Re: [Dnsmasq-discuss] DNS TTL for responses based on DHCP leases
Hi Simon, Thanks a lot for your effort! I've just built the latest source from git and I'm quite happy with the changes, i.e. I can confirm that --dhcp-ttl and the new host-record additions work well for me. I've noticed that replies which get their TTL from the dhcp-ttl option always get the TTL specified in dhcp-ttl. I'd prefer something like max(0, min(, - )). Otherwise, dns might hand out a high TTL for a dhcp-lease which expires one second later. Do you think that's feasible? Cheers, Lorin On Wed, 24 Feb 2016 at 23:12 Simon Kelley wrote: > I just pushed changes to git which > > 1) Support the TTL parameter in --host-record and --cname > > 2) Add --dhcp-ttl, which overrides --local-ttl but only for DHCP-derived > information. > > Between those, I think you should be able configure something suitable. > > > Cheers, > > Simon. > > > On 12/02/16 21:56, Lorin Weilenmann wrote: > > Hi Simon, > > > > Thanks for taking the time and for your reply! > > > >>> You've almost answered your own question: the reason that the TTL is > >>> zero unless over-ridden is that a client can send a DHCP-RELEASE at > >>> any time: just because a DHCP lease of length n seconds currently > >>> exists, that doesn't guarantee that the lease will not be terminated > >>> long before, and the associated name and/or address re-used. > > > > This is a possible scenario, but a DNS TTL doesn't guarantee that the > > record won't change for TTL seconds (otherwise, you could never change a > > DNS record with TTL > 0 :-) ). But even if a client sends a DHCP-RELEASE > > it's unlikely for the IP to be assigned to another client until the dns > ttl > > expires - at least in environments where the dhcp pool is sufficiently > > large. A dns client with a cached entry that has been released would try > to > > connect to a non-responsive IP, rather than getting nxdomain from > dnsmasq, > > which usually results in the same behavior. Nevertheless, I agree that my > > argument is far perfect. > > > >>> There's > >>> another case where this can happen, which is if a new DHCP lease > >>> arrives, declaring that the client has a name which is already in use > >>> with another DHCP lease. In that case the new lease "steals" the name > >> >from the existing lease, and an IP-name association is abruptly ended > >>> with no warning. > > This might lead to a delta between the cache on the client and dnsmasq, > but > > the client's record is still valid (as in: a host with the given fqdn > > responds to the IP in the cache). Its the nature of caches to produce > > results which may differ from the actual "source of truth". > > > > However, your proposal to my next point got me thinking: What would you > say > > about extending the --dhcp-range option to the following: > > > > > --dhcp-range=[tag:[,tag:],][set:,][,][,][,[,]][, > time>[,]] > > > > (note that could only be specified if was given > > because otherwise it would not be possible to differentiate between the > two) > > > > Alternatively, there could be an new option: > > > > --dhcp-dns-ttl=[tag:,[tag:,]] > > > > The actual TTL in DNS answers would be calculated as: > > max(<--local-ttl>, + - ). > > Alternatively (if that's easier), you could just put the DHCP fqdn into > the > > DNS cache with TTL . Once once the cache entry expires, dnsmasq > > would return to resolve the name from "local sources" and use a TTL > > speficied in --local-ttl. (This would only work if dnsmasq first looks in > > the cache for a dns result, which I don't know). > > > >>> Rather than re-purpose comments in /etc/hosts files, how about > >>> extending the dnsmasq host-record config option? [...] > >>> > --host-record=[,],[],[],[TTL] > >>> > >>> would be easy, since distinguishing an IPv4 pr IPv6 address from a TTL > >>> is deterministic. > > > > I like this proposal very much. It's much better than parsing comments > of a > > hosts file. > > > > Cheers, > > Lorin > > > > > > > > ___ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss@lists.thekelleys.org.uk > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Facing compilation issue with dnsmasq
Hi, I just downloaded the dnsmasq latest version from GIT and facing the below error when i compile. Please suggest to resolve this. hadmin@ICSCHELAP1003:~/Mari$ git clone https://github.com/guns/dnsmasq Cloning into 'dnsmasq'... remote: Counting objects: 7776, done. remote: Total 7776 (delta 0), reused 0 (delta 0), pack-reused 7776 Receiving objects: 100% (7776/7776), 7.88 MiB | 23.00 KiB/s, done. Resolving deltas: 100% (5206/5206), done. Checking connectivity... done. root@ICSCHELAP1003:/home/hadmin/Mari/dnsmasq# make install Package libidn was not found in the pkg-config search path. Perhaps you should add the directory containing `libidn.pc' to the PKG_CONFIG_PATH environment variable No package 'libidn' found Package libidn was not found in the pkg-config search path. Perhaps you should add the directory containing `libidn.pc' to the PKG_CONFIG_PATH environment variable No package 'libidn' found make[1]: Entering directory `/home/hadmin/Mari/dnsmasq/src' cc -Wall -W -O2 -DLOCALEDIR='"/opt/dnsmasq/share/locale"' -DVERSION='"2.69test3-546-gfe3d87f"' -c util.c util.c:28:18: fatal error: idna.h: No such file or directory compilation terminated. make[1]: *** [util.o] Error 1 make[1]: Leaving directory `/home/hadmin/Mari/dnsmasq/src' make: *** [all-i18n] Error 2 Do i have to build the libidn first, if yes from where to compile ? Here is my system config: Ubuntu 14.04 kernel version - 3.13.0-32-generic H/w: Intel core - i3-4030U CPU @ 1.90GHz * 4 Memory - 3.8GB OS type - 64 bit Thanks, Mari. This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify so to the sender by e-mail and delete the original message. In such cases, please notify us immediately at i...@infinite.com . Further, you are not to copy, disclose, or distribute this e-mail or its contents to any unauthorized person(s) .Any such actions are considered unlawful. This e-mail may contain viruses. Infinite has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachments. Infinite reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infinite e-mail system. ***INFINITE End of DisclaimerINFINITE ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Facing compilation issue with dnsmasq
On Thu, Feb 25, 2016 at 12:04:11PM +, Mariappan Rajendran wrote: > I just downloaded the dnsmasq latest version from GIT and facing > the below error when i compile. > Please suggest to resolve this. > > hadmin@ICSCHELAP1003:~/Mari$ git clone https://github.com/guns/dnsmasq > Cloning into 'dnsmasq'... > remote: Counting objects: 7776, done. > remote: Total 7776 (delta 0), reused 0 (delta 0), pack-reused 7776 > Receiving objects: 100% (7776/7776), 7.88 MiB | 23.00 KiB/s, done. > Resolving deltas: 100% (5206/5206), done. > Checking connectivity... done. > > > root@ICSCHELAP1003:/home/hadmin/Mari/dnsmasq# make install > Package libidn was not found in the pkg-config search path. > Perhaps you should add the directory containing `libidn.pc' > to the PKG_CONFIG_PATH environment variable > No package 'libidn' found snip > Do i have to build the libidn first, if yes from where to compile ? > > Here is my system config: > Ubuntu 14.04 kernel version - 3.13.0-32-generic Ubuntu provides a libidn package. You simply need to install it; there might be one called "libidn-devel" which contains the header files needed at compile time. While you're at it you should review your environment to be sure other compile-time needs are met. Ubuntu probably provides a metapackage which will do this. You might also consider learning how to build a .deb so your installed software can be managed by your OS packaging system. Consult Ubuntu documentation for help with these issues. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] IP filtering
Hello, I'm wondering if can meet some of my requirements What I can do 1 ) Clients are using DNSMAQ for DNS requests 2 ) dnsmask forwards to another dns (like google but no matter) 3 ) IP returned is changed by dnsmask by another, I know I can do that without problem for domains but for a specific IP ? My goal is very "simple" I want replace some IP addresses by another in DNS request, but these addresses can be related with many unknowns domains. Eg: I don't want any resolution with 212.27.48.10, no matter the domain (in this case free.fr but should be google.com or another) I can do that with dnsmasq and which tools if not ? Regards ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] IP filtering
Check out the --alias option: -V, --alias=[]|[-],[,] Modify IPv4 addresses returned from upstream nameservers; old-ip is replaced by new-ip. If the optional mask is given then any address which matches the masked old-ip will be re-written. So, for instance --alias=1.2.3.0,6.7.8.0,255.255.255.0 will map 1.2.3.56 to 6.7.8.56 and 1.2.3.67 to 6.7.8.67. This is what Cisco PIX routers call "DNS doctoring". If the old IP is given as range, then only addresses in the range, rather than a whole subnet, are re-written. So --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40 Cheers! On Thu, 25 Feb 2016 at 15:46 FredB wrote: > Hello, > > I'm wondering if can meet some of my requirements > > What I can do > > 1 ) Clients are using DNSMAQ for DNS requests > 2 ) dnsmask forwards to another dns (like google but no matter) > 3 ) IP returned is changed by dnsmask by another, I know I can do that > without problem for domains but for a specific IP ? > > My goal is very "simple" I want replace some IP addresses by another in > DNS request, but these addresses can be related with many unknowns domains. > Eg: I don't want any resolution with 212.27.48.10, no matter the domain > (in this case free.fr but should be google.com or another) > > I can do that with dnsmasq and which tools if not ? > > Regards > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Can DNS return IPs for inactive static DHCP records?
Say I have host fred, with ip address 1.2.3.4. I could do: dhcp-host=11:22:33:44:55:66,fred,1.2.3.4 so that fred always gets 1.2.3.4 when it asks. But as far as I can tell, unless fred has an active lease, DNS lookups for fred will fail. Right now it looks like I need to also do: host-record=fred,1.2.3.4 to get DNS to answer the query if fred has gone missing. Do I really need to have 2 directives to cover both cases? It would be nice if a dhcp-host entry with a fixed IP address would always result in a host record, so I could query the IP IP address of a hostname even if that host has no active lease. This would also cover the case where a host has a static IP configured within the host and never asks for a DHCP lease. Are the 2 lines above required (or even correct), or is there a better way to do this? Or am I doing something dumb here? Thanks, -Eric ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Facing compilation issue with dnsmasq
Yes it is resolved after installing the libidn package. Thanks a lot. -Original Message- From: /dev/rob0 Sent: Thursday, February 25, 2016 7:26 PM To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Facing compilation issue with dnsmasq On Thu, Feb 25, 2016 at 12:04:11PM +, Mariappan Rajendran wrote: I just downloaded the dnsmasq latest version from GIT and facing the below error when i compile. Please suggest to resolve this. hadmin@ICSCHELAP1003:~/Mari$ git clone https://github.com/guns/dnsmasq Cloning into 'dnsmasq'... remote: Counting objects: 7776, done. remote: Total 7776 (delta 0), reused 0 (delta 0), pack-reused 7776 Receiving objects: 100% (7776/7776), 7.88 MiB | 23.00 KiB/s, done. Resolving deltas: 100% (5206/5206), done. Checking connectivity... done. root@ICSCHELAP1003:/home/hadmin/Mari/dnsmasq# make install Package libidn was not found in the pkg-config search path. Perhaps you should add the directory containing `libidn.pc' to the PKG_CONFIG_PATH environment variable No package 'libidn' found snip Do i have to build the libidn first, if yes from where to compile ? Here is my system config: Ubuntu 14.04 kernel version - 3.13.0-32-generic Ubuntu provides a libidn package. You simply need to install it; there might be one called "libidn-devel" which contains the header files needed at compile time. While you're at it you should review your environment to be sure other compile-time needs are met. Ubuntu probably provides a metapackage which will do this. You might also consider learning how to build a .deb so your installed software can be managed by your OS packaging system. Consult Ubuntu documentation for help with these issues. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify so to the sender by e-mail and delete the original message. In such cases, please notify us immediately at i...@infinite.com . Further, you are not to copy, disclose, or distribute this e-mail or its contents to any unauthorized person(s) .Any such actions are considered unlawful. This e-mail may contain viruses. Infinite has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachments. Infinite reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infinite e-mail system. ***INFINITE End of DisclaimerINFINITE ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
