Re: [Dnsmasq-discuss] using DHCP to set clients' MTU
Jan 'RedBully' Seiffert on 12/09/08 12:53, wrote: Adam Hardy wrote: Jan 'RedBully' Seiffert on 11/09/08 21:17, wrote: [snip] Hmmm, a mtu of 1430 looks a bit strange, but propably depends on your link. Some kind of VPN or PPPoA on your side? Or are you saying paypal has some kind of Tunnel/Route/Whatever which limits THEIR mtu? [SNIP] Oh, initially i wasn't even talking about you, but problems on the remote end where you have no control how they configure their stuff. Then you are forced to employ ugly workarounds on your side. If you check your firewall rules, make sure there is a path for icmp-fragmentation-needed packets. (iptables right table -p icmp --icmp-type fragmentation-needed -j ACCEPT) OK, I'll go with that, but I'm trying to work out logically if I have blocked it. What state are the ICMP fragmentation-needed packets returned? Surely they are RELATED or ESTABLISHED? In that case, I am not blocking them. I only block INVALID and NEW for most ports. [SNIP] I read a little on BT, seems they use PPPoA, and this is terminated on the modem... Hmmm, ATM equipment for PCs is rare, so your router has normal ethernet to the modem and sees an mtu of 1500, while the true mtu is hidden in the modem. And i thought one of the benefits of pppoa was, that the mtu is kept at 1500. Any chance your new hosting service has a funny uplink? (should not, a big site should have a real connection and not a dsl line...) /me is tottaly confused Gnarf, seems this is even a bigger PITA than PPPoE ... Searching for the right mtu turned up a lot of values, does someone know the true mtu of a BT PPPoA link? (note: first and foremost you better find the real mtu of the link, to get a grip on the problem, then one can think about adjusting/tuning it to better match the ATM-part of the connection) The modem faced interface of your router needs the MTU set to the true value. This way your router should not send packets to big (or fragment them), your clients should get an fragmentation-needed when they try to. Using http://www.dslreports.com/tweaks I see that my network is unpingable under the 'ICMP (ping) check' result. That looks bad in view of the above. But it also tells me: Max packet sent (MTU): 1488 Max packet recd (MTU): 1418 Retransmitted packets: 4 sacks you sent: 2 so I guess that 1488 is what I should set my ADSL modem to? [SNIP] Since you are talking about SMTP, so you had problems sending large packets? Then the problem can be on your side, according to my crystal ball ^^. But can be also on the remote side... It's important which packet choked, your outgoing packet or the incoming packet not coming through to you. Are you sure this is a true modem and not also a little router, do you have a non-private ip-address on your router? Maybe its also twiddling some values... Maybe you should go back to sqare one, set everything back to 1500 and then use tcpdump to see where your packets vanish, or how big they are with other known to work sites. Maybe later if there's no joy with the latest stuff I've learnt about something with 145[0-9] from what i read. Or is BT adding another encapsulation like L2TP? I searched the most useful UK broadband users forum for L2TP and only saw references to it in connection with resellers or wholesale. It doesn't look like something that BT are using on my ( other retail customers') connection. Regards Adam
Re: [Dnsmasq-discuss] Feature Request?
I'd like to do something vaguely similar, though in my case it's sending requests in a particular domain to a given pair of servers, only when a vpn is up (e.g. tun0). If the VPN isn't up, those servers are not reachable anyhow. I noticed the 'server=/domain/ipaddr@interface' variant in the docs, but haven't had the time to investigate how it behaves if the interface in question is down. This is also something pdnsd can do, but dnsmasq is a much better tool for my needs in just about every respect, and I'd really prefer not to have to run both. Paul Jorge Bastos wrote: Hi, Simon, i'd like to ask for a feature if not implemented yet. I've saw in other dns/dns proxy servers, the ability to serve an IP when certain DNS host is down/doesn't respond. Is it possible for dnsmasq, to do this, with two parameters, one for on/off the feature, and the 2^nd to specify the host/IP for the response. With this I could for example, inside my network, redirect all broken DNS's to my webserver specifying a host and do a webpage explaining what happened. Is this possible? Thanks in advanced, Jorge PS: I saw it here, and it's something that will be very handy for me, and I'm sure for other because of dns problems. --- *About:* pdnsd is a Proxy DNS server for Linux and FreeBSD that is designed to cope with unreacheable nameservers (e.g. because the dial-in link is not up) in a graceful manner to prevent DNS-dependent applications like Netscape from hanging. It has a permanent disk cache and supports parallel query and a wide variety of link uptests. It also has the ability to serve some local records.
RE: [Dnsmasq-discuss] Feature Request?
Yap, DNSMasq is much better, that's why i'd like to have this feature on it. From: dnsmasq-discuss-boun...@lists.thekelleys.org.uk [mailto:dnsmasq-discuss-boun...@lists.thekelleys.org.uk] On Behalf Of Paul Chambers Sent: segunda-feira, 15 de Setembro de 2008 16:52 To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Feature Request? I'd like to do something vaguely similar, though in my case it's sending requests in a particular domain to a given pair of servers, only when a vpn is up (e.g. tun0). If the VPN isn't up, those servers are not reachable anyhow. I noticed the 'server=/domain/ipaddr@interface' variant in the docs, but haven't had the time to investigate how it behaves if the interface in question is down. This is also something pdnsd can do, but dnsmasq is a much better tool for my needs in just about every respect, and I'd really prefer not to have to run both. Paul Jorge Bastos wrote: Hi, Simon, i'd like to ask for a feature if not implemented yet. I've saw in other dns/dns proxy servers, the ability to serve an IP when certain DNS host is down/doesn't respond. Is it possible for dnsmasq, to do this, with two parameters, one for on/off the feature, and the 2nd to specify the host/IP for the response. With this I could for example, inside my network, redirect all broken DNS's to my webserver specifying a host and do a webpage explaining what happened. Is this possible? Thanks in advanced, Jorge PS: I saw it here, and it's something that will be very handy for me, and I'm sure for other because of dns problems. --- About: pdnsd is a Proxy DNS server for Linux and FreeBSD that is designed to cope with unreacheable nameservers (e.g. because the dial-in link is not up) in a graceful manner to prevent DNS-dependent applications like Netscape from hanging. It has a permanent disk cache and supports parallel query and a wide variety of link uptests. It also has the ability to serve some local records.
[Dnsmasq-discuss] dhcpd.conf
Hi , I 'm trying to implement soalris 10 netboot and install environment Can anybody help me coneverting this section use-host-decl-names on; vendor-option-space SUNW; option SUNW.JumpStart-server jumper:/export/JS/sol10/configs; option SUNW.install-server-hostname jumper; option SUNW.install-server-ip-address 10.31.0.1; option SUNW.install-path /export/JS/sol10/01_06; option SUNW.root-server-hostname jumper; option SUNW.root-server-ip-address 10.31.0.1; option SUNW.root-path-name /export/JS/sol10/01_06/Solaris_10/Tools/Boot; option SUNW.sysid-config-file-server = jumper:/export/JS/sol10/configs/workstation; thanks yogi
