Re: [Dnsmasq-discuss] No DNS server assigned to dhcp clients if port != 53 in dnsmasq.conf

2018-06-30 Thread richardvo...@gmail.com 
Because the DHCP "name-server" attribute (option 6) carries only an IP
address and not a port, this isn't going to work.  The DHCP clients simply
aren't written to configure DNS on any port other than 53.

Now, if your intent is for DHCP clients to use a different DNS server on
the same host, one that is listening on port 53, all you need to do is to
add the following line to your configuration (dnsmasq treats 0.0.0.0 as a
placeholder for "its own address")

dhcp-option=6,0.0.0.0



On Sat, Jun 30, 2018 at 8:39 AM, Gordon Hsiao  wrote:

> If in my dnsmasq.conf I used a different port other than 53 for dns,
> dnsmasq never assigns DNS server to my dhcp clients, is this a feature or a
> bug? for port 53 everything works as expected, of course.
>
> Thanks,
> Gordon
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Re-compile DNSMasq with Visual C

2017-11-26 Thread richardvo...@gmail.com 
>
>
>
> Start with it.
>
> Learn that you are compiling sources for UNIX system on a Microsoft
> Windows system.
>
> Find a UNIX ( Linux / BSD ) system, have clean compile in no time.
>
> Make the code changes that you want to make on the UNIX system.
>

The last point is optional, there's no reason to do your editing from
UNIX.  You can use the Visual Studio editor, with all the power of
Intellisense and plugins, and using the "Linux development" option
(requires Visual Studio 2017), have it invoke GNU make through ssh every
time you build.  It even supports remote invocation of gdb so you can use
the Visual Studio debugging GUI to set breakpoints, watch variables, and
step through the code.  (Of course you need the same dnsmasq options as for
running in a local gdb instance, namely to not daemonize or drop root)

Linux development with Visual Studio 2017 works best if you share the
/usr/include directory as well, but you can do pretty well with just
mounting the source code directory.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [RFC] dns: add option to ban domains

2017-08-09 Thread richardvo...@gmail.com 
>
>
> How is the 'ban-hosts' file updated?  Does it need a SIGHUP to dnsmasq
> (please not another thing hanging off SIGHUP)  Does it need a complete
> restart?
>
> If 'ban-hosts' can be dynamically updated then I can see some value in it,
> until then it looks like it's a syntax nicety.  Perhaps there's some other
> feature we're all missing... is it faster for example?
>
> Kevin
>
>
There is already --servers-file, which can be reloaded without restarting
dnsmasq (via SIGHUP).


And even if --ban-hosts is added as a syntax nicety, what's the rationale
for not just internally using the same well-tested data structure already
implemented for domains banned via --server?  If that lookup isn't
efficient enough, better to improve it instead of adding a parallel one.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmaq giving default gateway address as dns server on DHCP offer

2017-08-06 Thread richardvo...@gmail.com 
If it doesn't work when started at boot, but does if you started it
manually, the most likely reason is that the boot scripts are passing
command-line options such as a different config file.  If you edited the
default config file, when you start dnsmasq by hand, that's the one it
finds.

The command line arguments of the auto-launched dnsmasq instance should
give further information (the 'ps' command should show the command lines of
running processes)

On Sun, Aug 6, 2017 at 1:07 PM, Anoop Ravi  wrote:

> That seems to be correct. That may be the reason why it is working
> when i give dhcp-option 6.
>
> Do you have any guess what could be going wrong? Is there any flag
> which I need to enable to make dnsmasq work as dns server as well?
>
> I have seen a strage behavior as well. Resolution wont work on bootup.
> But when I restart dnsmasq(killing PID and starting commandline) it
> works. Do you have any clue?
>
> Any help is much appreciated.
>
> Thanks,
> Anoop
>
> On 8/6/17, richardvo...@gmail.com  wrote:
> > One clear difference is that the query that succeeded is for a different
> > name than the one that failed.
> >
> > But the bigger problem is that the reply is somehow going straight to the
> > client.  When dnsmasq is acting as a caching proxy, these steps happen:
> >
> > 1. the client sends a query to dnsmasq
> > 2. dnsmasq checks its cache and doesn't find a match
> > 3. dnsmasq sends a query to the upstream server
> > 4. the upstream server sends a reply to dnsmasq
> > 5. dnsmasq adds the information to its cache
> > 6. dnsmasq sends a reply to the client
> >
> > In your capture, #4 isn't happening -- the reply destination address is
> > wrong.
> >
> >
> >
> > On Sun, Aug 6, 2017 at 12:47 PM, Anoop Ravi 
> wrote:
> >
> >> Hi Richard,
> >>
> >> I dont want to use dhcp-option 6 to override nameservers. I took a
> >> packet capture on both local lan interface and the interface which
> >> talks to outside world. I could see that in both scenarios (working
> >> and nonworking), names are getting resolved at the outer interface.
> >> But somehow query is getting refused at the local interface. Do you
> >> have any clue why this is happening?
> >>
> >> Attaching screenshot of comparison on local interface packet capture.
> >>
> >> Thanks,
> >> Anoop
> >>
> >
>
>
> --
> Anoop.
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmaq giving default gateway address as dns server on DHCP offer

2017-08-06 Thread richardvo...@gmail.com 
The default configuration of dnsmasq is to act as a caching proxy server
(this behavior of dnsmasq has existed before dhcp support).  There are a
few reasons the proxying could fail, chief among them being firewall
rules.  If that isn't the problem, increasing the logging detail may give
further clues.

If you want to use dnsmasq only as a DHCP server and not a DNS cache, then
configuring dhcp-option 6 is the right approach.  Note that in this case
you won't be able to look up computers by their dhcp hostname.

A quick summary of nameserver settings:

Lookups from other software on the dnsmasq server: uses /etc/resolv.conf
Lookups from dnsmasq (proxy on behalf of clients): defaults to using
/etc/resolv.conf, can be overridden via --server and/or --resolv-file
options
option "DNS server" sent to DHCP clients: defaults to the IP address of the
dnsmasq server that's in the same block as the address given out, can be
overridden with --dhcp-option 6




On Sun, Aug 6, 2017 at 1:43 AM, Anoop Ravi  wrote:

> Hi,
>
> Richard,
> As you said, I was under an impression that dnsmasq will provide all the
> nameserver entries in resolv.conf to the clients. Thank you for correcting
> me.
>
> But, my clients are not resoving the names with this configuration. It is
> getting correct domain name and server ip as dns server. If I manually add
> resolv.conf entries into dnsmasq.conf using dhcp-option 6, then it will
> start resolving. I can see clients getting nameserver ip at this time.
>
> What could be the reason for this behaviour?
>
> Thanks
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmaq giving default gateway address as dns server on DHCP offer

2017-08-05 Thread richardvo...@gmail.com 
dnsmasq is capable of being the first DNS for clients and determining which
requests should go to the AD controller and which to external DNS.  Or, the
configuration you describe is also possible.


Where Ravi appears to have gone wrong is in thinking that /etc/resolv.conf
addresses would be sent to client.  dnsmasq never does that.

On Sat, Aug 5, 2017 at 12:35 PM,  wrote:

> On 08/05/2017 11:43 AM, /dev/rob0 wrote:
>
>> Yes, there is an option you can use in dnsmasq.conf to change the
>> nameserver[s] given to DHCP clients, but why do you want that?  See the
>> dnsmasq(8) manual for details.
>>
>
> one possibility is on an AD network where all device DNS lookups go
> through the AD controller... the AD controller then talks to dnsmasq
> running on the perimeter firewall and handles the lookups to outside DNS
> servers... everything inside the AD network being restricted to the AD
> network so no individual devices can make lookups outside... they can only
> talk to the AD controller for DNS and the AD controller can only talk to
> dnsmasq for DNS... the AD controller is not the perimeter device for
> traffic headed outside of the AD network... the perimeter firewall running
> dnsmasq is, though...
>
>
> --
>  NOTE: No off-list assistance is given without prior approval.
>*Please keep mailing list traffic on the list unless*
>*a signed and pre-paid contract is in effect with us.*
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] can't get multiple domains to work

2017-02-20 Thread richardvo...@gmail.com 
Have you tried using more than one domain= line?

On Mon, Feb 20, 2017 at 6:57 PM, Spike  wrote:

> Dear all,
>
> first time poster here so first things first, thanks to all of you that
> have worked on dnsmasq, all of us here have greatly benefited for years
> from this great piece of software.
>
> Second, my google-fu and manpage reading are failing me and I can't seem
> to find a way to have dnsmasq resolve queries for multiple domains. I've
> found some posts from 2008 about introducing the feature and a recent one
> about multiple domains, but for different ranges.
>
> What I'm dealing with is a change of domain, so right now dnsmasq.conf has
> domain=good and eventually it will be domain=better , but during the
> transition phase it would be useful if it could be domain=good,better so
> that queries for host.good and host.better resolve to the same dhcp-host
> definition.
>
> is that possible? what's the actual syntax? The manual mentions "domainS",
> plural, but not if there is a particular syntax to specify them and comma
> does not work (for example for local it specifically mentions
> /domain/domain/).
>
> I guess the alternative if the above isn't possible would be to allow any
> kind of domain to basically be ignored so that entries are returned as long
> as the host path matches (this is just during the transition phase so it
> would be ok)
>
> thanks,
>
> Spike
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [OT] A question about MX records

2017-02-19 Thread richardvo...@gmail.com 
If by "alias", you mean a second A record for 84.92.49.234, then the common
practice is to use a hostname of mail.domain.tld

If by "alias", you mean a CNAME, you should know that listing a CNAME in an
MX record violates the RFC.  It often works, but some servers check for
this and reject all mail originating from a domain whose MX is
misconfigured.

On Sun, Feb 19, 2017 at 3:26 PM, Chris Green  wrote:

> I'm afraid this is a little off topic for dnsmasq but I don't know
> where else I could ask.
>
> If I have a small server that is both a basic internet host *and* the
> mail server for that host how does one set up the MX record in the
> zone file?
>
> I.e. I have a server for the domain zbmc.eu and 'host zbmc.eu' returns
> the following:-
>
> chris@cheddar$ host zbmc.eu
> zbmc.eu has address 84.92.49.234
> zbmc.eu mail is handled by 10 zbmc.eu.
> chris@cheddar$
>
> Is this correct or should there be an alias so the mail server has a
> different name?
>
> --
> Chris Green
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] MAC address resolution of virtual machines

2016-08-29 Thread richardvo...@gmail.com 
Not relevant to the issue you still face, but I just wanted to point out
that triggering commands (such as iptables rule creation) based on leases
being issued can be done using either the dhcp-script or DBus messaging,
without having to hack the dnsmasq code itself.

Actually, looking at the man page, some enhancements have been made to that
functionality in newer versions.  Quite possibly the arp-add action might
have exactly the information you need for creating rules to match these
pseudo-routed packets.

On Mon, Aug 29, 2016 at 10:41 AM, Ashish Sharma 
wrote:

> Hi,
>
>  I have been running Dnsmasq on Openwrt (opensource router OS). It also
> acts as DHCP server.
>
>   Once a client connects, I need to whitelist his ip & mac through
> iptables depending on a few criteria. I am able to hack this part out by
> calling appropriate iptables command before the DHCP ACK packets are being
> sent in Dnsmasq code.
>
>  The issue with virtual machines in bridged mode connecting is - while
> Dnsmasq resolve their mac address as the true address, the packets that
> iptables see mac source of the packets as that of the host.
>
>  Now I have two options - either fiddle with Dnsmasq to see if it could
> figure out the host mac address & eventually use that with iptables
> command, or fiddle with iptables to see if it could identify the virtual
> machine packets . I figured, changing Dnsmasq would lead to lesser
> probability of breaking things as it would just happen while the client
> connects, while packets will keep on coming & going all the time.
>
>  Can someone help me on this. Advance thanks.
>
> Ashish
>
> P.S. - if someone knows a better way of doing it,  I am ready to discard
> my work so far & start from scratch.
>
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP packet received on which has no address

2016-08-28 Thread richardvo...@gmail.com 
On Thu, Aug 25, 2016 at 11:57 AM, Albert ARIBAUD 
wrote:

> Le Thu, 25 Aug 2016 18:45:09 +0200
> Albert ARIBAUD  a écrit:
>
>
> > eth0.3 which does not have an IP and netmask, and therefore rightly
> > complain about that.
>
> (developing slightly)
>
> I do understand that most probably -- even though it was not
> stated explicitly -- dnsmasq is receiving its how hosts' DHCP request
> sent by the client running on eth0.3.
>

I suggest a more problematic possibility: the real DHCPOFFER packet coming
from the actual DHCP server to which eth0.3 is connected is being passed to
the dnsmasq process instead of the dhcp client.



>
> This does not really change my reading of the situation: if dnsmasq
> receives this request, it is because eth0.3 is in the list of
> interfaces which dnsmasq is actually listening to, even though it is
> not in the list of interfaces it *should* be listening to. Hence my
> question...
>
> > I don't think, therefore, that what you describe as a bug is [the] one
> > [you are considering]. Rather, I would ask how exactly the list of
> > interfaces dnsmasq should listen on is efined, how exactly eth0.3 is
>
> /s/efined/defined/
>
> > excluded from this list, and whether dnsmasq actually listens only to
> > the given list of interfaces.
>
> ... because obviously dnsmasq is listening on eth0.3 but should not.
>

This (listen only to the given list of interfaces) is what bind-interfaces
is for.  If you are running additional DHCP client or server software on
the same machine as dnsmasq, you MUST use bind-interfaces, otherwise
incoming packets needed by those other processes may be delivered to
dnsmasq instead.

Without bind-interfaces, dnsmasq will filter incoming packets based on the
interface they were received on, but non-matching packets will be
discarded, not redelivered to some other process.

Arguably, the dhcp client process should be binding to an interface itself,
so that it becomes a better match for incoming DHCPOFFER traffic.  But the
fact you're seeing this dnsmasq log message indicates that this has not
been done.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Many immortals slow down dnsmasq. Bug or expected ?

2015-10-05 Thread richardvo...@gmail.com 
There are some awesome data structures for simultaneously matching against
huge numbers of patterns (as opposed to literal fixed strings).  dnsmasq
would get a lot more complicated if it tried to implement them, and
complication in an internet-facing daemon is a "BAD thing" because it
increases the chance that there's an exploitable bug.  Since the feature
you're using is designed for something completely different from request
blocking, perhaps there should be a pluggable interface just for filtering
requests (e.g. open a pipe to an external process, just like it does for
lease script, and writes nul-separated hostnames getting back a boolean
response whether to allow or block each request).  Then the external
process could be compiled for speed using antlr or bison or any other
parser generator that knows how to build the fancy state machine tables.
And buffer overflows or anything else that went seriously wrong in the
request filter couldn't impact dnsmasq -- it would just cause a broken
pipe.  Because the request filter wouldn't need root access like the
leasefile script, it could respawn on SIGUSR.

Just my two cents, I'm not volunteering to write the code.

Ben

On Mon, Oct 5, 2015 at 9:35 AM, wkitt...@gmail.com 
wrote:

> On 10/03/2015 06:37 PM, Simon Kelley wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> address=/abcd/0.0.0.0/ does NOT use the cache code. There's an implied
>> wildcard in the domain name, it matches *.abcd. The matching for this
>> is a relatively slow, linear, search. It is certainly not suitable for
>> 25 names!
>>
>> If you don't need the wildcard matching, then using
>>
>> host-record=abcd,0.0.0.0
>>
>> instead will make real cache entries, which are efficently searched.
>> That will be much, much faster.
>>
>
> what does one do if they do need wildcard matching?
>
> --
>  NOTE: No off-list assistance is given without prior approval.
>*Please keep mailing list traffic on the list* unless
>private contact is specifically requested and granted.
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Selective logging for "log-queries"

2015-06-22 Thread richardvo...@gmail.com 
Filtering the log should be a feature of your syslog daemon.

For example, this question on SuperUser explains how to exclude certain
message patterns:
http://unix.stackexchange.com/questions/52860/how-to-exclude-given-lines-in-syslog-ng

On Mon, Jun 22, 2015 at 12:23 AM, Albert ARIBAUD 
wrote:

> Hi Richard,
>
> The question is about controlling what is logged, not where it is (and
> no, I don't have any idea except poor man's solutions such as filtering
> the whole log -- wherever it comes from -- through grep plus tailf).
>
> Ammicalement,
> Albert.
>
> Le Sun, 21 Jun 2015 20:23:27 -0500, "richardvo...@gmail.com"
>  a écrit :
>
> > Configure dnsmasq to log via syslog, and filter there.
> >
> > The relevant configuration option is:
> >
> > *-8, --log-facility=* Set the facility to which dnsmasq will
> send
> > syslog entries, this defaults to DAEMON, and to LOCAL0 when debug mode is
> > in operation. If the facility given contains at least one '/' character,
> it
> > is taken to be a filename, and dnsmasq logs to the given file, instead of
> > syslog. If the facility is '-' then dnsmasq logs to stderr. (Errors
> whilst
> > reading configuration will still go to syslog, but all output from a
> > successful startup, and all output whilst running, will go exclusively to
> > the file.) When logging to a file, dnsmasq will close and reopen the file
> > when it receives SIGUSR2. This allows the log file to be rotated without
> > stopping dnsmasq.
> >
> > On Sun, Jun 21, 2015 at 7:48 PM, Richard Nelson 
> wrote:
> >
> > > Greetings,
> > >
> > >
> > > On Sun, Jun 21, 2015 at 1:32 AM, reiner otto 
> > > wrote:
> > >
> > >> Option "log-queries" generates a lot of info. Is there any means, to
> log
> > >> less info ? Particularly, I am only interested in the DNS-request,
> arriving
> > >> at dnsmasq.
> > >>
> > >>
> > > I too am interested in how to achieve this.
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Selective logging for "log-queries"

2015-06-21 Thread richardvo...@gmail.com 
Configure dnsmasq to log via syslog, and filter there.

The relevant configuration option is:

*-8, --log-facility=* Set the facility to which dnsmasq will send
syslog entries, this defaults to DAEMON, and to LOCAL0 when debug mode is
in operation. If the facility given contains at least one '/' character, it
is taken to be a filename, and dnsmasq logs to the given file, instead of
syslog. If the facility is '-' then dnsmasq logs to stderr. (Errors whilst
reading configuration will still go to syslog, but all output from a
successful startup, and all output whilst running, will go exclusively to
the file.) When logging to a file, dnsmasq will close and reopen the file
when it receives SIGUSR2. This allows the log file to be rotated without
stopping dnsmasq.

On Sun, Jun 21, 2015 at 7:48 PM, Richard Nelson  wrote:

> Greetings,
>
>
> On Sun, Jun 21, 2015 at 1:32 AM, reiner otto 
> wrote:
>
>> Option "log-queries" generates a lot of info. Is there any means, to log
>> less info ? Particularly, I am only interested in the DNS-request, arriving
>> at dnsmasq.
>>
>>
> I too am interested in how to achieve this.
>
>
>
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Kind request regarding Dnsmasq's Dns response auto caching feature not working

2015-05-30 Thread richardvo...@gmail.com 
Because of your configuration, none of those packets are going to dnsmasq
at all.  The problem is this line.

listen-address=127.0.0.1

On Sat, May 30, 2015 at 5:21 PM, Joyabrata Ghosh 
wrote:

> Dear Dnsmasq Experts,
>
> Myself new to Dnsmasq and facing issues in personally evaluating Auto
> Caching feature of very popular Dnsmasq product.
>
> Followed the recommended links inline, however unable to resolve the
> caching issue, kindly share some expertise advice/pointer to resolve the
> caching problem, setup details inline:
>
>
> Thanks & Regards,
> JGhosh
> Networking developer, Bangalore, India
>
> ==
> ==
>
> references official:
> http://www.thekelleys.org.uk/dnsmasq/doc.html
> http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
>
> references other:
> https://help.ubuntu.com/community/Dnsmasq
> http://www.cyberciti.biz/faq/caching-dns-server/
>
> http://www.georgestarcher.com/splunk-dns-lookup-performance-and-caching-with-dnsmasq/
>
> http://unix.stackexchange.com/questions/162973/how-to-measure-dns-cache-efficiency-cached-items/206403#206403
>
> http://serverfault.com/questions/695441/dnsmasqs-dns-response-auto-caching-feature-not-working
>
> http://www.devshed.com/c/a/braindump/managing-a-linux-wireless-access-point/
>
> *Problem Description:*
>
> Dnsmasq Cache and Internal Log on USR1 signal dump (when running with or
> without --no-daemon and --log-queries for analysis) it always shows: 0/0
> cache, meaning caching feature of Dnsmasq not working.
>
> It is also observed that although repetitive DNS A?(host query) and
> A(response) records are populated successfully over the same listening
> interface continuously, but cache count still remains 0.
>
> Any one having any idea how to solve/debug this Dnsmasq Cache Not Working
> problem ?
>
> Alternatively, please suggest another Ubuntu linux supported DNS Caching
> tool which can be configured for targeted interface.
>
> >  **dnsmasq: cache size 150, 0/0 cache insertions re-used unexpired cache
> entries**
>
>
>
> root@host1:~# sudo pkill -USR1 dnsmasq
> dnsmasq: query[] host1 from 127.0.0.1
> dnsmasq: query[] host1 from 127.0.0.1
> dnsmasq: query[A] host1 from 127.0.0.1
> dnsmasq: query[A] host1 from 127.0.0.1
> sudo: unable to resolve host host1
> dnsmasq: time 1432979095
> dnsmasq: cache size 150, 0/0 cache insertions re-used unexpired cache
> entries.
> dnsmasq: queries forwarded 0, queries answered locally 4
> dnsmasq: Host Address Flags Expires
> dnsmasq: ip6-loopback ::1 6F I H
> dnsmasq: pep 127.0.1.1 4FRI H
> dnsmasq: ip6-mcastprefix ff00:: 6FRI H
> dnsmasq: ip6-allrouters ff02::2 6FRI H
> dnsmasq: ip6-localhost ::1 6FRI H
> dnsmasq: localhost 127.0.0.1 4FRI H
> dnsmasq: ip6-allnodes ff02::1 6FRI H
> dnsmasq: ip6-localnet fe00:: 6FRI H
> [1]- User defined signal 1 /etc/init.d/dnsmasq restart
> root@host1:~#
>
> TCPDUMP ON DNSMASQ Interface:
>
> 05:40:47.555213 IP 172.20.20.10.52592 > 172.20.20.2.53: 8856+ A?
> app.host2.com. (45)
> 05:40:47.558364 IP 172.20.20.2.53 > 172.20.20.10.52592: 8856* 1/0/0 A
> 10.60.60.190 (61)
> 05:41:52.875128 IP 172.20.20.10.60448 > 172.20.20.2.53: 11981+ A?
> app.host2.com. (45)
> 05:41:52.878377 IP 172.20.20.2.53 > 172.20.20.10.60448: 11981* 1/0/0 A
> 10.60.60.190 (61)
> 05:42:44.241724 IP 172.20.20.10.65300 > 172.20.20.2.53: 6667+ A?
> app.host2.com. (45)
> 05:42:44.244808 IP 172.20.20.2.53 > 172.20.20.10.65300: 6667* 1/0/0 A
> 10.60.60.190 (61)
>
> Dnsmasq setting: /etc/dnsmasq.conf
>
> log-facility=/var/log/dnsmasq.log
> log-queries
> log-dhcp
> no-daemon
> listen-address=127.0.0.1
> port=53
> interface=eth0
> bind-interfaces
> cache-size=1000
> neg-ttl=3600
>
> Dnsmasq Running as inline from default:
>
> root@host1:~# /etc/init.d/dnsmasq restart
> * Restarting DNS forwarder and DHCP server dnsmasq
>
> dnsmasq: started, version 2.68 cachesize 1000
> dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP
> DHCPv6 no-Lua TFTP conntrack ipset auth
> dnsmasq: reading /etc/resolv.conf
> dnsmasq: using nameserver 11.45.45.9#53
> dnsmasq: read /etc/hosts - 7 addresses
> User defined signal 1
> root@host1:~# dnsmasq: time 1433019086
> dnsmasq: cache size 1000, 0/0 cache insertions re-used unexpired cache
> entries.
> dnsmasq: queries forwarded 0, queries answered locally 0
> dnsmasq: queries for authoritative zones 0
> dnsmasq: Host Address
>
> Flags Expires
> dnsmasq: ip6-allnodes ff02::1
>
> 6FRI   H
> dnsmasq: ip6-localnet fe00::
>
> 6FRI   H
> dnsmasq: ip6-localhost::1
>
> 6FRI   H
> dnsmasq: pep  127.0.1.1
>
> 4FRI   H
> dnsmasq: ip6-mcastprefix  ff00:

Re: [Dnsmasq-discuss] DBus API

2015-05-22 Thread richardvo...@gmail.com 
>
> I can see why rereading *all* configuration would require root
> privileges, but certainly a simple refresh of the DNS information
> doesn't since that would just update internal structures and not require
> opening any additional ports, since they would already be open.
>
> Dan
>
>
dnsmasq already does refresh the DNS server list without respawn.  It's not
even necessary to send a signal, it detects changes to the list.

See the -r and -R options.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DBus API

2015-05-21 Thread richardvo...@gmail.com 
>
> For the short term, NM does have an /etc/NetworkManager/dnsmasq.d
> directory where you can toss dnsmasq config files, which NM will pass to
> dnsmasq when it spawns it.  Unfortunately, because D-Bus gets used on
> Ubuntu and dnsmasq isn't respawned on changes, that won't work for you.
> Ideally, dnsmasq would get some kind of SIGHUP-like signal that *would*
> re-read config files too, and then you could dump your info there and
> SIGxxx it and everything would be fine.
>

Can't seem to find this in the documentation, but the reason that SIGHUP
only rereads datafiles (hostsfile, /etc/ethers, etc) and not configuration
has been explained before:

Implementing configuration (opening port 53, among other things) requires
root privilege.  But signals are received after dnsmasq drops root.
Allowing full reconfiguration while dnsmasq is running would open the door
to privilege escalation, and therefore is excluded as an intentional design
decision.

Ideally, you would fix your wrapper's behavior that "dnsmasq isn't
respawned on changes", because this behavior is wrong.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Any way to set the lease-time for hosts derived from /etc/ethers?

2015-05-08 Thread richardvo...@gmail.com 
On Fri, May 8, 2015 at 2:35 PM, Simon Kelley 
wrote:

> On 04/05/15 12:42, Rick Thomas wrote:
> >
> > Is there any way to set the lease time for a client derived from the
> > /etc/ethers file?
> >
> > I can set a lease time for a lease derived from a “dhcp-range” or
> > “dhcp-host” config statement, but I can’t find any way to set it for
> > the “implied” dhcp-host config when the host comes from /etc/ethers
> > via a “read-ethers” config.
> >
>
> You can't put a lease time in /etc/ethers. The format of the ethers file
> is defined outside dnsmasq and doesn't have the syntax to represent it.
>
> You can keep the /etc/ethers file and include lease times separately  in
> dhcp-hosts configs with just a MAC addresses or hostname and lease time.
>

You presumably have a "dhcp-range static" option already configured, since
it is needed for read-ethers to work, and the lease time can be set there
for the entire group, but not individually.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Thanks and question

2015-02-10 Thread richardvo...@gmail.com 
You're imagining the "reserved range".

The --dhcp-host configuration option of dnsmasq will reserve an address.
--dhcp-range=static will not.

Simon just explained that adding a pool automatically starts serving static
addresses in the remainder of the subnet, so your "dynamic from .1 to .99
and reserved from .100 to .254" case is covered by
--dhcp-range=x.y.z.1,x.y.z.99,255.255.255.0

On Tue, Feb 10, 2015 at 2:17 PM, A James Boswell 
wrote:

> Thanks Simon,
> I understand the rational. Ideally though, I would like to be able to
> specify an arbitrary range rather than whole subnet for the reserved range,
> for example dynamic from .1 to .99 and reserved from .100 to .254. Not a
> neat CIDR boundary, so not possible at the moment and I have settles for
> the nearest /25 at .128
>
> I can't see any networking reason for requiring reserved addresses to be
> demarcated at a subnet boundary. As long as there are no collisions between
> dynamic and static ranges, they can share the same subnet in routing terms.
>
> Your thoughts?
>
> Regards
>
> A. James Boswell
> ja...@boswellbunch.com
>
> > On 9 Feb 2015, at 10:40 pm, Simon Kelley 
> wrote:
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> >
> > You can think of a dhcp-range statement as supplying two things: a
> > subnet in which DHCP happens and a range of addresses within that
> > subnet which can be dynamically allocated to DHCP clients.
> >
> > It doesn't constrain dhcp-host entries to be within the dynamic range,
> > only the subnet, so
> >
> > dhcp-range=192.168.1.100,192.168.1.200,255.255.255
> > dhcp-host=myhost,192.168.1.80
> >
> > Is perfectly sensible: unknown hosts go into
> > 192.168.1.100-192.168.1.200 and known hosts go elsewhere where they
> > can't be interfered with by dynamic allocation, are amenable to
> > different firewall rules, etc etc.
> >
> >
> > dhcp-range=192.168.1.0.static,255.255.255.0
> >
> > Just provides the subnet to enable the relevant dhcp-host entries,
> > without providing any range for dynamic allocation, so unknown hosts
> > will fail to get an address.
> >
> >
> > Cheers,
> >
> > Simon.
> >
> >
> >
> >
> > On 08/02/15 03:14, A James Boswell wrote:
> >> G’day, I only just came across dnsmasq and installed and
> >> configured it yesterday. It’s great. Thank you.
> >>
> >> My question. What is the reasoning behind dhcp-host static entries
> >> being subnets, not start and end ranges? The syntax on the man
> >> page suggests start and end addresses should work, though the
> >> description says subnet. Sure enough a range fails —test.
> >> Fortunately I was close to a /25 boundary anyway, but is there some
> >> reason it couldn’t work the other way?
> >>
> >> Thanks again - it’s a really well structured, easy to configure
> >> solution for small networks. One that’s been sorely missing.
> >>
> >> A. James Boswell ja...@boswellbunch.com
> >>
> >>
> >>
> >>
> >> ___ Dnsmasq-discuss
> >> mailing list Dnsmasq-discuss@lists.thekelleys.org.uk
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v1
> >
> > iQIcBAEBCAAGBQJU2JylAAoJEBXN2mrhkTWimzkP/ilfV1dRFnmgLsGfrOWDAmA7
> > EXmEF5qT4YKPcgV6U8PmVciohFdAWnho6vbeD5Hz8y7USyESWt9ALOq3jO7BcG2m
> > 1JXZEIX9XoR258VIlgdE6iuGHU++UoOSqfTHmdVKWQNfZgARsmbYuBJQyW6bmbgP
> > 0XwmzVuiGdLLmM9DcoTB415SPjaxwleIBKv8kGog9aOH4tusBofuhft7PQDJchIY
> > /17RM3fyJuiOB11JeaRazwW0/0DCu/eFNbFcYGwWlZBvcPAlmNIBLAYi1trw+YrW
> > eNq1DX+242IsOF8JrTl5pvEmwas35KzN9cF62ihzp9DcvzZ1zeTDNNWthp/6U/Wt
> > D5CR/aniiEaYcD+RGr9NtWLcvzM6SMY7tvnJW2w+uFdx+PvYtcR9hgCpe4UPbM2R
> > trsdJ0VfoI3Ag2FawOG7+a1piz39Hs/YG+O97VzIKs0kZbxNmoDkU9db6jDRoOqE
> > w8WFDo1PsDnNUJ6q1I/nPQL/yro55DyoE8pj7YHobYVRvc7O181ZjtrCs1sNVJk4
> > 1XEmT1eir1dkYmZritj08zjSrJvy1oD57q0OsMUVWME8VPSE57oacOWtsvHhjUIb
> > FWKCVKxy3IXDN8tE+wT4tEsq6bYsPkZF9Wa6Fyfb38YVIPj0OZz1A5QUYa6/g0F6
> > DZIDj88SvdItR5YD6vZH
> > =/+WN
> > -END PGP SIGNATURE-
> >
> > ___
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss@lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Secondary dnsmasq server?

2014-10-02 Thread richardvo...@gmail.com 
If dnsmasq had every imaginable feature, like syncing the DHCP lease list
for failover, then it would no longer be "easy and small".

You can, however, do something almost as good:
* Don't use dhcp-authoritative
* Give each of the two servers non-overlapping pools of addresses

Just a quick question -- you're worried about DHCP downtime, which is
usually a non-issue because of lease length, but what about downtime of the
primary gateway?  Are your DHCP services running on boxes other than the
gateway?  Configuring routing tables to automatically failover to a backup
gateway is a lot more complex than getting two DHCP servers to coexist.

On Wed, Oct 1, 2014 at 8:18 PM, Don Harper  wrote:

> Hello,
>   I did a brief search into the archives for the last two years, and did
> not find what I am looking for.
>
> I have been using dnsmasq as the primary DNS & DHCP server for my home lan
> for many years now, and love it. But, I would like to have a secondary
> server running to pick up the slack if the primary is off-line for any
> reason (currently, I need to apply a security fix to the OS which will
> force a reboot).
>
> I have found the config to tell the primary (ns1) about the secondary
> (ns2), and allow ns2 to start a zone transfer from ns1, but what I cannot
> find is how to configure ns2 to be a secondary and poll ns1 as needed.  In
> addition, I have not seen any way to tell ns2 it is a backup DHCP server.
> I know that I could do it with ISC dhcpd, but I like how easy and small
> dnsmasq is, so I thought I would try this way first.
>
> Thanks for the awesome project, and hopefully thanks in advance for an
> answer (pointers for RTFM'ing would be great, as well!)
>
> Don
>
> --
> Don Harper
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Shellshock.

2014-09-30 Thread richardvo...@gmail.com 
> Although, to be honest, although the DHCP vector is trivial to exploit
> [1], if the attacker can give you a bogus DHCP reply you've lost already.
>
> At this point, the attacker already has a full man-in-the-middle of all
> network traffic, and can easily launch invisible attacks on clients (e.g.
> cause a hidden iframe to appear to their metasploit server instance, insert
> cached scripts into the browser context, etc...).
>

You're looking at risks to the DHCP client.  This is the dnsmasq mailing
list, where we're concerned first about securing the DHCP *server* against
malicious clients.


>
>
> [1] the DHCP server on my test network has: option domain-name "() {
> ignored;}; /bin/touch pwnage ; (/bin/sleep 10; /bin/ping -c 10 10.128.0.2)
> & "; in its config
>

That's not valid syntax for a dnsmasq config.



>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Shellshock.

2014-09-30 Thread richardvo...@gmail.com 
The problem is that there seems to be no standard for what characters have
special meaning in environment variables (other than the usual "none do"
which bash is violating here).  Without that, or at least a guarantee that
certain character AREN'T special, it's not possible to sanitize.

On Tue, Sep 30, 2014 at 4:05 AM, Roy Marples  wrote:

> Hi Simon
>
> On Monday 29 Sep 2014 20:17:56 Simon Kelley wrote:
> > There's no definition of what is allowed in those DHCP options, so it's
> > quite possible that a shell metacharacter would be encountered.
> > Sanitising the strings would therefore change what gets passed to the
> > script, ie it would be an API change.
>
> I've not looked at the dnsmasq source for this, but are you encoding binary
> non graphic data? If not, what is the expectation in script? If so, you are
> encoding it regardless - thus if you encode the shell metas in a similar
> fashion the API hasn't changed.
>
> Just because the DHCP RFC for option foo says it's an ASCII string does not
> mean that's what is really in the option, could easily be a PNG of Rick
> Astley!
>
> > Of course, the shell isn't supposed to interpret metacharacters in the
> > value of shell variables unless explicitly told to: so sanitising
> > shouldn't be required (though I concede it would mitigate a lot of
> > common shell-script errors.)
>
> Shells shouldn't allow function definitions in variables, but here we are
> :)
>
> Thanks
>
> Roy
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Shellshock.

2014-09-26 Thread richardvo...@gmail.com 
I know this could be found in the code, and my own systems have busybox not
bash, but I thought I'd ask for general interest:

Is this a matter only of the shebang line in the script, or does dnsmasq
use `system()` to run it, meaning that control passes through the user's
login shell before transferring to the interpreter listed in the shebang?

If the script is execed or spawned, then changing the shebang to /bin/ash
or other non-bash implementation which aims for bash compatibility could be
an even faster workaround (that also cures aftershock).

BTW, isn't that script executed as root only in --leasefile-ro mode, and
that without remote input in the environment?  Oh nevermind, the script
always gets invoked from the dnsmasq process that doesn't drop privilege,
unless that new --dhcp-scriptuser option is active.

On Fri, Sep 26, 2014 at 4:14 PM, Simon Kelley 
wrote:

> This is just a heads-up that if you're using the --dhcp-script option in
> dnsmasq, and the script you're calling is being interpreted by bash,
> then you're affected by the shellshock bug.
>
> The bug allows execution of arbitrary code contained in the values of
> environment variables, and there are several variables in the
> environment inherited by the DHCP script whose values can be set
> directly by a DHCP client, so any DHCP client on your network (or
> elsewhere, if your firewall allows) can execute arbitrary shellcode,
> probably as root, with a simple DHCP request.
>
> The fix, of course, is to update bash.
>
>
> Cheers,
>
> Simon.
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] ARP ignores DHCP ACKs !

2013-12-24 Thread richardvo...@gmail.com 
I agree that *not* responding is the correct and required behavior.

Any response would indicate an address collision.


On Tue, Dec 24, 2013 at 8:55 AM, Matthias Andree wrote:

> Am 24.12.2013 13:35, schrieb Nikita N.:
> > Hi :) Im having a strange issue here with DHCP/ARP I cant solve..
> > DHCP works good, it receives a REQ from client MAC asking the preferred
> > ip, e.g. 192.168.0.10, and DHCP answers correctly ACK..
> > But after that, my client keeps asking the following ARP requests to
> > broadcast: "Who has 192.168.0.10? Tell 0.0.0.0" .. it expects the answer
> > like "192.168.0.10 is at XX.XX.XX.XX.XX", where XX is the client MAC..
> > but it never comes :(
>
> Perhaps it is running duplicate address detection to make sure nobody is
> using the address, before it grabs it?  Or the DHCP responses do not
> make it for the client, or the client drops them on the floor.
>
> > It looks like dnsmasq does NOT inform the system ARP about the client ip
> > it just ACKed, resulting always in connection error/absent ..
>
> Nor should it.
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNSMasq and DNS reflection attacks

2013-10-24 Thread richardvo...@gmail.com 
In lieu of state tracking, I believe you can configure dnsmasq to use a
different port when making requests of upstream servers, so replies don't
match the "inbound to port 53" rule.  Or just unconditionally allow
upstream servers only as you mentioned.


On Thu, Oct 24, 2013 at 5:41 PM, Brian Rak  wrote:

>  On 10/24/2013 4:40 PM, richardvo...@gmail.com wrote:
>
> Sorry, I should mention only drop packets in state "NEW", you don't want
> to drop replies to your own queries.
>
>
> On Thu, Oct 24, 2013 at 3:39 PM, richardvo...@gmail.com <
> richardvo...@gmail.com> wrote:
>
>> Your case should be easy to stop with a firewall rule.  Just block all
>> packets matching the dns listen port (53 usually) in the INPUT chain, where
>> the source address is outside your block.
>>
>>  Optionally (this prevents reflection attacks against your own network
>> which you said is not required), configure your router to drop packets
>> arriving on its external interface where the source IP is within your
>> internal network.  This is called a reverse route check.
>>
>>
>> On Thu, Oct 24, 2013 at 12:11 PM, Brian Rak  wrote:
>>
>>>
>>> On 10/24/2013 1:00 PM, Simon Kelley wrote:
>>>
>>>> On 24/10/13 17:46, Brian Rak wrote:
>>>>
>>>>>
>>>>> On 10/24/2013 12:28 PM, Simon Kelley wrote:
>>>>>
>>>>>> On 24/10/13 17:03, Brian Rak wrote:
>>>>>>
>>>>>>> We've recently undertaken a project to clean up our network, and lock
>>>>>>> down all the open DNS resolvers. As you may know, these are very
>>>>>>> frequently used for DDOS attacks: http://openresolverproject.org/ ,
>>>>>>> http://www.team-cymru.org/Services/Resolvers/ .
>>>>>>>
>>>>>>> I haven't been able to find any sort of configuration option that
>>>>>>> would
>>>>>>> prevent DNSMasq from being abused like this, and I've had to resort
>>>>>>> to
>>>>>>> iptables rules instead. Is there a configuration option that that
>>>>>>> would
>>>>>>> disable responding to DNS queries from certain interfaces? The other
>>>>>>> option that seems handy would be one to only reply to DNS queries
>>>>>>> from
>>>>>>> hosts that have a configured DHCP lease.
>>>>>>>
>>>>>>> Are there any features of DNSMasq that would prevent it from being
>>>>>>> abused to conduct attacks?
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> This is an important topic, and quite difficult to understand, so I'm
>>>>>> going to take this opportunity to try and put a definitive statement
>>>>>> on the record.
>>>>>>
>>>>>> First the simple stuff.
>>>>>>
>>>>>> Dnsmasq has --interface --except-interface and --listen-address
>>>>>> configuration options that disable response to DNS queries from
>>>>>> certain interfaces. The first thing that has to be done is to use
>>>>>> these. Mostly it's the only thing that needs to done.
>>>>>>
>>>>>>
>>>>>> Now, the complicated stuff.
>>>>>>
>>>>>> Under certain circumstances, --interface= degrades to mean
>>>>>> the same as --listen-address=. For instance if
>>>>>> eth0 has address 192.168.0.1 and dnsmasq is configured with
>>>>>> --interface=eth0, then dnsmasq will reply to any query which is sent
>>>>>> to 192.168.0.1, no matter what interface it actually arrives at. The
>>>>>> circumstance under which happens is when the --bind-interfaces flag is
>>>>>> used.
>>>>>>
>>>>>> Now, in the above example, this isn't a problem, since a botnet can't
>>>>>> direct traffic to an RFC-1918 address. If, on the other hand, the
>>>>>> address of an internal interface (ie one configured to accept DNS
>>>>>> queries) is globally routable, then queries which arrive via another
>>>>>> interface (ie one linked to the internet) with the destination address
>>>>>> of the internal interface _will_ be replied to, and a DNS reflection
>>>>>> attack is possible.
>>>&g

Re: [Dnsmasq-discuss] DNSMasq and DNS reflection attacks

2013-10-24 Thread richardvo...@gmail.com 
Sorry, I should mention only drop packets in state "NEW", you don't want to
drop replies to your own queries.


On Thu, Oct 24, 2013 at 3:39 PM, richardvo...@gmail.com <
richardvo...@gmail.com> wrote:

> Your case should be easy to stop with a firewall rule.  Just block all
> packets matching the dns listen port (53 usually) in the INPUT chain, where
> the source address is outside your block.
>
> Optionally (this prevents reflection attacks against your own network
> which you said is not required), configure your router to drop packets
> arriving on its external interface where the source IP is within your
> internal network.  This is called a reverse route check.
>
>
> On Thu, Oct 24, 2013 at 12:11 PM, Brian Rak  wrote:
>
>>
>> On 10/24/2013 1:00 PM, Simon Kelley wrote:
>>
>>> On 24/10/13 17:46, Brian Rak wrote:
>>>
>>>>
>>>> On 10/24/2013 12:28 PM, Simon Kelley wrote:
>>>>
>>>>> On 24/10/13 17:03, Brian Rak wrote:
>>>>>
>>>>>> We've recently undertaken a project to clean up our network, and lock
>>>>>> down all the open DNS resolvers. As you may know, these are very
>>>>>> frequently used for DDOS attacks: 
>>>>>> http://openresolverproject.**org/<http://openresolverproject.org/>,
>>>>>> http://www.team-cymru.org/**Services/Resolvers/<http://www.team-cymru.org/Services/Resolvers/>.
>>>>>>
>>>>>> I haven't been able to find any sort of configuration option that
>>>>>> would
>>>>>> prevent DNSMasq from being abused like this, and I've had to resort to
>>>>>> iptables rules instead. Is there a configuration option that that
>>>>>> would
>>>>>> disable responding to DNS queries from certain interfaces? The other
>>>>>> option that seems handy would be one to only reply to DNS queries from
>>>>>> hosts that have a configured DHCP lease.
>>>>>>
>>>>>> Are there any features of DNSMasq that would prevent it from being
>>>>>> abused to conduct attacks?
>>>>>>
>>>>>>
>>>>>
>>>>> This is an important topic, and quite difficult to understand, so I'm
>>>>> going to take this opportunity to try and put a definitive statement
>>>>> on the record.
>>>>>
>>>>> First the simple stuff.
>>>>>
>>>>> Dnsmasq has --interface --except-interface and --listen-address
>>>>> configuration options that disable response to DNS queries from
>>>>> certain interfaces. The first thing that has to be done is to use
>>>>> these. Mostly it's the only thing that needs to done.
>>>>>
>>>>>
>>>>> Now, the complicated stuff.
>>>>>
>>>>> Under certain circumstances, --interface= degrades to mean
>>>>> the same as --listen-address=. For instance if
>>>>> eth0 has address 192.168.0.1 and dnsmasq is configured with
>>>>> --interface=eth0, then dnsmasq will reply to any query which is sent
>>>>> to 192.168.0.1, no matter what interface it actually arrives at. The
>>>>> circumstance under which happens is when the --bind-interfaces flag is
>>>>> used.
>>>>>
>>>>> Now, in the above example, this isn't a problem, since a botnet can't
>>>>> direct traffic to an RFC-1918 address. If, on the other hand, the
>>>>> address of an internal interface (ie one configured to accept DNS
>>>>> queries) is globally routable, then queries which arrive via another
>>>>> interface (ie one linked to the internet) with the destination address
>>>>> of the internal interface _will_ be replied to, and a DNS reflection
>>>>> attack is possible.
>>>>>
>>>>> This has mainly been seen in libvirt and OpenStack installations which
>>>>> use dnsmasq, since sometimes they are provisioned with "real"
>>>>> addresses. I'd expect to see problems in the future with IPv6, since
>>>>> far more people will be using globally routable addresses with IPv6.
>>>>>
>>>>> The reason that this happens is that --bind-interfaces uses the
>>>>> bare-minimum BSD sockets API only. Detecting which interface a packet
>>>>> arrived on, rather than the address to which it wa

Re: [Dnsmasq-discuss] DNSMasq and DNS reflection attacks

2013-10-24 Thread richardvo...@gmail.com 
Your case should be easy to stop with a firewall rule.  Just block all
packets matching the dns listen port (53 usually) in the INPUT chain, where
the source address is outside your block.

Optionally (this prevents reflection attacks against your own network which
you said is not required), configure your router to drop packets arriving
on its external interface where the source IP is within your internal
network.  This is called a reverse route check.


On Thu, Oct 24, 2013 at 12:11 PM, Brian Rak  wrote:

>
> On 10/24/2013 1:00 PM, Simon Kelley wrote:
>
>> On 24/10/13 17:46, Brian Rak wrote:
>>
>>>
>>> On 10/24/2013 12:28 PM, Simon Kelley wrote:
>>>
 On 24/10/13 17:03, Brian Rak wrote:

> We've recently undertaken a project to clean up our network, and lock
> down all the open DNS resolvers. As you may know, these are very
> frequently used for DDOS attacks: 
> http://openresolverproject.**org/,
> http://www.team-cymru.org/**Services/Resolvers/.
>
> I haven't been able to find any sort of configuration option that would
> prevent DNSMasq from being abused like this, and I've had to resort to
> iptables rules instead. Is there a configuration option that that would
> disable responding to DNS queries from certain interfaces? The other
> option that seems handy would be one to only reply to DNS queries from
> hosts that have a configured DHCP lease.
>
> Are there any features of DNSMasq that would prevent it from being
> abused to conduct attacks?
>
>

 This is an important topic, and quite difficult to understand, so I'm
 going to take this opportunity to try and put a definitive statement
 on the record.

 First the simple stuff.

 Dnsmasq has --interface --except-interface and --listen-address
 configuration options that disable response to DNS queries from
 certain interfaces. The first thing that has to be done is to use
 these. Mostly it's the only thing that needs to done.


 Now, the complicated stuff.

 Under certain circumstances, --interface= degrades to mean
 the same as --listen-address=. For instance if
 eth0 has address 192.168.0.1 and dnsmasq is configured with
 --interface=eth0, then dnsmasq will reply to any query which is sent
 to 192.168.0.1, no matter what interface it actually arrives at. The
 circumstance under which happens is when the --bind-interfaces flag is
 used.

 Now, in the above example, this isn't a problem, since a botnet can't
 direct traffic to an RFC-1918 address. If, on the other hand, the
 address of an internal interface (ie one configured to accept DNS
 queries) is globally routable, then queries which arrive via another
 interface (ie one linked to the internet) with the destination address
 of the internal interface _will_ be replied to, and a DNS reflection
 attack is possible.

 This has mainly been seen in libvirt and OpenStack installations which
 use dnsmasq, since sometimes they are provisioned with "real"
 addresses. I'd expect to see problems in the future with IPv6, since
 far more people will be using globally routable addresses with IPv6.

 The reason that this happens is that --bind-interfaces uses the
 bare-minimum BSD sockets API only. Detecting which interface a packet
 arrived on, rather than the address to which it was sent, needs
 non-portable API, and is impossible on some platforms (openBSD, for
 instance) --bind-interfaces is a "works everywhere" least common
 denominator. It's also useful when you're running multiple instances
 of dnsmasq on one host, which is why most people use it.

 The fix is to use either the default listening mode, or if running
 multiple instances, the new --bind-dynamic mode. --bind-dynamic is
 only available on Linux, and --bind-interfaces is the only mode
 available on openBSD, so BSD users have rather more problems here.

 Summary. There's a problem is you want to accept queries in an
 internal interface with a globally routable address and use
 --bind-interfaces. The fix is to remove --bind-interfaces and, if
 necessary, replace it with --bind-dynamic. This fix is not applicable
 on all platforms,

 The Real Soon Now 2.67 release logs a very prominent warning if the
 dangerous combination is configured.

 Cheers,

 Simon.

>>>
>>> Thanks for the detailed explanation! It seems that for some of my
>>> servers I can resolve the issue by using --interface and
>>> --except-interface.
>>>
>>> I do however have some DNSMasq instances that are providing public,
>>> globally routable IP addresses via DHCP. In order to do this, DNSMasq
>>> must be listening on an interface with a public IP, so it ends up
>>> providing DNS on t

Re: [Dnsmasq-discuss] requested explanation of undocumented feature

2013-10-14 Thread richardvo...@gmail.com 
BTW this message was wrong.

Use tag:interfacenamehere to match against the name of a network interface.
 So tag:eth0 or tag:wlan0

I don't know where the "dhcp-range=interface:ethN,192.168.1.100,
192.168.1.200" came from.


On Mon, Oct 14, 2013 at 5:19 PM, richardvo...@gmail.com <
richardvo...@gmail.com> wrote:

> Do you know what a "network interface" is?
>
> set: and match: allow you to match tag names defined in your
> configuration, plus a small set predefined by dnsmasq
> interface: allows you to match against the name external software
> (typically udev) gave to the network interface
>
>
>
> On Mon, Oct 14, 2013 at 4:56 PM, Jim Alles  wrote:
>
>> Hello, I am a relatively new user of dnsmasq, on a debian system, part of
>> the Untangle UTM suite.
>>
>> I was wondering if I could have an explanation of the form:
>> dhcp-range=interface:ethN,192.168.1.100, 192.168.1.200
>>
>> Is 'interface' in this case a special form of tag:, and where is it set:?
>>
>> I have not been able to find a search result.
>>
>> Thanks in advance!
>>
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] requested explanation of undocumented feature

2013-10-14 Thread richardvo...@gmail.com 
Where is this interface: syntax you're mentioning, anyway.

The only thing I see is that you dnsmasq automatically creates a tag for
you using the name of the network interface (that name being controlled by
udev).  This is documented:

> The tag system works as follows: For each DHCP request, dnsmasq collects
a set of valid tags from active configuration lines which include
set:, including one from the *dhcp-range* used to allocate the
address, one from any matching *dhcp-host* (and "known" if a dhcp-host
matches) The tag "bootp" is set for BOOTP requests, and a tag whose name is
the name of the interface on which the request arrived is also set.


On Mon, Oct 14, 2013 at 5:41 PM, richardvo...@gmail.com <
richardvo...@gmail.com> wrote:

> You forgot to cc the list.
>
> Network interfaces are not tags that can be manipulated with tag:/set:/net:
>
> Network interface names are matched with interface:
>
> If you have ethernet and wireless network interface cards on your
> computer, they are probably named `eth0` and `wlan0` (although `ath0` is
> pretty common too).  In that case you could use interface:eth0 or
> interface:wlan0.  The available names depend on your udev configuration.
>
> Tags matched by tag:/net: are completely separate.  A few such as `known`
> are predefined, and these are documented in the man page.  And others you
> can create using set: inside your configuration file (dnsmasq.conf, usually)
>
>
> On Mon, Oct 14, 2013 at 5:26 PM, Jim Alles  wrote:
>
>> >Do you know what a "network interface" is?
>>  I do!
>>
>> >plus a small set predefined by dnsmasq
>> and where are they listed?, please.
>>
>> 'interface:eth ' - searched for it, no joy in man pages, no example, not
>> much by Google either.
>>
>> And so, this is a formal request to add to the documentation, please.
>>
>> Thanks,
>> Jim A.
>>
>>
>> On Mon, Oct 14, 2013 at 6:19 PM, richardvo...@gmail.com <
>> richardvo...@gmail.com> wrote:
>>
>>> Do you know what a "network interface" is?
>>>
>>> set: and match: allow you to match tag names defined in your
>>> configuration, plus a small set predefined by dnsmasq
>>> interface: allows you to match against the name external software
>>> (typically udev) gave to the network interface
>>>
>>>
>>>
>>> On Mon, Oct 14, 2013 at 4:56 PM, Jim Alles  wrote:
>>>
>>>> Hello, I am a relatively new user of dnsmasq, on a debian system, part
>>>> of the Untangle UTM suite.
>>>>
>>>> I was wondering if I could have an explanation of the form:
>>>> dhcp-range=interface:ethN,192.168.1.100, 192.168.1.200
>>>>
>>>> Is 'interface' in this case a special form of tag:, and where is it
>>>> set:?
>>>>
>>>> I have not been able to find a search result.
>>>>
>>>> Thanks in advance!
>>>>
>>>> ___
>>>> Dnsmasq-discuss mailing list
>>>> Dnsmasq-discuss@lists.thekelleys.org.uk
>>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>>
>>>>
>>>
>>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] requested explanation of undocumented feature

2013-10-14 Thread richardvo...@gmail.com 
You forgot to cc the list.

Network interfaces are not tags that can be manipulated with tag:/set:/net:

Network interface names are matched with interface:

If you have ethernet and wireless network interface cards on your computer,
they are probably named `eth0` and `wlan0` (although `ath0` is pretty
common too).  In that case you could use interface:eth0 or interface:wlan0.
 The available names depend on your udev configuration.

Tags matched by tag:/net: are completely separate.  A few such as `known`
are predefined, and these are documented in the man page.  And others you
can create using set: inside your configuration file (dnsmasq.conf, usually)


On Mon, Oct 14, 2013 at 5:26 PM, Jim Alles  wrote:

> >Do you know what a "network interface" is?
> I do!
>
> >plus a small set predefined by dnsmasq
> and where are they listed?, please.
>
> 'interface:eth ' - searched for it, no joy in man pages, no example, not
> much by Google either.
>
> And so, this is a formal request to add to the documentation, please.
>
> Thanks,
> Jim A.
>
>
> On Mon, Oct 14, 2013 at 6:19 PM, richardvo...@gmail.com <
> richardvo...@gmail.com> wrote:
>
>> Do you know what a "network interface" is?
>>
>> set: and match: allow you to match tag names defined in your
>> configuration, plus a small set predefined by dnsmasq
>> interface: allows you to match against the name external software
>> (typically udev) gave to the network interface
>>
>>
>>
>> On Mon, Oct 14, 2013 at 4:56 PM, Jim Alles  wrote:
>>
>>> Hello, I am a relatively new user of dnsmasq, on a debian system, part
>>> of the Untangle UTM suite.
>>>
>>> I was wondering if I could have an explanation of the form:
>>> dhcp-range=interface:ethN,192.168.1.100, 192.168.1.200
>>>
>>> Is 'interface' in this case a special form of tag:, and where is it set:?
>>>
>>> I have not been able to find a search result.
>>>
>>> Thanks in advance!
>>>
>>> ___
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss@lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>
>>>
>>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] requested explanation of undocumented feature

2013-10-14 Thread richardvo...@gmail.com 
Do you know what a "network interface" is?

set: and match: allow you to match tag names defined in your configuration,
plus a small set predefined by dnsmasq
interface: allows you to match against the name external software
(typically udev) gave to the network interface



On Mon, Oct 14, 2013 at 4:56 PM, Jim Alles  wrote:

> Hello, I am a relatively new user of dnsmasq, on a debian system, part of
> the Untangle UTM suite.
>
> I was wondering if I could have an explanation of the form:
> dhcp-range=interface:ethN,192.168.1.100, 192.168.1.200
>
> Is 'interface' in this case a special form of tag:, and where is it set:?
>
> I have not been able to find a search result.
>
> Thanks in advance!
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Enable HAVE_IPSET by default

2013-04-11 Thread richardvo...@gmail.com 
All of this suggests that to minimize the number of combinations but
not bloat the binary, there ought to be a `MINIMAL` or `TEENY_TINY`
macro that unsets HAVE_IPSET and a bunch of other similar non-critical
features.

On Thu, Mar 21, 2013 at 6:23 AM, Kevin Darbyshire-Bryant
 wrote:
> On 21/03/2013 10:08, Simon Kelley wrote:
>> 
>>
>> Finally, if it's going to be on by default, and given the limited size
>> delta/lack of library definitions, there's an argument for not making
>> it compile-time selectable at all. Every compile-time switch
>> contributes to the combinatorial explosion of possible binaries, and
>> lots of bugs come from unanticipated interactions in untested
>> compile-flag combinations.
>>
>>
>> Opinions, anyone?
>>
>>
>>
>> Simon.
>
> Hi Simon,
>
> I'll express an opinion, based purely on my *very* limited experience of
> integrating 2.66test16 into a recent version of Tomato to fix some IPv6
> problems.  I keen an eye on latest git pushes and integrate those into
> my own personal version for testing.  I'm very much waiting for 2.66
> release to come out so that I can push that to the proper Tomato
> maintainers.
>
> Size is a very important consideration for Tomato as some versions are
> expected to run on a 2.4 kernel and squeeze into 3.8MB of flash rom
> space - bytes matter.  Having said that, the Tomato developers don't
> have to upgrade to the latest dnsmasq (have been running 2.61 for some
> time) and the continuing support of what must be regarded as legacy
> hardware has to come to an end sometime.
>
> Based very much on your 'compile time switches lead to untested
> combinations of binaries' argument, I'd say remove it as an option and
> make it a standard feature.
>
> Well it's an opinion, but what do I know :-)
>
> Kevin
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] How to set only one subdomain pointed to one address.

2013-02-04 Thread richardvo...@gmail.com 
Have you tried making an entry in /etc/hosts (or whatever your dnsmasq
hostsfile setting is) ?


On Sun, Feb 3, 2013 at 5:22 PM, Jorge Sivil  wrote:

> Hi, I've used the 'address' configuration to resolve
> redmine.server.intranet but when I ping to *.redmine.server.intranet
> it resolves OK and I do not want that.
>
> I read the man but I saw no option to register that, and only that
> subdomain to one IP.
>
> Tried putting: 'host-record=redmine.server.local,192.168.1.2' but
> redmine won't restart, my CPU fan will go 100%. After commenting the
> line it restarts OK.
>
> Any help will be much appreciated.
>
> Thanks
>
> --
> Atte.: Jorge Sivil
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] (no subject)

2013-01-17 Thread richardvo...@gmail.com 
I strongly suggest you test it from your login shell first, to separate
problems in the approach from problems in the cron environment.

Run 'ps'  to see how many dnsmasq processes you have.  If there's more than
one, then 'pidof' won't be as useful.  Most startup scripts write the PID
of the master process into a pidfile which you can use later, to avoid the
"which of many dnsmasq processes do I signal?" problem.


On Thu, Jan 17, 2013 at 1:53 PM, Eric Vance  wrote:

> That is very possible.  Good suggestion.  Does anyone have any suggestion
> of how I should SIGHUP dnsmasq?
> I've tried these without much luck:
>
> kill -1 `pidof dnsmasq`;
>
> kill -9 `pidof dnsmasq`;
>
> kill -HUP `pidof dnsmasq`;
>
> kill -SIGHUP `pidof dnsmasq`;
>
> /etc/init.d/dnsmasq restart;
>
>
> I even put a 5 second sleep after the HUP to try to give it time to start
> back up.
>
> Ideas?
>
> Eric
>
>
> On Thu, Jan 17, 2013 at 11:19 AM, richardvo...@gmail.com <
> richardvo...@gmail.com> wrote:
>
>> From your symptoms, I believe you aren't sending SIGHUP correctly, and
>> dnsmasq picks up the change after a minute due to its /etc/hosts polling.
>>
>> dnsmasq uses multiple processes when seteuid behavior is enabled, so you
>> might be signalling the wrong one.
>>
>>
>> On Thu, Jan 17, 2013 at 11:51 AM, Eric Vance  wrote:
>>
>>> I'm using dnsmasq on an OpenWRT Router.
>>>
>>> I have the following set in /etc/dnsmasq.conf:
>>>
>>> local-ttl=0
>>> cache-size=0
>>>
>>> I believe that tells the client not to cache the dns (which I've
>>> confirmed) and it tells dnsmasq to not cache responses.
>>>
>>> Let's say I have this entry in my /etc/hosts file:
>>>
>>>  192.168.1.1mydomain.com
>>>
>>> I have a cron job that changes this entry to this:
>>>
>>>  192.168.1.44mydomain.com
>>>
>>> After the entry is changed in the hosts file I run this to hup:
>>>
>>>  kill -1 `pidof dnsmasq`;
>>>
>>> From my testing, after I change the ip and run the hup it takes about 30
>>> - 60 seconds until the domain resolves to 192.168.1.44.  So, even after I
>>> make the change the name still resolves to 192.168.1.1 for a minute.
>>>
>>> What am I doing wrong?  Is there a better way to do this?  Is there a
>>> better way to Hup?  Am I missing an important setting?  Any help or
>>> suggestions would be appreciated!
>>>
>>> Thanks!
>>>
>>> Eric
>>>
>>> ___
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss@lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>
>>>
>>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] (no subject)

2013-01-17 Thread richardvo...@gmail.com 
>From your symptoms, I believe you aren't sending SIGHUP correctly, and
dnsmasq picks up the change after a minute due to its /etc/hosts polling.

dnsmasq uses multiple processes when seteuid behavior is enabled, so you
might be signalling the wrong one.


On Thu, Jan 17, 2013 at 11:51 AM, Eric Vance  wrote:

> I'm using dnsmasq on an OpenWRT Router.
>
> I have the following set in /etc/dnsmasq.conf:
>
> local-ttl=0
> cache-size=0
>
> I believe that tells the client not to cache the dns (which I've
> confirmed) and it tells dnsmasq to not cache responses.
>
> Let's say I have this entry in my /etc/hosts file:
>
>  192.168.1.1mydomain.com
>
> I have a cron job that changes this entry to this:
>
>  192.168.1.44mydomain.com
>
> After the entry is changed in the hosts file I run this to hup:
>
>  kill -1 `pidof dnsmasq`;
>
> From my testing, after I change the ip and run the hup it takes about 30 -
> 60 seconds until the domain resolves to 192.168.1.44.  So, even after I
> make the change the name still resolves to 192.168.1.1 for a minute.
>
> What am I doing wrong?  Is there a better way to do this?  Is there a
> better way to Hup?  Am I missing an important setting?  Any help or
> suggestions would be appreciated!
>
> Thanks!
>
> Eric
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DMZ IP allocations

2012-12-20 Thread richardvo...@gmail.com 
Try removing the static dhcp-range entirely.

Reserved addresses don't have to be in a pool, just on a network where DHCP
is enabled.  Which the other line already does.

In cases where you do need the static dhcp-range (there is no pool on that
interface), it's customary to specify just a single address, not a range.


On Thu, Dec 20, 2012 at 12:13 PM,  wrote:

> All-
> A quick question to help clarify something that is probably so easy I've
> missed something obvious, but having missed it, I find myself rather lost.
>
> This pertains to dnsmasq 2.63 from Ubuntu 12.10.
>
> Not unlike others I suspect, I'd like to partition my home network to
> include a DMZ for guests and otherwise untrusted devices, and have these
> devices granted a dnsmasq-provided IP address. The devices that I know and
> "trust" are dynamically assigned static IPs, defined with dhcp-host lines.
>
> At the moment, DMZ and non-DMZ hosts are on the same subnet, but once DHCP
> is working, I plan to segment it off with the router and it's own subnet
> to prevent DMZ hosts from accessing non-DMZ resources, just the Internet.
>
> To test this, I connected my laptop, for which I've not yet entered a
> dhcp-host line and therefore don't trust, and asked for an IP. I
> consistently get an address from the trusted block, not the DMZ where I
> feel like I should get one.
>
> A relevant clip of my dnsmasq.conf file:
>
> domain=foo,192.168.10.50,192.168.10.100
> domain=dmz.foo,192.168.10.0,192.168.10.20
>
> dhcp-range=192.168.10.50,192.168.10.100,static,24h
> dhcp-range=192.168.10.0,192.168.10.20,6h
>
> Furthermore, having found [1], I've tried adjusting the config to:
>
> dhcp-range=tag:!known,192.168.10.0,192.168.10.20,6h
> dhcp-range=192.168.10.50,192.168.10.100,static,24h
>
> and restarting with no change in behavior.
>
> Am I approaching segmentation from the wrong angle, doing something wrong
> with dnsmasq, or did I just miss something along the way?
>
> Thanks so much!
>
> Carl
>
> [1] "[Dnsmasq-discuss] static dhcp range and lease times"
>
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNS server order is not being honored

2012-12-11 Thread richardvo...@gmail.com 
But note that a better solution is to set specific nameservers for the
local domain only.

Read the dnsmasq man page, you'll learn how to do this and lots more.


On Tue, Dec 11, 2012 at 1:17 PM, richardvo...@gmail.com <
richardvo...@gmail.com> wrote:

> Unless you're using the strict-order option and still seeing the order
> change, this is not a bug.
>
> *-o, --strict-order* By default, dnsmasq will send queries to any of the
> upstream servers it knows about and tries to favour servers that are known
> to be up. Setting this flag forces dnsmasq to try each query with each
> server strictly in the order they appear in /etc/resolv.conf
>
>
> On Tue, Dec 11, 2012 at 12:38 PM, Daniel Nicoletti wrote:
>
>> Hi,
>> a friend of mine using NetworkManger complained
>> that when he puts 3 DNS entries on NM he gets
>> NXDOMAIN, then he goes to /etc/resolv.conf
>> and manually adds them. Since NM uses dnsmasq
>> and the website says bugs should be discussed here
>> I'll explain why it is failing.
>> Also note that I'm not a DNS expert (he knows about
>> it better), anyway, we found out that different from
>> libresolver dnsmasq spawns a call for all DNS servers
>> and the fist to reply gets repassed to the caller.
>>
>> This is a big problem, since you put your internal
>> company DNS to resolv local names, then you
>> add some external DNS just in case the internal one fails.
>> It also means that the order that you put the DNS
>> doesn't matter since the reply speed is what is more
>> important...
>>
>> I think it would be sane to have the same behavior
>> as libresolv. How can this issue be addressed?
>> Is there another place to fill a bug report?
>> My friend told be also that he saw other people
>> complaining in forums about this but they
>> didn't know the cause.
>>
>> TCPDUMP (I changed the ips...)
>> 15:05:48.978824 IP 200-200-200-200.bbone.telesp.net.br.40510 >
>> 10.0.0.123.domain: 12632+ A? intranet.foo.bar. (40)
>> 15:05:48.978872 IP 200-200-200-200.bbone.telesp.net.br.40510 >
>> resolver1.telesp.net.br.domain: 12632+ A? intranet.foo.bar. (40)
>> 15:05:48.979517 IP 200-200-200-200.bbone.telesp.net.br.45180 >
>> resolver1.telesp.net.br.domain: 49029+ PTR? 123.0.0.10.in-addr.arpa. (41)
>> 15:05:48.982797 IP resolver1.telesp.net.br.domain
>> > 200-200-200-200.bbone.telesp.net.br.40510: 12632 NXDomain 0/1/0 (102)
>> 15:05:48.983391 IP resolver1.telesp.net.br.domain
>> > 200-200-200-200.bbone.telesp.net.br.45180: 49029 NXDomain 0/0/0 (41)
>> 15:05:48.984412 IP 200-200-200-200.bbone.telesp.net.br.26486 >
>> resolver1.telesp.net.br.domain: 2556+ A? intranet.foo.bar. (40)
>> 15:05:48.984622 IP 10.0.0.123.domain >
>> 200-204-2-133.bbone.telesp.net.br.40510: 12632* 1/0/0 A 10.20.96.43 (56)
>> 15:05:48.988846 IP resolver1.telesp.net.br.domain >
>> 200-200-200-200.bbone.telesp.net.br.26486: 2556 NXDomain 0/1/0 (102)
>>
>> As you can see 10.0.0.123 does knows about the domain, but
>> resolver1.telesp.net.br reply first.
>>
>> --
>> Daniel Nicoletti
>>
>> KDE Developer - http://dantti.wordpress.com
>>
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNS server order is not being honored

2012-12-11 Thread richardvo...@gmail.com 
Unless you're using the strict-order option and still seeing the order
change, this is not a bug.

*-o, --strict-order*By default, dnsmasq will send queries to any of the
upstream servers it knows about and tries to favour servers that are known
to be up. Setting this flag forces dnsmasq to try each query with each
server strictly in the order they appear in /etc/resolv.conf


On Tue, Dec 11, 2012 at 12:38 PM, Daniel Nicoletti wrote:

> Hi,
> a friend of mine using NetworkManger complained
> that when he puts 3 DNS entries on NM he gets
> NXDOMAIN, then he goes to /etc/resolv.conf
> and manually adds them. Since NM uses dnsmasq
> and the website says bugs should be discussed here
> I'll explain why it is failing.
> Also note that I'm not a DNS expert (he knows about
> it better), anyway, we found out that different from
> libresolver dnsmasq spawns a call for all DNS servers
> and the fist to reply gets repassed to the caller.
>
> This is a big problem, since you put your internal
> company DNS to resolv local names, then you
> add some external DNS just in case the internal one fails.
> It also means that the order that you put the DNS
> doesn't matter since the reply speed is what is more
> important...
>
> I think it would be sane to have the same behavior
> as libresolv. How can this issue be addressed?
> Is there another place to fill a bug report?
> My friend told be also that he saw other people
> complaining in forums about this but they
> didn't know the cause.
>
> TCPDUMP (I changed the ips...)
> 15:05:48.978824 IP 200-200-200-200.bbone.telesp.net.br.40510 >
> 10.0.0.123.domain: 12632+ A? intranet.foo.bar. (40)
> 15:05:48.978872 IP 200-200-200-200.bbone.telesp.net.br.40510 >
> resolver1.telesp.net.br.domain: 12632+ A? intranet.foo.bar. (40)
> 15:05:48.979517 IP 200-200-200-200.bbone.telesp.net.br.45180 >
> resolver1.telesp.net.br.domain: 49029+ PTR? 123.0.0.10.in-addr.arpa. (41)
> 15:05:48.982797 IP resolver1.telesp.net.br.domain
> > 200-200-200-200.bbone.telesp.net.br.40510: 12632 NXDomain 0/1/0 (102)
> 15:05:48.983391 IP resolver1.telesp.net.br.domain
> > 200-200-200-200.bbone.telesp.net.br.45180: 49029 NXDomain 0/0/0 (41)
> 15:05:48.984412 IP 200-200-200-200.bbone.telesp.net.br.26486 >
> resolver1.telesp.net.br.domain: 2556+ A? intranet.foo.bar. (40)
> 15:05:48.984622 IP 10.0.0.123.domain >
> 200-204-2-133.bbone.telesp.net.br.40510: 12632* 1/0/0 A 10.20.96.43 (56)
> 15:05:48.988846 IP resolver1.telesp.net.br.domain >
> 200-200-200-200.bbone.telesp.net.br.26486: 2556 NXDomain 0/1/0 (102)
>
> As you can see 10.0.0.123 does knows about the domain, but
> resolver1.telesp.net.br reply first.
>
> --
> Daniel Nicoletti
>
> KDE Developer - http://dantti.wordpress.com
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNS - preventing escalation to external

2012-12-05 Thread richardvo...@gmail.com 
It's the "search Z.com" entry getting involved.

I don't believe that dnsmasq ever rewrites /etc/resolv.conf  Other software
might, such as your DHCP client.

As far as *.Z.com resolving, there's nothing that requires DNS to be a
static table of pre-existing names.  It's a client-server lookup, and the
server can use any arbitrary algorithm for generating a response, not
limited to a table lookup. Zone transfers wouldn't match, but I guess
records could be hidden from zone transfer regardless, or zone transfer
could be entirely refused.


On Wed, Dec 5, 2012 at 7:32 AM, Lovelady, Dennis E. wrote:

>  Thank you, Richard:
>
>
> Yes, no doubt, /etc/resolv.conf on all these systems contains:
>
> ** **
>
> nameserver 192.168.158.2
>
> search Z.com
>
> domain Z.com
>
> ** **
>
> So are you suggesting that I remove one of these from those
> /etc/resolv.conf entries?  Interesting, I hadn’t thought to do that.  But
> even if I do that, won’t the domain-needed and domain= entries from
> dnsmasq.conf override that?  (In fact, won’t they cause overwrite of the
> /etc/resolv.conf file in most cases?)  Or what are you suggesting?
>
> ** **
>
> Is it my best bet to remove the domain= and domain-needed entries from
> dnsmasq.conf?  I hadn’t thought to do that either, but now it seems worth a
> try…   I’d still like to hear other suggestions, though.  Maybe something I
> can/should do in my hosted DNS entries?
>
> ** **
>
> I would like to understand how a specific name (like myhostess or
> myhostess.Z.com) can resolve to a generic name like Z.com.  I thought DNS
> strictly avoids that; not true?
>
> ** **
>
> Thanks,
>
> Dennis
>
> ** **
>
>  
>
> *From:* richardvo...@gmail.com [mailto:richardvo...@gmail.com]
> *Sent:* Tuesday, December 04, 2012 5:11 PM
> *To:* Lovelady, Dennis E.
> *Cc:* dnsmasq-discuss@lists.thekelleys.org.uk
> *Subject:* Re: [Dnsmasq-discuss] DNS - preventing escalation to external**
> **
>
> ** **
>
> Sounds like a search suffix is getting involved: After failing to find
> myhostess. your resolver looks for myhostess.X.com. which finds the
> alias.  /etc/resolv.conf should contain the directives which control search
> suffix.
>
> ** **
>
> On Tue, Dec 4, 2012 at 4:44 PM, Lovelady, Dennis E. 
> wrote:
>
> I run a domain, which I’ll call Z.com.  There are two offices (atl.Z.com,
> tam.Z.com).  There is also a www.Z.com hosted outside these networks, and
> the Hosting Provider provides an alias to that, known simply as “Z.com.”
> All pretty simple.
>
>  
>
> Since each office is independent, I have kept a simple DNSMASQ
> configuration, which you can see below.  (There were attempts to set up
> atl.Z.com and tam.Z.com in each office’s DNSMASQ configuration, but these
> were met with difficulties now forgotten.  I think the difficulty was an
> issue with web server not coming up.  If it’s important to resolution, I
> will pursue again and report the issues, but let’s get to the heart of the
> topic.)
>
>  
>
> Everything works OK until an incorrect hostname (or the name of a host
> that happens to be down) is referenced in either office.  For example, if I
> type “ssh myhostess” and there is no “myhostess” on the current network,
> then the name is magically resolved to the www.Z.com address, and I get
> the password prompt from there.  Not what I’d want; I’d prefer the lookup
> to fail - which would then fail the ssh command - but I don’t see a way to
> make that happen.
>
>  
>
> Is there something I can do in this configuration to cause, for example,
> lists.thekelleys.org.uk to be resolved externally, but to keep the Z.com
> stuff between the walls?  And would this in fact be squared away by
> pursuing the atl.Z.com (etc.) concept?  (I fear that would not resolve
> this.)  I could remove the alias to simply Z.com, and that might do it, but
> I’d prefer not to do that, and anyway I’m not sure why it would fix this.*
> ***
>
>  
>
> I have the following DNS configuration in each office.  The dhcp-boot is
> not used at present, so may not be quite up to snuff.
>
>  
>
> domain-needed
>
> bogus-priv
>
> expand-hosts
>
> domain=Z.com
>
> dhcp-range=192.168.158.10,192.168.158.109,7d
>
> dhcp-host=88:87:17:12:69:4d,canon-8120
>
> dhcp-host=00:23:8b:8a:ad:70,aspire
>
> dhcp-host=00:26:F2:DB:95:0C,stora-0
>
> dhcp-host=C0:3F:0E:BC:43:B9,stora-2
>
> dhcp-host=e0:91:f5:7c:7c:56,stora-3
>
> dhcp-option=option:router,192.168.158.1
>
> dhcp-boot=pxelinux.0
>
>

Re: [Dnsmasq-discuss] DNS - preventing escalation to external

2012-12-04 Thread richardvo...@gmail.com 
Sounds like a search suffix is getting involved: After failing to find
myhostess. your resolver looks for myhostess.X.com. which finds the alias.
 /etc/resolv.conf should contain the directives which control search suffix.


On Tue, Dec 4, 2012 at 4:44 PM, Lovelady, Dennis E. wrote:

>  I run a domain, which I’ll call Z.com.  There are two offices (atl.Z.com,
> tam.Z.com).  There is also a www.Z.com hosted outside these networks, and
> the Hosting Provider provides an alias to that, known simply as “Z.com.”
> All pretty simple.
>
> ** **
>
> Since each office is independent, I have kept a simple DNSMASQ
> configuration, which you can see below.  (There were attempts to set up
> atl.Z.com and tam.Z.com in each office’s DNSMASQ configuration, but these
> were met with difficulties now forgotten.  I think the difficulty was an
> issue with web server not coming up.  If it’s important to resolution, I
> will pursue again and report the issues, but let’s get to the heart of the
> topic.)
>
> ** **
>
> Everything works OK until an incorrect hostname (or the name of a host
> that happens to be down) is referenced in either office.  For example, if I
> type “ssh myhostess” and there is no “myhostess” on the current network,
> then the name is magically resolved to the www.Z.com address, and I get
> the password prompt from there.  Not what I’d want; I’d prefer the lookup
> to fail - which would then fail the ssh command - but I don’t see a way to
> make that happen.
>
> ** **
>
> Is there something I can do in this configuration to cause, for example,
> lists.thekelleys.org.uk to be resolved externally, but to keep the Z.com
> stuff between the walls?  And would this in fact be squared away by
> pursuing the atl.Z.com (etc.) concept?  (I fear that would not resolve
> this.)  I could remove the alias to simply Z.com, and that might do it, but
> I’d prefer not to do that, and anyway I’m not sure why it would fix this.*
> ***
>
> ** **
>
> I have the following DNS configuration in each office.  The dhcp-boot is
> not used at present, so may not be quite up to snuff.
>
> ** **
>
> domain-needed
>
> bogus-priv
>
> expand-hosts
>
> domain=Z.com
>
> dhcp-range=192.168.158.10,192.168.158.109,7d
>
> dhcp-host=88:87:17:12:69:4d,canon-8120
>
> dhcp-host=00:23:8b:8a:ad:70,aspire
>
> dhcp-host=00:26:F2:DB:95:0C,stora-0
>
> dhcp-host=C0:3F:0E:BC:43:B9,stora-2
>
> dhcp-host=e0:91:f5:7c:7c:56,stora-3
>
> dhcp-option=option:router,192.168.158.1
>
> dhcp-boot=pxelinux.0
>
> dhcp-boot=aspire-lucid/pxelinux.0
>
> dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
>
> enable-tftp
>
> tftp-root=/home/tftpd
>
>  
>
> _
> DTCC DISCLAIMER: This email and any files transmitted with it are
> confidential and intended solely for the use of the individual or entity to
> whom they are addressed. If you have received this email in error, please
> notify us immediately and delete the email and any attachments from your
> system. The recipient should check this email and any attachments for the
> presence of viruses. The company accepts no liability for any damage caused
> by any virus transmitted by this email.
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq configuration

2012-12-04 Thread richardvo...@gmail.com 
On Tue, Dec 4, 2012 at 3:24 PM, Lovelady, Dennis E. wrote:

>  Isn’t routing ignored when the destination is on the local net?  Would
> this really cause a loop?  If so, wouldn’t routing be impossible, since any
> attempt to route anything has to result in the same loop?  Or don’t I
> understand the problem?
>
> **
>

Normally there's a route automatically created for the local net, which may
have a special local flag or list the host's own local interface address as
the gateway, triggering the end of routing lookup.  But the OP mentioned a
setup that uses a different gateway for the same local net.

(You might even say that the presence of such a terminal routing rule is
what makes that net local, not the subnet mask.  Consider VPN connections,
where other hosts in the same subnet according to the mask test still are
not local.  A VPN implementation might add a rule making the VPN peer
local, and another rule making the subnet reachable using the VPN peer as
gateway.  Communications in the opposite direction generally works because
of proxy ARP.)

Have a look at your routing table.  I think you'll find an
automatically-generated route for the local subnet.



> **
>
>  
>
> *From:* dnsmasq-discuss-boun...@lists.thekelleys.org.uk [mailto:
> dnsmasq-discuss-boun...@lists.thekelleys.org.uk] *On Behalf Of *
> richardvo...@gmail.com
> *Sent:* Tuesday, December 04, 2012 3:20 PM
> *To:* Ritesh Nanda
> *Cc:* dnsmasq discussion list
> *Subject:* Re: [Dnsmasq-discuss] dnsmasq configuration
>
> ** **
>
> ** **
>
> ** **
>
> On Thu, Nov 29, 2012 at 8:31 AM, Ritesh Nanda 
> wrote:
>
> hello,
>
> I am working on openstack , which uses dnsmasq as a dhcp server.
> Here is a challenge what i am facing , using dnsmasq configuration file i
> am adding a default route to the vms that are created in this
> enviornment, now challenge i am facing is i want to add two routes using
> dnsmasq configuration file.
>
> one route for a particular subnet so that it request  get forwared to a
> gateway
> and one as a default route.
> eg.
>
> 192.168.10.0 network request gets forwarded to gateway 192.168.10.6
> and all other request gets forwarded to 192.168.10.1
>
> ** **
>
> You may have some trouble implementing this particular routing table,
> because requests to 192.168.10.* are routed to 192.168.10.6, which is in
> 192.168.10.*, so it's reached via 192.168.10.6, which is in 192.168.10.*,
> and ad infinitum.
>
> ** **
>
> The gateway address specified in the routing table should be on the local
> network, not the network the gateway is used to reach (this implies that
> every gateway should be multi-homed).
>
> ** **
>
>  
>
> _
> DTCC DISCLAIMER: This email and any files transmitted with it are
> confidential and intended solely for the use of the individual or entity to
> whom they are addressed. If you have received this email in error, please
> notify us immediately and delete the email and any attachments from your
> system. The recipient should check this email and any attachments for the
> presence of viruses. The company accepts no liability for any damage caused
> by any virus transmitted by this email.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq configuration

2012-12-04 Thread richardvo...@gmail.com 
On Thu, Nov 29, 2012 at 8:31 AM, Ritesh Nanda wrote:

> hello,
>
> I am working on openstack , which uses dnsmasq as a dhcp server.
> Here is a challenge what i am facing , using dnsmasq configuration file i
> am adding a default route to the vms that are created in this
> enviornment, now challenge i am facing is i want to add two routes using
> dnsmasq configuration file.
>
> one route for a particular subnet so that it request  get forwared to a
> gateway
> and one as a default route.
> eg.
>
> 192.168.10.0 network request gets forwarded to gateway 192.168.10.6
> and all other request gets forwarded to 192.168.10.1
>
>
You may have some trouble implementing this particular routing table,
because requests to 192.168.10.* are routed to 192.168.10.6, which is in
192.168.10.*, so it's reached via 192.168.10.6, which is in 192.168.10.*,
and ad infinitum.

The gateway address specified in the routing table should be on the local
network, not the network the gateway is used to reach (this implies that
every gateway should be multi-homed).
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] adding interface to leases file

2012-11-13 Thread richardvo...@gmail.com 
I was under the impression that:

(1) This information is already available to the lease script
(2) The leasefile database format is locked down for backwards
compatibility.

But maybe Simon can find a way to make it work.


On Tue, Nov 13, 2012 at 4:17 PM, David Bird  wrote:

> Greetings,
>
> First of all, thanks for the great project! It's is incredibly versatile
> and flexible. Please find the attached patch for your consideration. In
> our use of dnsmasq, it is important to know on which interface of
> several a lease was issued. The patch adds the interface name to the
> leases file.
>
> Signed off by: db...@powercloudsystems.com
>
> Cheers,
> David
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq for road warriors

2012-11-12 Thread richardvo...@gmail.com 
On Sun, Nov 11, 2012 at 5:05 PM, /dev/rob0  wrote:

> > On 10/11/2012 15:54, /dev/rob0 wrote:
> > >Seems to me that dnsmasq is a better nscd replacement, and
> > >it has a place in mobile computing.
> > >
> > ># we use this dnsmasq as this system's own resolver
> > >no-resolv
>
> On Sat, Nov 10, 2012 at 05:46:10PM -0600,
>richardvo...@gmail.com wrote:
> > no-resolv is doing more harm than good.
> >
> > dnsmasq is smart enough to ignore 127.0.0.1 in /etc/resolv.conf
> > And it will automatically pick up DHCP-assigned DNS servers which
> > written there.
>
> But you don't understand. The point of dnsmasq on a laptop is to
> serve ONLY that machine and its local processes. /etc/resolv.conf
> must contain ONLY "nameserver 127.0.0.1". If there are other
> nameservers listed, the system resolver will be contacting them;
> possibly getting different results, and ... well, this discussion
> would not be relevant to the dnsmasq list.
>
>
I don't know where you got this piece of misinformation.  Multiple
nameserver entries in /etc/resolv.conf work fine, as long as the localhost
entry (pointing to dnsmasq) comes first.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNS mapping for a specific IP

2012-11-10 Thread richardvo...@gmail.com 
You could use iptables to redirect DNS queries from that photo frame to an
alternate dnsmasq instance, via port masquerade.


On Sat, Nov 10, 2012 at 9:58 AM, Karina Goyal  wrote:

>
> I need to do following DNS mapping in my router for all requests coming
> from a specific computer/IP-
>
> 192.168.2.2amazonaws.com
>
> This mapping should not be done for requests coming from other computers
> in my network.
>
> Currently I have defined it in my router (DDWRT) using dnsmasq but it is
> applicable for all computers in my network.
>
> The computer that I want to restrict this mapping for is a wireless photo
> frame. I don't have access to its /etc/hosts file. That's why I need to do
> it at the router level.
>
> Is this possible in standard dnsmasq? If not, is it possible to do it with
> some small code change in dnsmasq?
>
> Thanks,
> Karina.
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] SUCCESS

2012-10-17 Thread richardvo...@gmail.com 
> Now, I assume that all dhcmasq instantiations will each get copies of all
> dhcp6 packets.
>

Unicast UDP doesn't guarantee that, usually a unicast packet is only
delivered to one socket.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Windows Server 2008 R2 issue

2012-10-15 Thread richardvo...@gmail.com 
> The problem isn't the destination address, but the source, since we're
>> trying to catch anyone spoofing the DHCP server, but I may be able to
>> write an iptables rule to catch this case and change the source IP to be
>> correct.
>>
>
> Understood, in my experience firewalls which don't unconditionally accept
> packets with destination 255.255.255.255 can often cause DHCP problems. The
> same is true for packets with source address 0.0.0.0
>

Filtering DHCPOFFER packets based on source address is a very good thing if
you don't have total control over every connected device (users are prone
to plug "residential broadband gateway" devices in backwards, with your
network hooked to a LAN port instead of WAN, and start serving up
addresses).  But you do need rules for all addresses of the authorized DHCP
server, just in case.  Filtering based on the source interface is another
viable option.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq caching lease file?

2012-10-15 Thread richardvo...@gmail.com 
>
> You're confusing configuration with DHCP leases. If you map an IP address
> to MAC address in the nova-br100.conf file, then the VM will take out a
> DHCP for a fixed time. Until that lease expires, the IP address will not be
> given to another VM, even if you change the nova-br100.conf file. Look at
> the logs: dnsmasq will log that it's not using the configured address,
> because it's in use elsewhere.


Might be worth mentioning the one feature that avoids this behavior -- if
both mac addresses are listed in a single dhcp-host directive, then dnsmasq
will transfer the IP address.  Originally designed for use with laptops
that move between wired and wireless interface on the same subnet, IIRC.

>From the man page:

"As a special case, in DHCPv4, it is possible to include more than one
hardware address. eg: *
--dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2* This allows an
IP address to be associated with multiple hardware addresses, and gives
dnsmasq permission to abandon a DHCP lease to one of the hardware addresses
when another one asks for a lease. Beware that this is a dangerous thing to
do, it will only work reliably if only one of the hardware addresses is
active at any time and there is no way for dnsmasq to enforce this. It is,
for instance, useful to allocate a stable IP address to a laptop which has
both wired and wireless interfaces."
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Repeated assignment, ignored dhcp-host, and failed DNS lookup

2012-10-08 Thread richardvo...@gmail.com 
> How would I know if a rogue DHCP server has appeared on the net?  I'm
> assuming you're on the right track since the answer to the remaining
> question is:
>

You can do a packet capture on the computer getting the wrong addresses
(use wireshark for example) while running

ipconfig /renew

Look at the source MAC address of the DHCPOFFER packets and compare to the
MAC address of your dnsmasq computer's NIC.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Pulling DHCP leases from an external script?

2012-10-05 Thread richardvo...@gmail.com 
Non-authoritative summary:

Data goes from the dnsmasq server, to an dnsmasq helper process with
limited privileges, to the script.

No data comes back from the script, except during the startup phase.  This
is a security feature.

On Wed, Oct 3, 2012 at 2:14 PM, Brian Rak  wrote:

> I'm trying to set up a DHCP server so that on any request for a new lease
> I can execute a script and have the script return an IP address (and other
> information).
>
> Is this something that is currently possible with dnsmasq?  From reading
> the man page, I can't tell if I will get this behaviour with --dhcp-script
> --leasefile-ro.
>
> Basically, it would be impossible for me to specify all the possible DHCP
> leases at startup, but when a lease request is received I would be able to
> determine what IP to assign.
>
> __**_
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.**thekelleys.org.uk
> http://lists.thekelleys.org.**uk/mailman/listinfo/dnsmasq-**discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Mitel specific dhcp-options

2012-10-01 Thread richardvo...@gmail.com 
On Mon, Oct 1, 2012 at 10:39 AM, Chris MacLean  wrote:

> Hi,
>
> Having some big problems with this and can't seem to make any headway.
>
> I'm specifying:
>
> dhcp-option=132,40
>
> which I 'converted' from my old dhcpd configuration:
>
> option mitel-vlan-id code 132 = unsigned integer 32;
> option mitel-vlan-id 0x64;
>
>
> Can anyone steer me on specifying those options correctly?
>
>
0x40 == 64 (decimal), but 0x64 != 40 (decimal)
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Problem with OpenWRT + dnsmasq

2012-09-20 Thread richardvo...@gmail.com 
On Wed, Sep 19, 2012 at 3:38 PM, Juhani Talvela  wrote:
> Hi,
>
> Sorry, but there is just this one PC connected to the router LAN port.
>
> When dnsmasq is running, there is a huge number of connections all aimed at 
> the ISP nameservers with port 53. If the mailing list allows images, you can 
> see the connection and traffic loads attached, here.
>
> When I stop dnsmasq, all connections are dropped and no excess traffic is 
> visible.

It could be a program running on the router itself, if the router is
configured (think /etc/resolv.conf) to use dnsmasq for name lookup.


>
> Wonder if I should stop using dnsmasq and go for dhcpcd, instead?
>
> Cheers
> Juhani
>
>
> --
> Juhani Talvela
> Research Director, Faculty of Technology and Transport
> Kymenlaakso University of Applied Sciences www.kyamk.fi
> Tel: +358-447-028-227, Fax: +358-523-024-30
>
>
>>>> "richardvo...@gmail.com"  17.9.2012 3:55 >>>
> On Sun, Sep 16, 2012 at 1:01 PM, Juhani Talvela  
> wrote:
>> I have a Netgear 3800 router running OpenWRT (earlier 10.03.1 and now 
>> 12.09-beta version). I upgraded because there was and is a seriour problem. 
>> When dnsmasq is running I have a constant load on my router processor of 
>> about 20-50%. Additionally, there is a constant download load on my WAN of 
>> about 8-12 Mbps ( I have a 20 Mbps Internet connection).
>>
>> This phenomenon results to halting of all other internet traffic. No web 
>> pages are loaded, no mail is retreived or sent...
>>
>> The problem stops at once, when I kill the dnsmasq process. Of course, I 
>> then need to have a fixed IP, netmask, router and DNS on the PC. But then I 
>> can access the internet, at least.
> -
> It sounds as if there is another computer (possibly unauthorized) on
> your network which is generating the traffic.  Since you aren't
> putting a static IP or DNS configuration on that other computer,
> wherever it may be, it doesn't work when dnsmasq isn't running.  But
> the problem is not dnsmasq itself.
>
>
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Problem with OpenWRT + dnsmasq

2012-09-16 Thread richardvo...@gmail.com 
On Sun, Sep 16, 2012 at 1:01 PM, Juhani Talvela  wrote:
> Hi,
>
> I have a Netgear 3800 router running OpenWRT (earlier 10.03.1 and now 
> 12.09-beta version). I upgraded because there was and is a seriour problem. 
> When dnsmasq is running I have a constant load on my router processor of 
> about 20-50%. Additionally, there is a constant download load on my WAN of 
> about 8-12 Mbps ( I have a 20 Mbps Internet connection).
>
> This phenomenon results to halting of all other internet traffic. No web 
> pages are loaded, no mail is retreived or sent...
>
> The problem stops at once, when I kill the dnsmasq process. Of course, I then 
> need to have a fixed IP, netmask, router and DNS on the PC. But then I can 
> access the internet, at least.

It sounds as if there is another computer (possibly unauthorized) on
your network which is generating the traffic.  Since you aren't
putting a static IP or DNS configuration on that other computer,
wherever it may be, it doesn't work when dnsmasq isn't running.  But
the problem is not dnsmasq itself.


>
> I would very much need a DNS broker & DHCP server to serve the four different 
> subnetworks on my router. So, dnsmasq is very nice idea... if I just got it 
> to function properly.
>
> Anyone there that has experienced same kind of problems? I would really 
> appreciate any ideas that you might want to share with me. Please, ask if you 
> need more info on my setting.
>
> Cheers
> Juhani
>
>
> --
> Juhani Talvela
> Research Director, Faculty of Technology and Transport
> Kymenlaakso University of Applied Sciences www.kyamk.fi
> Tel: +358-447-028-227, Fax: +358-523-024-30
>
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Add support for autotools

2012-09-12 Thread richardvo...@gmail.com 
> Autotools question: is it possible to provide the equivalent of the
> BUILDDIR variable which provides an alternative location for .o files
> and binaries, so they're not mixed with the source files. that makes
> building different architectures in the same NFS-mounted source tree
> easy, and is something I use quite a lot.
>

I believe BUILDDIR is always '.', but you can run configure from
outside the tree.  e.g.

mkdir build
cd build
../src/configure

Will cause all output files to be placed in build, while compiling
sources found in src.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Add support for autotools

2012-09-09 Thread richardvo...@gmail.com 
Completely aside from arguments over the merits of autotools, this
patch is not production-ready.

It makes unrelated changes.  Removal of the copyright notice is
certainly not necessary for use of autotools.

It breaks the documentation, which will no longer accurately describe
the steps needed for build and installation.

And dumping a patch out on a mailing list without introduction or
explanation is inadvisable if you want it to be favorably received.
Especially when it's the first message ever sent by that user to the
list.  You've not participated in any discussion.  You've done nothing
to show that you actually understand the "typical" deployment of
dnsmasq.  OpenSuSE is quite atypical of dnsmasq installations.  Have
you tested the patch on any other platforms?

Simon will decide what to do with your patch, but I suggest that if
you address some of these concerns he's more likely to be positive
toward it.

On Sun, Sep 9, 2012 at 12:57 AM, Cristian Rodríguez
 wrote:
> El dom 09 sep 2012 02:03:11 CLST, Shantanu Gadgil escribió:
>
>> If this is done, won't the autotools chain will be a prerequisite for
>> dnsmasq to be built.
>>
>> Maybe OK for Linux OSes ... not necessary for other platforms/OSes (think
>> Solaris, AIX, and even more obscure, etc).
>> Why the overhead?!?
>>
>> I really like the *really really simple* Makefile based build and not at
>> all in favour of this!
>
>
>
> This **really really simple** makefiles requires constant patching and
> maintenance for distributions, in short they are a pain in the ass.
>
> Linux, BSDs, Solaris have automake/autoconf..etc and I could not care less
> about obscure systems. what matters is  what most people use.
>
>
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dhcp logging and dhcp-range static configuration

2012-09-04 Thread richardvo...@gmail.com 
On Tue, Sep 4, 2012 at 4:45 AM, Helmut Hullen  wrote:
> Hallo, Simon,
>
> Du meintest am 03.09.12:
>
>>> Is there a way to prevent logging the DHCPDISCOVER request for
>>> unconfigured hardware address in dhcp-range static mode ?
>
>> Try
>
>> dhcp-ignore=!known
>
>> or possibly the old syntax
>
>> dhcp-ignore=#known
>
>
> Additional question:
> When I have 2 NICs, and one of them uses "dhcp-host=...", how can I tell
> "dnsmasq" that all unlisted clients (which have no "dhcp-host"-line)
> must use the other NIC?

You'll have two dhcp-range lines, one for the addresses in each
subnet.  Have one dhcp-range match the "known" tag, and one match the
"!known" tag.


>
> Viele Gruesse!
> Helmut
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] server-side dynamic resolving

2012-08-14 Thread richardvo...@gmail.com 
> standpoint.  Anyway, this is particularly where I hit the issue and
> realized that dnsmasq is *just* attempting lookups via hosts files and
> dhpc leases and not additionally (or only) attempting nsswitch which
> would obviously generally include the system's dns servers among other
> things.  If there were some way to achieve that I'd be set :)

Contacting nsswitch would cause infinite recursion in the (common)
case where the default dns server is localhost (necessary to allow
other programs on the same computer to see dynamic DNS entries which
dnsmasq contains by virtue of DHCP registrations).

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] increasing boot timeout

2012-08-07 Thread richardvo...@gmail.com 
And how exactly do you expect any configuration from the dnsmasq.conf
file to change behavior on the clients when the dnsmasq server is in
fsck and dnsmasq is not even running yet?

On Mon, Aug 6, 2012 at 11:24 AM, Mahmood Naderan  wrote:
> Indeed, if a client get a reply from the server, it will boot. There is no 
> problem with that. The problem is sometimes (in case of power on/off), the 
> clients pass the POST and want to get an IP from server, but the server is 
> doing fsck and has not started the network yet. As a result, the client will 
> give up.
>
>
>
> // Naderan *Mahmood;
>
>
> ____
> From: "richardvo...@gmail.com" 
> To: Mahmood Naderan 
> Cc: ""dnsmasq-discuss@lists.thekelleys.org.uk"" 
> 
> Sent: Monday, August 6, 2012 6:58 AM
> Subject: Re: [Dnsmasq-discuss] increasing boot timeout
>
> At the time you want to change the behavior of the client, has it
> received any message from dnsmasq yet?
>
> On Sun, Aug 5, 2012 at 6:19 PM, Mahmood Naderan  wrote:
>> Sorry didn't got that!
>> Clients read /var/lib/tftpboot/pxelinux.cfg/default. Am I right? Currently I 
>> have wrote:
>>
>> DEFAULT linux
>> LABEL linux
>> KERNEL vmlinuz-3.2.0-25-generic
>> APPEND root=/dev/nfs initrd=initrd.img-3.2.0-25-generic 
>> nfsroot=192.168.1.100:/nfsroot ip=dhcp rw
>>
>>
>> Also dnsmasq.conf contains:
>>
>>  interface=eth2
>> domain=hpclab
>> expand-hosts
>> dhcp-range=192.168.1.1,192.168.1.5,static
>> dhcp-option=42,0.0.0.0
>> dhcp-boot=pxelinux.0
>> enable-tftp
>> tftp-root=/var/lib/tftpboot
>> dhcp-host=00:e0:81:g5:39:64,ws01,192.168.1.1
>> dhcp-host=00:e0:81:g6:42:49,ws02,192.168.1.2
>> dhcp-host=00:e0:81:g6:41:34,ws03,192.168.1.3
>> dhcp-host=00:e0:81:g6:42:4c,ws04,192.168.1.4
>> dhcp-host=00:e0:81:g6:24:77,ws05,192.168.1.5
>>
>>
>> So what is next?
>>
>> // Naderan *Mahmood;
>>
>>
>> - Original Message -
>> From: "richardvo...@gmail.com" 
>> To: Mahmood Naderan 
>> Cc: "dnsmasq-discuss@lists.thekelleys.org.uk" 
>> 
>> Sent: Sunday, August 5, 2012 10:07 PM
>> Subject: Re: [Dnsmasq-discuss] increasing boot timeout
>>
>> Both (1) and (2) are client configuration... if the client had gotten
>> any configuration options from dnsmasq at that point, there'd be no
>> need to retry.
>>
>> On Sun, Aug 5, 2012 at 1:24 PM, Mahmood Naderan  wrote:
>>> Dear all,
>>> We have setup a diskless cluster in which there is a server running dnsmaq 
>>> and some clients which try to boot from the server. When clients try to 
>>> boot, after some seconds upon no response of the server (I mean the | / - \ 
>>> | progress), the clients give up. Is there anyway to
>>> 1) increase the timeout period?
>>> 2) retrying multiple times instead of only one time?
>>>
>>> Thanks
>>>
>>> // Naderan *Mahmood;
>>>
>>>
>>> ___
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss@lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] increasing boot timeout

2012-08-07 Thread richardvo...@gmail.com 
Why are you asking on the dnsmasq list for help with this problem?

You've said the client gets no response, because the dnsmasq server is
running fsck during boot.  dnsmasq is not even running yet!  This is
the wrong place to ask for help with problems unrelated to dnsmasq.

On Mon, Aug 6, 2012 at 2:44 PM, Mahmood Naderan  wrote:
> I think we are in opposite direction!
> Please see this 
> http://www.bootix.com/support/problems_solutions/pxe_e32_tftp_open_timeout.html
> Note that my problem is similar to the second item in "CAUSE" section. In 
> another I would say:
>
> 1. 
>
> 2. The TFTP server has not started yet, so client should retry
> 3. 
>
> // Naderan *Mahmood;
>
>
> - Original Message -
> From: "richardvo...@gmail.com" 
> To: Mahmood Naderan 
> Cc: ""dnsmasq-discuss@lists.thekelleys.org.uk"" 
> 
> Sent: Monday, August 6, 2012 8:57 PM
> Subject: Re: [Dnsmasq-discuss] increasing boot timeout
>
> And how exactly do you expect any configuration from the dnsmasq.conf
> file to change behavior on the clients when the dnsmasq server is in
> fsck and dnsmasq is not even running yet?
>
> On Mon, Aug 6, 2012 at 11:24 AM, Mahmood Naderan  wrote:
>> Indeed, if a client get a reply from the server, it will boot. There is no 
>> problem with that. The problem is sometimes (in case of power on/off), the 
>> clients pass the POST and want to get an IP from server, but the server is 
>> doing fsck and has not started the network yet. As a result, the client will 
>> give up.
>>
>>
>>
>> // Naderan *Mahmood;
>>
>>
>> 
>> From: "richardvo...@gmail.com" 
>> To: Mahmood Naderan 
>> Cc: ""dnsmasq-discuss@lists.thekelleys.org.uk"" 
>> 
>> Sent: Monday, August 6, 2012 6:58 AM
>> Subject: Re: [Dnsmasq-discuss] increasing boot timeout
>>
>> At the time you want to change the behavior of the client, has it
>> received any message from dnsmasq yet?
>>
>> On Sun, Aug 5, 2012 at 6:19 PM, Mahmood Naderan  wrote:
>>> Sorry didn't got that!
>>> Clients read /var/lib/tftpboot/pxelinux.cfg/default. Am I right? Currently 
>>> I have wrote:
>>>
>>> DEFAULT linux
>>> LABEL linux
>>> KERNEL vmlinuz-3.2.0-25-generic
>>> APPEND root=/dev/nfs initrd=initrd.img-3.2.0-25-generic 
>>> nfsroot=192.168.1.100:/nfsroot ip=dhcp rw
>>>
>>>
>>> Also dnsmasq.conf contains:
>>>
>>>  interface=eth2
>>> domain=hpclab
>>> expand-hosts
>>> dhcp-range=192.168.1.1,192.168.1.5,static
>>> dhcp-option=42,0.0.0.0
>>> dhcp-boot=pxelinux.0
>>> enable-tftp
>>> tftp-root=/var/lib/tftpboot
>>> dhcp-host=00:e0:81:g5:39:64,ws01,192.168.1.1
>>> dhcp-host=00:e0:81:g6:42:49,ws02,192.168.1.2
>>> dhcp-host=00:e0:81:g6:41:34,ws03,192.168.1.3
>>> dhcp-host=00:e0:81:g6:42:4c,ws04,192.168.1.4
>>> dhcp-host=00:e0:81:g6:24:77,ws05,192.168.1.5
>>>
>>>
>>> So what is next?
>>>
>>> // Naderan *Mahmood;
>>>
>>>
>>> - Original Message -
>>> From: "richardvo...@gmail.com" 
>>> To: Mahmood Naderan 
>>> Cc: "dnsmasq-discuss@lists.thekelleys.org.uk" 
>>> 
>>> Sent: Sunday, August 5, 2012 10:07 PM
>>> Subject: Re: [Dnsmasq-discuss] increasing boot timeout
>>>
>>> Both (1) and (2) are client configuration... if the client had gotten
>>> any configuration options from dnsmasq at that point, there'd be no
>>> need to retry.
>>>
>>> On Sun, Aug 5, 2012 at 1:24 PM, Mahmood Naderan  
>>> wrote:
>>>> Dear all,
>>>> We have setup a diskless cluster in which there is a server running dnsmaq 
>>>> and some clients which try to boot from the server. When clients try to 
>>>> boot, after some seconds upon no response of the server (I mean the | / - 
>>>> \ | progress), the clients give up. Is there anyway to
>>>> 1) increase the timeout period?
>>>> 2) retrying multiple times instead of only one time?
>>>>
>>>> Thanks
>>>>
>>>> // Naderan *Mahmood;
>>>>
>>>>
>>>> ___
>>>> Dnsmasq-discuss mailing list
>>>> Dnsmasq-discuss@lists.thekelleys.org.uk
>>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] increasing boot timeout

2012-08-06 Thread richardvo...@gmail.com 
Both (1) and (2) are client configuration... if the client had gotten
any configuration options from dnsmasq at that point, there'd be no
need to retry.

On Sun, Aug 5, 2012 at 1:24 PM, Mahmood Naderan  wrote:
> Dear all,
> We have setup a diskless cluster in which there is a server running dnsmaq 
> and some clients which try to boot from the server. When clients try to boot, 
> after some seconds upon no response of the server (I mean the | / - \ | 
> progress), the clients give up. Is there anyway to
> 1) increase the timeout period?
> 2) retrying multiple times instead of only one time?
>
> Thanks
>
> // Naderan *Mahmood;
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] increasing boot timeout

2012-08-06 Thread richardvo...@gmail.com 
At the time you want to change the behavior of the client, has it
received any message from dnsmasq yet?

On Sun, Aug 5, 2012 at 6:19 PM, Mahmood Naderan  wrote:
> Sorry didn't got that!
> Clients read /var/lib/tftpboot/pxelinux.cfg/default. Am I right? Currently I 
> have wrote:
>
> DEFAULT linux
> LABEL linux
> KERNEL vmlinuz-3.2.0-25-generic
> APPEND root=/dev/nfs initrd=initrd.img-3.2.0-25-generic 
> nfsroot=192.168.1.100:/nfsroot ip=dhcp rw
>
>
> Also dnsmasq.conf contains:
>
>  interface=eth2
> domain=hpclab
> expand-hosts
> dhcp-range=192.168.1.1,192.168.1.5,static
> dhcp-option=42,0.0.0.0
> dhcp-boot=pxelinux.0
> enable-tftp
> tftp-root=/var/lib/tftpboot
> dhcp-host=00:e0:81:g5:39:64,ws01,192.168.1.1
> dhcp-host=00:e0:81:g6:42:49,ws02,192.168.1.2
> dhcp-host=00:e0:81:g6:41:34,ws03,192.168.1.3
> dhcp-host=00:e0:81:g6:42:4c,ws04,192.168.1.4
> dhcp-host=00:e0:81:g6:24:77,ws05,192.168.1.5
>
>
> So what is next?
>
> // Naderan *Mahmood;
>
>
> - Original Message -
> From: "richardvo...@gmail.com" 
> To: Mahmood Naderan 
> Cc: "dnsmasq-discuss@lists.thekelleys.org.uk" 
> 
> Sent: Sunday, August 5, 2012 10:07 PM
> Subject: Re: [Dnsmasq-discuss] increasing boot timeout
>
> Both (1) and (2) are client configuration... if the client had gotten
> any configuration options from dnsmasq at that point, there'd be no
> need to retry.
>
> On Sun, Aug 5, 2012 at 1:24 PM, Mahmood Naderan  wrote:
>> Dear all,
>> We have setup a diskless cluster in which there is a server running dnsmaq 
>> and some clients which try to boot from the server. When clients try to 
>> boot, after some seconds upon no response of the server (I mean the | / - \ 
>> | progress), the clients give up. Is there anyway to
>> 1) increase the timeout period?
>> 2) retrying multiple times instead of only one time?
>>
>> Thanks
>>
>> // Naderan *Mahmood;
>>
>>
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Round Robin ping

2012-07-26 Thread richardvo...@gmail.com 
Need more information about the `ping` implementation you are using.
Does it re-lookup the name for each echo request?  Usually it will
look up the name once and use that single address for all outgoing
ICMP packets.

On Wed, Jul 25, 2012 at 3:21 PM, James Brown  wrote:
> Hello,
>
>
>
> I’ve had a hard time finding any info about this on the internet.
>
>
>
> I have a round robin hostname set up in my hosts file, and my resolv.conf is
> set to dnsmasq. Nslookup queries come back correctly (it shows all four ips)
> but when I ping the name it only pings the first one listed. Is this the
> expected behavior? Or am I missing something here. It works differently in
> BIND, where ping will cycle through all the listed ips.
>
>
>
> --
>
> James Brown
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] is there anybody who can tell me how to read the source code?

2012-07-21 Thread richardvo...@gmail.com 
Of course, tools like doxygen can help by automatically graphing the
function call tree.

On Fri, Jul 20, 2012 at 7:20 AM, SamLT  wrote:
> On Fri, Jul 20, 2012 at 09:26:03AM +0800, don wrote:
>> i need to implement the dhcp function in one platform, but it's hard to read 
>> the source code of dnsmasq, is there any tutorial ,or anybody who can give 
>> some suggestions? thanks a lot.
>
> Somebody already ask something like that a few weeks (months?) ago. The
> best suggestion one can made is probably to start reading and trying to
> understand it on your own and then ask specific questions when something
> is not clear to you.
>
>
>
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] static ip configuration

2012-07-18 Thread richardvo...@gmail.com 
hostname -> IP mapping is DNS, not related to DHCP.  dnsmasq adds DHCP
information into the DNS zone.

DHCP has to map the information provided by the client (that is a MAC
address, quite reliable, and a client ID, quite unreliable) to an IP
address to be offered.  I guess you're wanting the client ID to be
matched to a hostname in /etc/hosts?

Basically, this would allow any client to claim a name of its choice,
which requires trusting clients, and dnsmasq is used in many locations
where the clients aren't that trustworthy.  So you have to enable it
in the configuration file (with dhcp-host lines).

On Tue, Jul 17, 2012 at 4:50 PM, Craig Yoshioka  wrote:
> Are the only two ways of configuring static IPs to edit /etc/ethers, or add 
> dhcp-host lines?  Initially I thought dnsmasq would just use the 
> hostname-->ip mappings in my /etc/hosts, but that doesn't seem to be 
> working...
>
> Is there any good reason for not having an option to use /etc/hosts for dhcp 
> hostname to ip mapping?  I like not having redundant information.
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Removing a feature does anyone rely on this?

2012-07-09 Thread richardvo...@gmail.com 
On Mon, Jul 9, 2012 at 10:18 AM, Helmut Hullen  wrote:
> Hallo, richardvo...@gmail.com,
>
> Du meintest am 09.07.12:
>
>>> We wanted
>>>
>>> dhcp-range=192.168.0.10,static,infinite
>>> #   (192.168.0.0/24) for the school computers
>>> dhcp-range=192.168.18.10,192.168.31.250,30d
>>> #   (192.168.16.0/20) for the private machines
>>>
>>> and defined all school computers via "dhcp-host=...".
>>>
>>> Sometimes/often they got IP adresses from the "private" net.
>
>> Assign the #known (or newer, !known) tag to the private dhcp-range,
>> this way it won't ever be used for hosts which have static addresses.
>
> Just for clarity: you mean something like
>
>   dhcp-host=11:22:33:44:55:66,192.168.0.41,pc41
>
> with "static address"? And not "user defined IP address"?

Yes, the "known" tag matches all dhcp-host entries, including those
converted from /etc/ethers.

Quote from the man page: "When a host matches any dhcp-host directive
(or one implied by /etc/ethers) then the special tag "known" is set."

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Removing a feature does anyone rely on this?

2012-07-09 Thread richardvo...@gmail.com 
On Mon, Jul 2, 2012 at 11:16 AM, Helmut Hullen  wrote:
> Hallo, Simon,
>
> Du meintest am 02.07.12:
>
 dhcp-range may have an interface name supplied as
 "interface:>> name>> ".
>
>>> I'd like to use this feature in many schools:
>>>
>>> eth0 and eth1 for the school clients in the LAN, eth2 for the
>>> private clients (especially in the WLAN). And eth3 for DSL/Router
>>> into the WAN.
>
> [...]
>
>> Note that you don't need to tell dnsmasq which dhcp-range goes with
>> which interface - it finds that automatically using the IP address
>> and netmask of the interfaces.
>
> May be.
> But our experiments failed.
>
> We wanted
>
> dhcp-range=192.168.0.10,static,infinite
> #   (192.168.0.0/24) for the school computers
> dhcp-range=192.168.18.10,192.168.31.250,30d
> #   (192.168.16.0/20) for the private machines
>
> and defined all school computers via "dhcp-host=...".
>
> Sometimes/often they got IP adresses from the "private" net.

Assign the #known (or newer, !known) tag to the private dhcp-range,
this way it won't ever be used for hosts which have static addresses.


>
> Adding/changing
>
> dhcp-range=eth0,...
> dhcp-range=eth1,...
>
> didn't help.
> There is a third NIC for the DSL/Router, defined as
>
>no-dhcp-interface=eth2
>
> Viele Gruesse!
> Helmut
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dynamic file generation for dnsmasq-tftp?

2012-06-19 Thread richardvo...@gmail.com 
Is any information about the remote end required for generating the
dynamic part (e.g. the mac address of the node being booted)?

On Tue, Jun 19, 2012 at 2:31 PM, Oliver Rath  wrote:
> Hi list,
>
> Im brooding over the problem, that dnsmasq should send via tftp a file
> which would be generated at aquisition-time.
>
> I.e. if a tftp-request comes to dnsmasq, normally the tftp-part takes
> the named file and send it to the clent.
>
> If I now have a file, which consists of i.e. four parts, where one part
> is generated dynamicly, so that i could send it via p1,p2,p3,pdynamic,p4
> at which the first three parts are really big (> 300MB), the rest is
> relativly small (<10MB), so copying together takes really a lot of time
> and space.
>
> Is there a possibility to send such a thing via dnsmasq-tftp in a
> dynamic way? Maybe there is a generic possibility in linux like named
> pipes or binary overlay, but Im in the dark at the moment.
>
> Any ideas?
>
> Tfh!
>
> Regards,
>
> Oliver
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] issue with dhcp-option tags for dnsmasq

2012-06-18 Thread richardvo...@gmail.com 
On Mon, Jun 18, 2012 at 2:51 PM, Drew Horn  wrote:
> Based on the dnsmasq man page, it appears that tags aren't working for
> dhcp-options in dnsmasq-2.45.  Here's my understanding of how it should be
> used:

2.45 is VERY old.  The new syntax was introduced in 2.53

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] A (possibly bad) idea: failover in dnsmasq

2012-05-28 Thread richardvo...@gmail.com 
 Configuration on a primary looks like

 --failover-listen= 

 Configuration on a secondary looks like

 --failover-master=,
>>>
>>>
>>> I think more consideration should go into the configuration command
>>> names, since putting a "fallover-master" option on a secondary is
>>> counter-intuitive.  After all, one doesn't put a "dhcp-authoritative"
>>> option on non-authoritative servers to tell them where to find the
>>> authoritative server.
>
> That's a valid argument. How about --failover-from=

That sounds much better, less chance of confusion.

>
>>>  Also, shouldn't the standby/failover behavior
>>> be linked to authoritative?
>
> I _think_ authoritative should not be used with failover, but I need to
> trace through all the paths to be sure.
>

Probably a candidate for logging a warning if both options are used.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Looking up local names doesn't work

2012-05-27 Thread richardvo...@gmail.com 
On Sun, May 27, 2012 at 10:15 PM, ian  wrote:

> Hello
>
> I'm currently working a DNS server in a local area network. DHCP service
> is given by another server which is not under my control. Names on the
> internet are working fine, but looking up local names doesn't seem to work.
>


Does the DHCP server serve those names somehow (via DNS, or stored in a
database) that you can reach?  dnsmasq can't magically find out the name
that a client sent to some other DHCP server.



>
>   IP note hostname  192.168.100.229 DNS LOEA-T7500.ic.sjtu.edu.cn
> 192.168.100.75 a host LOEA-VM004.ic.sjtu.edu.cn  192.168.100.31 a host
> LOEA-VM002.ic.sjtu.edu.cn  192.168.100.201 DHCP  202.120.2.101 upstream
> DNS  202.112.26.34 upstream DNS
>
> I use "dig" on LOEA-VM004 to see if I can get LOEA-VM002 resolved via dns,
> but there is no answer:
>
> [ian@LOEA-VM004 ~]$ dig LOEA-VM002
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> LOEA-VM002
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38313
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;LOEA-VM002.INA
>
> ;; AUTHORITY SECTION:
> .10402INSOAa.root-servers.net. nstld.verisign-grs.com. 2012052601 1800
> 900 604800 86400
>
> ;; Query time: 2 msec
> ;; SERVER: 192.168.100.229#53(192.168.100.229)
> ;; WHEN: Mon May 28 10:08:31 2012
> ;; MSG SIZE  rcvd: 103
>
> At the same time, I use tcpdump to listen on DNS server
>
> [root@LOEA-T7500 ian]# tcpdump \(host 192.168.100.229 and port and port
> 53\) or \(host 192.168.100.201\) -nnvv
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96
> bytes
> 10:07:23.390606 IP (tos 0x0, ttl  64, id 31380, offset 0, flags [none],
> proto: UDP (17), length: 56) 192.168.100.75.36380 > 192.168.100.229.53:
> [udp sum ok]  38313+ A? LOEA-VM002. (28)
> 10:07:23.390765 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto:
> UDP (17), length: 56) 192.168.100.229.34909 > 192.168.100.201.53: [bad udp
> cksum 14c2!]  51850+ A? LOEA-VM002. (28)
> 10:07:23.390771 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto:
> UDP (17), length: 56) 192.168.100.229.34909 > 202.112.26.34.53: [bad udp
> cksum d343!]  51850+ A? LOEA-VM002. (28)
> 10:07:23.390774 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto:
> UDP (17), length: 56) 192.168.100.229.34909 > 202.120.2.101.53: [bad udp
> cksum 3d73!]  51850+ A? LOEA-VM002. (28)
> 10:07:23.390962 IP (tos 0x0, ttl  64, id 22929, offset 0, flags [none],
> proto: ICMP (1), length: 84) 192.168.100.201 > 192.168.100.229: ICMP
> 192.168.100.201 udp port 53 unreachable, length 64
>  IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP (17),
> length: 56) 192.168.100.229.34909 > 192.168.100.201.53:  51850+[|domain]
> 10:07:23.391730 IP (tos 0x0, ttl  59, id 6539, offset 0, flags [none],
> proto: UDP (17), length: 131) 202.112.26.34.53 > 192.168.100.229.34909:
>  51850 NXDomain q: A? LOEA-VM002. 0/1/0 ns: . SOA[|domain]
> 10:07:23.391772 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto:
> UDP (17), length: 131) 192.168.100.229.53 > 192.168.100.75.36380:  38313
> NXDomain q: A? LOEA-VM002. 0/1/0 ns: . SOA[|domain]
> 10:07:23.391967 IP (tos 0x0, ttl  59, id 32177, offset 0, flags [none],
> proto: UDP (17), length: 131) 202.120.2.101.53 > 192.168.100.229.34909:
>  51850 NXDomain q: A? LOEA-VM002. 0/1/0 ns: . SOA[|domain]
>
> Here is /etc/hosts /etc/dnsmasq.conf /etc/resolv.dnsmasq.conf
> and /etc/resolv.conf on LOEA-T7500
>
> # Do not remove the following line, or various programs
> # that require network functionality will fail.
> 127.0.0.1 localhost
> #127.0.0.1 LOEA-T7500.ic.sjtu.edu.cn LOEA-T7500
> ::1 localhost6.localdomain6 localhost6
> 127.0.0.1 LOEA-T7500 # added by Apache Friends XAMPP
>
> resolv-file=/etc/resolv.dnsmasq.conf
> expand-hosts
> domain=ic.sjtu.edu.cn
> conf-dir=/etc/dnsmasq.d
>
> search ic.sjtu.edu.cn
> domain ic.sjtu.edu.cn
> nameserver 192.168.100.201
> nameserver 202.112.26.34
> nameserver 202.120.2.101
>
> ; generated by /sbin/dhclient-script
> search ic.sjtu.edu.cn
> nameserver 127.0.0.1
> ;nameserver 192.168.100.201
> ;nameserver 202.112.26.34
> ;nameserver 202.120.2.101
>
> I ping LOEA-T7500 on LOEA-VM004, it is resolved as 127.0.0.1.
> And here is the ip-hostname list on DHCP, I mean those hosts do send their
> hostnames to DHCP when asking for a lease.
>
> 192.168.100.31  - 255.255.255.0  - ea-b3-8d-73-71-65   -2012/5/28 15:07:09
> -D-  LOEA-VM002.ic.sjtu.edu.cn
> 192.168.100.75  - 255.255.255.0  - 06-96-c1-4f-04-43   -2012/5/28 16:05:50
> -D-  LOEA-VM004.ic.sjtu.edu.cn
>
> How can I solve this problem? Thank you.
>
> --
> Huangtian
> Shanghai Jiao Tong University
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-

Re: [Dnsmasq-discuss] A (possibly bad) idea: failover in dnsmasq

2012-05-26 Thread richardvo...@gmail.com 
> Configuration on a primary looks like
>
> --failover-listen= 
>
> Configuration on a secondary looks like
>
> --failover-master=,


I think more consideration should go into the configuration command
names, since putting a "fallover-master" option on a secondary is
counter-intuitive.  After all, one doesn't put a "dhcp-authoritative"
option on non-authoritative servers to tell them where to find the
authoritative server.  Also, shouldn't the standby/failover behavior
be linked to authoritative?

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq and sshfp records

2012-05-24 Thread richardvo...@gmail.com 
dnsmasq doesn't use zone files.  You can try with txt-record= (see the
man page for details)

On Thu, May 24, 2012 at 5:44 AM, Gerd Koenig
 wrote:
> Hi List,
>
> I'm currently looking for a solution to provide ssh-keys via DNS. Seems like
> sshfp records will solve this issue ... so far so good.
> Since we are using dnsmasq as dns/dhcp/pxe-server I wanted to ask how to put
> the generated sshfp records into dnsmasq ???
> After searching for a while I got only guides for "how to create sshfp
> records" or things like "put your sshfp records into dns"not that
> helpful.
>
> Can somebody enlighten me if it is possible to offer ssh keys via dnsmasq,
> and how to configure it ?
>
> I tried it similar to the TXT-Records, therefore I created a config-file
> sshfp.conf and inserted:
> ""
> myhost SSHFP 1 1 cbe4...c6dc
> myhost SSHFP 2 1 20ea...b241
> ""
> But if I want to start dnsmasq I got the error:
> ""
> Starting DNS forwarder and DHCP server: dnsmasq
> dnsmasq: bad option at line 1 of /etc/dnsmasq.d/sshfp.conf
>  failed!
> ""
>
>
> any help appreciated...: Gerd :
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DHCP message

2012-05-21 Thread richardvo...@gmail.com 
On Mon, May 21, 2012 at 5:59 AM, Simon Kelley  wrote:
> On 21/05/12 11:34, Ian Rose wrote:
>> Is it possible to send a message to the client device when an IP address
>> is allocated via DHCP? This would only be a static info message for my
>> purposes, and it wouldn't matter much if some clients didn't support
>> showing it and so ignored it.
>>
>> Apparently Apple Wi-Fi routers do this, but I'm not sure if this is a
>> vendor-specific addition or something that other DHCP servers are
>> capable of too.
>>
>> Thanks.
>>
>
> The closest to useful information I could Google-up was this:
>
> http://www.linuxquestions.org/questions/linux-networking-3/dhcpd-welcome-message-767020/
>
> which indicates that it's a vendor specific option, but not which.
>
> If you can find out what DHCP option is used, dnsmasq can almost
> certainly be configured to send it.
>
> Maybe ask Apple support?

Or use packet capture to see the traffic from an Apple router...

>
>
> Simon.
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] standard gateway as Forwarding DNS-ip?

2012-05-18 Thread richardvo...@gmail.com 
On Fri, May 18, 2012 at 7:09 AM, Oliver Rath  wrote:
> Hi list,
>
> my dnsmasq doesnt forward DNS-queries correctly. The goal is, that
> dnsmasq takes the standard-gateway of dhcp as forwarding address for
> dns-requests. But this didnt work here.



In such a case, you configure your DHCP client to not put the
negotiated DNS server into /etc/resolv.conf, but into an alternate
file.  And configure dnsmasq to use it.  From your configuration it
sounds as if you are using  /var/run/dnsmasq/resolv.conf, I guess that
is specified in your startup scripts on the command line, instead of
in the configuration file?  So far so good.

But it sounds as if you haven't told the DHCP client about that file.
For dhclient, you need to modify the dhclient-script.  udhcpc also
supports a script file.  With dhcpcd, the situation is more
problematic.  You can only choose to overwrite /etc/resolv.conf or
not.  Luckily you can use a resolv.conf.head to make sure your dnsmasq
address (localhost 127.0.0.1) stays on top, and dhcpcd will add the
negotiated entry beneath it.  dnsmasq is smart enough to skip the
localhost entry and use the other, but you'd need to defeat the
configuration option looking in /var/run/dnsmasq, and instead monitor
/etc/resolv.conf (the default).

BTW, it's not dnsmasq overwriting /etc/resolv.conf



>
> If I put an additional dns-server in /var/run/dnsmasq/resolv.conf, it
> runs fine, but this is not the right way, because i dont know at
> starttime the name of my standard-gateway.
>
> Whats wrong?
>
> I have a simple configuration here for dnsmasq:
> --
> except-interface=wlan0
> dhcp-range=192.168.97.50,192.168.97.150,255.255.255.0,12h
> log-queries
> --
>
> Starting the dnsmasq creates the folloiwing entry in /etc/resolv.conf:
> --
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 127.0.0.1
> --
>
> The server hast the ipadress 192.168.11.254 (eth0) and (should) forward
> to 192.168.172.1 via wlan0
>
> --
> # route -n
> Kernel-IP-Routentabelle
> Ziel Router Genmask Flags Metric Ref Use Iface
> 0.0.0.0 192.168.172.1 0.0.0.0 UG 0 0 0 wlan0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0
> 192.168.97.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 192.168.172.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0
> --
>
> Now the forwarding is finished by setting forwarding parameter and
> Masquerading rule:
> --
> # cat /proc/sys/net/ipv4/ip_forward
> 1
> # iptables -t nat -L
> [..]
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> MASQUERADE all -- anywhere anywhere
> --
>
>
> Here the starting log:
> --
> May 18 13:58:14 dnsmasq[3092]: last message repeated 7 times
> May 18 13:58:14 dmi-ThinkPad-T500 dnsmasq[3092]: reading
> /var/run/dnsmasq/resolv.conf
> May 18 13:58:14 dmi-ThinkPad-T500 dnsmasq[3092]: ignoring nameserver
> 127.0.0.1 - local interface
> May 18 13:58:14 dmi-ThinkPad-T500 dnsmasq[3092]: exiting on receipt of
> SIGTERM
> May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq[3182]: started, version 2.59
> cachesize 150
> May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq[3182]: compile time options:
> IPv6 GNU-getopt DBus i18n DHCP TFTP conntrack IDN
> May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq-dhcp[3182]: DHCP, IP range
> 192.168.97.50 -- 192.168.97.150, lease time 12h
> May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq-tftp[3182]: TFTP root is
> /opt/dmi/tftproot
> May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq[3182]: reading
> /var/run/dnsmasq/resolv.conf
> May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq[3182]: ignoring nameserver
> 127.0.0.1 - local interface
> May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq[3182]: /etc/hosts lesen – 7
> Adressen
> --
>
>
> here an dns-request example:
> --
> May 18 13:59:00 dmi-ThinkPad-T500 dnsmasq[3182]: reading
> /var/run/dnsmasq/resolv.conf
> May 18 13:59:00 dmi-ThinkPad-T500 dnsmasq[3182]: ignoring nameserver
> 127.0.0.1 - local interface
> May 18 13:59:00 dmi-ThinkPad-T500 dnsmasq[3182]: query[A] heise.de from
> 192.168.97.73
> --
>
>
> Tfh!
>
> Regards
> Oliver
>
>
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] help needed in dnsmasq problem

2012-05-17 Thread richardvo...@gmail.com 
Well, it shouldn't be removed from the list of servers.  But another
server will be picked, and unless the selected server becomes
unavailable, dnsmasq isn't likely to select a different one.

If your upstream DNS servers are duplicated for redundancy, this is
fine.  If not, and some names only exist on one server, you need to
configure dnsmasq to look for those domains on that particular server.

On Thu, May 17, 2012 at 2:55 PM, Atul Gupta  wrote:
> Hi Richard,
> I Got it. But in this case dnsmasq is ignoring 192.168.160.20 which is
> a upstream server. It is present in config file but dnsmasq never uses
> it for querying irrespective of number of queries i send or time has
> passed, it only keep trying 2001:5b0:3eff:fff7::20.
>
> I also observed that if your DNS servers are having a problem, the
> dnsmasq fails to resolve DNS (expected), then it seems like the
> dnsmasq calls the DNS Server address "bad" and never tries them again,
> because i  had a DNS server problem ...resolved it ...yet the dnsmasq
> never could do DNS resolution after the DNS server problem was
> resolved.
>
> On Thu, May 17, 2012 at 2:38 PM, richardvo...@gmail.com
>  wrote:
>> It's not anything specifically wrong in the configuration file, but it
>> doesn't sound like it matches your network setup.
>>
>> From your question, I think you have some names that can only be
>> resolved by one of your nameservers?  And therefore you are concerned
>> when dnsmasq doesn't contact the server with the ability to resolve
>> those names.
>>
>> But dnsmasq's list of upstream servers is designed for redundancy, and
>> it requires that any query can be sent to any arbitrary server and get
>> a correct answer.  There is not load balancing per se, but checks are
>> done to see which server on the list is the nearest/fastest, which
>> will tend to pick the least busy server, which is similar to load
>> balancing.
>>
>> If some queries must be sent to a single server, then you should
>> create per-domain rules that cause those queries to go to that server,
>> and not be handled by the global upstream.
>>
>> "strict-order" will help determine if this is actually your problem,
>> because it causes queries to be sent to every server in turn.  But it
>> hurts performance, so adding domain-specific server entries is the
>> better way.
>>
>> On Thu, May 17, 2012 at 11:32 AM, Atul Gupta  wrote:
>>> Please reply what you think is not correct in conf file.
>>>
>>> Thanks.
>>>
>>> On Thu, May 17, 2012 at 12:29 PM, richardvo...@gmail.com
>>>  wrote:
>>>> I think your configuration is wrong, but as a test, does the
>>>> "strict-order" option fix your problem?
>>>>
>>>> On Thu, May 17, 2012 at 9:38 AM, Atul Gupta  wrote:
>>>>> Hi,
>>>>> One server in my dnsmasq.conf file is never tried for sending the query.
>>>>>
>>>>>   Below is my config file:-
>>>>>   # Management DNS servers [2]
>>>>>   
>>>>> server=/ody.engr.net/2001:5b0::fff6::25@2001:05b0:3efe:2e1f:::004c:4d0d
>>>>>   
>>>>> server=/ody.engr.net/2001:5b0::fff6::26@2001:05b0:3efe:2e1f:::004c:4d0d
>>>>>   address=/controlcenter.com/192.168.0.1
>>>>>   address=/controlcenter.com/fd0d:edc3:e12a:::1
>>>>>   address=/www.odyagentid.com/66.82.162.22
>>>>>   cache-size=1000
>>>>>   max-ttl=60
>>>>>   neg-ttl=60
>>>>>   no-resolv
>>>>>   max-ipperhost=5
>>>>>   server=192.168.160.20@172.20.54.1
>>>>>   server=192.168.160.20@172.20.54.1
>>>>>   server=2001:5b0:3eff:fff7::20@2001:05b0:3e1a:8000:0280:aeff:fe4b:0277
>>>>>   server=2001:5b0:3eff:fff7::20@2001:05b0:3e1a:8000:0280:aeff:fe4b:0277
>>>>>   I guess dnsmasq adds all servers in the daemon->servers list and picks
>>>>>   servers from there while forwarding the query. My question is that if
>>>>>   there is any scenario where dnsmasq removes any server from this
>>>>>   (daemon->servers) list.As this is what seems to happening in my case
>>>>>   i.e. server 192.168.160.20 is never being tried to forward the query.
>>>>>   restart of dnsmasq solves this problem.
>>>>>   Also when this problem comes and dump cache, there is no entry for
>>>>>   192.168.160.20. below is dump
>>>>>
>>>>>   cache size 1000, cache insertion

Re: [Dnsmasq-discuss] help needed in dnsmasq problem

2012-05-17 Thread richardvo...@gmail.com 
It's not anything specifically wrong in the configuration file, but it
doesn't sound like it matches your network setup.

From your question, I think you have some names that can only be
resolved by one of your nameservers?  And therefore you are concerned
when dnsmasq doesn't contact the server with the ability to resolve
those names.

But dnsmasq's list of upstream servers is designed for redundancy, and
it requires that any query can be sent to any arbitrary server and get
a correct answer.  There is not load balancing per se, but checks are
done to see which server on the list is the nearest/fastest, which
will tend to pick the least busy server, which is similar to load
balancing.

If some queries must be sent to a single server, then you should
create per-domain rules that cause those queries to go to that server,
and not be handled by the global upstream.

"strict-order" will help determine if this is actually your problem,
because it causes queries to be sent to every server in turn.  But it
hurts performance, so adding domain-specific server entries is the
better way.

On Thu, May 17, 2012 at 11:32 AM, Atul Gupta  wrote:
> Please reply what you think is not correct in conf file.
>
> Thanks.
>
> On Thu, May 17, 2012 at 12:29 PM, richardvo...@gmail.com
>  wrote:
>> I think your configuration is wrong, but as a test, does the
>> "strict-order" option fix your problem?
>>
>> On Thu, May 17, 2012 at 9:38 AM, Atul Gupta  wrote:
>>> Hi,
>>> One server in my dnsmasq.conf file is never tried for sending the query.
>>>
>>>   Below is my config file:-
>>>   # Management DNS servers [2]
>>>   
>>> server=/ody.engr.net/2001:5b0::fff6::25@2001:05b0:3efe:2e1f:::004c:4d0d
>>>   
>>> server=/ody.engr.net/2001:5b0::fff6::26@2001:05b0:3efe:2e1f:::004c:4d0d
>>>   address=/controlcenter.com/192.168.0.1
>>>   address=/controlcenter.com/fd0d:edc3:e12a:::1
>>>   address=/www.odyagentid.com/66.82.162.22
>>>   cache-size=1000
>>>   max-ttl=60
>>>   neg-ttl=60
>>>   no-resolv
>>>   max-ipperhost=5
>>>   server=192.168.160.20@172.20.54.1
>>>   server=192.168.160.20@172.20.54.1
>>>   server=2001:5b0:3eff:fff7::20@2001:05b0:3e1a:8000:0280:aeff:fe4b:0277
>>>   server=2001:5b0:3eff:fff7::20@2001:05b0:3e1a:8000:0280:aeff:fe4b:0277
>>>   I guess dnsmasq adds all servers in the daemon->servers list and picks
>>>   servers from there while forwarding the query. My question is that if
>>>   there is any scenario where dnsmasq removes any server from this
>>>   (daemon->servers) list.As this is what seems to happening in my case
>>>   i.e. server 192.168.160.20 is never being tried to forward the query.
>>>   restart of dnsmasq solves this problem.
>>>   Also when this problem comes and dump cache, there is no entry for
>>>   192.168.160.20. below is dump
>>>
>>>   cache size 1000, cache insertions 2644, re-used unexpired cache entries 0
>>>   queries forwarded 1301, queries answered locally 37
>>>   server 2001:5b0::fff6::25#53: queries sent 0, retried or failed 0, 
>>> used 0
>>>   server 2001:5b0::fff6::26#53: queries sent 0, retried or failed 0, 
>>> used 0
>>>   server 2001:5b0:3eff:fff7::20#53: queries sent 680, retried or
>>> failed 0, used 0
>>>   Host                                     Address
>>>    Flags     Expires
>>>
>>>   Please ignore the counters next to  "queries sent", "cache insertions"
>>>   etc. as they may be inconsistent, but real problem is that i don't see
>>>   192.168.160.20 in this list.
>>>
>>>   Please help
>>>   Regards,
>>>   Atul.
>>>
>>> ___
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss@lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] help needed in dnsmasq problem

2012-05-17 Thread richardvo...@gmail.com 
I think your configuration is wrong, but as a test, does the
"strict-order" option fix your problem?

On Thu, May 17, 2012 at 9:38 AM, Atul Gupta  wrote:
> Hi,
> One server in my dnsmasq.conf file is never tried for sending the query.
>
>   Below is my config file:-
>   # Management DNS servers [2]
>   
> server=/ody.engr.net/2001:5b0::fff6::25@2001:05b0:3efe:2e1f:::004c:4d0d
>   
> server=/ody.engr.net/2001:5b0::fff6::26@2001:05b0:3efe:2e1f:::004c:4d0d
>   address=/controlcenter.com/192.168.0.1
>   address=/controlcenter.com/fd0d:edc3:e12a:::1
>   address=/www.odyagentid.com/66.82.162.22
>   cache-size=1000
>   max-ttl=60
>   neg-ttl=60
>   no-resolv
>   max-ipperhost=5
>   server=192.168.160.20@172.20.54.1
>   server=192.168.160.20@172.20.54.1
>   server=2001:5b0:3eff:fff7::20@2001:05b0:3e1a:8000:0280:aeff:fe4b:0277
>   server=2001:5b0:3eff:fff7::20@2001:05b0:3e1a:8000:0280:aeff:fe4b:0277
>   I guess dnsmasq adds all servers in the daemon->servers list and picks
>   servers from there while forwarding the query. My question is that if
>   there is any scenario where dnsmasq removes any server from this
>   (daemon->servers) list.As this is what seems to happening in my case
>   i.e. server 192.168.160.20 is never being tried to forward the query.
>   restart of dnsmasq solves this problem.
>   Also when this problem comes and dump cache, there is no entry for
>   192.168.160.20. below is dump
>
>   cache size 1000, cache insertions 2644, re-used unexpired cache entries 0
>   queries forwarded 1301, queries answered locally 37
>   server 2001:5b0::fff6::25#53: queries sent 0, retried or failed 0, used > 0
>   server 2001:5b0::fff6::26#53: queries sent 0, retried or failed 0, used > 0
>   server 2001:5b0:3eff:fff7::20#53: queries sent 680, retried or
> failed 0, used 0
>   Host                                     Address
>    Flags     Expires
>
>   Please ignore the counters next to  "queries sent", "cache insertions"
>   etc. as they may be inconsistent, but real problem is that i don't see
>   192.168.160.20 in this list.
>
>   Please help
>   Regards,
>   Atul.
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Problems with DHCP packets with broadcast flag enabled

2012-05-07 Thread richardvo...@gmail.com 
Check if sending the DHCPOFFER fails (if for example, it is a renewal
packet and therefore unicast rather than multicast, and it can't find
a MAC address for that client because ARP is blocked).  I think
checking the return value from `sendto` should trap this scenario.

If the DHCPOFFER packet doesn't make it to the interface, then the
client can't accept the offered address, and no entry will be made in
the lease table.

On Mon, May 7, 2012 at 2:47 PM, Daniel Figueira  wrote:
> Hello.
>
>
>
> I’m working on a scenario in which ARP is disabled on a given interface. We
> have a deamon that only responds to ARP requests coming from authorized
> clients. The authorized client list is given by the DHCP lease list.
>
>
>
> When emulating multiple DHCP clients with the Broadcast Flag active, the
> dnsmasq daemon receives the DHCP DISCOVER packets, and according to the log,
> it also sends the DHCP OFFER packets. However, when capturing traffic with
> tcpdump I am unable to see the DHCP OFFER packets. Furthermore, no DHCP
> leases exist in /var/lib/misc/dnsmasq.leases and no client gains IP.
>
>
>
> We are working in a Linux system (2.6.34.8).
>
>
>
> Do you have any suggestions to overcome this problem?
>
>
>
> Thanks in advance.
>
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] multiple ips

2012-04-26 Thread richardvo...@gmail.com 
This looks relevant:
http://www.geekamole.com/2011/multiple-virtual-dhcp-interfaces-on-a-port-gentoo/

On Thu, Apr 26, 2012 at 5:18 PM, Luca Postregna
 wrote:
> gentoo as client, for now I get one ip from dhcp server, and set others
> manually.
>
>
> On Thu, Apr 26, 2012 at 11:53 PM, richardvo...@gmail.com
>  wrote:
>>
>> What OS are you using?  But this is very abnormal behavior you are
>> asking for, I think you either need a specialty client or else virtual
>> subinterfaces.
>>
>> On Thu, Apr 26, 2012 at 4:11 PM, Luca Postregna
>>  wrote:
>> > do you have experience with dhcp client about? if true, which?
>> >
>> >
>> > On Thu, Apr 26, 2012 at 10:12 PM, richardvo...@gmail.com
>> >  wrote:
>> >>
>> >> Then you need to configure your client to make two requests (using two
>> >> locally-administered MAC addresses, probably).  The DHCPOFFER message
>> >> only carries one IP address.  That limitation isn't peculiar to
>> >> dnsmasq.
>> >>
>> >> On Thu, Apr 26, 2012 at 2:48 PM, Luca Postregna
>> >>  wrote:
>> >> > uhm...in need two ip addresses on same interface, only wlan0 for
>> >> > example.
>> >> >
>> >> >
>> >> > On Thu, Apr 26, 2012 at 9:46 PM, richardvo...@gmail.com
>> >> >  wrote:
>> >> >>
>> >> >> What is your interface configuration (`ip show address`)?  What
>> >> >> interface is your laptop connected to?
>> >> >>
>> >> >> This allows you to reserve addresses for a computer on more than one
>> >> >> subnet, i.e. if you connect to eth0 you get the reserved address in
>> >> >> that network, if eth1, the reserved address from that network.  It's
>> >> >> not two addresses at once.
>> >> >>
>> >> >> Your dhcp client only asks for one IP address, and hence dnsmasq
>> >> >> will
>> >> >> only give it one.
>> >> >>
>> >> >> On Thu, Apr 26, 2012 at 11:51 AM, Luca Postregna
>> >> >>  wrote:
>> >> >> > thanks for help.
>> >> >> >
>> >> >> > I added two dhcp-host line like this:
>> >> >> >
>> >> >> > dhcp-host=00:22:5f:d1:7c:28,00:26:b9:03:bc:3b,10.0.1.1,jarod
>> >> >> > dhcp-host=00:22:5f:d1:7c:28,00:26:b9:03:bc:3b,172.16.1.1,jarod
>> >> >> >
>> >> >> > but dhcp server assign only first ip to my laptop. how can i
>> >> >> > solve?
>> >> >> >
>> >> >> > On Thu, Apr 26, 2012 at 4:04 PM, richardvo...@gmail.com
>> >> >> >  wrote:
>> >> >> >>
>> >> >> >> Just use multiple dhcp-host lines.
>> >> >> >>
>> >> >> >> Also, the order is
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> dhcp-host=[][,id:|*][,set:][,][,][,][,ignore]
>> >> >> >>
>> >> >> >> That is, the hostname comes after the IP address.  And the
>> >> >> >> netmask
>> >> >> >> isn't specified explicitly, it's determined from the local
>> >> >> >> interface
>> >> >> >> configuration, or the DHCP proxy server.
>> >> >> >>
>> >> >> >> On Thu, Apr 26, 2012 at 5:45 AM, Luca Postregna
>> >> >> >>  wrote:
>> >> >> >> >
>> >> >> >> > Hi all, is there a way to configure dnsmasq to lease multiple
>> >> >> >> > ips
>> >> >> >> > in
>> >> >> >> > different networks to a client?
>> >> >> >> >
>> >> >> >> > my goal is similar to
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > dhcp-host=11:22:33:44:55:66,hostmane,192.168.1.2/24,172.16.0.2/16
>> >> >> >> >
>> >> >> >> > can anybody help me about?
>> >> >> >> > LP
>> >> >> >> >
>> >> >> >> > --
>> >> >> >> >
>> >> >> >> > http://luca.postregna.name
>> >> >> >> > Luca Postregna
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > ___
>> >> >> >> > Dnsmasq-discuss mailing list
>> >> >> >> > Dnsmasq-discuss@lists.thekelleys.org.uk
>> >> >> >> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> >> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> >
>> >> >> > http://luca.postregna.name
>> >> >> > Luca Postregna
>> >> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> >
>> >> > http://luca.postregna.name
>> >> > Luca Postregna
>> >> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > http://luca.postregna.name
>> > Luca Postregna
>> >
>
>
>
>
> --
>
> http://luca.postregna.name
> Luca Postregna
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] multiple ips

2012-04-26 Thread richardvo...@gmail.com 
What OS are you using?  But this is very abnormal behavior you are
asking for, I think you either need a specialty client or else virtual
subinterfaces.

On Thu, Apr 26, 2012 at 4:11 PM, Luca Postregna
 wrote:
> do you have experience with dhcp client about? if true, which?
>
>
> On Thu, Apr 26, 2012 at 10:12 PM, richardvo...@gmail.com
>  wrote:
>>
>> Then you need to configure your client to make two requests (using two
>> locally-administered MAC addresses, probably).  The DHCPOFFER message
>> only carries one IP address.  That limitation isn't peculiar to
>> dnsmasq.
>>
>> On Thu, Apr 26, 2012 at 2:48 PM, Luca Postregna
>>  wrote:
>> > uhm...in need two ip addresses on same interface, only wlan0 for
>> > example.
>> >
>> >
>> > On Thu, Apr 26, 2012 at 9:46 PM, richardvo...@gmail.com
>> >  wrote:
>> >>
>> >> What is your interface configuration (`ip show address`)?  What
>> >> interface is your laptop connected to?
>> >>
>> >> This allows you to reserve addresses for a computer on more than one
>> >> subnet, i.e. if you connect to eth0 you get the reserved address in
>> >> that network, if eth1, the reserved address from that network.  It's
>> >> not two addresses at once.
>> >>
>> >> Your dhcp client only asks for one IP address, and hence dnsmasq will
>> >> only give it one.
>> >>
>> >> On Thu, Apr 26, 2012 at 11:51 AM, Luca Postregna
>> >>  wrote:
>> >> > thanks for help.
>> >> >
>> >> > I added two dhcp-host line like this:
>> >> >
>> >> > dhcp-host=00:22:5f:d1:7c:28,00:26:b9:03:bc:3b,10.0.1.1,jarod
>> >> > dhcp-host=00:22:5f:d1:7c:28,00:26:b9:03:bc:3b,172.16.1.1,jarod
>> >> >
>> >> > but dhcp server assign only first ip to my laptop. how can i solve?
>> >> >
>> >> > On Thu, Apr 26, 2012 at 4:04 PM, richardvo...@gmail.com
>> >> >  wrote:
>> >> >>
>> >> >> Just use multiple dhcp-host lines.
>> >> >>
>> >> >> Also, the order is
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> dhcp-host=[][,id:|*][,set:][,][,][,][,ignore]
>> >> >>
>> >> >> That is, the hostname comes after the IP address.  And the netmask
>> >> >> isn't specified explicitly, it's determined from the local interface
>> >> >> configuration, or the DHCP proxy server.
>> >> >>
>> >> >> On Thu, Apr 26, 2012 at 5:45 AM, Luca Postregna
>> >> >>  wrote:
>> >> >> >
>> >> >> > Hi all, is there a way to configure dnsmasq to lease multiple ips
>> >> >> > in
>> >> >> > different networks to a client?
>> >> >> >
>> >> >> > my goal is similar to
>> >> >> >
>> >> >> > dhcp-host=11:22:33:44:55:66,hostmane,192.168.1.2/24,172.16.0.2/16
>> >> >> >
>> >> >> > can anybody help me about?
>> >> >> > LP
>> >> >> >
>> >> >> > --
>> >> >> >
>> >> >> > http://luca.postregna.name
>> >> >> > Luca Postregna
>> >> >> >
>> >> >> >
>> >> >> > ___
>> >> >> > Dnsmasq-discuss mailing list
>> >> >> > Dnsmasq-discuss@lists.thekelleys.org.uk
>> >> >> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> >> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> >
>> >> > http://luca.postregna.name
>> >> > Luca Postregna
>> >> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > http://luca.postregna.name
>> > Luca Postregna
>> >
>
>
>
>
> --
>
> http://luca.postregna.name
> Luca Postregna
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] multiple ips

2012-04-26 Thread richardvo...@gmail.com 
Then you need to configure your client to make two requests (using two
locally-administered MAC addresses, probably).  The DHCPOFFER message
only carries one IP address.  That limitation isn't peculiar to
dnsmasq.

On Thu, Apr 26, 2012 at 2:48 PM, Luca Postregna
 wrote:
> uhm...in need two ip addresses on same interface, only wlan0 for example.
>
>
> On Thu, Apr 26, 2012 at 9:46 PM, richardvo...@gmail.com
>  wrote:
>>
>> What is your interface configuration (`ip show address`)?  What
>> interface is your laptop connected to?
>>
>> This allows you to reserve addresses for a computer on more than one
>> subnet, i.e. if you connect to eth0 you get the reserved address in
>> that network, if eth1, the reserved address from that network.  It's
>> not two addresses at once.
>>
>> Your dhcp client only asks for one IP address, and hence dnsmasq will
>> only give it one.
>>
>> On Thu, Apr 26, 2012 at 11:51 AM, Luca Postregna
>>  wrote:
>> > thanks for help.
>> >
>> > I added two dhcp-host line like this:
>> >
>> > dhcp-host=00:22:5f:d1:7c:28,00:26:b9:03:bc:3b,10.0.1.1,jarod
>> > dhcp-host=00:22:5f:d1:7c:28,00:26:b9:03:bc:3b,172.16.1.1,jarod
>> >
>> > but dhcp server assign only first ip to my laptop. how can i solve?
>> >
>> > On Thu, Apr 26, 2012 at 4:04 PM, richardvo...@gmail.com
>> >  wrote:
>> >>
>> >> Just use multiple dhcp-host lines.
>> >>
>> >> Also, the order is
>> >>
>> >>
>> >>
>> >> dhcp-host=[][,id:|*][,set:][,][,][,][,ignore]
>> >>
>> >> That is, the hostname comes after the IP address.  And the netmask
>> >> isn't specified explicitly, it's determined from the local interface
>> >> configuration, or the DHCP proxy server.
>> >>
>> >> On Thu, Apr 26, 2012 at 5:45 AM, Luca Postregna
>> >>  wrote:
>> >> >
>> >> > Hi all, is there a way to configure dnsmasq to lease multiple ips in
>> >> > different networks to a client?
>> >> >
>> >> > my goal is similar to
>> >> >
>> >> > dhcp-host=11:22:33:44:55:66,hostmane,192.168.1.2/24,172.16.0.2/16
>> >> >
>> >> > can anybody help me about?
>> >> > LP
>> >> >
>> >> > --
>> >> >
>> >> > http://luca.postregna.name
>> >> > Luca Postregna
>> >> >
>> >> >
>> >> > ___
>> >> > Dnsmasq-discuss mailing list
>> >> > Dnsmasq-discuss@lists.thekelleys.org.uk
>> >> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> >> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > http://luca.postregna.name
>> > Luca Postregna
>> >
>
>
>
>
> --
>
> http://luca.postregna.name
> Luca Postregna
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq DHCP filter by circuit AND remote IDs

2012-04-26 Thread richardvo...@gmail.com 
Use tag-if for boolean logic

dhcp-circuitid=set:circuitmatch,
dhcp-remoteid=set:agentmatch,
tag-if=set:bothmatch,tag:circuitmatch,tag:agentmatch

On Thu, Apr 26, 2012 at 2:39 PM, David Dombrowsky
 wrote:
> The man page for dnsmasq says
>
>
>
> “If an exact match is achieved between the circuit or agent ID and one
> provided by a relay agent, the network-id tag is set.”
>
>
>
> Which says to me that it’s remoteid OR circuitid will net the network ID for
> use with dhcp-range (et. al. ).  I need to match responses based on both
> circuitid and remoteid, and if I set both, it uses “OR” not “AND”.  Am I
> missing an option something?
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] multiple ips

2012-04-26 Thread richardvo...@gmail.com 
What is your interface configuration (`ip show address`)?  What
interface is your laptop connected to?

This allows you to reserve addresses for a computer on more than one
subnet, i.e. if you connect to eth0 you get the reserved address in
that network, if eth1, the reserved address from that network.  It's
not two addresses at once.

Your dhcp client only asks for one IP address, and hence dnsmasq will
only give it one.

On Thu, Apr 26, 2012 at 11:51 AM, Luca Postregna
 wrote:
> thanks for help.
>
> I added two dhcp-host line like this:
>
> dhcp-host=00:22:5f:d1:7c:28,00:26:b9:03:bc:3b,10.0.1.1,jarod
> dhcp-host=00:22:5f:d1:7c:28,00:26:b9:03:bc:3b,172.16.1.1,jarod
>
> but dhcp server assign only first ip to my laptop. how can i solve?
>
> On Thu, Apr 26, 2012 at 4:04 PM, richardvo...@gmail.com
>  wrote:
>>
>> Just use multiple dhcp-host lines.
>>
>> Also, the order is
>>
>>
>> dhcp-host=[][,id:|*][,set:][,][,][,][,ignore]
>>
>> That is, the hostname comes after the IP address.  And the netmask
>> isn't specified explicitly, it's determined from the local interface
>> configuration, or the DHCP proxy server.
>>
>> On Thu, Apr 26, 2012 at 5:45 AM, Luca Postregna
>>  wrote:
>> >
>> > Hi all, is there a way to configure dnsmasq to lease multiple ips in
>> > different networks to a client?
>> >
>> > my goal is similar to
>> >
>> > dhcp-host=11:22:33:44:55:66,hostmane,192.168.1.2/24,172.16.0.2/16
>> >
>> > can anybody help me about?
>> > LP
>> >
>> > --
>> >
>> > http://luca.postregna.name
>> > Luca Postregna
>> >
>> >
>> > ___
>> > Dnsmasq-discuss mailing list
>> > Dnsmasq-discuss@lists.thekelleys.org.uk
>> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> >
>
>
>
>
> --
>
> http://luca.postregna.name
> Luca Postregna
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] multiple ips

2012-04-26 Thread richardvo...@gmail.com 
Just use multiple dhcp-host lines.

Also, the order is

dhcp-host=[][,id:|*][,set:][,][,][,][,ignore]

That is, the hostname comes after the IP address.  And the netmask
isn't specified explicitly, it's determined from the local interface
configuration, or the DHCP proxy server.

On Thu, Apr 26, 2012 at 5:45 AM, Luca Postregna
 wrote:
>
> Hi all, is there a way to configure dnsmasq to lease multiple ips in 
> different networks to a client?
>
> my goal is similar to
>
> dhcp-host=11:22:33:44:55:66,hostmane,192.168.1.2/24,172.16.0.2/16
>
> can anybody help me about?
> LP
>
> --
>
> http://luca.postregna.name
> Luca Postregna
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Slow response to DHCPDISCOVER

2012-04-24 Thread richardvo...@gmail.com 
Daryl may still be correct.  Linux's bridge module also implements the
learning phase (for detection of loops) before it begins forwarding packets.

On Tue, Apr 24, 2012 at 10:38 PM, Adrian May  wrote:

> Hi Daryl,
>
> There is no switch. I'm trying to build a router and I'm plugging clients
> directly into it. It's actually a little fanless thing with 8 ethernet
> ports, 7 of which I bridge to make the private LAN, and the other of which
> dials pppoe. I installed ubuntu server 10.04, followed by the bridge, and
> then dnsmasq.
>
> In the meantime, I got another result. With IPFire, I found dhcp very
> fast, and it turned out that some of the home made cables around here can't
> connect the embedded boards to the little box I'm making the router out of.
> But they can connect any PC to my router or the 10 dollar router, and they
> can connect any PC or embedded board to the 10 dollar router, and the
> proper cables can connect anything to anything. In other words, the only
> combination that doesn't work is the home-made cable connecting the
> embedded boards to my new router. What's more, it doesn't matter whether I
> use a 100Mb or 1Gb socket on the new router. Very strange. That's all under
> IPFire, so now I'm reinstalling ubuntu to see if I get the same result.
>
> Adrian.
>
>
>
>
> On 04/24/2012 10:51 PM, Daryl Richards wrote:
>
>> Actually, the "10 dollar domestic router" fix points to the probable
>> solution. You likely have spanning tree turned on on your usual switch,
>> which will block all traffic on that port for the first 50 seconds after
>> a link state change. Either switch to rapid spanning tree, or look into
>> your switch's version of "portfast"..
>>
>> On 12-04-23 11:21 PM, Adrian May wrote:
>>
>>> Hi Simon,
>>>
>>> In the meantime I installed ClearOS, which uses dnsmasq. Now the PCs
>>> get served fast but my embedded boards are still not getting IPs. If I
>>> plug these embedded boards into my 10 dollar domestic router, they get
>>> an IP instantly. I already tried setting bootp-dynamic and
>>> dhcp-broadcast in the config. If I grep everything under /var/log for
>>> dnsmasq, there's no evidence that requests were even received from
>>> these boards. So I still suspect the networking layer.
>>>
>>> As for the boards themselves, I'm not entirely sure what they do.
>>> They've got some kind of embedded linux. One boots into yamon where I
>>> can only say "net init", the other into something of its own invention
>>> where I start udhcpc.
>>>
>>> I tried no-ping but it had no effect. I can't get my brain around your
>>> tag system. I've just been writing things like bootp-dynamic with no
>>> tags right in the main config file, or in the case of ClearOS, in the
>>> dhcp config file which is referenced from the main config file. Could
>>> it be that these settings have no effect unless I attach some tags, or
>>> put them inside a subnet declaration?
>>>
>>> Adrian.
>>>
>>>
>>>
>>> On 04/23/2012 08:01 PM, Simon Kelley wrote:
>>>
 On 23/04/12 12:02, Adrian May wrote:

> Hi all,
>
> I get the same result with dnsmasq, dhcp3-server and isc, namely, that
> the client has to send several DHCPDISCOVER packets before the server
> finally responds after about 30 seconds. This is breaking a couple of
> embedded platforms because they aren't that patient, and I have no way
> of configuring that.
>
> Why don't DHCP servers just respond to the first DHCPDISCOVER?
> Especially when I made them authoritative?#
>
 Servers allocate an address and then ping it for a few seconds just
 to be sure it's not in use. That's the main delay. In dnsmasq
 --no-ping will stop this behaviour. Also the  client is entitled to
 wait around collecting answers from more than one server before
 deciding which one to use; they rarely do this and it doesn't sound
 like yours are.

> I think I might have seen in the logs that the dhcp processes aren't
> even getting the earlier packets, even though the machine is. It's
> as if
> they get discarded by the networking layer. This is a ubuntu server
> 10.04 machine.
>

 Firewall rules can affect things, but the result is rarely
 intermittent. Is your network heavily loaded and dropping packets?


 Cheers,

 Simon.

  Any ideas?
>
> Adrian.
>
>
>
>
> __**_
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.**thekelleys.org.uk
> http://lists.thekelleys.org.**uk/mailman/listinfo/dnsmasq-**discuss
>
>
 __**_
 Dnsmasq-discuss mailing list
 Dnsmasq-discuss@lists.**thekelleys.org.uk
 http://lists.thekelleys.org.**uk/mailman/listinfo/dnsmasq-**discuss

>>>
>>> __

Re: [Dnsmasq-discuss] DNS in DNsmasq

2012-04-23 Thread richardvo...@gmail.com 
No.  You must configure dnsmasq with an upstream nameserver which will
perform the recursive query.

dnsmasq is a server for your local zone (with DHCP integration, similar to
dynamic dns) and a cache.  It is not a recursive nameserver.

On Mon, Apr 23, 2012 at 9:23 AM, dnsmasq dnsmasq wrote:

> Hello,
>
> Did Dnsmasq support recursive/itérative queries or both?
>
>
> Greets.
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Update: Lowercase patch for 2.61rc2

2012-04-20 Thread richardvo...@gmail.com 
On Fri, Apr 20, 2012 at 2:20 AM, Oliver Rath  wrote:

[snip]

Now you can say: Ok, why you dont use a partition with the
> ignore_case-Option holding all this drivers? This is right unless you
> are working on embedded environment with low space.  There it is much
> smarter using the lowercase-option than creating an additional partition.
>
>
[snip]

You don't need a separate partition, an overlay mount should work.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] load balancing with interfaces

2012-04-11 Thread richardvo...@gmail.com 
On Wed, Apr 11, 2012 at 4:31 AM, Helmut Hullen  wrote:

> Hallo,
>
> in a school I want to run all schoolish clients (about 150) over eth0,
> with quasi static IP addresses ("dhcp-host=...") and all private clients
> (private netbooks, smartphones etc.) over eth1 (completely DHCP, lease
> time 2 days).
>
> eth0: 192.168.0.0/24
> eth1: 192.168.16.0/20
>
> My dnsmasq configuration:
>
> dhcp-range=192.168.0.1,static,300d
> dhcp-range=192.168.18.10,192.168.31.250,2d
>
> 
>
> It doesn't work as expected.
>
> Changing the "range" definitions to
>
> dhcp-range=eth0,192.168.0.1,static,300d
> dhcp-range=eth1,192.168.18.10,192.168.31.250,2d
>
> also doesn't work as expected.
>
> Users who use a schoolish client with (p.e.)
>
>  dhcp-host=00:11:22:33:44:55:66,192.168.0.101,b100-pc1
>
> get a DHCP address from the eth1 range, p.e. 192.168.21.22
>
> What goes wrong?
>

If the client is physically connected to eth1, it will get an address which
is usable on that network.  Your static range will only be given out to
client physically connected to eth0, because you've configured it that way.


>
> Viele Gruesse!
> Helmut
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] TFTP FIXME message

2012-04-01 Thread richardvo...@gmail.com 
That looks like a comment to developers.  Seems a mistake if it's actually
printed at runtime.

On Sun, Apr 1, 2012 at 8:12 AM, Helmut Hullen  wrote:

> Hallo,
>
> my (self made) dnsmasq 2.60 always tells
>
> TFTP FIXME: this and the next few must be full strings to be
> translatable - do not assemble in code/tftpboot
>
> when it gets started.
>
> What does that message mean?
>
> Viele Gruesse!
> Helmut
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNSMasq script lookup

2012-03-30 Thread richardvo...@gmail.com 
On Fri, Mar 30, 2012 at 9:26 AM, Simon Kelley wrote:

> On 29/03/12 20:12, richardvo...@gmail.com wrote:
>
>>
>> On thing which might be interesting, is to define a new type of
>> upstream server (maybe called a look-aside server) which dnsmasq will
>> send a query to first, and which if it can't answer the query can
>> return a custom return-code "Not known", which causes dnsmasq to then
>> push the query into the standard server pathway.
>>
>>
>> How's this help?  Hasn't dnsmasq thrown away the information it would
>>  need to send the query to a second server at this point?
>>
>
> The look-aside server speaks the DNS protocol, which implies that the
> "Not known" reply includes the original query, giving dnsmasq the
> information is needs to send the query on.
>

Ah, I wasn't aware that every reply includes the original request including
all options.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNSMasq script lookup

2012-03-29 Thread richardvo...@gmail.com 
>
>
> On thing which might be interesting, is to define a new type of upstream
> server (maybe called a look-aside server) which dnsmasq will send a query
> to first, and which if it can't answer the query can return a custom
> return-code "Not known", which causes dnsmasq to then push the query into
> the standard server pathway.
>

How's this help?  Hasn't dnsmasq thrown away the information it would need
to send the query to a second server at this point?

Or is the fingerprint kept in a "not known" table, such that when the
client tries again (and dnsmasq receives a second copy of the query), the
look-aside is skipped and the normal servers are used?  That would work,
but add a non-negligible retry timeout to all queries which use the normal
servers.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] server config options not working

2012-03-22 Thread richardvo...@gmail.com 
DNS is the wrong place to implement this behavior.

Interception of TCP connections is done with packet rewriting rules in
iptables, and you'll need to set up your exceptions there also.

On Thu, Mar 22, 2012 at 6:01 AM, Ian Rose  wrote:

> I have set up a Ubuntu 10.04 LTS desktop machine with 2 interfaces (eth0
> and wlan0). wlan0 acts as a wifi access point using hostapd.
>
> dnsmasq is installed OK, and everything works so that locally on that
> machine DNS works fine as normal, but connections over wlan0 get everything
> routed to localhost. This means for example that you can view a website
> using firefox on the local machine, but connect via wlan from a phone, for
> example, and you get routed to an internally hosted website. All well and
> good so far.
>
> I want to add domains that will be excepted from this default behavior,
> for example to allow someone connected via wlan to be able to tweet from
> the internal website. I have tried using both the server and address
> options in the dnsmasq.conf file, but neither work.
>
> *#This has no effect at all:
> server=/twitter.com/#
>
> #Neither does this:
> server=/twitter.com/192.168.1.254@eth0*
>
> Where 192.168.1.254 is the IP address of the router it's attached to via
> eth0 and the gateway to the internet. Nor does replacing this IP address
> with the DNS lookup addresses specified in the router config. IP address
> for twitter.com is gives 10.0.0.2 as before, the address of this machine
> via wlan0.
>
> Alternatively trying something like the following seems to resolve
> addresses OK, but makes a browser on the wireless connected device (eg
> phone) hang:
> *
> address=/twitter.com/199.59.150.7
> address=/twimg.com/184.169.81.33
> address=/ssl.google-analytics.com/173.194.41.94
> address=/www.google-analytics.com/173.194.41.137*
>
> Any ideas what is going on? Why doesn't the server option have any effect
> at all?
>
> Thanks.
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Feature Request: tftp-script

2012-03-19 Thread richardvo...@gmail.com 
Existing scripts could definitely break, imagine one that just logs certain
environment variables plus the parameter.  The new action values won't have
the right environment variable set.

How about both?  Give the --tftp-script the same action parameter, and keep
actions unique, that way both options can be pointed to the same script, or
separate scripts.

On Mon, Mar 19, 2012 at 6:18 AM, Simon Kelley wrote:

> On 18/03/12 07:09, Shantanu Gadgil wrote:
>
>> Hi,
>>
>> I was wondering whether it would be possible to have hooks for the TFTP
>> operations, just like the DHCP operations.
>>
>> This is just a rough thought for now ...
>> When a TFTP request is made from the client (or is successful when the
>> file is /actually/ provided), I want to be able to log the IP adress (or
>> maybe send a mail) to collect some data as to how many network based
>> installations actually started, etc.
>>
>> If it could be possible to have the filename as one of the parameters in
>> the hook, it would be even better, as then I can isolate actual
>> installations that started, as opposed to TFTP requests which just loading
>> the PXE menu.
>>
>> Regards,
>> Shantanu
>>
>
> That sounds to me like a very sensible suggestion.
>
> There are two obvious ways to do it: either add an extra hook
> (--tftp-script), or add an extra possible "action" value to the current
> --dhcp-script. I think the later is how I'd do it if starting from scratch,
> but it has the disadvantage of possibly breaking existing script code. On
> the other hand, any sane script should just ignore unrecognised actions;
> the example code supplied with dnsmasq does.
>
> Any script users out there, please check your code, would adding another
> value to {add, old, del, init} break stuff?
>
>
>
> Cheers,
>
> Simon.
>
>
> __**_
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.**thekelleys.org.uk
> http://lists.thekelleys.org.**uk/mailman/listinfo/dnsmasq-**discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Feature Request(s)

2012-03-15 Thread richardvo...@gmail.com 
Since the PTR name contains the IP, by definition different IPs means
different PTR records.

On Thu, Mar 15, 2012 at 2:34 PM, /dev/rob0  wrote:

> On Thu, Mar 15, 2012 at 10:24:44AM -0700, Rob Zwissler wrote:
> > Yah, seems to me it would make more sense to key off the IP address
> > (or have that come first in the config) as it seems to make more
> > sense to organize zone files by IP, and since you can have multiple
> > A's per IP but not multiple IPs per PTR.
>
> You CAN have as many PTR records as you want on any name. However,
> it's unlikely to do anything useful.
> --
>  http://rob0.nodns4.us/ -- system administration and consulting
>  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Detect conflicting DHCP servers

2012-03-09 Thread richardvo...@gmail.com 
Contacting DHCP servers is a task for a DHCP client, not a DHCP server.
 There are a number of scripts available which will send a request and
listen to all responses (not just the first), generating an alert if any
unexpected nodes responded.  Google "rogue DHCP detect".

On Fri, Mar 9, 2012 at 3:25 AM, james garner  wrote:

> Dear list,
>
> our DHCP requests are handled by dnsmasq on the main server. Every now and
> then a technically illiterate person connects a device to the network that
> by default acts as DHCP-server, may it be a print server or a switch. Is
> there a way to tell dnsmasq to periodically scan for other DHCP-servers and
> give a warning if necessary?
> Thanks
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq itself as WINS server

2012-02-06 Thread richardvo...@gmail.com 
Do you even need WINS if DNS lookup is working properly?  I think it's
become completely redundant.

On Mon, Feb 6, 2012 at 11:09 AM,   wrote:
> esehello everybody
>
> I use dnsmasq as a feature of TomatoUSB 1.28 VPN.
>
> Now I have three samba servers behind the TomatoUSB-Router.
> Till now one of these samba servers was also the WINS Server.
>
> My Question: is it possible to configure dnsmasq so that dnsmasq
> itself is a WINS Server?
>
> kind reards, go4unkwn
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmasq with Gigantic hosts file

2012-01-10 Thread richardvo...@gmail.com 
On Tue, Jan 10, 2012 at 6:55 PM, Preston Crow  wrote:
> I'm running dnsmasq with a large hosts file, and it's taking about a minute
> to start up, which doesn't seem right.  Specifically, for the first minute
> while it is initializing, it does not respond to DNS requests.  If I attach
> to it with strace, I see it doing a sequence of 4K reads of the hosts file,
> and I can see it slowing down as it progresses.  After every 8 reads, there
> is one brk() syscall.
>
> I assume that the slow part is in processing the hosts that it's reading.
>

[snip]

>
> Any suggestions for how to fix this?

Small host file and use DBus to feed in all the other entries?

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Redundant setup with Dnsmasq

2011-12-23 Thread richardvo...@gmail.com 
2011/12/22 Markus Schöpflin :
> Am 22.12.2011 19:58, schrieb
> richardvo...@gmail.com:
>
> [...]
>
>> See the dhcp-script and leasefile-ro options.
>
> Duh, I completely missed that option when reading the man page. This
> looks like it would enable two servers to be working in parallel.

It doesn't really help with load-balancing, because dnsmasq still
keeps the list in memory and only uses the script to read the database
during startup.  But for a cold-spare scenario (the backup dnsmasq
process doesn't start until the primary fails) it should work well.

>
> Thanks,
> Markus
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Redundant setup with Dnsmasq

2011-12-22 Thread richardvo...@gmail.com 
On Thu, Dec 22, 2011 at 8:13 AM, Michael Rack
 wrote:
> Very easy.
>
> You need at least one virtual ip-address for your DNS- and DHCP-Server.
>
> So lets say you have a Class-C Network 10.0.0.0/24
>
>     * Primary DNS / DHCP    10.0.0.251
>     * Secondary DNS / DHCP  10.0.0.252
>
> Now, you add a virtual IP to your primary DNS - lets say
>
>     * Virtual-IP            10.0.0.250
>
>  From Secondary you create a Bash-Script that do the following:
>
>     * Check the Server-Status by ping the virtual ip-address
>     * when the ping has failed:
>        * add the virtual ip-address to your network-configuration
>        * start dnsmasq
>
> To sync the DHCP-Leases to the secondary server, you need to create a
> ssh-key (ssh-keygen) to copy the lease-file without knowing the ssh-passord.
>
> scp 10.0.0.251:/var/dhcp/dnsmasq.leases /var/dhcp/dnsmasq.leases

Please note that by default, automatic DNS registrations and the list
of existing DHCP leases are going to be lost during failover.

Copying the dnsmasq.leases file with cron creates a race condition as
it is not synchronized with dnsmasq updating the file.  I would
recommend using a external database to store the leases with support
for atomic updates instead  of letting dnsmasq put them in
/var/*/dnsmasq.leases.

See the dhcp-script and leasefile-ro options.



>
> do this every minute via a crontab.
>
> So, thats it.
>
>
> Liebe Grüße aus Freilassing,
>
> Michael Rack
> RSM Freilassing
> --
> RSM Freilassing                 Tel.: +49 8654 607110
> Nocksteinstr. 13                Fax.: +49 8654 670438
> D-83395 Freilassing            www.rsm-freilassing.de
>
>
> Am 22.12.2011 14:16, schrieb Markus Schöpflin:
>> Hello,
>>
>> up to now I have been using Dnsmasq with great success in a medium sized 
>> setup
>> as a DNS/DHCP/TFTP server in a private test bed. It currently serves a few
>> hundred clients (mostly servers and networking equipment) in four different 
>> LANs.
>>
>> A few of the clients have statically configured IP addresses but most are
>> using DHCP with automatic DNS registration.
>>
>> Now I'm faced with the need to create a fault tolerant setup for DHCP and 
>> DNS.
>> I need at least some kind of backup service for DHCP and DNS which takes over
>> automatically as soon as the primary server fails. Is this kind of setup
>> supported somehow with Dnsmasq? Or should I be looking into migrating to the
>> ISC DHCP server and the Bind DNS server for this?
>>
>> Regards,
>> Markus
>>
>>
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Some clients get wrong IP

2011-12-20 Thread richardvo...@gmail.com 
Check your log, see if the camera is reporting a wrong MAC, different
client-id, different vendor class, or something like that.

Or possibly the camera's bootloader is remembering its old address
(gotten before you configured your hosts file) and requesting a
renewal.  Again, the log would show a renewal request.

On Tue, Dec 20, 2011 at 10:21 AM, Claes Parflo  wrote:
> Hello,
>
> I allocate IPs from hosts file. All goes well for D-Link IP cams,
> but TRENDnet IP cams get random DHCP IPs instead of MAC address bound
> addresses. This is resolved only by entering respective cam and issuing
> reboot. After reboot the correct IP is received, not via power-off/on.
>
> I have emptied /var/lib/misc/dnsmasq.leases before adding cam's and
> sent SIGHUP before powering on cam's.
>
> Allocated IPs by dnsmasq after cold boot:
> root@debian:/# cat /var/lib/misc/dnsmasq.leases
> 1324397450 f0:7d:68:08:f2:59 192.168.5.163 D-Link930L 01:f0:7d:68:08:f2:59
> 1324397424 f0:7d:68:02:fb:d2 192.168.5.162 D-Link930 01:f0:7d:68:02:fb:d2
> 1324397377 00:14:d1:f0:a6:d0 192.168.5.116 TV-IP110W 01:00:14:d1:f0:a6:d0
> 1324397377 00:14:d1:f1:2b:89 192.168.5.143 TV-IP312W 01:00:14:d1:f1:2b:89
>
> Hosts file /home/config/macaddr
> root@debian:/home/config# cat macaddr
> 00:14:D1:F1:2B:89,TV-IP312W,192.168.5.160,20m
> 00:14:D1:F0:A6:D0,TV-IP110W,192.168.5.161,20m
> F0:7D:68:02:FB:D2,D-Link930,192.168.5.162,20m
> F0:7D:68:08:F2:59,D-Link930L,192.168.5.163,20m
>
> Configuration: /etc/dnsmasq.conf
> interface=br0
> expand-hosts
> domain=my.home
> dhcp-range=192.168.5.50,192.168.5.150,20m
> dhcp-hostsfile=/home/config/macaddr
> dhcp-lease-max=30
> dhcp-authoritative
>
> Have anyone seen this behavior before, is the cam's at fault?
>
>
> Regards,
>
> Classee
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>

Re: [Dnsmasq-discuss] DNSMASQ Logging and

2011-11-13 Thread richardvo...@gmail.com 
On Sat, Nov 12, 2011 at 3:49 PM,   wrote:
> I am a user of DNSMASQ that has it installed on a Puppy Linux distro.The
> Puppy distro starts normally, acquiring a DHCP address automatically from an
> upstream router.
>
> DNSMASQ is installed via the Puppy distro's package manager. There are no
> broken issues with DNSMASQ. To start DNSMASQ, there is NO configuration file
> present or used to start the DNSMASQ server. The server supports Netbooting

Even if there's no configuration file per se, there's a startup script
which passes configuration options on dnsmasq's command line.  You
should look there for the log configuration.



> other PCs on the LAN.
>
> First
> I understand that DNSMASQ can log using dnsmasq's "log directly to a file"
> feature, or logging via a syslog daemon. So my very first question is
> Can I have DNSMASQ tell me where its logging and if so, how?
> Note/Hint: (When the "Netboot server " is stated from the Menu, it ask
> whether I want a normal start,  which means no desktop status window or do I
> want a "debug" start, which means open a status progress window showing
> PXE/TFTP progresses.)
>
> Next
> Netbooting (PXE) is working perfectly. The clients request service, obtain
> service, use service to load, and detach from the PXE service properly. On
> the server, when status window is open, the events are logged in the screen.
> But, there is no time associated with the  events.
> Is there a feature or command or edit I can use to set timestamps the events
> captured in the log?
>
> This is a fantastic product, even though, for now, we are ONLY using a
> "very" minimal portion of its ability.
>
> If you want a description of how it is used in Puppy, see here ===>
> http://www.muhttp://www.murga-linux.com/puppy/viewtopic.php?search_id=1623147121&t=64107rga-linux.com/puppy/viewtopic.php?search_id=1623147121&t=64107
>
> Thanks in advance for any help
> __
> G.C. Martin
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>

  1   2   3   4   5   >