Re: [Dnsmasq-discuss] Dnsmasq-discuss Digest, Vol 138, Issue 13
Bonjour, Le Tue, 22 Nov 2016 17:47:09 + Rahul Jain a écrit: > Hi Albert, thank you for replying. I have access to the source code > of the router and all it's internals. > > I can download the source code of dnsmasq, compile and build it for > the router(not on the router) but I need to run the dnsmasq as a > service which I can't do on mipsel-linux because it doesn't contain > anything equivalent to "service". So I'm generating the binary on a > ubuntu(16.04 LTS) system and using that in the router running > mipsel-linux. Er... If your router does not contain anything equivalent to "service", then there is no point in trying to run "service dnsmasq start" on this router. > On the ubuntu system, when I run dnsmasq with add-mac in the > configuration, I'm able to see EDNS0 option in the dns query. This is > happening only when I installed and run dnsmasq from apt-get. When I > tried to compile it and run it from the same configurations, I'm not > able to see the EDNS0 option. I assume you are talking about some PC with Ubuntu running on it? This is a different system than your router and there is no reason that this PC should behave the same as the router, and you simply cannot infer much from one system to the other. > Now I'm left with two things, one is to > install dnsmasq from the apt-get on mipsel-linux which is not > possible because it does not have apt-get or any other package > manager and the second option being to compile the source for the > router. I suspect this conclusion is premature. For one thing, do you have the right tools to build a binary for your router? Do you know which kernel it runs (not simply the version, but the actual kernel headers)? Do you know which C library it uses? Do you know which compiler toolchain was used to build this system? Do you have all these thinkgs -- kernel, lib, toolchain -- in working order? Can you rebuild the whole router system? If no, then compiling is IMO not a valid option right now. > So for now, I want to compile the dnsmasq source code on my ubuntu > system or for the router, not from the apt-get, and want the EDNS0 > option in the dns query. I believe this is not the right approach to solve your problem (which, IIUC, is to be able to enable the "add-mac" option on the dnsmasq which runs on your router; if this is not what you are actually trying to achieve, then do correct me). First, to run your Ubuntu's own dnsmasq with the add-mac option enabled does not require any compilation; adding a single one-line file at the right place is all it takes -- I've just checked this on the very Xubuntu machine I am writing this mail on. Second, even once you've done it, it will be of no use for the dnsmasq on your router, because your router is not a Ubuntu system, and nothing will happen if you add the same file in the same location -- a location which quite possibly does not even exist on your router. But there are good chances that on that router, there is /another/ location, where adding (or modifying) /another/ file in /another/ way will have the effect you are looking for. My suggestion is that you forget the whole "building on Ubuntu" thing for now, and even the "building" thing at all, and concentrate on your router, to find that location and file which control the options of your router's dnsmasq. As /dev/rob0 and I told you, you are having a system question, not a dnsmasq question. The right way to tackle it is not to look in dnsmasq, but to look in the system (and in the /right/ system). A good start would be to indicate which router it is that you are working on, and which firmware it runs. HTH Amicalement, -- Albert. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Dnsmasq-discuss Digest, Vol 138, Issue 13
Hi Albert, thank you for replying. I have access to the source code of the router and all it's internals. I can download the source code of dnsmasq, compile and build it for the router(not on the router) but I need to run the dnsmasq as a service which I can't do on mipsel-linux because it doesn't contain anything equivalent to "service". So I'm generating the binary on a ubuntu(16.04 LTS) system and using that in the router running mipsel-linux. On the ubuntu system, when I run dnsmasq with add-mac in the configuration, I'm able to see EDNS0 option in the dns query. This is happening only when I installed and run dnsmasq from apt-get. When I tried to compile it and run it from the same configurations, I'm not able to see the EDNS0 option. Now I'm left with two things, one is to install dnsmasq from the apt-get on mipsel-linux which is not possible because it does not have apt-get or any other package manager and the second option being to compile the source for the router. So for now, I want to compile the dnsmasq source code on my ubuntu system or for the router, not from the apt-get, and want the EDNS0 option in the dns query. From: Albert ARIBAUD Sent: Tuesday, November 22, 2016 7:14:08 PM To: Rahul Jain Cc: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Dnsmasq-discuss Digest, Vol 138, Issue 13 Hi Rahul, Le Tue, 22 Nov 2016 05:51:17 + Rahul Jain a écrit: > Hi, thank you for the insight. Actually, I want this implementation > on my router(which is running mipsel-linux), can't just simply > install on it. Therefore, I have to run the binary there but I'm not > getting the MAC address of the connected clients when I add the > add-mac option in the conf file. Ok, so IIUC, you do not have access to the source code of the system installed on your router, and especially you do not have access to the source code and build instructions to rebuild your router's dnsmasq. But you do have access to the router's filesystem, right? So you can inspect its services scripts and find out what it does and why the add-mac option is not passed to dnsmasq. Amicalement, -- Albert. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Bug forward upstream SERVFAIL
