Re: [Dnsmasq-discuss] resolve subdomains / name-based vhosts
On Sun, Apr 15, 2012 at 05:29:43PM +0200, go4un...@hushmail.com wrote: the question i have isn't dnsmasq specific, but i hope in this forum are a lot of dns cracks (i call me a newbie). i hav a dyndns account for my dynamic ip, so that i can reach my home lan from the internet. i also have a registered domain. futher i can create in my dyndns account cnames for subdomains. Hostnames, not subdomains. Subdomain implies delegation to another authority. For example, the uk. domain delegates to org.uk. which in turn delegates to thekelleys.org.uk. examples: - - foo1.mydomain.org You probably don't own mydomain.org. Please don't use real domain names as examples. We have example.org (and others) for that. - - foo2.mydomain.org - - foo2.mydomain.org what i have in mind is to run an apache2 server using name-based vhosts for a school. example: - - foo1.mydomain.org - - foo2.mydomain.org - - foo3.mydomain.org now my question is, when a studend uses for example foo1.mydomain.org in his browser, could the browser find my name- based vhost (all vhost are behind the same router (wan-ip), or do i have to configure for each vhost a different port. It seems like one thing you are not understanding is the concept of HTTP virtual hosts. All you have to do in dnsmasq is to list each name with that IP address in /etc/hosts(5): 192.168.16.32 foo1.example.edu 192.168.16.32 foo2.example.edu 192.168.16.32 foo3.example.edu the router runs dnsmasq. does dnsmasq have to find out which subdomain leads to the wan-ip? or is there another possibility to find out, which subdomain leads to the wan-ip? The WAN IP address has nothing to do with this. The whole point of dnsmasq is to have the external names resolve to internal addresses. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject: ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Error returning query result from FreeBSD jail
Am 11.04.2012 21:13, schrieb Simon Kelley:
On 11/04/12 19:49, Jan Seiffert wrote:
David Nelson schrieb:
Hi,
I have been trying to get dnsmasq 2.60.1 working on my FreeNAS server
within a FreeBSD 8.2 jail without any luck.
Dnsmasq is able to receive requests, resolve them either by the local
hosts file or external dns servers but then it can't reply back to
the enquirer.
Running in --no-daemon the logs for a local lookup look like this:
dnsmasq: started, version 2.60 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus i18n IDN DHCP
DHCPv6 no-Lua TFTP no-conntrack
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 212.23.6.100#53
dnsmasq: using nameserver 212.23.3.100#53
dnsmasq: read /etc/hosts - 5 addresses
dnsmasq: query[A] athena from 192.168.x.104
dnsmasq: /etc/hosts athena is 192.168.x.6
dnsmasq: failed to send packet: Invalid argument
This is the important line. I guess it's forward.c@113.
This means that the FreeBSD kernel is refusing to send send the
packet, because he
does not like the call parameters.
The problem is, that sendmsg takes lots of parameters, thanks to this
whole msg
foobar.
You could try to start dnsmask with the OPT_NOWILD option (i think
it's -z) to see if
this code path is generating the bad parameters.
But i guess the problem runs a little bit deeper.
All BSD-Kernel are a bit schizophrenic when it comes to sa_len. On the
one hand
they inserted the sa_len field into struct sockaddr{|_in|_in6}, on the
other hand
they are the inventors of the BSD-Socket API which takes some form of
sa_len as
an extra argument on all functions.
And to make matters worse they are a little bit picky. If:
a) the sa_len field is not properly set even when it is not used (but the
socklen_t passed into the API) OR
b) the socklen_t passed into the API is not _exactly_ appropriate for
the AF_FAMILIY
of the fd
you get an EINVAL.
The last point means you get an EINVAL error if you tell the kernel i
have space for
16 bytes (you have unified addresses storage), but it is only an
ipv4 socket, so it
expects 4 byte. (when i found this out i was ... dissatisfied.)
I think the dnsmasq code is to blame here. First in util.c we have the
sa_len function.
It returns the sa_len field for OS which have it. Instead it should
strictly go by
sa_family, no matter what the OS. And second, i can not find any place
in the 2.60 source
code which actually sets the sa_len field, so it is probably sometimes
mem garbage.
You're greping for the wrong thing: the field is set using the sin_len
or sin6_len union elements.
It will be something like this, but if it was the address that was
wrong, it would fail when --bind-interfaces is set too, and it doesn't
(Dave mailed me off list). There must be something wrong with the
parameters sent only when setting the source address, or maybe that's
not possible in a jail?
The jail is a security compartment and doesn't permit, for one, raw
sockets without further ado, or communication using an address not
assigned to the jail.
The FreeBSD man pages are available online, see, for instance:
http://www.freebsd.org/cgi/man.cgi?query=jail
or the handbook:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html
I don't have time to dig deeper right now, but I suspect that this
explains the jailed behaviour -- do I read your paraphrase of Dave's
mail correctly as --bind-interfaces fixes this?
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] resolve subdomains / name-based vhosts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello rob0 Thank you for your answer. You are right. I realize that my knowledge about dns and vhosts has big gaps. So i'm going to learn more about the concept of HTTP virtual hosts. But my i ask you another question related to you last explanation: The WAN IP address has nothing to do with this. The whole point of dnsmasq is to have the external names resolve to internal addresses. Why does the WAN IP Address nothing to do with this? Let's say a student is at home using his laptop/browser to access foo1.example.edu. Let's say a have registered example.edu as a domain and uses dyn.com name-servers, so that foo1.example.edu leads to my WAN IP address (my router). So, even the WAN IP address is necessary to find my router from the WAN site, the WAN IP isn't involved in finding foo1.example.edu. If you have the time, could you explain it in more detail. SORRY for my english! Kind regards, go4unkwn On Sun, 15 Apr 2012 18:18:30 +0200 /dev/rob0 r...@gmx.co.uk wrote: On Sun, Apr 15, 2012 at 05:29:43PM +0200, go4un...@hushmail.com wrote: the question i have isn't dnsmasq specific, but i hope in this forum are a lot of dns cracks (i call me a newbie). i hav a dyndns account for my dynamic ip, so that i can reach my home lan from the internet. i also have a registered domain. futher i can create in my dyndns account cnames for subdomains. Hostnames, not subdomains. Subdomain implies delegation to another authority. For example, the uk. domain delegates to org.uk. which in turn delegates to thekelleys.org.uk. examples: - - foo1.mydomain.org You probably don't own mydomain.org. Please don't use real domain names as examples. We have example.org (and others) for that. - - foo2.mydomain.org - - foo2.mydomain.org what i have in mind is to run an apache2 server using name-based vhosts for a school. example: - - foo1.mydomain.org - - foo2.mydomain.org - - foo3.mydomain.org now my question is, when a studend uses for example foo1.mydomain.org in his browser, could the browser find my name- based vhost (all vhost are behind the same router (wan-ip), or do i have to configure for each vhost a different port. It seems like one thing you are not understanding is the concept of HTTP virtual hosts. All you have to do in dnsmasq is to list each name with that IP address in /etc/hosts(5): 192.168.16.32 foo1.example.edu 192.168.16.32 foo2.example.edu 192.168.16.32 foo3.example.edu the router runs dnsmasq. does dnsmasq have to find out which subdomain leads to the wan-ip? or is there another possibility to find out, which subdomain leads to the wan-ip? The WAN IP address has nothing to do with this. The whole point of dnsmasq is to have the external names resolve to internal addresses. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject: ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAk+Lns0ACgkQYr9Phlyi5dSdYQP/cBzUTtoh77oXiAty1hmsYCfRv9sd tsZ8EL8uHj3RBXOpiKLKo4MdYp9hRqdBW5x7N1KVot9ggz2Xu7qdO1ujaue9q6+No8GV 7SG9UVTQBbYHTC9c3eQi+yww1WG+PJKYMDZJwYG+xEtwbNGtpIm+xMaPSCXvmZD61lSv 5APw3CU= =aWpE -END PGP SIGNATURE- ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
