Re: [Dnsmasq-discuss] DNSMasq does not resolv *.org domains
Hey Conrad, I can't imagine why it'd only affect .org domains, so maybe this isn't the cause of your problem, but I think your configuration is a little weird. My first guess would be that dnsmasq is recursing infinitely because it sees the same 'nameserver 127.0.0.1' line as other clients? I suggest you try this setup: 1. Only localhost goes in /etc/resolv.conf, so all regular clients query the local dnsmasq only. 2. Point dnsmasq at the real nameservers using a different file, by adding a line like this to dnsmasq.conf: resolv-file=/etc/resolv.conf.upstream 3. Put the upstream nameservers (8.8.8.8, etc) in the new file, but *not* 127.0.0.1 -- you don't want dnsmasq querying itself! Alternatively, if your file is normally generated by the resolvconf program, add a line like this to resolvconf.conf (don't forget to stop prepending localhost, too): resolv_conf=/etc/resolv.conf.upstream -nd. On Thu, Aug 14, 2014 at 4:47 PM, Conrad Kostecki wrote: > Hi! > I am having a very strange problem. I am unable to resolve any *.org domains > via DNSMasq. > My currently used DNSMasq is 2.72test3-7-g993f8cb. The problem happens only > within DNSMasq. > > Galactica # cat /etc/resolv.conf > nameserver 127.0.0.1 > nameserver ::1 > nameserver 8.8.8.8 > nameserver 8.8.4.4 > nameserver 2001:4860:4860:: > nameserver 2001:4860:4860::8844 > > As you see, there is localhost in first two lines defined and then the Google > DNS servers, which DNSMasq should use. > It's pretty funny, that DNSMasq just says, it can't reach any server. But > when I choose the Google DNS directly on the same machine, it works perfectly > fine. So which Server can't DNSMasq reach? > > Galactica # nslookup >> server 127.0.0.1 > Default server: 127.0.0.1 > Address: 127.0.0.1#53 >> gentoo.org > ;; connection timed out; no servers could be reached >> server 8.8.8.8 > Default server: 8.8.8.8 > Address: 8.8.8.8#53 >> gentoo.org > Server: 8.8.8.8 > Address:8.8.8.8#53 > > Non-authoritative answer: > Name: gentoo.org > Address: 89.16.167.134 >> > > What did I wrong? I don't understand this, as it only affects *.org domains?? > > Conrad > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Does DNSSEC require nettle and gmp, or nettle with gmp?
With such superior understanding, shouldn't you be adding OpenSSL support to dnsmasq yourself? That way you can deal with their byzantine API and the resulting bugs, and Simon can instead do something actually worthwhile. On Tue, Apr 1, 2014 at 2:07 PM, Brad Smith wrote: > On 01/04/14 2:02 PM, Nathan Dorfman wrote: > >> Maybe OpenSSL is the right choice anyway, I don't know. But, I thought >> someone should speak up for nettle :) >> > > speaking up for nettle means nothing when you don't understand the > issue at hand. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Does DNSSEC require nettle and gmp, or nettle with gmp?
On Tue, Apr 1, 2014 at 12:54 PM, /dev/rob0 wrote: > a I can't speak to an actual code audit, but nettle isn't some third-rate clone. It's a mature, actively developed and (importantly) thoroughly documented project. If I were to undertake such an audit however, I would surely prefer to have to audit nettle rather than OpenSSL, as unlike the latter, nettle's code is quite readable and even easy on the eyes. Not to mention that there's much less code to begin with, as the library simply doesn't try to do everything OpenSSL does. From their introduction[1]: "Nettle tries to avoid this problem by doing one thing, the low-level crypto stuff, and providing a *simple* but general interface to it. In particular, Nettle doesn't do algorithm selection. It doesn't do memory allocation. It doesn't do any I/O." Maybe OpenSSL is the right choice anyway, I don't know. But, I thought someone should speak up for nettle :) -nd. [1] - http://www.lysator.liu.se/~nisse/nettle/nettle.html#Introduction ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Resolving hostnames discovered by dhcp
I'm pretty sure dnsmasq does this by default. Are you using the DHCP server built into dnsmasq? If so, are you sure all the clients are actually sending the hostname along with their lease requests? In my case, I noticed that not all clients were doing it by default -- dhclient may or may not need a 'send host-name` option in its .conf. -nd. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
