Re: [Dnsmasq-discuss] Feature request: block certain domain's A/AAAA/MX record
Thanks for your advice. Clients including Windows PC, Mac, Android Phone, iPhone etc. Not every device are mine so it's impossible to config on every device. On Nov 25, 2014 6:42 PM, "klondike" wrote: > El 25/11/14 03:13, 喵喵 escribió: > > Hello there, > > > > First of all, sorry for my improving English. > > I'd like to request a feature that user can block a certain domain's > > A//MX record. > > I am using tomato firmware with dnsmasq built in. Since I live in > > China and I use HE.net's free IPv6 tunnelbroker to gain IPv6 internet > > connectivity. But there's a problem, when I visit a site in China > > which has IPv4/v6 dual stack, browsers and other apps will try to > > connect via IPv6 first, that will be much slower than using IPv4. So > > if you guys can introduce a feature that block a certain domain's > > record, that will be very helpful for me. > > Thanks for your time, have a good day. > Just set the preferences on your client computer. On linux using glibc > this is done in the gai.conf file > > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Cannot set edns-packet-max < 4096 with DNSSEC enabled
dnsmasq refuses to honor an --edns-packet-max option less than EDNS_PKTSZ == 4096: #ifdef HAVE_DNSSEC /* Enforce min packet big enough for DNSSEC */ if (option_bool(OPT_DNSSEC_VALID) && daemon->edns_pktsz < EDNS_PKTSZ) daemon->edns_pktsz = EDNS_PKTSZ; #endif Since 4096 is already the default value if --edns-packet-max is not specified, and no standard requires a minimum of 4096, I think this check should be deleted so that a user can force dnsmasq to advertise a lower UDP payload size if they know that TCP fallback is working better than UDP fragments. (The context is that I’m trying to debug a problem with Comcast’s IPv6 DNS servers, which seem unable to send me large UDP packets: $ dig +short +bufsize=4096 +dnssec @2001:558:feed::1 org -t dnskey ;; connection timed out; no servers could be reached $ dig +short +bufsize=1500 +dnssec @2001:558:feed::1 org -t dnskey ;; Truncated, retrying in TCP mode. 256 3 7 AwEAAXQRcjCcYDIZTLZZq46iF8oUX+c15GVdbszCa2RrrPz7yWEWAhu1 […] 257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1b […] 257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMc […] 256 3 7 AwEAAal0CL9S++dL7Yg1BcHGOv0m3faUwZW9FuBW7ZsJTUnvFtUws17E […] DNSKEY 7 1 900 20141208155603 20141117145603 9795 org. ScWxHC+pzp[…] DNSKEY 7 1 900 20141208155603 20141117145603 21366 org. AlSsJz93j[…] DNSKEY 7 1 900 20141208155603 20141117145603 60764 org. RySS8Ft6P[…] The IPv4 DNS servers work better, but that doesn’t help dnsmasq because it only sends DNSSEC queries back to the same server that gave it the reply, which in my case is usually an IPv6 server.) Anders ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Feature request: block certain domain's A/AAAA/MX record
El 25/11/14 03:13, 喵喵 escribió: > Hello there, > > First of all, sorry for my improving English. > I'd like to request a feature that user can block a certain domain's > A//MX record. > I am using tomato firmware with dnsmasq built in. Since I live in > China and I use HE.net's free IPv6 tunnelbroker to gain IPv6 internet > connectivity. But there's a problem, when I visit a site in China > which has IPv4/v6 dual stack, browsers and other apps will try to > connect via IPv6 first, that will be much slower than using IPv4. So > if you guys can introduce a feature that block a certain domain's > record, that will be very helpful for me. > Thanks for your time, have a good day. Just set the preferences on your client computer. On linux using glibc this is done in the gai.conf file signature.asc Description: OpenPGP digital signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Feature request: block certain domain's A/AAAA/MX record
On Tue, 2014-11-25 at 10:13 +0800, 喵喵 wrote: > Hello there, > > > > First of all, sorry for my improving English. > > > I'd like to request a feature that user can block a certain domain's > A//MX record. > > > I am using tomato firmware with dnsmasq built in. Since I live in > China and I use HE.net's free IPv6 tunnelbroker to gain IPv6 internet > connectivity. But there's a problem, when I visit a site in China > which has IPv4/v6 dual stack, browsers and other apps will try to > connect via IPv6 first, that will be much slower than using IPv4. So > if you guys can introduce a feature that block a certain domain's > record, that will be very helpful for me. > Hello, Quick question then: what would be the point of using an IPv6 tunnelbroker then? > > Thanks for your time, have a good day. > > > > Erwin > > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Feature request: block certain domain's A/AAAA/MX record
Thanks for your reply. As you may already know, our government has blocked many websites, including Google, YouTube and Facebook (see: https://en.wikipedia.org/wiki/Internet_censorship_in_China). Using tunnelbroker to gain IPv6 connectivity is a easy way to bypass such restrictions. The problem I mention above is such small side effect. If dnsmasq can introduce this feature that will certainly helps me. 2014-11-25 17:40 GMT+08:00 samlt : > On Tue, 2014-11-25 at 10:13 +0800, 喵喵 wrote: > > Hello there, > > > First of all, sorry for my improving English. > > I'd like to request a feature that user can block a certain domain's > A//MX record. > > I am using tomato firmware with dnsmasq built in. Since I live in China > and I use HE.net's free IPv6 tunnelbroker to gain IPv6 internet > connectivity. But there's a problem, when I visit a site in China which has > IPv4/v6 dual stack, browsers and other apps will try to connect via IPv6 > first, that will be much slower than using IPv4. So if you guys can > introduce a feature that block a certain domain's record, that will be > very helpful for me. > > > Hello, > > Quick question then: what would be the point of using an IPv6 tunnelbroker > then? > > > Thanks for your time, have a good day. > > > Erwin > > ___ > Dnsmasq-discuss mailing > listdnsmasq-disc...@lists.thekelleys.org.ukhttp://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Antwort: Re: MX resolving on each request
On 11/25/14 03:06, Christoph Kaminski wrote: which dnsmasq alternative can do this? Use a recursive and caching resolver such as Unbound or BIND. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Antwort: Re: MX resolving on each request
which dnsmasq alternative can do this? MfG Christoph Kaminski Von:Simon Kelley An: dnsmasq-discuss@lists.thekelleys.org.uk Datum: 24.11.2014 23:22 Betreff:Re: [Dnsmasq-discuss] MX resolving on each request Gesendet von: "Dnsmasq-discuss" On 24/11/14 15:02, Christoph Kaminski wrote: > Hi > > it is normal that dnsmasq tries to resolve the MX record on each request > to the forwarder? > how can I turn it off? > It is possible to cache this to? > > the goal is to make a local caching server what is able 'to survive' some > time without any forwarder... it is possible? > Yes, but not with dnsmasq. The cache is limited, by history and design, to A, , CNAME and (some) PTR records. Everything else gets answered, but not cached. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss www.biotronik.com BIOTRONIK - excellence for life Established with the development of the first German pacemaker in 1963, BIOTRONIK has upheld the highest quality standards in the fields of cardiac rhythm management and vascular intervention in more than 100 countries worldwide. We’ve developed advanced technologies and products such as BIOTRONIK Home Monitoring®, Closed Loop Stimulation (CLS) and Orsiro, the industry’s first hybrid drug eluting stent. BIOTRONIK also offers the broadest portfolio of cardiac devices with ProMRI®, an advanced technology that gives patients access to magnetic resonance (MR) scanning. BIOTRONIK SE & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Geschäftsführende Direktoren: Christoph Böhmer, Dr. Lothar Krings This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss