Re: [Dnsmasq-discuss] dnsmasq-2.56 - the start of the process.
On Wed, 12 Jan 2011 21:09:23 +, you wrote: >It's six months since the last stable release of dnsmasq, and quite a >lot of work has accumulated since, so I'm starting to work towards the >release version of version 2.56. > >Hence I've made available > >http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.56rc1.tar.gz > >Please could everyone who can, try this out and report any problems. The >Changelog wrt 2.55 is below. Lotsa changes :) grant@deltree:/opt/src/dnsmasq-2.56rc1$ cat ../make_dnsmasq make COPTS=-DNO_IPV6 && sudo make install grant@deltree:/opt/src/dnsmasq-2.56rc1$ sh ../make_dnsmasq (Yes, I just added the '&& sudo ... restart' to my one-line build script) Running sans IPv6 on Slackware-11.0 here, I'll report anything odd noticed :) I haven't paid much attention to this list since 2.56-test6, stuff happened. Cheers, Grant.
Re: [Dnsmasq-discuss] Can't get dnsmasq to work on OS X 10.6 as DNS forwarder only
On Sat, 31 Jul 2010 21:29:46 -0700, you wrote: >Sorry, > >I've been replying to specific people.. I guess it has to be the list.. Look for a "reply all" button :) That way the person and the list get to see your response, if you want the rest of the list to participate. Grant.
Re: [Dnsmasq-discuss] Announce: dnsmasq version 2.53
On Thu, 03 Jun 2010 19:55:43 +0100, you wrote: >Dnsmasq version 2.53 is now available from > >http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.53.tar.gz > >or > >http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.53.tar.lzma > >Thanks to all who contributed to this release: they are mentioned in the >CHANGELOG, reproduced below. And thank you Simon. 2.53 up & running here, "Just Works". Grant. -- http://bugs.id.au/
Re: [Dnsmasq-discuss] Announce: dnsmasq-2.53 release candidate 1
On Thu, 20 May 2010 21:29:17 +0100, you wrote: >Now seems to be a good time to start the process of releasing >dnsmasq-2.53. There's no outstanding development work, and a fairly fat >list of changes since 2.52, back in January. > >Therefore I've made a first release candidate, available at > >http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.53rc1.tar.gz > >As many people as can, please test this, The more people test, the lower >the chance I get to wear a brown-paper bag after it's released :-) Nothing broke here :) But I'm not using any of the new features. Cheers, Grant. -- http://bugs.id.au/
Re: [Dnsmasq-discuss] Release candidate dnsmasq-2.47rc1
On Tue, 27 Jan 2009 22:03:58 +, you wrote: >It's time to begin another step on the long road to Nirvana for dnsmasq. > I've made a first release candidate of dnsmasq version-2.47 available at > >http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.47rc1.tar.gz >http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.47rc1.tar.lzma > >Please could anyone who can, give it a test run, and translators, who Seems okay here. I just unpacked, make && sudo make install, /etc/rc.d/rc.dnsmasq restart, on a slackware-11 box. Grant. -- http://bugsplatter.id.au
Re: [Dnsmasq-discuss] Re: using DHCP to set clients' MTU
On Mon, 03 Nov 2008 10:59:26 +, you wrote: ... >I was the OP on this thread and after much ado about my own firewall, I >discovered in a single isolated message on an obscure Russian blog >(fortunately >posted in English) that my modem - a D-Link DSL-300T - has its own firewall >with a single rule that messes with MTU. This is despite emphatic >documentation >stating that it has no firewall. So every time I power cycle my modem, I have >to >telnet into it and bring down its firewall. Fun. I suppose that's less drastic than what I did with my dsl-302g, I run it in bridge mode now to get full control over the interface, much more reliable :) Grant. -- http://bugsplatter.id.au
(fwd) Re: [Dnsmasq-discuss] dnsmasq-2.46 release candidate.
On Fri, 17 Oct 2008 09:59:40 +1100, Grant wrote: On Thu, 16 Oct 2008 21:11:52 +0100, you wrote: >It's time to start working towards a new release: since 2.45 there have >been significant feature enhancements which address most of the >long-standing requests, including multiple domain support and support >for laptops with multiple interfaces. > >After the mad scramble to fix the Kaminski security hole, I'd like to >take this release a bit slower and try and get it right first time. >Therefore I've made available dnsmasq-2.46rc1. I'd appreciate it if as >mant people as possible could download and test it over the next couple >weeks. That way we'll nail any regressions before the final version. > >http://thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.46rc1.tar.gz Seems okay here :) On an internet box with firewall I'm watching fairly closely as I play with the iptables firewall rules. Only minor hiccup is the s/nawk/gawk/ I did in Makefile, dunno if it matters for linux box. Grant. -- http://bugsplatter.id.au -- http://bugsplatter.id.au
Re: [Dnsmasq-discuss] using DHCP to set clients' MTU
On Fri, 12 Sep 2008 13:53:28 +0200, Jan 'RedBully' Seiffert wrote: ... >I think 1430 is one of those "optimised values", and 1458 maybe still to big >for >pppoa, but i'm not sure. Did you tried 1454 & 1452? I think it's something >with >145[0-9] from what i read. Or is BT adding another encapsulation like L2TP? >From my firewall script: #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # maximum mss or mtu # ``` # Policy: the firewall controls this value as it is required when ethernet # access to ADSL modem is used, clamping MSS here removes the need to # modify any localnet machines' MTU setting. # # Information: http://www.cisco.com/warp/public/794/router_mtu.html states # baseline (lowest) MSS value is = 1360, highest is 1452 for PPPoE, add # 40 for matching MTU values. # # Check you have rp-pppoe.conf 'CLAMPMSS=no' # # Leave MAX_MSS empty to perform path mtu discovery, this doesn't work with # ISPs that drop ICMP traffic -- refer `man iptables`. # # MAX_MSS="1452" # maximum MSS (ref: cisco) # MAX_MSS="1360" # minimum MSS (ref: cisco) MAX_MSS="1412" # default MSS (ref: rp-pppoe default) # MAX_MSS=""# use PMTU discovery # ... # clamp MTU for new TCP connections to world if [ -n "$MAX_MSS" ] then # use preset iptables -A OUTPUT -p tcp --tcp-flags SYN,RST SYN \ -o $X_WORLD -j TCPMSS --set-mss $MAX_MSS else # use path discovery iptables -A OUTPUT -p tcp --tcp-flags SYN,RST SYN \ -o $X_WORLD -j TCPMSS --clamp-mss-to-pmtu fi ... Grant.
Re: [Dnsmasq-discuss] Is there a way to return names for DHCP clients?
On Sat, 23 Aug 2008 09:04:18 -0400, "B. Cook" wrote: >Depending on your version of Linux, your dhclient might not send it's >name when it asks for a lease. I think what I did wrong was to leave this client option blank during setup ;) > >You could take it's mac address and assign it a name as well. > >so: >dhcp-host=00:11:22:33:44:55,sharkey Not for a casual machine -- the box is already back with its owner. >not sure what linux you have, but there is an excellent >dnsmasq.conf.example that is heavily documented and has tons of great >examples (hence the name) Yeah, time to look at that again, been using dnsmasq for ~ four years > >You might also set these things in your .conf as well and then you can >see what is going on in the dhcp 'process' (to some degree) >log-facility=/var/log/dnsmasq.log >log-dhcp >no-negcache Okay, thanks, Grant.
[Dnsmasq-discuss] Is there a way to return names for DHCP clients?
Hi there, My linux boxes all have static addresses, but dnsmasq is set to give DHCP address to 'casual' boxes, usually a friend's box over for a fixup, etc. Today I installed linux on a friend's box with DHCP lookup, but I cannot login by name: $ ssh sharkey ssh: Could not resolve hostname sharkey: Name or service not known grant@deltree:~/ip2c$ ssh 192.168.1.107 ... grant@192.168.1.107's password: Last login: Sat Aug 23 06:17:41 2008 from sillywin.mire.mine.nu Linux 2.6.24.5-smp. ... Is there a dnsmasq DHCP option to fix this? I have in server's /etc/dnsmasq.conf: ... #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # Section 2. DHCP Server # ``` domain=mire.mine.nu expand-hosts dhcp-authoritative dhcp-range=192.168.1.101,192.168.1.109,2h <-- this gave the address dhcp-range=192.168.2.101,192.168.2.109,2h dhcp-host=magpie,192.168.1.31,8h<-- windoze boxen dhcp-host=toshnt,192.168.1.35,8h dhcp-host=sillywin,192.168.1.36,8h dhcp-host=silly64,192.168.1.37,8h dhcp-host=tosh98,192.168.1.45,8h dhcp-option=42,0.0.0.0 # This box is NTP server # these are suggested for msft boxen: # FIXME check rfc2132 for other option #dhcp-option=19,0 # option ip-forwarding off #dhcp-option=36,1 # use 802.3 ethernet dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) dhcp-option=45,0.0.0.0 # netbios datagram distribution server dhcp-option=46,8 # netbios node type dhcp-option=47 # empty netbios scope. # dhcp-lease-max=50 # end The DHCP client looks correct: root@sharkey:/etc# cat /etc/resolv.conf # Generated by dhcpcd for interface eth0 search mire.mine.nu nameserver 192.168.1.1 Thanks, Grant.
Re: [Dnsmasq-discuss] Where does the complete dump go?
On Thu, 24 Jul 2008 10:00:18 -0600, "Brad Morgan" wrote: >> Three options come to mind; either >> 1) drop that threshold in syslog.conf, >> 2) add a line to syslog.conf to log all messages logged to the DAEMON >> facility (or whatever you've set with log-facility) to another file. Be >> aware that the default changes to LOCAL0 if you run dnsmasq -d. >> 3) switch to file-based logging. > >Thanks! I was able to figure out where the messages are going and after some >experimentation, I've decided to switch to file-based logging. I expect that >these logs could become quite large but before I dive into the writing of >logrotate scripts, does anyone have an example I could start with? man logrotate --> you only need to specify the rules and it will be done for you automagically, here (slackware) I have /etc/logrotate.d/ for extra log configuration files. Grant.
Re: [Dnsmasq-discuss] dnsmasq 2.45 released.
On Sun, 20 Jul 2008 20:27:52 +0100, Simon Kelley wrote: >dnsmasq 2.45 is now available. This fixes a regression in 2.44 which >breaks DNS unless min-port is set. I'm removing the 2.44 tarball from >the website to avoid confusion. > >The breakage was caused by some last-minute code designed to avoid >problems when min-port was set high, creating a shortage of available >ports. Apologies for the inconvenience and thanks to Steven and Grant >for the bug reports. > >http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.45.tar.gz Works for me :) Cheers, Grant.
Re: [Dnsmasq-discuss] dnsmasq 2.44 available.
On Sun, 20 Jul 2008 15:20:09 +0100, Simon Kelley wrote: >I've released dnsmasq version 2.44. This is a stability release. It >fixes crash problems in 2.43. The crashes occur when a DHCP client >renews a non-existant lease for an invalid subnet, when a DHCP client >which does not have a lease does DHCPINFORM and a crash which can occur >when network configuration changes. Thanks to bug reporters and testers >who found these problems in the (somewhat rushed) 2.43 release. > >http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.44.tar.gz It's bust for me :( returns '5(REFUSED)' for host lookups, reverting to 2.43 fixes the problem. Slackware Linux 11.0 with 2.6.25.11 kernel. The /var/log/debug file just shows the queries not being forwarded, the var/log/messages looks normal: Jul 21 04:01:03 deltree dnsmasq[22844]: started, version 2.44 cachesize 150 Jul 21 04:01:03 deltree dnsmasq[22844]: compile time options: IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N TFTP Jul 21 04:01:03 deltree dnsmasq[22844]: DHCP, IP range 192.168.2.101 -- 192.168.2.109, lease time 2h Jul 21 04:01:03 deltree dnsmasq[22844]: DHCP, IP range 192.168.1.101 -- 192.168.1.109, lease time 2h Jul 21 04:01:03 deltree dnsmasq[22844]: using local addresses only for domain mire.mine.nu Jul 21 04:01:03 deltree dnsmasq[22844]: reading /etc/ppp/resolv.conf Jul 21 04:01:03 deltree dnsmasq[22844]: using nameserver 122.148.1.5#53 Jul 21 04:01:03 deltree dnsmasq[22844]: using nameserver 123.2.6.197#53 Jul 21 04:01:03 deltree dnsmasq[22844]: using local addresses only for domain mire.mine.nu Jul 21 04:01:03 deltree dnsmasq[22844]: read /etc/hosts - 2 addresses Jul 21 04:01:03 deltree dnsmasq[22844]: read /usr/local/etc/hosts - 26 addresses Jul 21 04:04:51 deltree dnsmasq[22844]: exiting on receipt of SIGTERM Jul 21 04:05:35 deltree dnsmasq[23123]: started, version 2.43 cachesize 150 Jul 21 04:05:35 deltree dnsmasq[23123]: compile time options: IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N TFTP Jul 21 04:05:35 deltree dnsmasq[23123]: DHCP, IP range 192.168.2.101 -- 192.168.2.109, lease time 2h Jul 21 04:05:35 deltree dnsmasq[23123]: DHCP, IP range 192.168.1.101 -- 192.168.1.109, lease time 2h Jul 21 04:05:35 deltree dnsmasq[23123]: using local addresses only for domain mire.mine.nu Jul 21 04:05:35 deltree dnsmasq[23123]: reading /etc/ppp/resolv.conf Jul 21 04:05:35 deltree dnsmasq[23123]: using nameserver 122.148.1.5#53 Jul 21 04:05:35 deltree dnsmasq[23123]: using nameserver 123.2.6.197#53 Jul 21 04:05:35 deltree dnsmasq[23123]: using local addresses only for domain mire.mine.nu Jul 21 04:05:35 deltree dnsmasq[23123]: read /etc/hosts - 2 addresses Jul 21 04:05:35 deltree dnsmasq[23123]: read /usr/local/etc/hosts - 26 addresses Though I should disable IPv6 as it is not turned on in the kernel? Grant.
Re: [Dnsmasq-discuss] where is the log file?
On Thu, 2 Jun 2005 13:16:35 -0700, Cory Riddell wrote: > >Am I looking in the wrong place for the log? Do I need to specify >something else in the dnsmasq.conf file? Mine show in /var/log/debug, you may need adjust /etc/syslog.conf Been a long time since I set it up. Just works. --Grant.
Re: [Dnsmasq-discuss] Static IP and hostname
On Thu, 31 Mar 2005 17:23:02 -0800, Donnie Berkholz wrote: >Yeah, that's sort of orthogonal to what I'm trying to do. I want to set >the IP and hostname from the server based on the client's MAC, rather >than giving the client an IP based on what it thinks its hostname is. like this? dhcp-host=00:80:C7:4D:80:B7,192.168.2.49,stinkpad,2h Backups are wonderful, looked up Jan'05 where I did it the other way, worked like that for months before I changed NIC and decided on the names, rather than NIC address -- now I wonder if it better doing this by MAC address for my localnet... Cheers, Grant.
Re: [Dnsmasq-discuss] Static IP and hostname
On Thu, 31 Mar 2005 15:34:36 -0800, Donnie Berkholz wrote: >I'm having trouble setting static IP addresses and hostnames based on >the hardware address. > >Relevant dnsmasq.conf settings (dhcp-host is nearly the same as in >dnsmasq.conf.example): > >dhcp-range=192.168.0.50,static,12h >dhcp-host=,node01,192.168.1.1,1h > I do it like this: dhcp-range=192.168.1.101,192.168.1.109,2h dhcp-host=magpie,192.168.1.31,2h dhcp-host=poohnt,192.168.1.32,2h dhcp-host=pooh98,192.168.1.42,2h dhcp-host=toshnt,192.168.1.35,2h dhcp-host=tosh98,192.168.1.45,2h dhcp-host=stinky,192.168.1.49,2h dhcp-option=42,0.0.0.0 I know it is not quite what you asked for, but this works for me. Linux boxen have static IP, known windows boxen get DHCP static IP as above, unknown boxen get IP from dhcp-range. This machine I type on is magpie, winxp. Cheers, Grant.
Re: [Dnsmasq-discuss] Naming of Machines, Admin
On Sat, 12 Mar 2005 15:57:31 -0600, you wrote: >Is anyone out there? Yep :o) Cheers!
Fixed: was Re: [Dnsmasq-discuss] dnsmasq + samba??)
On Mon, 28 Feb 2005 21:35:55 +, you wrote: . . . > >This looks like a routing/firewall problem (probably firewall, since >your network topology is fairly simple). Don't be mislead by the >"getpeername" failure in the smb log - this has nothing to do with DNS >lookups. getpeername is the system call to get the _address_ of the far >end of a TCP connection. After a couple of 10-Base-2 'T' pieces went open in a week I ran CAT5 to the other room and now how run a single localnet segment. Sometimes old hardware just can't be fixed in software ;o) Cheers, Grant.
[Dnsmasq-discuss] dnsmasq + apache for less annoying web?
Greetings, Peter Willis pointed me at: http://psypete.hatethesystem.com/tips/ad_blocking/http_redirection.txt Which offers a clue, but double handles domain names, but combining that example with an anti-proxy method from the apache FAQ, one can setup an efficient deny_domain list. I present this information because I found it useful, perhaps others have different approaches or comments? This is how I see it: o Dropping uninteresting domains in the firewall no good as user forced to endure timeouts. o Blocking javascript globally is no good as some sites require scripting for correct operation. o Apache virtual server operation makes the first server the default. This first entry may be used to filter anything as 'valid' virtual hosts are explicitly named later in the configuration. o Dnsmasq may include other configuration files, we may use this feature to maintain a single deny_domain list. o Reading page source and finding 'pop-under version 1.8...' javascript indicates blocking *.js from known domains may prove a good thing. o Returning a script.js instead of an image for .js requests seems safer to me, so I return 'splat.js' (//splat!) o It is very easy to build on other people's efforts, but there may be errors lurking... Changes: Added a line to /etc/dnsmasq: conf-file=/usr/local/etc/deny_domains Which contains: address=/2o7.net/192.168.1.1 address=/6to23.com/192.168.1.1 address=/adbureau.net/192.168.1.1 . . . (103 entries) Added the following to the start of virtual hosting section in /etc/apache/httpd.conf (much context included, the 'req_ref' is logger request + referer, from 'combined' minus user-agent): . . . # Use name-based virtual hosting. # NameVirtualHost *:80 # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for requests without a known # server name. # # #ServerAdmin webmas...@dummy-host.example.com #DocumentRoot /www/docs/dummy-host.example.com #ServerName dummy-host.example.com #ErrorLog logs/dummy-host.example.com-error_log #CustomLog logs/dummy-host.example.com-access_log common # # First server listed is the default server, based on information from # http://httpd.apache.org/docs/misc/FAQ.html Q.22, we setup the default # to return an error to hosts seeking an open proxy. # All public access virtual servers have their document root one level # down from the server document root set above; the main root is # available only to local machines. Grant Coady -- 2005-02-03 # # ServerName default.only # #Order allow,deny #Deny from all # # # idea: http://psypete.hatethesystem.com/tips/ad_blocking/http_redirection.txt # problem with their solution is it requires naming each unwanted domain, # instead we try to merge it with the default 'unknown host' that denies # access by IP address. Our deny_list is part of dnsmasq, right now with # the above commented out setting, the server returns 'forbidden' for # access as 192.168.1.1 -- no need for IP alias games, nor maintaining # duplicated ad-host-deny-list. That's the plan, let's see now... ServerName default.only DocumentRoot /var/www/web/splat ErrorLog /var/log/apache/splat-error.log CustomLog/var/log/apache/splat-access.log req_ref Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all RewriteEngine On RewriteCond \.js$ [nocase] RewriteRule .* splat.js RewriteRule .* index.gif [last] # FIXME don't think I need next bit? # #DirectoryIndex index.html index.htm index.shtml index.cgi index.pl index.php # . . . Results? Apache access log shows deny_domain list members are receiving 87 byte image, the 10 byte splat.js but mainly a 304 (no new file) response. Normal access by valid virtual domain names is unaffected. Works for me so far... Cheers, Grant.
