Re: [Dnsmasq-discuss] resolve subdomains / name-based vhosts
On Sun, Apr 15, 2012 at 05:29:43PM +0200, go4un...@hushmail.com wrote: the question i have isn't dnsmasq specific, but i hope in this forum are a lot of dns cracks (i call me a newbie). i hav a dyndns account for my dynamic ip, so that i can reach my home lan from the internet. i also have a registered domain. futher i can create in my dyndns account cnames for subdomains. Hostnames, not subdomains. Subdomain implies delegation to another authority. For example, the uk. domain delegates to org.uk. which in turn delegates to thekelleys.org.uk. examples: - - foo1.mydomain.org You probably don't own mydomain.org. Please don't use real domain names as examples. We have example.org (and others) for that. - - foo2.mydomain.org - - foo2.mydomain.org what i have in mind is to run an apache2 server using name-based vhosts for a school. example: - - foo1.mydomain.org - - foo2.mydomain.org - - foo3.mydomain.org now my question is, when a studend uses for example foo1.mydomain.org in his browser, could the browser find my name- based vhost (all vhost are behind the same router (wan-ip), or do i have to configure for each vhost a different port. It seems like one thing you are not understanding is the concept of HTTP virtual hosts. All you have to do in dnsmasq is to list each name with that IP address in /etc/hosts(5): 192.168.16.32 foo1.example.edu 192.168.16.32 foo2.example.edu 192.168.16.32 foo3.example.edu the router runs dnsmasq. does dnsmasq have to find out which subdomain leads to the wan-ip? or is there another possibility to find out, which subdomain leads to the wan-ip? The WAN IP address has nothing to do with this. The whole point of dnsmasq is to have the external names resolve to internal addresses. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject: ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Error returning query result from FreeBSD jail
Am 11.04.2012 21:13, schrieb Simon Kelley: On 11/04/12 19:49, Jan Seiffert wrote: David Nelson schrieb: Hi, I have been trying to get dnsmasq 2.60.1 working on my FreeNAS server within a FreeBSD 8.2 jail without any luck. Dnsmasq is able to receive requests, resolve them either by the local hosts file or external dns servers but then it can't reply back to the enquirer. Running in --no-daemon the logs for a local lookup look like this: dnsmasq: started, version 2.60 cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt no-DBus i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack dnsmasq: reading /etc/resolv.conf dnsmasq: using nameserver 212.23.6.100#53 dnsmasq: using nameserver 212.23.3.100#53 dnsmasq: read /etc/hosts - 5 addresses dnsmasq: query[A] athena from 192.168.x.104 dnsmasq: /etc/hosts athena is 192.168.x.6 dnsmasq: failed to send packet: Invalid argument This is the important line. I guess it's forward.c@113. This means that the FreeBSD kernel is refusing to send send the packet, because he does not like the call parameters. The problem is, that sendmsg takes lots of parameters, thanks to this whole msg foobar. You could try to start dnsmask with the OPT_NOWILD option (i think it's -z) to see if this code path is generating the bad parameters. But i guess the problem runs a little bit deeper. All BSD-Kernel are a bit schizophrenic when it comes to sa_len. On the one hand they inserted the sa_len field into struct sockaddr{|_in|_in6}, on the other hand they are the inventors of the BSD-Socket API which takes some form of sa_len as an extra argument on all functions. And to make matters worse they are a little bit picky. If: a) the sa_len field is not properly set even when it is not used (but the socklen_t passed into the API) OR b) the socklen_t passed into the API is not _exactly_ appropriate for the AF_FAMILIY of the fd you get an EINVAL. The last point means you get an EINVAL error if you tell the kernel i have space for 16 bytes (you have unified addresses storage), but it is only an ipv4 socket, so it expects 4 byte. (when i found this out i was ... dissatisfied.) I think the dnsmasq code is to blame here. First in util.c we have the sa_len function. It returns the sa_len field for OS which have it. Instead it should strictly go by sa_family, no matter what the OS. And second, i