[Dnsmasq-discuss] ipset add ipv6 address to ipv4 sets.
So. i have local=/google.com/8.8.8.8 ipset=/google.com/proxy when "curl google.com" dnsmasq log shows: ipset add proxy 142.250.217.142 google.com ipset add proxy 2607:f8b0:4007:818::200e google.com looks like dnsmasq does not check the SETNAME "proxy" is ipv4 or ipv6. so "ipset add proxy 2607:f8b0:4007:818::200e google.com" is not going to work. while on ipset command: "ipset create testname hash:net" by default creates an ipv4 family. there seems to be no way to create a SETNAME that contains both ipv4 and ipv6 family. finally, my suggestion: can dnsmasq check and SETNAME family and don't try to add ipv4 or ipv6 ip to wrong family? thanks ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] strict-order with no-resolv; multi ignore-address
3) --all-servers says: By default, when dnsmasq has more than one up‐ stream server available, it will send queries to just one server. --strict-order says: By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. what on earth is the default behavior? On Sun, Jan 9, 2022 at 13:46 Justin wrote: > Hello > > I have 2 questions: > > 1) > > if no-resolv is set, will stric-order apply to > server=dns1 > server=dns2 > ... > > on man page, it only mentions /etc/resolv.conf > > 2) > > can i have multiple ignore-address= ? > > > > -- > > Regards > Justin He > -- Regards Justin He ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] strict-order with no-resolv; multi ignore-address
Hello I have 2 questions: 1) if no-resolv is set, will stric-order apply to server=dns1 server=dns2 ... on man page, it only mentions /etc/resolv.conf 2) can i have multiple ignore-address= ? -- Regards Justin He ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] [PATCH] Addressing hostsdir shortcomings
Hey Simon, dnsmasq v2.73 added --hostsdir which is an efficient way of re- loading only parts of the cache. When we tried to use hostsdir yesterday, we identified three problems. They are described below. Patches addressing them are attached. --- ISSUE 1 --- Logging imprecision Assume you have multiple files in hostsdir, dnsmasq can only log the directory not the file that was the real source: dnsmasq: read /home/test/hostsdir/hosts1 - 1 addresses dnsmasq: read /home/test/hostsdir/hosts2 - 1 addresses dnsmasq: read /home/test/hostsdir/hosts3 - 1 addresses dnsmasq: 1 127.0.0.1/34170 query[A] aaa from 127.0.0.1 dnsmasq: 1 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2 dnsmasq: 1 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.1 dnsmasq: 1 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2 This happens because the cache entries all use the same index that is the directory name. --- ISSUE 2 --- Outdated entries are not removed When hostsdir re-reads the file, it does not remove outdated entries. Assume you modify "192.168.1.1 aaa" to "192.168.1.2 aaa", dnsmasq will now serve two A records for "aaa". This may be considered okay, however, if I add "192.168.1.1 bbb", PTR requests for this domain will still be replied with "aaa" which might be completely outdated information. --- ISSUE 3 --- Ever growing replies under certain situations When a users uses an editor that creates (temporary) files during editing (like "sed -i") or uses a script that writes files line by line (like "echo '' >> file"), they can quickly end up with strange things like dnsmasq: 3 127.0.0.1/34170 query[A] aaa from 127.0.0.1 dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2 dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.1 dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2 dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2 dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2 dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2 dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2 dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2 dnsmasq: 3 127.0.0.1/34170 /home/test/hostsdir aaa is 192.168.1.2 which is not very meaningful. We check for duplicates before inserting into the cache, however, duplicate checking can be foiled here: add_hosts_entry() calls cache_find_by_name() only once (say it returned "192.168.1.1") so the memcmp() on the address fails and we can add an arbitrary amount of 192.168.1.2 entries. For addressing issue 1, I added a new struct *dyndir having a linked list of struct *hostsfile. With this, cache_insert() can get the correct index. If a file is newly added, we just add a new *hostsfile entry to the list (index++). Issue 2 is an easy one as we can selectively clean the cache when we know the uid to be removed. This can be called before running read_hostsfile() to insert new stuff. I added MOVE_FROM and DELETE to inotify_add_watch() so we catch if a file was removed. In this case, we only remove old entries. Issue 3 is fixed by adding a loop over cache_find_by_name() in add_hosts_entry() to check possible multiple records. Best, Dominik [sent earlier as https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015704.html, resubmitting patches rebased on latest master] From 7873cc3dbfce3edeb534bf4d0a0030894aaa152a Mon Sep 17 00:00:00 2001 From: Dominik Derigs Date: Wed, 29 Sep 2021 08:22:05 +0200 Subject: [PATCH 1/3] Extend hostsdir to store the individual files as sources for loggin Signed-off-by: DL6ER --- src/cache.c | 9 +++-- src/dnsmasq.h | 13 ++- src/inotify.c | 103 ++ src/option.c | 40 4 files changed, 111 insertions(+), 54 deletions(-) diff --git a/src/cache.c b/src/cache.c index 246c3f2..e86d69b 100644 --- a/src/cache.c +++ b/src/cache.c @@ -1839,6 +1839,7 @@ void dump_cache(time_t now) char *record_source(unsigned int index) { struct hostsfile *ah; + struct dyndir *dd; if (index == SRC_CONFIG) return "config"; @@ -1850,9 +1851,11 @@ char *record_source(unsigned int index) return ah->fname; #ifdef HAVE_INOTIFY - for (ah = daemon->dynamic_dirs; ah; ah = ah->next) - if (ah->index == index) - return ah->fname; + /* Dynamic directories contain multiple files */ + for (dd = daemon->dynamic_dirs; dd; dd = dd->next) +for (ah = dd->files; ah; ah = ah->next) + if (ah->index == index) + return ah->fname; #endif return ""; diff --git a/src/dnsmasq.h b/src/dnsmasq.h index 1b00298..c6efb6b 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -681,10 +681,17 @@ struct hostsfile { struct hostsfile *next; int flags; char *fname; + unsigned int index; /* matches to cache entries for logging */ +}; + +struct dyndir { + struct dyndir *next; + struct hostsfile *files; + int flags; + char *dname; #ifdef HAVE_INOTIFY int
[Dnsmasq-discuss] [PATCH] Improve cache dump
Hey Simon, These patches improve the cache dump triggered by sending SIGUSR1. 1. The width of the host and address fields are 30 and 40 characters, respectively. Fix the header and add a head separation line to highlight how long the fields can be. 2. Add "!" as type for non-terminals, new flag "C" for config- provided and log source where applicable. I attached the examples below once more as plain text file to avoid word wrapping. Before: Host Address Flags Expires imap.strato.de 2a01:238:20a:202:54f0::1103 6F Wed Dec 15 20:51:59 2021 imap.strato.de 81.169.145.103 4F Wed Dec 15 20:51:59 2021 some-hostrecord192.168.2.3 4FRI H ip6-localhost ::1 6FRI H arpa F I 20326 8 2 SF I Now: Host Address Flags Expires Source -- -- -- -- imap.strato.de 2a01:238:20a:202:54f0::1103 6F Wed Dec 15 20:51:59 2021 imap.strato.de 81.169.145.103 4F Wed Dec 15 20:51:59 2021 some-hostrecord192.168.2.3 4FRI HC config ip6-localhost ::1 6FRI H/etc/hosts arpa !F IC 20326 8 2 SF IC config Best, Dominik From be26a63372b18bd0dd567c4a40ed285e292fe7d5 Mon Sep 17 00:00:00 2001 From: Dominik Derigs Date: Sat, 18 Dec 2021 10:08:01 +0100 Subject: [PATCH 1/2] Fix header of cache dump. The width of the host and address fields are 30 and 40 characters, respectively. Signed-off-by: DL6ER --- src/cache.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/cache.c b/src/cache.c index 246c3f2..cfa9fbe 100644 --- a/src/cache.c +++ b/src/cache.c @@ -1757,7 +1757,8 @@ void dump_cache(time_t now) { struct crec *cache ; int i; - my_syslog(LOG_INFO, "Host AddressFlags Expires"); + my_syslog(LOG_INFO, "Host Address Flags Expires"); + my_syslog(LOG_INFO, "-- - "); for (i=0; ihash_next) -- 2.25.1 From c6c881aa5ec750ace877034c4c9b8017e5770c0b Mon Sep 17 00:00:00 2001 From: Dominik Derigs Date: Thu, 30 Dec 2021 10:53:24 +0100 Subject: [PATCH 2/2] Extend cache dump: "!" as type for non-terminals, new flag "C" for config-provided and log source when applicable. Signed-off-by: DL6ER --- src/cache.c | 19 --- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/cache.c b/src/cache.c index cfa9fbe..173022c 100644 --- a/src/cache.c +++ b/src/cache.c @@ -1757,8 +1757,8 @@ void dump_cache(time_t now) { struct crec *cache ; int i; - my_syslog(LOG_INFO, "Host Address Flags Expires"); - my_syslog(LOG_INFO, "-- - "); + my_syslog(LOG_INFO, "Host Address Flags Expires Source"); + my_syslog(LOG_INFO, "-- -- "); for (i=0; ihash_next) @@ -1816,7 +1816,10 @@ void dump_cache(time_t now) else if (cache->flags & F_DNSKEY) t = "K"; #endif - p += sprintf(p, "%-40.40s %s%s%s%s%s%s%s%s%s ", a, t, + else /* non-terminal */ + t = "!"; + + p += sprintf(p, "%-40.40s %s%s%s%s%s%s%s%s%s%s ", a, t, cache->flags & F_FORWARD ? "F" : " ", cache->flags & F_REVERSE ? "R" : " ", cache->flags & F_IMMORTAL ? "I" : " ", @@ -1824,14 +1827,16 @@ void dump_cache(time_t now) cache->flags & F_NEG ? "N" : " ", cache->flags & F_NXDOMAIN ? "X" : " ", cache->flags & F_HOSTS ? "H" : " ", + cache->flags & F_CONFIG ? "C" : " ", cache->flags & F_DNSSECOK ? "V" : " "); #ifdef HAVE_BROKEN_RTC - p += sprintf(p, "%lu", cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now)); + p += sprintf(p, "%-24lu", cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now)); #else - p += sprintf(p, "%s", cache->flags &
[Dnsmasq-discuss] [PATCH] Log server port when forwarding upstream
Hey Simon, another patch: Log server port when forwarding upstream to avoid ambiguities when running multiple upstream destinations at the same IP but on different ports. The port is already logged in other places, like after starting dnsmasq: Nov 17 18:03:16 dnsmasq[123]: using nameserver 127.0.0.1#5001 Nov 17 18:03:16 dnsmasq[123]: using nameserver 127.0.0.1#5002 for domain network (no DNSSEC) Nov 17 18:03:16 dnsmasq[123]: using nameserver 127.0.0.1#5003 for domain example2.com (no DNSSEC) Nov 17 18:03:16 dnsmasq[123]: using nameserver 127.0.0.1#5004 for unqualified names (no DNSSEC) Best, Dominik From eba5c590bc98b3cd5ca54ff59f654cb9da1aee8c Mon Sep 17 00:00:00 2001 From: Dominik Derigs Date: Fri, 19 Nov 2021 10:08:01 +0100 Subject: [PATCH] Log server port when forwarding upstream Signed-off-by: DL6ER --- src/cache.c | 8 ++-- src/dnsmasq.h | 1 + src/forward.c | 10 -- src/option.c | 4 +++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/src/cache.c b/src/cache.c index 246c3f2..7b136ce 100644 --- a/src/cache.c +++ b/src/cache.c @@ -1992,8 +1992,12 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg, } } else if (flags & (F_IPV4 | F_IPV6)) - inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6, - addr, daemon->addrbuff, ADDRSTRLEN); + { + inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6, + addr, daemon->addrbuff, ADDRSTRLEN); + if (flags & F_SERVER) /* Append upstream server port if forwarding */ + sprintf(strchr(daemon->addrbuff, '\0'), "#%u", daemon->log_port); + } else dest = arg; } diff --git a/src/dnsmasq.h b/src/dnsmasq.h index 1b00298..50789d4 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -1264,6 +1264,7 @@ extern struct daemon { /* file for packet dumps. */ int dumpfd; #endif + in_port_t log_port; } *daemon; /* cache.c */ diff --git a/src/forward.c b/src/forward.c index f22c080..d361170 100644 --- a/src/forward.c +++ b/src/forward.c @@ -122,9 +122,15 @@ static void set_outgoing_mark(struct frec *forward, int fd) static void log_query_mysockaddr(unsigned int flags, char *name, union mysockaddr *addr, char *arg, unsigned short type) { if (addr->sa.sa_family == AF_INET) -log_query(flags | F_IPV4, name, (union all_addr *)>in.sin_addr, arg, type); +{ + daemon->log_port = ntohs(addr->in.sin_port); + log_query(flags | F_IPV4, name, (union all_addr *)>in.sin_addr, arg, type); +} else -log_query(flags | F_IPV6, name, (union all_addr *)>in6.sin6_addr, arg, type); +{ + daemon->log_port = ntohs(addr->in6.sin6_port); + log_query(flags | F_IPV6, name, (union all_addr *)>in6.sin6_addr, arg, type); +} } static void server_send(struct server *server, int fd, diff --git a/src/option.c b/src/option.c index 7134ee7..a61451b 100644 --- a/src/option.c +++ b/src/option.c @@ -5405,7 +5405,9 @@ void read_opts(int argc, char **argv, char *compile_opts) daemon = opt_malloc(sizeof(struct daemon)); memset(daemon, 0, sizeof(struct daemon)); daemon->namebuff = buff; - daemon->addrbuff = safe_malloc(ADDRSTRLEN); + /* Space for IP address plus port (used when logging + upstream server forwarding) */ + daemon->addrbuff = safe_malloc(ADDRSTRLEN + 10); /* Set defaults - everything else is zero or NULL */ daemon->cachesize = CACHESIZ; -- 2.25.1 ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss