597.html ) . We tried

Re: [Dnsmasq-discuss] reproducible segmentation fault - bisected!

2017-08-28 Thread Kevin Darbyshire-Bryant
mpling. This is to be regarded as a sticking plaster rather than real fix but that needs far greater minds than I to understand the code & intent :-) Hope this helps someone. Kevin >From 340a26f915d8c3bb54c44f58d432cc7240631a74 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant <

Re: [Dnsmasq-discuss] reproducible segmentation fault - bisected!

2017-08-29 Thread Kevin Darbyshire-Bryant
I've a *much* better fix for this. Will submit once I've collected someone from the station! Mad busy life, Kevin On 28/08/17 17:27, Christian Kujau wrote: On Mon, 28 Aug 2017, Christian Kujau wrote: On Mon, 28 Aug 2017, Kevin Darbyshire-Bryant wrote: My workaround is to only call memset

Re: [Dnsmasq-discuss] reproducible segmentation fault - bisected!

2017-08-29 Thread Kevin Darbyshire-Bryant
On 28/08/17 17:27, Christian Kujau wrote: On Mon, 28 Aug 2017, Christian Kujau wrote: On Mon, 28 Aug 2017, Kevin Darbyshire-Bryant wrote: My workaround is to only call memset if the difference between buffer begin and buffer limit is bigger than the query length, thus it retains Simon's

[Dnsmasq-discuss] dnssec queries with --bogus-priv

2018-05-15 Thread Kevin Darbyshire-Bryant
Here’s another one of those innocent questions caused by looking at a logfile :-) I have ‘—bogus-priv’ set so in theory I’m not going to ask upstream questions about RFC1918 addresses, which I don’t, except I see these…. dnssec-query[DS] 10.in-addr.arpa to 8.8.8.8 dnssec-query[DS]

Re: [Dnsmasq-discuss] upstream server selection algorithm - bug?

2018-05-15 Thread Kevin Darbyshire-Bryant
> On 15 May 2018, at 17:00, Dominik DL6ER wrote: > > Dear Kevin, >> Obviously it has to at least try the others occasionally to check it’s made >> the correct choice. But I’m seeing dnsmasq make the same request to *ALL* >> servers quite frequently and am curious as to why?

Re: [Dnsmasq-discuss] DHCPv6 with dnsmasq for automated deployments

2018-05-25 Thread Kevin Darbyshire-Bryant
> On 25 May 2018, at 13:07, Oliver Freyermuth > wrote: > > Dear dnsmasqers, > > I fear the following is a design issue of DHCPv6, but I wonder if there's a > way to overcome it with dnsmasq... Hi Oliver, I’ve a similar/same problem when rebooting some QNAP

  1   2   >