[Dnsmasq-discuss] FOSDEM 2024
Hello! I have offered presentation on upcoming FOSDEM 2024 DNS room and was accepted. Unless something changes unexpectedly, I would be again on the conference 3rd and 4th of February in Brussels. I would like to meet anyone involved in dnsmasq (or any other open-source product) if the time will allow. Is anyone involved planning to be there as well? https://fosdem.org/2024/schedule/track/dns/ Cheers, Petr -- Petr Menšík Software Engineer, RHEL Red Hat, https://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB OpenPGP_0x4931CA5B6C9FC5CB.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNSMasq as secondary server
I would suggest using some prefix for internal names anyway. I tend to use something like in.example.net for internal (private) networks, where example.net contains only public records. Such config can work with DNSSEC for example and makes it easier to debug what is defined on which network. I think dnsmasq acting as local server should override all names defined locally, so it should work like you have described. Even for dynamically connected hosts using DHCP. If it defines names in dnsmasq, it answers instead of forwarding. Just ensure you define local=/somedomain.com/ to prevent forwarding queries to your zone, which is not defined inside your zone. auth-zone=somedomain.com should also work. That forwards all names undefined names, except it generates NXDOMAIN responses for names in the domain it does not define. Hope that helps. Your description is kind of hard to understand, more detailed examples might help. Of course what you have tried already and what works and what does not would help much more. Cheers, Petr On 12/13/23 17:28, Michel DIEMER via Dnsmasq-discuss wrote: Dear dnsmasq user, I have a domain let's claim that it is somedomain.com I own that domain and it is officially registred and the name servers for that domain are on the Internet. There is a physical server with two network interfaces, one connected to the Internet and one connected to the local network. dnsmasq is running on that server. My ISP does not support IPv6. IPv6 is not disabled but not properly configured. IPv4 is configured. The web ports (80 and 443) are redirected to the web server of the local network. Only the server with dnsmasq and the web server are accessible from the Internet. Other computers are not and should not. So when I type "https://somedomain.com"; from any web browser, from the local network or from the Internet, the website is loaded from the internet server on the local network. Now I have several computers on the local network and dnsmasq is configured for the domain "somedomain.com". The domain of the localnetwork is "somedomain.com". Now when I ping a computer on the Interneet from the local network it is working fine, using some publc DNS. The problem is when I want to "ping somecomputer.somedimain.com". If "somecomputer" is on the lan I want dnsmasq to give the private, local IP address. If "somecomputer" is not on the lan, dnsmasq may use the public name server as anyone who is on the Internet. "ping computer1.somedomain.com" -> local IP address, fine "ping computer2.somedomain.com" -> tries to find computer2 on the WAN using the public IPv4 address. Not working. dnsmasq should find computer2. "ping somedomain.com" -> should return either the public Internet IP address of the domain or the local IP address of the local dns server. Works fine from Internet but not from the internal network. "ping google.fr" -> works find, using public DNS If it is not supposed to work I will replace dnsmasq setting from domain=somedomain.com to domain=lan.somedomain.com or domain=somedomain.lan. Except the web server, other computers on the local network are not supposed to be visible from the Internet. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss -- Petr Menšík Software Engineer, RHEL Red Hat,https://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Occasional "communications error", how to diagnose?
On 13/12/2023 15:25, Chris Green wrote: I run dnsmasq version 2.89 on my laptop which is running [x]ubuntu 23.04. I have systemd.resolvd disabled. I'm occasionally seeing the following error when getting a host's IP:- chris$ host homepi ;; communications error to 127.0.0.1#53: timed out homepi has address 192.168.1.113 chris$ ps -ef | grep dnsmasq dnsmasq 933 1 0 Dec06 ?00:00:22 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d chris 865413774 0 15:05 pts/100:00:00 grep --color=auto dnsmasq chris$ As can be seen dnsmasq is running and subsequent queries work without any error (or delay). The above timeout is a few seconds, maybe five or a bit less. There's no dnsmasq related error message in syslog (nothing for today at all). The system homepi is a Raspberry Pi on the same LAN as the laptop running dnsmasq, The error isn't only for one particular host, I've seen it for other systems on my LAN. Can anyone suggest what might be causing the error and/or how to diagnose what's wrong? It looks like the first query (or its reply) was dropped, host retried, and it worked second time around. Since DNS transport is normally across UDP, which is defined as unreliable, this is completely normal. Except that the UDP packets are not actually traversing a network, they're going via the lo interface within one machine. I'm sure there are circumstances where UDP packets can get dropped in the kernel when going via the lo interface, but it shouldn't happen very often. Is the machine under heavy load or memory pressure? Maybe a network reconfiguration event could drop packets? Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNSMasq as secondary server