can not find any place in the 2.60 source code which actually sets the sa_len field, so it is probably sometimes mem garbage. You're greping for the wrong thing: the field is set using the sin_len or sin6_len union elements. It will be something like this, but if it was the address that was wrong, it would fail when --bind-interfaces is set too, and it doesn't (Dave mailed me off list). There must be something wrong with the parameters sent only when setting the source address, or maybe that's not possible in a jail? The jail is a security compartment and doesn't permit, for one, raw sockets without further ado, or communication using an address not assigned to the jail. The FreeBSD man pages are available online, see, for instance: http://www.freebsd.org/cgi/man.cgi?query=jail or the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html I don't have time to dig deeper right now, but I suspect that this explains the jailed behaviour -- do I read your paraphrase of Dave's mail correctly as --bind-interfaces fixes this? ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] resolve subdomains / name-based vhosts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello rob0 Thank you for your answer. You are right. I realize that my knowledge about dns and vhosts has big gaps. So i'm going to learn more about the concept of HTTP virtual hosts. But my i ask you another question related to you last explanation: The WAN IP address has nothing to do with this. The whole point of dnsmasq is to have the external names resolve to internal addresses. Why does the WAN IP Address nothing to do with this? Let's say a student is at home using his laptop/browser to access foo1.example.edu. Let's say a have registered example.edu as a domain and uses dyn.com name-servers, so that foo1.example.edu leads to my WAN IP address (my router). So, even the WAN IP address is necessary to find my router from the WAN site, the WAN IP isn't involved in finding foo1.example.edu. If you have the time, could you explain it in more detail. SORRY for my english! Kind regards, go4unkwn On Sun, 15 Apr 2012 18:18:30 +0200 /dev/rob0 r...@gmx.co.uk wrote: On Sun, Apr 15, 2012 at 05:29:43PM +0200, go4un...@hushmail.com wrote: the question i have isn't dnsmasq specific, but i hope in this forum are a lot of dns cracks (i call me a newbie). i hav a dyndns account for my dynamic ip, so that i can reach my home lan from the internet. i also have a registered domain. futher i can create in my dyndns account cnames for subdomains. Hostnames, not subdomains. Subdomain implies delegation to another authority. For example, the uk. domain delegates to org.uk. which in turn delegates to thekelleys.org.uk. examples: - - foo1.mydomain.org You probably don't own mydomain.org. Please don't use real domain names as examples. We have example.org (and others) for that. - - foo2.mydomain.org - - foo2.mydomain.org what i have in mind is to run an apache2 server using name-based vhosts for a school. example: - - foo1.mydomain.org - - foo2.mydomain.org - - foo3.mydomain.org now my question is, when a studend uses for example foo1.mydomain.org in his browser, could the browser find my name- based vhost (all vhost are behind the same router (wan-ip), or do i have to configure for each vhost a different port. It seems like one thing you are not understanding is the concept of HTTP virtual hosts. All you have to do in dnsmasq is to list each name with that IP address in /etc/hosts(5): 192.168.16.32 foo1.example.edu 192.168.16.32 foo2.example.edu 192.168.16.32 foo3.example.edu the router runs dnsmasq. does dnsmasq have to find out which subdomain leads to the wan-ip? or is there another possibility to find out, which subdomain leads to the wan-ip? The WAN IP address has nothing to do with this. The whole point of dnsmasq is to have the external names resolve to internal addresses. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject: ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAk+Lns0ACgkQYr9Phlyi5dSdYQP/cBzUTtoh77oXiAty1hmsYCfRv9sd tsZ8EL8uHj3RBXOpiKLKo4MdYp9hRqdBW5x7N1KVot9ggz2Xu7qdO1ujaue9q6+No8GV 7SG9UVTQBbYHTC9c3eQi+yww1WG+PJKYMDZJwYG+xEtwbNGtpIm+xMaPSCXvmZD61lSv 5APw3CU= =aWpE -END PGP SIGNATURE- ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss