Hey Simon,
totally an oversight on my side. Updated patch attached.
Best
Dominik
On Mon, 2023-01-16 at 22:46 +, Simon Kelley wrote:
> The patch moves the relevant code to after processing of command-line
> arguments, but not reading configuration file(s). I can't think of any
> reason why you wouldn't want to put
>
> no-ident
>
> into /etc/dnsmasq.conf
>
> Have I missed something?
>
>
> Cheers,
>
> Simon.
>
>
>
> On 15/01/2023 08:01, Dominik Derigs wrote:
> >
> > Hey Simon and Petr, CC list,
> >
> > Thanks for pointing this out. I fixed it and rebased on
> > latest master. New patch attached.
> >
> > The name "--no-ident" has been chosen as the corresponding
> > compile-time option is called NO_ID - my feeling is that
> > this corresponds to "no identification (strings)".
> >
> > I thought about adding the possibility to only disable a
> > subset of these CHAOS records but it seems to just add to
> > much code complexity for such a small feature. Hence a "all
> > or nothing" seems the best fit for me here.
> >
> > Best,
> > Dominik
> >
> > On Tue, 2023-01-03 at 10:48 +, Petr Menšík wrote:
> > > Hi Dominik,
> > >
> > > Good idea. But there is copy&paste error on line 572, no
> > > help
> > > description is changed for new option. What does --no-
> > > ident stand for by
> > > the way? Wouldn't be --no-chaos more descriptive? Should
> > > we support
> > > optional argument to disable only some parts of provided
> > > records? For
> > > example cache statistics might be restricted to localhost
> > > only or
> > > provided only by DBus, while version might be still useful
> > > to report.
> > >
> > > Cheers,
> > > Petr
> >
> >
> > On Fri, 2022-12-23 at 12:54 +0100, Dominik Derigs wrote:
> > > Dear mailing list members,
> > >
> > > In 2016, dnsmasq got the option to prevent serving the
> > > server version, some statistics and even the used upstream
> > > DNS servers to its clients. Compiling with -DNO_ID removes
> > > the entire *.bind info structure. However, setting -DNO_ID
> > > requires a (re-)compilation from source.
> > >
> > > This patch adds a new run-time option --no-ident to achieve
> > > the same without the need for recompiling.
> > >
> > > I wish you some nice and hopefully relaxing Christmas days!
> > >
> > > Best regards,
> > > Dominik
> >
From 6d59ea6add5bb7b10bfade76e4906c1c8f1b42cc Mon Sep 17 00:00:00 2001
From: DL6ER
Date: Fri, 23 Dec 2022 12:36:11 +0100
Subject: [PATCH] Add --no-ident option to disable CHAOS TXT records providing
server details and statistics.
Signed-off-by: DL6ER
---
man/dnsmasq.8 | 23 ++-
src/dnsmasq.h | 3 ++-
src/option.c | 37 ++---
3 files changed, 38 insertions(+), 25 deletions(-)
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 2495ed1..3d1d96a 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -2215,6 +2215,20 @@ exit 0
and /share/ads-domains.gz containing a compressed
list of ad server domains will save disk space with large ad-server blocklists.
+.TP
+.B --no-ident
+Do not respond to class CHAOS and type TXT in domain bind queries.
+
+Without this option being set, the cache statistics are also available in the
+DNS as answers to queries of class CHAOS and type TXT in domain bind. The domain
+names are cachesize.bind, insertions.bind, evictions.bind, misses.bind,
+hits.bind, auth.bind and servers.bind unless disabled at compile-time. An
+example command to query this, using the
+.B dig
+utility would be
+
+dig +short chaos txt cachesize.bind
+
.SH CONFIG FILE
At startup, dnsmasq reads
.I /etc/dnsmasq.conf,
@@ -2264,15 +2278,6 @@ resulted in an error. In
mode or when full logging is enabled (\fB--log-queries\fP), a complete dump of the
contents of the cache is made.
-The cache statistics are also available in the DNS as answers to
-queries of class CHAOS and type TXT in domain bind. The domain names are cachesize.bind, insertions.bind, evictions.bind,
-misses.bind, hits.bind, auth.bind and servers.bind. An example command to query this, using the
-.B dig
-utility would be
-
-dig +short chaos txt cachesize.bind
-
-.PP
When it receives SIGUSR2 and it is logging direct to a file (see
.B --log-facility
)
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index aaa6d62..fe9aa07 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -281,7 +281,8 @@ struct event_desc {
#define OPT_STRIP_ECS 69
#define OPT_STRIP_MAC 70
#define OPT_NORR 71
-#define OPT_LAST 72
+#define OPT_NO_IDENT 72
+#define OPT_LAST 73
#define OPTION_BITS (sizeof(unsigned int)*8)
#define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
diff --git a/src/option.c b/src/option.c
index 8e61a6b..e4810fd 100644
--- a/src/option.c
+++ b/src/option.c
@@ -185,6 +185,7 @@ struct myoption {
#define LOPT_FAST_RETRY376
#define LOPT_STALE_CACHE 377
#define LOPT_NORR 378
+#define LOPT_NO_IDENT 379
#ifdef HAVE_GETOPT_LO
