[Dnsmasq-discuss] ipset add ipv6 address to ipv4 sets.
So. i have local=/google.com/8.8.8.8 ipset=/google.com/proxy when "curl google.com" dnsmasq log shows: ipset add proxy 142.250.217.142 google.com ipset add proxy 2607:f8b0:4007:818::200e google.com looks like dnsmasq does not check the SETNAME "proxy" is ipv4 or ipv6. so "ipset add proxy 2607:f8b0:4007:818::200e google.com" is not going to work. while on ipset command: "ipset create testname hash:net" by default creates an ipv4 family. there seems to be no way to create a SETNAME that contains both ipv4 and ipv6 family. finally, my suggestion: can dnsmasq check and SETNAME family and don't try to add ipv4 or ipv6 ip to wrong family? thanks ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] strict-order with no-resolv; multi ignore-address
3) --all-servers says: By default, when dnsmasq has more than one up‐ stream server available, it will send queries to just one server. --strict-order says: By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. what on earth is the default behavior? On Sun, Jan 9, 2022 at 13:46 Justin wrote: > Hello > > I have 2 questions: > > 1) > > if no-resolv is set, will stric-order apply to > server=dns1 > server=dns2 > ... > > on man page, it only mentions /etc/resolv.conf > > 2) > > can i have multiple ignore-address= ? > > > > -- > > Regards > Justin He > -- Regards Justin He ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] strict-order with no-resolv; multi ignore-address
Hello I have 2 questions: 1) if no-resolv is set, will stric-order apply to server=dns1 server=dns2 ... on man page, it only mentions /etc/resolv.conf 2) can i have multiple ignore-address= ? -- Regards Justin He ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] [PATCH] Addressing hostsdir shortcomings
Hey Simon,
dnsmasq v2.73 added --hostsdir which is an efficient way of re-
loading only parts of the cache. When we tried to use hostsdir
yesterday, we identified three problems. They are described
below. Patches addressing them are attached.
--- ISSUE 1 --- Logging imprecision
Assume you have multiple files in hostsdir, dnsmasq can only log
the directory not the file that was the real source:
dnsmasq: read /home/test/hostsdir/hosts1 - 1 addresses
dnsmasq: read /home/test/hostsdir/hosts2 - 1 addresses
dnsmasq: read /home/test/hostsdir/hosts3 - 1 addresses
dnsmasq: 1 127.0.0.1/34170 query[A] aaa from 127.0.0.1
dnsmasq: 1 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2
dnsmasq: 1 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.1
dnsmasq: 1 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2
This happens because the cache entries all use the same index
that is the directory name.
--- ISSUE 2 --- Outdated entries are not removed
When hostsdir re-reads the file, it does not remove outdated
entries. Assume you modify "192.168.1.1 aaa" to "192.168.1.2
aaa", dnsmasq will now serve two A records for "aaa". This may be
considered okay, however, if I add "192.168.1.1 bbb", PTR
requests for this domain will still be replied with "aaa" which
might be completely outdated information.
--- ISSUE 3 --- Ever growing replies under certain situations
When a users uses an editor that creates (temporary) files during
editing (like "sed -i") or uses a script that writes files line
by line (like "echo '' >> file"), they can quickly end up with
strange things like
dnsmasq: 3 127.0.0.1/34170 query[A] aaa from 127.0.0.1
dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2
dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.1
dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2
dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2
dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2
dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2
dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2
dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2
dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2
which is not very meaningful. We check for duplicates before
inserting into the cache, however, duplicate checking can be
foiled here: add_hosts_entry() calls cache_find_by_name() only
once (say it returned "192.168.1.1") so the memcmp() on the
address fails and we can add an arbitrary amount of 192.168.1.2
entries.
For addressing issue 1, I added a new struct *dyndir having a
linked list of struct *hostsfile. With this, cache_insert() can
get the correct index. If a file is newly added, we just add a
new *hostsfile entry to the list (index++).
Issue 2 is an easy one as we can selectively clean the cache when
we know the uid to be removed. This can be called before running
read_hostsfile() to insert new stuff. I added MOVE_FROM and
DELETE to inotify_add_watch() so we catch if a file was removed.
In this case, we only remove old entries.
Issue 3 is fixed by adding a loop over cache_find_by_name() in
add_hosts_entry() to check possible multiple records.
Best,
Dominik
[sent earlier as
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015704.html,
resubmitting patches rebased on latest master]
From 7873cc3dbfce3edeb534bf4d0a0030894aaa152a Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Wed, 29 Sep 2021 08:22:05 +0200
Subject: [PATCH 1/3] Extend hostsdir to store the individual files as sources
for loggin
Signed-off-by: DL6ER
---
src/cache.c | 9 +++--
src/dnsmasq.h | 13 ++-
src/inotify.c | 103 ++
src/option.c | 40
4 files changed, 111 insertions(+), 54 deletions(-)
diff --git a/src/cache.c b/src/cache.c
index 246c3f2..e86d69b 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1839,6 +1839,7 @@ void dump_cache(time_t now)
char *record_source(unsigned int index)
{
struct hostsfile *ah;
+ struct dyndir *dd;
if (index == SRC_CONFIG)
return "config";
@@ -1850,9 +1851,11 @@ char *record_source(unsigned int index)
return ah->fname;
#ifdef HAVE_INOTIFY
- for (ah = daemon->dynamic_dirs; ah; ah = ah->next)
- if (ah->index == index)
- return ah->fname;
+ /* Dynamic directories contain multiple files */
+ for (dd = daemon->dynamic_dirs; dd; dd = dd->next)
+for (ah = dd->files; ah; ah = ah->next)
+ if (ah->index == index)
+ return ah->fname;
#endif
return "";
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 1b00298..c6efb6b 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -681,10 +681,17 @@ struct hostsfile {
struct hostsfile *next;
int flags;
char *fname;
+ unsigned int index; /* matches to cache entries for logging */
+};
+
+struct dyndir {
+ struct dyndir *next;
+ struct hostsfile *files;
+ int flags;
+ char *dname;
#ifdef HAVE_INOTIFY
int
[Dnsmasq-discuss] [PATCH] Improve cache dump
Hey Simon,
These patches improve the cache dump triggered by sending
SIGUSR1.
1. The width of the host and address fields are 30 and 40
characters, respectively. Fix the header and add a head
separation line to highlight how long the fields can be.
2. Add "!" as type for non-terminals, new flag "C" for config-
provided and log source where applicable.
I attached the examples below once more as plain text file to
avoid word wrapping.
Before:
Host Address
Flags Expires
imap.strato.de 2a01:238:20a:202:54f0::1103
6F Wed Dec 15 20:51:59 2021
imap.strato.de 81.169.145.103
4F Wed Dec 15 20:51:59 2021
some-hostrecord192.168.2.3
4FRI H
ip6-localhost ::1
6FRI H
arpa
F I
20326 8 2
SF I
Now:
Host Address
Flags Expires Source
-- --
-- --
imap.strato.de 2a01:238:20a:202:54f0::1103
6F Wed Dec 15 20:51:59 2021
imap.strato.de 81.169.145.103
4F Wed Dec 15 20:51:59 2021
some-hostrecord192.168.2.3
4FRI HC config
ip6-localhost ::1
6FRI H/etc/hosts
arpa
!F IC
20326 8 2
SF IC config
Best,
Dominik
From be26a63372b18bd0dd567c4a40ed285e292fe7d5 Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Sat, 18 Dec 2021 10:08:01 +0100
Subject: [PATCH 1/2] Fix header of cache dump. The width of the host and
address fields are 30 and 40 characters, respectively.
Signed-off-by: DL6ER
---
src/cache.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/cache.c b/src/cache.c
index 246c3f2..cfa9fbe 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1757,7 +1757,8 @@ void dump_cache(time_t now)
{
struct crec *cache ;
int i;
- my_syslog(LOG_INFO, "Host AddressFlags Expires");
+ my_syslog(LOG_INFO, "Host Address Flags Expires");
+ my_syslog(LOG_INFO, "-- - ");
for (i=0; ihash_next)
--
2.25.1
From c6c881aa5ec750ace877034c4c9b8017e5770c0b Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Thu, 30 Dec 2021 10:53:24 +0100
Subject: [PATCH 2/2] Extend cache dump: "!" as type for non-terminals, new
flag "C" for config-provided and log source when applicable.
Signed-off-by: DL6ER
---
src/cache.c | 19 ---
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/src/cache.c b/src/cache.c
index cfa9fbe..173022c 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1757,8 +1757,8 @@ void dump_cache(time_t now)
{
struct crec *cache ;
int i;
- my_syslog(LOG_INFO, "Host Address Flags Expires");
- my_syslog(LOG_INFO, "-- - ");
+ my_syslog(LOG_INFO, "Host Address Flags Expires Source");
+ my_syslog(LOG_INFO, "-- -- ");
for (i=0; ihash_next)
@@ -1816,7 +1816,10 @@ void dump_cache(time_t now)
else if (cache->flags & F_DNSKEY)
t = "K";
#endif
- p += sprintf(p, "%-40.40s %s%s%s%s%s%s%s%s%s ", a, t,
+ else /* non-terminal */
+ t = "!";
+
+ p += sprintf(p, "%-40.40s %s%s%s%s%s%s%s%s%s%s ", a, t,
cache->flags & F_FORWARD ? "F" : " ",
cache->flags & F_REVERSE ? "R" : " ",
cache->flags & F_IMMORTAL ? "I" : " ",
@@ -1824,14 +1827,16 @@ void dump_cache(time_t now)
cache->flags & F_NEG ? "N" : " ",
cache->flags & F_NXDOMAIN ? "X" : " ",
cache->flags & F_HOSTS ? "H" : " ",
+ cache->flags & F_CONFIG ? "C" : " ",
cache->flags & F_DNSSECOK ? "V" : " ");
#ifdef HAVE_BROKEN_RTC
- p += sprintf(p, "%lu", cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now));
+ p += sprintf(p, "%-24lu", cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now));
#else
- p += sprintf(p, "%s", cache->flags &
[Dnsmasq-discuss] [PATCH] Log server port when forwarding upstream
Hey Simon,
another patch:
Log server port when forwarding upstream to avoid ambiguities
when running multiple upstream destinations at the same IP but on
different ports. The port is already logged in other places, like
after starting dnsmasq:
Nov 17 18:03:16 dnsmasq[123]: using nameserver 127.0.0.1#5001
Nov 17 18:03:16 dnsmasq[123]: using nameserver 127.0.0.1#5002 for
domain network (no DNSSEC)
Nov 17 18:03:16 dnsmasq[123]: using nameserver 127.0.0.1#5003 for
domain example2.com (no DNSSEC)
Nov 17 18:03:16 dnsmasq[123]: using nameserver 127.0.0.1#5004 for
unqualified names (no DNSSEC)
Best,
Dominik
From eba5c590bc98b3cd5ca54ff59f654cb9da1aee8c Mon Sep 17 00:00:00 2001
From: Dominik Derigs
Date: Fri, 19 Nov 2021 10:08:01 +0100
Subject: [PATCH] Log server port when forwarding upstream
Signed-off-by: DL6ER
---
src/cache.c | 8 ++--
src/dnsmasq.h | 1 +
src/forward.c | 10 --
src/option.c | 4 +++-
4 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/src/cache.c b/src/cache.c
index 246c3f2..7b136ce 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1992,8 +1992,12 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg,
}
}
else if (flags & (F_IPV4 | F_IPV6))
- inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6,
- addr, daemon->addrbuff, ADDRSTRLEN);
+ {
+ inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6,
+ addr, daemon->addrbuff, ADDRSTRLEN);
+ if (flags & F_SERVER) /* Append upstream server port if forwarding */
+ sprintf(strchr(daemon->addrbuff, '\0'), "#%u", daemon->log_port);
+ }
else
dest = arg;
}
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 1b00298..50789d4 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -1264,6 +1264,7 @@ extern struct daemon {
/* file for packet dumps. */
int dumpfd;
#endif
+ in_port_t log_port;
} *daemon;
/* cache.c */
diff --git a/src/forward.c b/src/forward.c
index f22c080..d361170 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -122,9 +122,15 @@ static void set_outgoing_mark(struct frec *forward, int fd)
static void log_query_mysockaddr(unsigned int flags, char *name, union mysockaddr *addr, char *arg, unsigned short type)
{
if (addr->sa.sa_family == AF_INET)
-log_query(flags | F_IPV4, name, (union all_addr *)>in.sin_addr, arg, type);
+{
+ daemon->log_port = ntohs(addr->in.sin_port);
+ log_query(flags | F_IPV4, name, (union all_addr *)>in.sin_addr, arg, type);
+}
else
-log_query(flags | F_IPV6, name, (union all_addr *)>in6.sin6_addr, arg, type);
+{
+ daemon->log_port = ntohs(addr->in6.sin6_port);
+ log_query(flags | F_IPV6, name, (union all_addr *)>in6.sin6_addr, arg, type);
+}
}
static void server_send(struct server *server, int fd,
diff --git a/src/option.c b/src/option.c
index 7134ee7..a61451b 100644
--- a/src/option.c
+++ b/src/option.c
@@ -5405,7 +5405,9 @@ void read_opts(int argc, char **argv, char *compile_opts)
daemon = opt_malloc(sizeof(struct daemon));
memset(daemon, 0, sizeof(struct daemon));
daemon->namebuff = buff;
- daemon->addrbuff = safe_malloc(ADDRSTRLEN);
+ /* Space for IP address plus port (used when logging
+ upstream server forwarding) */
+ daemon->addrbuff = safe_malloc(ADDRSTRLEN + 10);
/* Set defaults - everything else is zero or NULL */
daemon->cachesize = CACHESIZ;
--
2.25.1
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
