Re: [Dnsmasq-discuss] "The" way to start dnsmasq via systemd
centos 7 systemd file for dnsmasq uses -k: [root@firewall ~]# cat /usr/lib/systemd/system/dnsmasq.service [Unit] Description=DNS caching server. After=network.target [Service] ExecStart=/usr/sbin/dnsmasq -k [Install] WantedBy=multi-user.target [root@firewall ~]# Em 01/05/18 08:10, george Nopicture escreveu: Hello list. I was wondering what is the proper way to start dnsmasq from systemd in linux. A default systemd unit file assumes a simple type of service and starts it with -k (keep in foreground). Is that correct or should we specify type=forking and let dnsmasq fork in the background? Thanks, George. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] feature request: ipset options
While i can't give you exact configurations, i can say it's a simple configuration on dnsmasq feeding some ipset sets based on domains (plain simple configuration) and those sets being used by iptables rules. While the set sizes simply doesn't matter when you have Gbs of RAM, when trying to do that with 32 MB of RAM, things chance a little. So that's because i'm trying to squeeze each KB of used memory by reducing the ipset set sizes by IP aggregation. Em 24/04/18 00:23, Eliezer Croitoru escreveu: Hey Leondaro, Can you share your setup details? It's kind of interest me. -Original Message- From: Dnsmasq-discuss On Behalf Of Leonardo Rodrigues Sent: Monday, April 23, 2018 23:15 To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: [Dnsmasq-discuss] feature request: ipset options I'm running dnsmasq with ipset support in some VERY low memory machines (those all-in-one boards), and RAM is really my main concern here. I'm actually using some 'ipset' rules on dnsmasq.conf to have some domains IPs on an ipset list and, thus, being able to allow/deny them with iptables. Some of the sets are REALLY large (10k+ entries). I was thinking on having a dnsmasq option for, instead of adding the full IP to the set, adding its /24 network for example (simple stripping last digit and adding '.0/24'). In that case, the sets would be significantly smaller. I know with this i'll pottentially allowing traffic i'm not looking for, by assuming th domain holds the entire /24 network. But i'm really concerned with RAM usage, and i'm willing to have that risk. Would it be hard to implement something like that in dnsmasq ? Would this be useful for any one else ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] feature request: ipset options
That's EXACTLY what i was looking for ... i wasn't aware of that
option, and really setting netmask to 24 seems to acchieve exactly what
i need.
Thanks !!!
Em 23/04/18 18:39, Simon Kelley escreveu:
I'm no ipset expert, but it looks to me like you can get this effect
anyway, by creating the ipset as type hash:ip and specifying a netmask.
http://ipset.netfilter.org/ipset.man.html
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] feature request: ipset options
I'm running dnsmasq with ipset support in some VERY low memory
machines (those all-in-one boards), and RAM is really my main concern
here. I'm actually using some 'ipset' rules on dnsmasq.conf to have some
domains IPs on an ipset list and, thus, being able to allow/deny them
with iptables.
Some of the sets are REALLY large (10k+ entries).
I was thinking on having a dnsmasq option for, instead of adding
the full IP to the set, adding its /24 network for example (simple
stripping last digit and adding '.0/24'). In that case, the sets would
be significantly smaller. I know with this i'll pottentially allowing
traffic i'm not looking for, by assuming th domain holds the entire /24
network. But i'm really concerned with RAM usage, and i'm willing to
have that risk.
Would it be hard to implement something like that in dnsmasq ?
Would this be useful for any one else ?
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] License purchasing for dnsmasq
Em 27/06/17 03:46, sachin.kar...@reactiveworks.in escreveu:
Hi ,
I am using dnsmasq from last 6 month it's really good product , I want
to buy it's commercial license for company purpose . is there any
edition available which I can buy ?
Never heard on commercial license ... but the 'Donation' button is
there, at the end of the page, for those who wants to help financially:
http://www.thekelleys.org.uk/dnsmasq/doc.html
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DHCP Option for HotSpot's
absolutely not related with DHCP. Yes you'll need DHCP on yout hotspot, but the captive portal is in no way done by the DHCP service. Google exactly for 'captive portal' and you'll find solutions for that, lots free and paid options if you want to. Em 29/05/17 08:12, Jorge Bastos escreveu: Howdy, I think this is done by DHCP, and if not let me know it. I want to put the some devices to open the browser to signin in my hotspot via captive portal. That is, when the devices connect to the WIFI network, the browser automatically open's, this on smartphones/tablet/similar (i've seen windows doing it aswell). Is this done by an DHCP option, if yes any ideia on how to? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Adding DNS ALG support to dnsmasq
Em 24/10/15 18:48, Bill escreveu:
I was wondering if anyone has looked at or is is the process of adding DNS ALG
support, or something similar, to dnsmasq?
https://tools.ietf.org/html/rfc2694
This is from September 1999 !!! If something that old is not
implemented yet, it surely will not anymore. And even if something that
old is implemented, it's very likely to be very outdated by now.
The internet from that days do not exist anymore. Some 'good' ideas
at that time are completly crazy on the real world by now.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] question on lease expire times
Hi, with ISC DHCP i can have two expire times on the leases: default-lease-time 86400; max-lease-time 259200; the default-lease-time is the one sent to the client ... and the max-lease-time is the one used to keep to calculate the expire time of the leases that will be written on the leases file. is that possible to something similar to these 2 values for the lease expire times ? Actually i can have only one on the dhcp-range parameter, which is sent to the client AND used to calculate the expire time and write on the leases file. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dnsmasq-discuss] dnsmasq giving new addresses despite of leases file
Em 09/03/2010 10:47, Simon Kelley escreveu:
Great, that fix will go into the 2.53 release. Thanks for your help.
you're welcome and thanks for dnsmasq :)
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
Re: [Dnsmasq-discuss] dnsmasq giving new addresses despite of leases file
built and running let's wait to see what'll happen when this notebook came from another network and tries to release a wrong address on our network. and thank you very much for your attention :) Simon, seems its working as expected now. this is TODAY's log root@sede:~/backup/a/etc/dnsmasq# logread | grep dnsmasq | grep 00:1b:9e:4f:dc:fb Mar 9 07:36:24 sede daemon.info dnsmasq-dhcp[2393]: DHCPREQUEST(eth1) 192.168.1.191 00:1b:9e:4f:dc:fb Mar 9 07:36:24 sede daemon.info dnsmasq-dhcp[2393]: DHCPNAK(eth1) 192.168.1.191 00:1b:9e:4f:dc:fb wrong address Mar 9 07:36:24 sede daemon.info dnsmasq-dhcp[2393]: DHCPREQUEST(eth1) 192.168.1.191 00:1b:9e:4f:dc:fb Mar 9 07:36:24 sede daemon.info dnsmasq-dhcp[2393]: DHCPNAK(eth1) 192.168.1.191 00:1b:9e:4f:dc:fb wrong address Mar 9 07:36:25 sede daemon.info dnsmasq-dhcp[2393]: DHCPDISCOVER(eth1) 00:1b:9e:4f:dc:fb Mar 9 07:36:25 sede daemon.info dnsmasq-dhcp[2393]: DHCPOFFER(eth1) 192.168.8.156 00:1b:9e:4f:dc:fb Mar 9 07:36:25 sede daemon.info dnsmasq-dhcp[2393]: DHCPDISCOVER(eth1) 00:1b:9e:4f:dc:fb Mar 9 07:36:25 sede daemon.info dnsmasq-dhcp[2393]: DHCPOFFER(eth1) 192.168.8.156 00:1b:9e:4f:dc:fb Mar 9 07:36:25 sede daemon.info dnsmasq-dhcp[2393]: DHCPREQUEST(eth1) 192.168.8.156 00:1b:9e:4f:dc:fb Mar 9 07:36:25 sede daemon.info dnsmasq-dhcp[2393]: DHCPACK(eth1) 192.168.8.156 00:1b:9e:4f:dc:fb notevaldinei Mar 9 07:36:25 sede daemon.info dnsmasq-dhcp[2393]: DHCPREQUEST(eth1) 192.168.8.156 00:1b:9e:4f:dc:fb Mar 9 07:36:25 sede daemon.info dnsmasq-dhcp[2393]: DHCPACK(eth1) 192.168.8.156 00:1b:9e:4f:dc:fb notevaldinei root@sede:~/backup/a/etc/dnsmasq# grepping this MAC address from my yesterday's backup shows that the offered IP is the IP of the current valid lease root@sede:~/backup/a/etc/dnsmasq# grep 00:1b dhcpd.leases 1270401733 00:1b:9e:4f:dc:fb 192.168.8.156 notevaldinei 01:00:1b:9e:4f:dc:fb root@sede:~/backup/a/etc/dnsmasq# so dnsmasq offered the IP on the current lease despite of the 'wrong address' situation. This seems to be OK to me, that's what i would consider the expected behavior of a dhcp server in that situation. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dnsmasq-discuss] dnsmasq giving new addresses despite of leases file
Em 08/03/2010 13:42, Simon Kelley escreveu:
would it be enough to simply remove these lines:
/* avoid loops when client brain-dead */
lease_prune(lease, now);
lease = NULL;
Yes, that's all that's needed.
built and running let's wait to see what'll happen when this
notebook came from another network and tries to release a wrong address
on our network.
and thank you very much for your attention :)
building OpenWRT log. 101-ipv6 patch is OpenWRT provided,
102-wrong-address is mine patch.
make[3]: Entering directory `/home/solutti/openwrt4/trunk/package/dnsmasq'
gzip -dc /home/solutti/openwrt4/trunk/dl/dnsmasq-2.52.tar.gz | /bin/gtar
-C
/home/solutti/openwrt4/trunk/build_dir/target-mips_uClibc-0.9.30.2/dnsmasq-2.52/..
-xf -
Applying ./patches/101-ipv6.patch using plaintext:
patching file src/config.h
Applying ./patches/102-wrong-address-fix.patch using plaintext:
patching file src/rfc2131.c
[solutti@f8 trunk]$ cat package/dnsmasq/patches/102-wrong-address-fix.patch
diff -Naur dnsmasq-2.52-orig/src/rfc2131.c dnsmasq-2.52/src/rfc2131.c
--- dnsmasq-2.52-orig/src/rfc2131.c 2010-01-15 08:23:41.0 -0200
+++ dnsmasq-2.52/src/rfc2131.c 2010-03-08 13:46:49.0 -0300
@@ -1065,9 +1065,6 @@
if (lease && lease->addr.s_addr != mess->yiaddr.s_addr)
{
message = _("wrong address");
- /* avoid loops when client brain-dead */
- lease_prune(lease, now);
- lease = NULL;
}
}
}
[solutti@f8 trunk]$
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
Re: [Dnsmasq-discuss] dnsmasq giving new addresses despite of leases file
Em 08/03/2010 13:16, Simon Kelley escreveu:
Can you build new dnsmasq packages from source for your WRT box? If so
I'll get a test release to you with the changes implemented.
Yes, i can build it and get it running easily. I'm building OpenWRT
from SVN so it's pretty easy to build and install it.
would it be enough to simply remove these lines:
/* avoid loops when client brain-dead */
lease_prune(lease, now);
lease = NULL;
if removing those lines is the only change to be made, i can build
a patch here and built it, there's no need for releasing a test release
for that.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
Re: [Dnsmasq-discuss] dnsmasq giving new addresses despite of leases file
Em 08/03/2010 12:20, Simon Kelley escreveu:
shouldnt dnsmasq provide the IP present on its lease file, given the
fact that lease was still valid ???
Good question: I can give you a partial answer, the lease gets deleted
as part of the response to the first DHCPREQUEST. Here's the code in
question.
{
message = _("wrong address");
/* avoid loops when client brain-dead */
lease_prune(lease, now);
lease = NULL;
}
What I can't answer is what the "brain-dead" behaviour is/was that's
getting countered here. The "lease prune" call was added in version
2.41, but there's no explanation in the changelog :-( and I can't
remember why it was added.
I suspect that some client somewhere kept trying with the wrong address
instead of falling back to a DHCPDISCOVER.
Hi Simon,
I've checked logs and found no other 'wrong address' cases than
this one. In fact all machines on this network are desktops and this one
which is giving the problem is the only notebook on the network.
anyway, do you think enabling the '--log-dhcp' option can provide
some useful information ? Is there any way of getting debug logging
enabled AND going to background ? I've found the debug options, but
seems all of them keep process in the foreground, which unfortunelly is
not possible to me, as this is a small device running OpenWRT, i have no
monitor/keyboard attached to this machine.
anyway, do you think debug modes could provide some useful
information ?
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
[Dnsmasq-discuss] dnsmasq giving new addresses despite of leases file
Hi, I'm running dnsmasq 2.52 on OpenWRT with, among other options: -l /etc/dnsmasq/dhcpd.leases --dhcp-range=lan,192.168.8.50,192.168.8.200,255.255.255.0,1440h 1440h = 60 days = 2 months, that's the default lease expiration from my backup, which was made some few hours before the supposed problem i'll post in this message, i have: root@sede:~/backup/a/etc/dnsmasq# grep b8:94 dhcpd.leases 1270407878 00:16:44:b8:94:e3 192.168.8.87 noteludy 01:00:16:44:b8:94:e3 root@sede:~/backup/a/etc/dnsmasq# the timestamp, converted to human-readable date, would be 04/04/2010 @ 14:04 . which means the lease was NOT expired yet and was generated last week when i was running with 30 days expire time which was later changed to 60 days. Despite of that change from 30 to 60, lease is NOT expired yet. the machine with that MAC address 'arrived' on the network which the ip address of another network and tried to renew it. dnsmasq correctly denied it, because that address is not on the actual lan it's running. Anyway, after denying it, dnsmasq provided a new address from its range, not honoring the lease present on the leases file which was still valid and NOT expired. root@sede:~/backup/a/etc/dnsmasq# logread | grep 00:16:44:b8:94:e3 Mar 8 11:26:54 sede daemon.info dnsmasq-dhcp[10347]: DHCPREQUEST(eth1) 192.168.1.101 00:16:44:b8:94:e3 Mar 8 11:26:54 sede daemon.info dnsmasq-dhcp[10347]: DHCPNAK(eth1) 192.168.1.101 00:16:44:b8:94:e3 wrong address Mar 8 11:26:54 sede daemon.info dnsmasq-dhcp[10347]: DHCPREQUEST(eth1) 192.168.1.101 00:16:44:b8:94:e3 Mar 8 11:26:54 sede daemon.info dnsmasq-dhcp[10347]: DHCPNAK(eth1) 192.168.1.101 00:16:44:b8:94:e3 wrong network Mar 8 11:27:03 sede daemon.info dnsmasq-dhcp[10347]: DHCPDISCOVER(eth1) 00:16:44:b8:94:e3 Mar 8 11:27:03 sede daemon.info dnsmasq-dhcp[10347]: DHCPOFFER(eth1) 192.168.8.80 00:16:44:b8:94:e3 Mar 8 11:27:03 sede daemon.info dnsmasq-dhcp[10347]: DHCPDISCOVER(eth1) 00:16:44:b8:94:e3 Mar 8 11:27:03 sede daemon.info dnsmasq-dhcp[10347]: DHCPOFFER(eth1) 192.168.8.80 00:16:44:b8:94:e3 Mar 8 11:27:03 sede daemon.info dnsmasq-dhcp[10347]: DHCPREQUEST(eth1) 192.168.8.80 00:16:44:b8:94:e3 Mar 8 11:27:03 sede daemon.info dnsmasq-dhcp[10347]: DHCPACK(eth1) 192.168.8.80 00:16:44:b8:94:e3 noteludy Mar 8 11:27:03 sede daemon.info dnsmasq-dhcp[10347]: DHCPREQUEST(eth1) 192.168.8.80 00:16:44:b8:94:e3 Mar 8 11:27:03 sede daemon.info dnsmasq-dhcp[10347]: DHCPACK(eth1) 192.168.8.80 00:16:44:b8:94:e3 noteludy root@sede:~/backup/a/etc/dnsmasq# shouldnt dnsmasq provide the IP present on its lease file, given the fact that lease was still valid ??? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
