[Dnsmasq-discuss] bogus-nxdomain + opendns + ipv6
Hi Folks (warning, this is behaviour noticed with the version of dnsmasq on my router - version.bind. 0 CH TXT dnsmasq-2.61 apologies if fixed in a newer version) I've been using OpenDNS with nxdomain to filter out their annoying brain-dead NXDOMAIN mangling. however If I do this, it breaks on IPv6 addresses ie - an expected result $ host indicodev2.ipv6.cern.ch 8.8.8.8 Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: indicodev2.ipv6.cern.ch has IPv6 address 2001:1458:201:b5b9::100:10 -- there's an IPv6 record, but no A record for this machine howver if I use opendns I get $ host indicodev2.ipv6.cern.ch 208.67.222.222 Using domain server: Name: 208.67.222.222 Address: 208.67.222.222#53 Aliases: indicodev2.ipv6.cern.ch has address 67.215.65.132 BOGUS indicodev2.ipv6.cern.ch has IPv6 address 2001:1458:201:b5b9::100:10 and with bogus-nxdomain 67.215.65.132 it bails after the A record and doesn't try unless specifically asked $ host indicodev2.ipv6.cern.ch Host indicodev2.ipv6.cern.ch not found: 3(NXDOMAIN) $ host -t indicodev2.ipv6.cern.ch indicodev2.ipv6.cern.ch has IPv6 address 2001:1458:201:b5b9::100:10 Any ideas if I can work around this via configuration or do I have to give up with opendns Many thanks Andrew ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] reducing SPOFs
In this case, about half the queries in your network will hit the router rather than you dnsmasq box. If they try to resolve a dynamic (dhcp) host (like when you try to ping another pc in your lan using its name), if the query is handled to the linksys it will answer with nxdomain... hmm, *hopefully* all 'known' devices have a real hostname (tv,soundbridge,wii,laptop-a) etc in /etc/hosts - I only have a v small 'guest' dhcp range for unknown mac addresses and they too are in /etc/hosts with the original name of dhcp-01 to dhcp-15
[Dnsmasq-discuss] reducing SPOFs
Hi Gang, At the moment I have an /etc/hosts with all the internal machines on my home LAN, served by dnsmasq (which does the Right Thing - Thanks for a decent program) as DHCP / DNS server, however I'd like to have a second DNS server (hey, if DHCP goes down all bets are off) as a backup. I have a wrt-54g running dd-wrt as an access point downstairs - would this be the best way? if so, is the simplest way to sync /etc/hosts from my master onto it and run in DNS only mode? (plan B of using opendns/google DNS servers means I can't resolve internal hosts) or is there a Better Way (tm)? Andrew
Re: [Dnsmasq-discuss] reducing SPOFs
if so, is the simplest way to sync /etc/hosts from my master onto it and run in DNS only mode? OK - following up my own post incase anyone looks through the archives for debugging got this working - main (dnsmasq does DHCP and DNS) server is 192.168.1.251 second box (linksys with dd-wrt) just doing DNS is 192.168.1.2 altered dnsmasq.conf on master to include dhcp-option=6,192.168.1.251,192.168.1.2 and the linksys box has an scp'd copy of my master /etc/hosts and runs dnsmasq with the following config: interface=br0 resolv-file=/tmp/resolv.dnsmasq domain=example.com (well, not really) expand-hosts bogus-priv domain-needed no-resolv no-poll server=208.67.222.222 server=208.67.220.220 bogus-nxdomain=67.215.65.132 log-queries no-dhcp-interface=br0
Re: [Dnsmasq-discuss] tftp service
PXE supports it, for netbooting clusters of 100s or 1000s of machines. I've never come across anybody who actually uses it. Big clusters these days tend to have fast networks that laugh off the traffic involved in unicasting netboot images to a few thousand machines. You tend to get hit by timeouts on the server with booting multiple machines at once - we found about 1/2 a rack at a time was the best we could get. (but the cluster head node also acted as the kickstart server so traffic got kinda busy come upgrades) Switching to gPXE / gpxelinux and using http rather than tftp for transferring the boot image was a much better improvement than trying to sync and multicast another nice scalable installer is to use bittorrent - see the Rocks 'Avalanche' installer (on the other hand, reimaging a callcentre at once using norton ghost + multicast was waaay cool when I did it oooh 10 yrs ago) Andrew
[Dnsmasq-discuss] Huge number of lookups for 'yes'
Hi Folks, I don't think dnsmasq is the culprit (yet) but I'm not sure what is: I have a linux box at home which does the DNS for my lan ~4 laptops one desktop + odds n sods. root@mythic:~# head /var/log/daemon.log Apr 25 06:34:00 mythic root@mythic:~# tail /var/log/daemon.log Apr 28 10:32:06 root@mythic:~# grep 'yes.elwell.org.uk from 127.0.0.1' /var/log/daemon.log | wc -l 13338 now it strikes me that thats a *lot* of requests for a non-existent host on my network. Is there any way to trace what application is likely to be guilty? I couldn't see anything in the source code for dnsmasq (the only yes in there was in the suse config) Its running ubuntu 9.mumble, the timestamps don't tie in with cron entries. I've stopped mythtv but it's not that (as far as I can tell) has anyone else noticed similar 'rogue' lookups? Many thanks Andrew
Re: [Dnsmasq-discuss] Huge number of lookups for 'yes'
Ahem. That'll be a screwup in my samba config then wins server = yes Doh!