On Tue, Nov 22, 2016 at 04:18:55PM +, Chris Novakovic wrote: > On 22/11/16 15:03, Martin Wetterwald wrote: > > We found what we think is a bug (at least a not wanted > > behaviour), but it seems it's actually a feature, when looking at > > commits 4ace25c5 and 51967f980 (pasted at the end of this email). > > 4ace25c5 is a red herring: that provides REFUSED responses with the > behaviour you're looking for. Whether the same behaviour ought to > be applied to SERVFAIL responses is for Simon to decide: the commit > message for 51967f980 isn't clear about why SERVFAIL should be > considered a "successful" upstream response, but I'm sure there was > a reason, and I'm sure he can fill us in. SERVFAIL can sometimes be considered "successful" depending on circumstances. If all the authoritative NS hosts for a zone are returning SERVFAIL for queries, then indeed, that's as best as can be done. But the problem could be on the recursive resolver, such as [for one example] cache poisoning causing DNSSEC validation failure. Unfortunately dnsmasq is not in a position to know which it is. I think the most prudent thing for dnsmasq to do on SERVFAIL is to attempt the query with other upstream servers, if possible. But an answer needs to be provided to the client before its own timeout value. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Bug forward upstream SERVFAIL
On 22/11/16 15:03, Martin Wetterwald wrote: > We found what we think is a bug (at least a not wanted behaviour), but > it seems it's actually a feature, when looking at commits 4ace25c5 and > 51967f980 (pasted at the end of this email). 4ace25c5 is a red herring: that provides REFUSED responses with the behaviour you're looking for. Whether the same behaviour ought to be applied to SERVFAIL responses is for Simon to decide: the commit message for 51967f980 isn't clear about why SERVFAIL should be considered a "successful" upstream response, but I'm sure there was a reason, and I'm sure he can fill us in. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Bug forward upstream SERVFAIL
Hello, At OVH, we use dnsmasq in our product OverTheBox, an OpenWRT based router. We found what we think is a bug (at least a not wanted behaviour), but it seems it's actually a feature, when looking at commits 4ace25c5 and 51967f980 (pasted at the end of this email). If you have say 4 upstreams, and one of them has a problem: it will always give SERVFAIL responses back to dnsmasq. The problem is that dnsmasq will immediately forward the SERVFAIL response back to the client, even if other upstreams are working (providing the SERVFAIL answer is the first to arrive). If dnsmasq has several upstreams, isn't it to make it more robust? Shouldn't dnsmasq try as much as possible to be independent of upstream errors? You will find by Pull Request here: https://github.com/MartinWetterwald/dnsmasq/pull/1/files You could cherry-pick my commit if you agree with this behaviour. Best Regards, Martin Wetterwald commit 51967f9807665dae403f1497b827165c5fa1084b Author: Simon Kelley Date: Tue Mar 25 21:07:00 2014 + SERVFAIL is an expected error return, don't try all servers. commit 4ace25c5d6c30949be9171ff1c524b2139b989d3 Author: Chris Novakovic Date: Mon Jan 25 21:54:35 2016 + Treat REFUSED (not SERVFAIL) as an unsuccessful upstream response Commit 51967f9807665dae403f1497b827165c5fa1084b began treating SERVFAIL as a successful response from an upstream server (thus ignoring future responses to the query from other upstream servers), but a typo in that commit means that REFUSED responses are accidentally being treated as successful instead of SERVFAIL responses. This commit corrects this typo and provides the behaviour intended by commit 51967f9: SERVFAIL responses are considered successful (and will be sent back to the requester), while REFUSED responses are considered unsuccessful (and dnsmasq will wait for responses from other upstream servers that haven't responded yet). ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Dnsmasq-discuss Digest, Vol 138, Issue 13
Hi Rahul, Le Tue, 22 Nov 2016 05:51:17 + Rahul Jain a écrit: > Hi, thank you for the insight. Actually, I want this implementation > on my router(which is running mipsel-linux), can't just simply > install on it. Therefore, I have to run the binary there but I'm not > getting the MAC address of the connected clients when I add the > add-mac option in the conf file. Ok, so IIUC, you do not have access to the source code of the system installed on your router, and especially you do not have access to the source code and build instructions to rebuild your router's dnsmasq. But you do have access to the router's filesystem, right? So you can inspect its services scripts and find out what it does and why the add-mac option is not passed to dnsmasq. Amicalement, -- Albert. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss