iOS 14 will by default use randomized, private MAC addresses. In my testing
these devices use a MAC address with the LAA bit set (2nd least significant
bit of the first byte of the MAC). It restricts this to host addresses
(least significant but is set to 0).
This patch detects MAC addresses with
> > iOS 14
>
> CISCO provides an IOS, https://en.wikipedia.org/wiki/Cisco_IOS
> My second guess on IOS is an Apple Computer Inc product.
>
>
> > will by default use randomized, private MAC addresses.
>
> Yeah right, let's sell a depleted MAC address pool
> as a privacy improvement ...
>
It
How about this. A device showing up with an LAA gets tagged twice. Always with
an "laa" tag, but also with one of "laa-unicast" or "laa-multicast".
If someone wanted to block devices, it would be easy with
# Block all LAA-presenting devices
dhcp-ignore=tag:laa
# Block unicast LAA-presenting dev
Hi everyone,
The following proposed patch includes my attempt at a man page change. It also
includes Vladislav Grishenko's suggestion to tag LAA source addresses
independently from multicast addresses.
If these changes are acceptable, I propose the following commit message:
DHCP requests from
> Thanks!
>
> Do I understand correctly, in order to ignore "laa-unicast" MACs, a user
would define this ?
>
> # Block unicast LAA-presenting devices
> dhcp-ignore=tag:laa,tag:!multicast
Yes, that would work.
Although it is by no means clear to me that it makes sense to accept a DHCP
request fr
I ran into this problem. There is no fix on the Apple side. Until iCloud
Sync allows disabling syncing of wifi passwords it will keep happening.
One fix is to disable guests (dynamic addresses) on the parent network.
My fix was to add a feature to dnsmasq. The feature has been present in
dnsma
I have seen a few devices that consistently ignore DHCPOFFER messages. After
some tinkering with standards compliant permutations of offers that they
might not handle properly (e.g. lease times and RFC6842 client-id options),
I got frustrated enough to try some standards non-compliant possibilities
very is probably not
on topic here.
2. If not, complete information would be required, to help you.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
o DNS.
In addition, PTRs are returned for IP addresses subject to DHCP
leases.
I don't know how multiple hosts listings for the same IP address are
handled by dnsmasq, but I'll bet it's in the [very] fine manual. :)
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
On Wed, Apr 13, 2011 at 10:25:55PM +0530, Mohit Chawla wrote:
> On Wed, Apr 13, 2011 at 9:25 PM, /dev/rob0 wrote:
>
> > The hosts(5) file format is far simpler than a DNS zone file or a
> > dnsmasq(8) config file. "IP.add.re.ss name [alias ...]". dnsmasq
> &
those names, and no forwarding
will be done. So if no IP is specified, they are NXDOMAIN.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
to have networking. But beyond that segment,
there's no meaning to a MAC.
Sure, someone can look it up and find out what kind of NIC or
embedded device you bought. But no, I don't see a "serious privacy
concern" here. Am I missing something, or are you?
--
Offlist mai
it contain, if anything? Is it still relevant?
I think "resolvconf" is a Debian-specific package. It is not a
part of dnsmasq, and thus this list is not the best place from
which to seek support for it.
I would suggest Google and Ubuntu help forums.
--
Offlist mail to this addre
be greatly appreciated. I've searched the mailing
> list archives and couldn't find anything quite like this.
DNS-level domain blocking is not a new idea. http://pgl.yoyo.org/as/
was helpful in my project back in '05 or so. OpenDNS implements a
domain blocking feature as well. http://www.malwaredomains.com/ may
also be of interest.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
ought ... having added DHCPv6, perhaps this warrants a major
release, i.e., 3.0? :)
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-disc
;s per IP but not multiple IPs per PTR.
You CAN have as many PTR records as you want on any name. However,
it's unlikely to do anything useful.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/
On Thu, Mar 15, 2012 at 03:14:08PM -0500,
richardvo...@gmail.com wrote:
> On Thu, Mar 15, 2012 at 2:34 PM, /dev/rob0 wrote:
>
> > On Thu, Mar 15, 2012 at 10:24:44AM -0700, Rob Zwissler wrote:
> > > Yah, seems to me it would make more sense to key off the IP
> > &
subdomain leads to the wan-ip?
The WAN IP address has nothing to do with this. The whole point of
dnsmasq is to have the external names resolve to internal addresses.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/
ny three."
http://sqlite.org/
I'm not sure how/if this would help with the goal of failover, but
I think it might be worth considering if there is to be external
database/storage for dnsmasq.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen
dministration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
resolve the address of myserver it
> > always answers with 192.168.1.10 regardless of what subnet the
> > request came from.
> >
> > What's the proper way to setup this up?
See "-y, --localise-queries" in the dnsmasq(8) manual.
--
http:
t; > dhcp=host=00:11:22:33:44:55,myhost
>
> So this means that I can't maintain my hosts in a single file with
> only one statement?
Single statement, not that I know of.
Single file, sure. See "-A, --address" in the man page.
in /etc/dnsmasq.conf :
d
> reverse doesn't work straightforwardly.)
FSVO "full" and "paranoid". dnscache does not support DNSSEC
signature verification, does it? Is anybody hacking on it since its
abandonment?
--
http://rob0.nodns4.us/ -- system administrati
lid top-level domain, so it might not be a good choice
for your internal domain. That said, it was chosen to be easy to
block, because many sites will want to do that.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only
On Thu, Aug 23, 2012 at 11:41:17AM -0400, Gene Czarcinski wrote:
> On 08/23/2012 10:44 AM, /dev/rob0 wrote:
> >On Thu, Aug 23, 2012 at 10:26:25AM -0400, Gene Czarcinski wrote:
> >>I checked my dnsmasq.conf and I have "local=/xxx/", "domain xxx",
> >&q
ed(8)'s
"view" feature.
A dnsmasq-based solution in that case might be to run multiple
instances. See "-i, --interface" and "-I, --except-interface" and
"-z, --bind-interfaces".
--
http://rob0.nodns4.us/ -- sys
This could be done with BIND named using views (and there too, you
would benefit from the above CIDR suggestion.) But then you wouldn't
have the ease of setup of dynamic DNS that dnsmasq offers.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is see
On Tue, Oct 23, 2012 at 06:49:19AM -0600, dnsm...@ailsby.net wrote:
> On 12-10-22 10:32 PM, /dev/rob0 wrote:
> >On Mon, Oct 22, 2012 at 09:24:34PM -0600, dnsm...@ailsby.net wrote:
> >>I am trying to setup dnsmasq so that I can use the OpenDNS
> >>servers for my younger
most public hotspots.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> On 10/11/2012 15:54, /dev/rob0 wrote:
> >Seems to me that dnsmasq is a better nscd replacement, and
> >it has a place in mobile computing.
> >
> ># we use this dnsmasq as this system's own resolver
> >no-resolv
On Sat, Nov 10, 2012 at 05:46:10PM -0600,
On Tue, Nov 13, 2012 at 12:13:07PM +0100, s...@sltosis.org wrote:
> On Mon, Nov 12, 2012 at 06:11:43PM -0600, richardvo...@gmail.com
> wrote:
> > On Sun, Nov 11, 2012 at 5:05 PM, /dev/rob0
> > wrote:
> > > > On 10/11/2012 15:54, /dev/rob0 wrote:
> > >
On Tue, Nov 13, 2012 at 09:42:34PM +, Ed W wrote:
> On 13/11/2012 15:03, /dev/rob0 wrote:
> >And dhcpcd(8) is writing domain_name_servers to
> >/var/lib/dhcpcd/resolv.conf.
>
> How do you remove servers from that file when the link goes down?
Why would I care? If
n clients switch to the
secondary during an outage, if that secondary is unaware of the
internal names. Perhaps a better idea is to schedule your outages
better, or to run another dnsmasq.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail i
t want is something
similar to this:
server=/example.dht/127.0.0.1#1053
This uses 127.0.0.1:1053 for names under and including only
"example.dht".
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/ro
ic or so I'm given to understand.
Maybe you want to point to a remote server for those names:
server=/certain.sites.example/2001:db8::1ce:c01d
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
> On Wed, May 8, 2013 at 10:25 AM, /dev/rob0 wrote:
> > On Wed, May 08, 2013 at 05:43:01AM -0700, Ray Klassen wrote:
> >> Is there a way of configuring dnsmasq to always return an
> >> ipv6 address on a DNS request if there are both ipv4 and
> >> ipv6 avail
lf)
is somehow representing a special name, one for which 192.168.0.2
might be authoritative. In that case, you need to specify the domain
in the server directive:
server=/github.example.com/192.168.0.2
Do this in addition to "server=192.168.0.2" if 192.168.0.2 should
also be providi
7;s only
> for RFC1918 addresses... :)
Then perhaps your simple solution is a little bit of network
restructuring to replace your /24 with a /23 and your /25 with a /24?
RFC1918 gives us lots of room; stretch out and enjoy some of it. :)
--
http://rob0.nodns4.us/ -- system administrati
s long been considered a best practice to separate authoritative
from caching/recursive name service.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-dis
u again rely on a cache you don't
control. You likewise don't control the upstream cache's DNSSEC
policy, which is likely to mean that you're not having signatures
validated at all.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is see
xns-ch
66/udp closedsqlnet
67/udp open|filtered dhcps
68/udp closeddhcpc
Nmap done: 1 IP address (1 host up) scanned in 1.36 seconds
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0&q
nces, the new --bind-dynamic mode. --bind-dynamic is
> only available on Linux, and --bind-interfaces is the only mode
> available on openBSD, so BSD users have rather more problems here.
>
> Summary. There's a problem is you want to accept queries in an
>
named can do it all in one notwithstanding, this is
not what ISC recommends. But it is a convenience for some small,
internal-only sites, where that might override security concerns.)
> Just for interest.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is i
port is very
simple.
(My apologies if I totally missed the point of the thread.)
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Simon's
judgment, but I hope he has considered these concerns.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
htt
darkness BIND them.
:)
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
April Fools!
;)
> I'm not really qualified to judge here what is best; I can only
> point out what I, as a user, think about it. I'll trust Simon's
> judgment, but I hope he has considered these concerns.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if &qu
ng
something in your firewall. It won't be trivial to get it right
there, either. I would look at -m recent and maybe also -m set to
begin with.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
by a
> webserver like in hotels.
I don't know what you have seen, but it's still not technically
possible, even with the features I described. (Well, the DNS
hijacking might come close, but a malicious rulebreaker could use
IP addresses.)
--
htt
eed. If it could, it
wouldn't be so simple to use. :)
Don't be afraid of BIND. While it is very powerful, it's also
straightforward, well documented, and well supported.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if &qu
or and how can I fix that?
I don't know. Maybe you have enabled another DHCP server, or perhaps
another nameserver?
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
mes out or otherwise fails, that's what
dnsmasq will tell the client.
> So, will the Dnsmasq reply to the client's request from cache if
> none of the external servers replied?
No, it wasn't cached.
--
http://rob0.nodns4.us/
Offlist GMX mail is s
match-clients { "any"; };
...
};
...
...where the "in-addr.arpa" zone file has only SOA and NS with no
other records such as PTR.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
tware can be managed by your OS packaging system.
Consult Ubuntu documentation for help with these issues.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
ase sharing is possible with
another possible point of failure: mysql or PostgreSQL.)
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelley
here a
> way to turn this response into an NXDOMAIN instead of returning the
> synthesized A record?
>
> I'm using dnsmasq verision 2.66 on a Centos 7 machine.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
_
gt; on port:
>
> $ dig -p 1234 192.168.0.1
> ...
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61710
> ...
Here without the -x the query is for an A record for "192.168.0.1."
in the "1" top-level domain.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
for any DNSSEC failure ... but wouldn't you be
better off just using 8.8.8.8 and dumping the broken one?
I've said before what I do ... I have *both* dnsmasq and named
running; dnsmasq on port 53 and named on 127.0.0.1:1035. The named
is doing recursion only. Yes
ight; };
forwarders { 8.8.8.8; };
};
view four {
match-clients { four; };
forwarders { 8.8.4.4; };
};
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing li
t manpower to the task. I
suspect they also are continually monitoring the service for spikes
and other attack indicators.
Dnsmasq is a wonderful piece of software which does a very nice job
at meeting the needs of most small, simple sites. I do not think
it's well
t; You're welcome. :)
And a very good job on your part for trying to help. Unfortunately
this matter feels very much like an "XY" problem: "I want to do X, I
think Y would do it for me, so I am asking how to do Y." As is
common in such cases, "Y" makes littl
lready have it
fixed, my version is not current.)
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
et another reason why you might want to consider
these ISP nameservers unreliable.
> does anybody knows the reason for this?
See --all-servers and --server in the manual.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject
have put a CNAME
where NS already exists. Some resolvers are fooled and will go along
with it, but apparently dnsmasq can't do that while checking DNSSEC.
If you are paying them, complain.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
bigger than others. Look at
pdns-recursor and unbound.
> - whether, if the desired functionality is not currently readily
> available within OpenWRT, but could be made available by extending
> Dnsmasq, any of you on the list would be keen to implement that
> functionality (Simon Kell
I'm able
> to get the EDNS0 option in a dns query but when I compiled from the
> source and ran it, the same thing doesn't happen.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
t is.
I think the most prudent thing for dnsmasq to do on SERVFAIL is to
attempt the query with other upstream servers, if possible. But an
answer needs to be provided to the client before its own timeout
value.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0&
#x27;s overstating it a bit.
ISC dhcpd uses raw sockets, and those are (like tcpdump) seen before
the netfilter subsystem.
But note, a complete DHCP exchange is "DORA": Discover by the client;
Offer by the server; Request by the client; and Ack by the server.
With dhcpd only DO are no
is fixed by accepting /32 and /0 CIDR
> prefixes as valid values. Any other value will still be
> considered the same as /16.
A /0 zone is very strange and likely to break most reverse address
resolution, but a /32 zone is not unusual at all; I run 8 /32
in-addr.arpa zones for my /29 net
ut any one
address to only one client.
But wait and see what Simon says. :)
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
nother problem you will have is when one of the actual upstream
recursive servers replies for "domain.example" with incorrect data.
(Side note: simple is good; listing more recursive servers will
generally not improve performance. If some o
make sure I see the real command line of the running dnsmasq.
> >
> /usr/sbin/dnsmasq
> --no-resolv
> --keep-in-foreground
> --no-hosts
> --bind-interfaces
> --pid-file=/var/run/NetworkManager/dnsmasq.pid
> --listen-address=127.0.1.1
> --cache-size=0
> --conf-f
Is it possible to setup *dnsmasq *to query the upstream servers in an
"--all-servers" fashion for for subdomain-1.my-domain.tld and
sequentially for subdomain-2.my-domain.tld (2.2.2.1 queried first, IF no
reply 2.2.2.3 queried next and so forth) ?
server=/subdomain-1.my-domain.tld/1.1.1.1
server=/
t being: to
have local name resolution and to have one central cache for external
names.
Yes, there is an option you can use in dnsmasq.conf to change the
nameserver[s] given to DHCP clients, but why do you want that? See
the dnsmasq(8) manual for details.
--
no data of the requested type. (Offer void where taxed
or prohibited, or where mangled by Cloudflare.)
Such abuse of the DNS is commonplace these days. And there are
reasons for it, namely CDN replies tailored for what is hoped to
produce the fastest connection to the requested resources.
--
htt
the DNS notify concept. In fact
you can keep it simple as in my howto, with static entries for the
various remote sites. If one of the sites is unreachable via the
VPN, no problem if those names fail to resolve.
--
http://rob0.nodns4.us/
Offlist GMX mai
From: Brian Haley
Currently, dhcp_release will only send a 'fake' release
when the address given is in the same subnet as an IP
on the interface that was given.
This doesn't work in an environment where dnsmasq is
managing leases for remote subnets via a DHCP relay, as
running dhcp_release local
?
I don't know. But I set one up where BIND named is listening on
localhost:35, and dnsmasq uses that for recursion. Works quite well.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
ly. Furthermore,
even BIND people (which I am one, sort of) will recommend keeping the
functions separate, at least with views, if not using separate
processes (or machines) altogether.
IWFM, and I'm happy with it.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
smasq-2.35/src'
> make: *** [dnsmasq] Error 2
I'm running on a 2.6.18.2 kernel with /usr/src/linux pointing to
linux-2.6.15.5 sources. So yes, maybe the 2.6.19 kernel is your
problem. Although I have it on good authority that 2.6.19 is perfect,
and any problems with it are your own %*&^$*! fault. Linus said so. :)
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
rds![1] ;) Seriously, the ISC solution has its place, and
dnsmasq occupies a different niche. I think it should stay that way.
[1] With apologies to Chuck Barris and his horrible/wonderful "The Gong
Show." Apologies also to anyone [un]fortunate enough to remember it. :)
--
Offli
is does it:
http://tools.ietf.org/html/rfc2132#section-3.17
dnsmasq.conf :
...
dhcp-range=wifi,192.168.3.127,192.168.3.192,255.255.255.0,12h
dhcp-option=wifi,15,wifi.example.net
...
(where 192.168.3.1 is the wireless interface IP address)
--
Offlist mail to this address is discarded
erver=/wifi.example.net/127.0.0.1#35
server=/3.168.192.in-addr.arpa/127.0.0.1#35
Will dnsmasq ignore the names it has served to DHCP clients?
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
le time options IPv6 GNU-getopt no-ISC-leasefile no-DBus I18N TFTP
and DiG 9.4.1-P1 <<>> soa google.com. works for me.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
), but it was a cute idea. I could switch to
ISC if it was worth the trouble, but it isn't. Please file this under
"feature requests that should only be considered if they don't create
too much complexity, because the whole point of using dnsmasq in the
first place was for simplicity." :)
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
NS problems especially difficult to ... resolve.
[1] I know this goes against the spirit of simplicity which is
dnsmasq, but I always run my own named backend for recursion. It
binds on port 35, which is used as such in dnsmasq.conf :
server=127.0.0.1#35
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
face. You should only filter INPUT and FORWARD traffic on your
external interface. If you really have a threat inside your RFC 1918
netblocks, I would suggest a physical approach: pull the plug on it.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
http://danieldegraaf.afraid.org/info/iptables/examples
Unfortunately seems to be down now, but it's in the Google cache.
(Dynamic IP, I think it will be back later.)
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
t.
No idea about that. My client (dhcpcd) works fine with the
dnsmasq-assigned ntp.conf.
> Oh, version is 2.35 on Debian etch.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
:)
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
eserver to use.
I run my own named(8) caching resolver on an alternate port for
dnsmasq to use. It's pretty simple, using --server and --no-resolv
settings. I changed the ports to non-privileged ones, so my named
can be started by and run as a non-root user.
--
Offlist mail to this address i
s
This is all nothing but a minor annoyance for me, but I thought it
might be worth looking into.
[1] Slamd64 is/was a port of 32-bit Slackware to x86_64, probably in
the process of being phased out since Slackware 13 had a x86_64
version.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
IN
> >
> > when i look at the dnsmasq log, and the dnsmasq.leases file,
> > everything seems to be ok...
You looked, and at the time, "xxx" was in the lease file? I bet it
wasn't.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
ut I don't know it very well. Being Linux, it might be
done using an iptables DNAT rule in nat/OUTPUT, and a REDIRECT rule
in nat/PREROUTING, on each client.
You could list all your hosts and ignore unknown, as Richard said.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
d an ISP doing DNS redirection. I'd be very
angry if I did!
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
les commands in my example? They
were not necessary; they merely restrict access to named's ports to
the dnsmasq user only. I don't use them myself; like I said, if you
don't trust your shell users, get rid of them!
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
those domains will be NXDOMAIN. I
suspect you have misdiagnosed your original issue.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
osts that should return NXDOMAIN, not
consulting upstream servers.
> On Tuesday 04 May 2010 01:43 PM, /dev/rob0 wrote:
> > Show what Kerberos is actually looking up. Is it as you said,
> > _kerberos-master.udp.EXAMPLE.COM, or is is perhaps as per the
> > documented LDAP exampl
other ends of the VPN. So, maybe the exceptions need to be broader
than just for DNSBLs?
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
1 - 100 of 104 matches
Mail list logo