Probably helpful if you provided your configuration. From: Dnsmasq-discuss on behalf of Michel DIEMER via Dnsmasq-discuss Sent: Wednesday, December 13, 2023 11:28:03 AM To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: [Dnsmasq-discuss] DNSMasq as secondary server Dear dnsmasq user, I have a domain let's claim that it is somedomain.com I own that domain and it is officially registred and the name servers for that domain are on the Internet. There is a physical server with two network interfaces, one connected to the Internet and one connected to the local network. dnsmasq is running on that server. My ISP does not support IPv6. IPv6 is not disabled but not properly configured. IPv4 is configured. The web ports (80 and 443) are redirected to the web server of the local network. Only the server with dnsmasq and the web server are accessible from the Internet. Other computers are not and should not. So when I type "https://somedomain.com"; from any web browser, from the local network or from the Internet, the website is loaded from the internet server on the local network. Now I have several computers on the local network and dnsmasq is configured for the domain "somedomain.com". The domain of the localnetwork is "somedomain.com". Now when I ping a computer on the Interneet from the local network it is working fine, using some publc DNS. The problem is when I want to "ping somecomputer.somedimain.com". If "somecomputer" is on the lan I want dnsmasq to give the private, local IP address. If "somecomputer" is not on the lan, dnsmasq may use the public name server as anyone who is on the Internet. "ping computer1.somedomain.com" -> local IP address, fine "ping computer2.somedomain.com" -> tries to find computer2 on the WAN using the public IPv4 address. Not working. dnsmasq should find computer2. "ping somedomain.com" -> should return either the public Internet IP address of the domain or the local IP address of the local dns server. Works fine from Internet but not from the internal network. "ping google.fr" -> works find, using public DNS If it is not supposed to work I will replace dnsmasq setting from domain=somedomain.com to domain=lan.somedomain.com or domain=somedomain.lan. Except the web server, other computers on the local network are not supposed to be visible from the Internet. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] DNSMasq as secondary server
Dear dnsmasq user, I have a domain let's claim that it is somedomain.com I own that domain and it is officially registred and the name servers for that domain are on the Internet. There is a physical server with two network interfaces, one connected to the Internet and one connected to the local network. dnsmasq is running on that server. My ISP does not support IPv6. IPv6 is not disabled but not properly configured. IPv4 is configured. The web ports (80 and 443) are redirected to the web server of the local network. Only the server with dnsmasq and the web server are accessible from the Internet. Other computers are not and should not. So when I type "https://somedomain.com"; from any web browser, from the local network or from the Internet, the website is loaded from the internet server on the local network. Now I have several computers on the local network and dnsmasq is configured for the domain "somedomain.com". The domain of the localnetwork is "somedomain.com". Now when I ping a computer on the Interneet from the local network it is working fine, using some publc DNS. The problem is when I want to "ping somecomputer.somedimain.com". If "somecomputer" is on the lan I want dnsmasq to give the private, local IP address. If "somecomputer" is not on the lan, dnsmasq may use the public name server as anyone who is on the Internet. "ping computer1.somedomain.com" -> local IP address, fine "ping computer2.somedomain.com" -> tries to find computer2 on the WAN using the public IPv4 address. Not working. dnsmasq should find computer2. "ping somedomain.com" -> should return either the public Internet IP address of the domain or the local IP address of the local dns server. Works fine from Internet but not from the internal network. "ping google.fr" -> works find, using public DNS If it is not supposed to work I will replace dnsmasq setting from domain=somedomain.com to domain=lan.somedomain.com or domain=somedomain.lan. Except the web server, other computers on the local network are not supposed to be visible from the Internet. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Occasional "communications error", how to diagnose?
I run dnsmasq version 2.89 on my laptop which is running [x]ubuntu 23.04. I have systemd.resolvd disabled. I'm occasionally seeing the following error when getting a host's IP:- chris$ host homepi ;; communications error to 127.0.0.1#53: timed out homepi has address 192.168.1.113 chris$ ps -ef | grep dnsmasq dnsmasq 933 1 0 Dec06 ?00:00:22 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d chris 865413774 0 15:05 pts/100:00:00 grep --color=auto dnsmasq chris$ As can be seen dnsmasq is running and subsequent queries work without any error (or delay). The above timeout is a few seconds, maybe five or a bit less. There's no dnsmasq related error message in syslog (nothing for today at all). The system homepi is a Raspberry Pi on the same LAN as the laptop running dnsmasq, The error isn't only for one particular host, I've seen it for other systems on my LAN. Can anyone suggest what might be causing the error and/or how to diagnose what's wrong? -- Chris Green ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss