subject:"\[Dnsmasq\-discuss\] dnsmasq\: \/#\/ and error \"config error is REFUSED \(EDE\: not ready\)“"

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

2023-11-28 Thread Petr Menšík

It seems to me the second example does not have specified any normal 
servers. Or better, you expect /#/ has special meaning, but I have found 
only server=/example/# to have documented special meaning. New version 
do not recognize /#/ a special value anymore. I think that has changed 
with 2.86 release.


Only --address=/#/ special handling were documented, at least in RHEL9 
2.85 version. I think Simon considered its usage in --server as an 
implementation error and that why it is not working anymore. Or better, 
it has no special meaning anymore.


Few comments below.

On 9/26/23 10:28, Yann ILAS wrote:

Ok

With that config file :

> listen-address=127.0.0.1
> bind-interfaces
> server=8.8.8.8
> server=/svc.cluster.local/10.96.0.10 
> cache-size=500

# dig @127.0.0.1  perdu.com  A +short
172.67.133.176
104.21.5.178

Output from the dnsmasq server :

| # dnsmasq --no-daemon --log-queries --log-debug
| dnsmasq: started, version 2.89 cachesize 500
| dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n 
IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash 
DNSSEC loop-detect inotify dumpfile

| dnsmasq: using nameserver 8.8.8.8#53
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: reading /etc/resolv.conf
| dnsmasq: using nameserver 8.8.8.8#53
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: ignoring nameserver 127.0.0.1 - local interface
| dnsmasq: read /etc/hosts - 7 names
|
| dnsmasq: query[A] perdu.com  from 127.0.0.1
| dnsmasq: forwarded perdu.com  to 8.8.8.8
| dnsmasq: reply perdu.com  is 172.67.133.176
| dnsmasq: reply perdu.com  is 104.21.5.178


That seems okay.


With that config file :

> listen-address=127.0.0.1
> bind-interfaces
> server=/#/9.9.9.9 
> server=/svc.cluster.local/10.96.0.10 
> cache-size=500
And what server=/#/ is supposed to mean here? I think you can use 
instead server=/./9.9.9.9, but I fail to see to use that syntax here. I 
haven't found in man dnsmasq what is should do. I think it used to work 
as a replacement for /./, because that was not accepted before. I would 
say that is corner case.


| root@bookworm:/tmp# dig @127.0.0.1  perdu.com 
 A +short

| root@bookworm:/tmp#

Output from the dnsmasq server :

| root@bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
| dnsmasq: started, version 2.89 cachesize 500
| dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n 
IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash 
DNSSEC loop-detect inotify dumpfile

| dnsmasq: using nameserver 9.9.9.9#53 for domain #
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: reading /etc/resolv.conf
| dnsmasq: using nameserver 9.9.9.9#53 for domain #
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: ignoring nameserver 127.0.0.1 - local interface
| dnsmasq: read /etc/hosts - 7 names
|
| dnsmasq: query[A] perdu.com  from 127.0.0.1
| dnsmasq: config error is REFUSED (EDE: not ready)

With that last config file, the output of dnsmasq (version `2.85`) 
mentions the default nameserver which will be used => `using 
nameserver 9.9.9.9#53 for default` :
Yes, that makes server=/#/ is now server=/./. server=/#/ has no special 
meaning and this means now simply only "#" domain is redirected to 
9.9.9.9. Try dig "test.#" @localhost.


| root@debian11:~# dnsmasq --no-daemon --log-queries --log-debug
| dnsmasq: started, version 2.85 cachesize 500
| dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n 
IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC 
loop-detect inotify dumpfile

| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: using nameserver 9.9.9.9#53 for default
| dnsmasq: reading /etc/resolv.conf
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: using nameserver 9.9.9.9#53 for default
| dnsmasq: ignoring nameserver 127.0.0.1 - local interface
| dnsmasq: read /etc/hosts - 6 addresses



Le ven. 15 sept. 2023 à 22:28, Geert Stappers  a 
écrit :


On Tue, Sep 12, 2023 at 09:15:04PM +0200, Yann ILAS wrote:
> Le mar. 12 sept. 2023 à 18:56, Geert Stappers a écrit :
> > On Mon, Sep 11, 2023 at 01:58:07PM +0200, Yann ILAS wrote:
> > > Hi !
> >
> > Hello,
> >
> >
> > > I get an issue with version 2.89 of dnsmasq, on Debian 12.
There seems to
> > > be a regression. I did see the changelog
> > >  for version
2.87, which
> > > states that the /#/ bug has been fixed... but I don't see it
with version
> > > 2.89 (the last version installed on Debian). The /#/ in the
config file
> > > seems still to be an issue

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

2023-11-28 Thread Yann ILAS

Hello,

How can we move forward on what appears to be a regression ?

Thanks


Le mar. 26 sept. 2023 à 10:28, Yann ILAS  a écrit :

> Ok
>
> With that config file :
>
> > listen-address=127.0.0.1
> > bind-interfaces
> > server=8.8.8.8
> > server=/svc.cluster.local/10.96.0.10
> > cache-size=500
>
> # dig @127.0.0.1 perdu.com A +short
> 172.67.133.176
> 104.21.5.178
>
> Output from the dnsmasq server :
>
> | # dnsmasq --no-daemon --log-queries --log-debug
> | dnsmasq: started, version 2.89 cachesize 500
> | dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2
> DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
> loop-detect inotify dumpfile
> | dnsmasq: using nameserver 8.8.8.8#53
> | dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> | dnsmasq: reading /etc/resolv.conf
> | dnsmasq: using nameserver 8.8.8.8#53
> | dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> | dnsmasq: ignoring nameserver 127.0.0.1 - local interface
> | dnsmasq: read /etc/hosts - 7 names
> |
> | dnsmasq: query[A] perdu.com from 127.0.0.1
> | dnsmasq: forwarded perdu.com to 8.8.8.8
> | dnsmasq: reply perdu.com is 172.67.133.176
> | dnsmasq: reply perdu.com is 104.21.5.178
>
>
> With that config file :
>
> > listen-address=127.0.0.1
> > bind-interfaces
> > server=/#/9.9.9.9
> > server=/svc.cluster.local/10.96.0.10
> > cache-size=500
>
> | root@bookworm:/tmp# dig @127.0.0.1 perdu.com A +short
> | root@bookworm:/tmp#
>
> Output from the dnsmasq server :
>
> | root@bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
> | dnsmasq: started, version 2.89 cachesize 500
> | dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2
> DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
> loop-detect inotify dumpfile
> | dnsmasq: using nameserver 9.9.9.9#53 for domain #
> | dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> | dnsmasq: reading /etc/resolv.conf
> | dnsmasq: using nameserver 9.9.9.9#53 for domain #
> | dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> | dnsmasq: ignoring nameserver 127.0.0.1 - local interface
> | dnsmasq: read /etc/hosts - 7 names
> |
> | dnsmasq: query[A] perdu.com from 127.0.0.1
> | dnsmasq: config error is REFUSED (EDE: not ready)
>
> With that last config file, the output of dnsmasq (version `2.85`)
> mentions the default nameserver which will be used => `using nameserver
> 9.9.9.9#53 for default` :
>
> | root@debian11:~# dnsmasq --no-daemon --log-queries --log-debug
> | dnsmasq: started, version 2.85 cachesize 500
> | dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2
> DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect
> inotify dumpfile
> | dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> | dnsmasq: using nameserver 9.9.9.9#53 for default
> | dnsmasq: reading /etc/resolv.conf
> | dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> | dnsmasq: using nameserver 9.9.9.9#53 for default
> | dnsmasq: ignoring nameserver 127.0.0.1 - local interface
> | dnsmasq: read /etc/hosts - 6 addresses
>
>
>
> Le ven. 15 sept. 2023 à 22:28, Geert Stappers  a
> écrit :
>
>> On Tue, Sep 12, 2023 at 09:15:04PM +0200, Yann ILAS wrote:
>> > Le mar. 12 sept. 2023 à 18:56, Geert Stappers a écrit :
>> > > On Mon, Sep 11, 2023 at 01:58:07PM +0200, Yann ILAS wrote:
>> > > > Hi !
>> > >
>> > > Hello,
>> > >
>> > >
>> > > > I get an issue with version 2.89 of dnsmasq, on Debian 12. There
>> seems to
>> > > > be a regression. I did see the changelog
>> > > >  for version 2.87,
>> which
>> > > > states that the /#/ bug has been fixed... but I don't see it with
>> version
>> > > > 2.89 (the last version installed on Debian). The /#/ in the config
>> file
>> > > > seems still to be an issue.
>> > > >
>> > > > listen-address=127.0.0.1
>> > > > bind-interfaces
>> > > > server=/#/8.8.8.8
>> > > > server=/svc.cluster.local/10.96.0.10
>> > > > cache-size=500
>> > > >
>> > >
>> > > And with
>> > >
>> > >  listen-address=127.0.0.1
>> > >  bind-interfaces
>> > >  server=9.9.9.9
>> > >  server=/svc.cluster.local/10.96.0.10
>> > >  cache-size=500
>> > >
>> > > ?   (Yes, that are two changes!)
>> > >
>> > Hi,
>> >
>> > From the client :
>> > root@bookworm:~# dig @127.0.0.1 perdu.com A +short
>> > 172.67.133.176
>> > 104.21.5.178
>> >
>> > Log from the daemon :
>> > root@bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
>> > dnsmasq: started, version 2.89 cachesize 500
>> > dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2
>> DHCP
>> > DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
>> > loop-detect inotify dumpfile
>> > dnsmasq: using nameserver 9.9.9.9#53
>> > dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
>> > dnsmasq: reading /etc/resolv.conf
>> > dnsmasq: using nameserver 9.9.9.9#53
>> > dnsmasq: using nameserv

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

2023-09-26 Thread Yann ILAS

Ok

With that config file :

> listen-address=127.0.0.1
> bind-interfaces
> server=8.8.8.8
> server=/svc.cluster.local/10.96.0.10
> cache-size=500

# dig @127.0.0.1 perdu.com A +short
172.67.133.176
104.21.5.178

Output from the dnsmasq server :

| # dnsmasq --no-daemon --log-queries --log-debug
| dnsmasq: started, version 2.89 cachesize 500
| dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2
DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
loop-detect inotify dumpfile
| dnsmasq: using nameserver 8.8.8.8#53
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: reading /etc/resolv.conf
| dnsmasq: using nameserver 8.8.8.8#53
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: ignoring nameserver 127.0.0.1 - local interface
| dnsmasq: read /etc/hosts - 7 names
|
| dnsmasq: query[A] perdu.com from 127.0.0.1
| dnsmasq: forwarded perdu.com to 8.8.8.8
| dnsmasq: reply perdu.com is 172.67.133.176
| dnsmasq: reply perdu.com is 104.21.5.178


With that config file :

> listen-address=127.0.0.1
> bind-interfaces
> server=/#/9.9.9.9
> server=/svc.cluster.local/10.96.0.10
> cache-size=500

| root@bookworm:/tmp# dig @127.0.0.1 perdu.com A +short
| root@bookworm:/tmp#

Output from the dnsmasq server :

| root@bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
| dnsmasq: started, version 2.89 cachesize 500
| dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2
DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
loop-detect inotify dumpfile
| dnsmasq: using nameserver 9.9.9.9#53 for domain #
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: reading /etc/resolv.conf
| dnsmasq: using nameserver 9.9.9.9#53 for domain #
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: ignoring nameserver 127.0.0.1 - local interface
| dnsmasq: read /etc/hosts - 7 names
|
| dnsmasq: query[A] perdu.com from 127.0.0.1
| dnsmasq: config error is REFUSED (EDE: not ready)

With that last config file, the output of dnsmasq (version `2.85`) mentions
the default nameserver which will be used => `using nameserver 9.9.9.9#53
for default` :

| root@debian11:~# dnsmasq --no-daemon --log-queries --log-debug
| dnsmasq: started, version 2.85 cachesize 500
| dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2
DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect
inotify dumpfile
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: using nameserver 9.9.9.9#53 for default
| dnsmasq: reading /etc/resolv.conf
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: using nameserver 9.9.9.9#53 for default
| dnsmasq: ignoring nameserver 127.0.0.1 - local interface
| dnsmasq: read /etc/hosts - 6 addresses



Le ven. 15 sept. 2023 à 22:28, Geert Stappers  a
écrit :

> On Tue, Sep 12, 2023 at 09:15:04PM +0200, Yann ILAS wrote:
> > Le mar. 12 sept. 2023 à 18:56, Geert Stappers a écrit :
> > > On Mon, Sep 11, 2023 at 01:58:07PM +0200, Yann ILAS wrote:
> > > > Hi !
> > >
> > > Hello,
> > >
> > >
> > > > I get an issue with version 2.89 of dnsmasq, on Debian 12. There
> seems to
> > > > be a regression. I did see the changelog
> > > >  for version 2.87,
> which
> > > > states that the /#/ bug has been fixed... but I don't see it with
> version
> > > > 2.89 (the last version installed on Debian). The /#/ in the config
> file
> > > > seems still to be an issue.
> > > >
> > > > listen-address=127.0.0.1
> > > > bind-interfaces
> > > > server=/#/8.8.8.8
> > > > server=/svc.cluster.local/10.96.0.10
> > > > cache-size=500
> > > >
> > >
> > > And with
> > >
> > >  listen-address=127.0.0.1
> > >  bind-interfaces
> > >  server=9.9.9.9
> > >  server=/svc.cluster.local/10.96.0.10
> > >  cache-size=500
> > >
> > > ?   (Yes, that are two changes!)
> > >
> > Hi,
> >
> > From the client :
> > root@bookworm:~# dig @127.0.0.1 perdu.com A +short
> > 172.67.133.176
> > 104.21.5.178
> >
> > Log from the daemon :
> > root@bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
> > dnsmasq: started, version 2.89 cachesize 500
> > dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2
> DHCP
> > DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
> > loop-detect inotify dumpfile
> > dnsmasq: using nameserver 9.9.9.9#53
> > dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> > dnsmasq: reading /etc/resolv.conf
> > dnsmasq: using nameserver 9.9.9.9#53
> > dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> > dnsmasq: ignoring nameserver 127.0.0.1 - local interface
> > dnsmasq: read /etc/hosts - 7 names
> > dnsmasq: query[A] perdu.com from 127.0.0.1
> > dnsmasq: forwarded perdu.com to 9.9.9.9
> > dnsmasq: reply perdu.com is 172.67.133.176
> > dnsmasq: reply perdu.com is 104.21.5.178
>
> Okay, tha

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

2023-09-15 Thread Geert Stappers

On Tue, Sep 12, 2023 at 09:15:04PM +0200, Yann ILAS wrote:
> Le mar. 12 sept. 2023 à 18:56, Geert Stappers a écrit :
> > On Mon, Sep 11, 2023 at 01:58:07PM +0200, Yann ILAS wrote:
> > > Hi !
> >
> > Hello,
> >
> >
> > > I get an issue with version 2.89 of dnsmasq, on Debian 12. There seems to
> > > be a regression. I did see the changelog
> > >  for version 2.87, which
> > > states that the /#/ bug has been fixed... but I don't see it with version
> > > 2.89 (the last version installed on Debian). The /#/ in the config file
> > > seems still to be an issue.
> > >
> > > listen-address=127.0.0.1
> > > bind-interfaces
> > > server=/#/8.8.8.8
> > > server=/svc.cluster.local/10.96.0.10
> > > cache-size=500
> > >
> >
> > And with
> >
> >  listen-address=127.0.0.1
> >  bind-interfaces
> >  server=9.9.9.9
> >  server=/svc.cluster.local/10.96.0.10
> >  cache-size=500
> >
> > ?   (Yes, that are two changes!)
> >
> Hi,
> 
> From the client :
> root@bookworm:~# dig @127.0.0.1 perdu.com A +short
> 172.67.133.176
> 104.21.5.178
> 
> Log from the daemon :
> root@bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
> dnsmasq: started, version 2.89 cachesize 500
> dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP
> DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
> loop-detect inotify dumpfile
> dnsmasq: using nameserver 9.9.9.9#53
> dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> dnsmasq: reading /etc/resolv.conf
> dnsmasq: using nameserver 9.9.9.9#53
> dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> dnsmasq: ignoring nameserver 127.0.0.1 - local interface
> dnsmasq: read /etc/hosts - 7 names
> dnsmasq: query[A] perdu.com from 127.0.0.1
> dnsmasq: forwarded perdu.com to 9.9.9.9
> dnsmasq: reply perdu.com is 172.67.133.176
> dnsmasq: reply perdu.com is 104.21.5.178

Okay, that looks fine.  Now test the two changes separately.
I refer to the above "Yes, that are two changes!"


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

2023-09-12 Thread Yann ILAS

Hello,

I just tried with older versions of dnsmasq. Here is the procedure I'm
using for the test :
- git clone of the project
- for each version, I started the daemon like that : "./src/dnsmasq
--no-daemon --log-queries --log-debug" then I try to resolve a name.

The config file I'm using :

listen-address=127.0.0.1
bind-interfaces
server=/#/8.8.8.8
server=/svc.cluster.local/10.96.0.10
cache-size=500

That config works fine for the version 2.85 but not the 2.86 and later.

Another precision : here is the content of /etc/resolv.conf
nameserver 127.0.0.1

With the version 2.85, the address 127.0.0.1 found in /etc/resolv.conf is
ignored :

dnsmasq: started, version 2.85 cachesize 500
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n
no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-cryptohash
no-DNSSEC loop-detect inotify dumpfile
dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
dnsmasq: using nameserver 8.8.8.8#53 for default
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
dnsmasq: using nameserver 8.8.8.8#53 for default
dnsmasq: ignoring nameserver 127.0.0.1 - local interface
dnsmasq: read /etc/hosts - 5 addresses
dnsmasq: query[A] perdu.com from 127.0.0.1
dnsmasq: forwarded perdu.com to 8.8.8.8
dnsmasq: reply perdu.com is 104.21.5.178
dnsmasq: reply perdu.com is 172.67.133.176

but the /#/8.8.8.8 is taken into consideration, as seen in line "dnsmasq:
using nameserver 8.8.8.8#53 for default".


However, the version 2.86 ignore the nameserver 127.0.0.1 but tries despite
everything to forward the request to 127.0.0.1 (the same 127.0.0.1 as found
in /etc/resolv.conf, AFAIS) :

dnsmasq: started, version 2.86 cachesize 500
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n
no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-cryptohash
no-DNSSEC loop-detect inotify dumpfile
dnsmasq: using nameserver 8.8.8.8#53 for domain #
dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 8.8.8.8#53 for domain #
dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
dnsmasq: ignoring nameserver 127.0.0.1 - local interface
dnsmasq: read /etc/hosts - 5 addresses
dnsmasq: query[A] perdu.com from 127.0.0.1
dnsmasq: config error is REFUSED (EDE: not ready)



Le mar. 12 sept. 2023 à 21:15, Yann ILAS  a écrit :

> Hi,
>
> From the client :
> root@bookworm:~# dig @127.0.0.1 perdu.com A +short
> 172.67.133.176
> 104.21.5.178
>
> Log from the daemon :
> root@bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
> dnsmasq: started, version 2.89 cachesize 500
> dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP
> DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
> loop-detect inotify dumpfile
> dnsmasq: using nameserver 9.9.9.9#53
> dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> dnsmasq: reading /etc/resolv.conf
> dnsmasq: using nameserver 9.9.9.9#53
> dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> dnsmasq: ignoring nameserver 127.0.0.1 - local interface
> dnsmasq: read /etc/hosts - 7 names
> dnsmasq: query[A] perdu.com from 127.0.0.1
> dnsmasq: forwarded perdu.com to 9.9.9.9
> dnsmasq: reply perdu.com is 172.67.133.176
> dnsmasq: reply perdu.com is 104.21.5.178
>
>
>
> Le mar. 12 sept. 2023 à 18:56, Geert Stappers  a
> écrit :
>
>> On Mon, Sep 11, 2023 at 01:58:07PM +0200, Yann ILAS wrote:
>> > Hi !
>>
>> Hello,
>>
>>
>> > I get an issue with version 2.89 of dnsmasq, on Debian 12. There seems
>> to
>> > be a regression. I did see the changelog
>> >  for version 2.87, which
>> > states that the /#/ bug has been fixed... but I don't see it with
>> version
>> > 2.89 (the last version installed on Debian). The /#/ in the config file
>> > seems still to be an issue.
>> >
>> > listen-address=127.0.0.1
>> > bind-interfaces
>> > server=/#/8.8.8.8
>> > server=/svc.cluster.local/10.96.0.10
>> > cache-size=500
>> >
>>
>> And with
>>
>>  listen-address=127.0.0.1
>>  bind-interfaces
>>  server=9.9.9.9
>>  server=/svc.cluster.local/10.96.0.10
>>  cache-size=500
>>
>> ?   (Yes, that are two changes!)
>>
>>
>> Groeten
>> Geert Stappers
>> --
>> Silence is hard to parse
>>
>> ___
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

2023-09-12 Thread Yann ILAS

Hi,

>From the client :
root@bookworm:~# dig @127.0.0.1 perdu.com A +short
172.67.133.176
104.21.5.178

Log from the daemon :
root@bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
dnsmasq: started, version 2.89 cachesize 500
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP
DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
loop-detect inotify dumpfile
dnsmasq: using nameserver 9.9.9.9#53
dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 9.9.9.9#53
dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
dnsmasq: ignoring nameserver 127.0.0.1 - local interface
dnsmasq: read /etc/hosts - 7 names
dnsmasq: query[A] perdu.com from 127.0.0.1
dnsmasq: forwarded perdu.com to 9.9.9.9
dnsmasq: reply perdu.com is 172.67.133.176
dnsmasq: reply perdu.com is 104.21.5.178



Le mar. 12 sept. 2023 à 18:56, Geert Stappers  a
écrit :

> On Mon, Sep 11, 2023 at 01:58:07PM +0200, Yann ILAS wrote:
> > Hi !
>
> Hello,
>
>
> > I get an issue with version 2.89 of dnsmasq, on Debian 12. There seems to
> > be a regression. I did see the changelog
> >  for version 2.87, which
> > states that the /#/ bug has been fixed... but I don't see it with version
> > 2.89 (the last version installed on Debian). The /#/ in the config file
> > seems still to be an issue.
> >
> > listen-address=127.0.0.1
> > bind-interfaces
> > server=/#/8.8.8.8
> > server=/svc.cluster.local/10.96.0.10
> > cache-size=500
> >
>
> And with
>
>  listen-address=127.0.0.1
>  bind-interfaces
>  server=9.9.9.9
>  server=/svc.cluster.local/10.96.0.10
>  cache-size=500
>
> ?   (Yes, that are two changes!)
>
>
> Groeten
> Geert Stappers
> --
> Silence is hard to parse
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

2023-09-12 Thread Geert Stappers

On Mon, Sep 11, 2023 at 01:58:07PM +0200, Yann ILAS wrote:
> Hi !

Hello,

 
> I get an issue with version 2.89 of dnsmasq, on Debian 12. There seems to
> be a regression. I did see the changelog
>  for version 2.87, which
> states that the /#/ bug has been fixed... but I don't see it with version
> 2.89 (the last version installed on Debian). The /#/ in the config file
> seems still to be an issue.
> 
> listen-address=127.0.0.1
> bind-interfaces
> server=/#/8.8.8.8
> server=/svc.cluster.local/10.96.0.10
> cache-size=500
> 

And with

 listen-address=127.0.0.1
 bind-interfaces
 server=9.9.9.9
 server=/svc.cluster.local/10.96.0.10
 cache-size=500

?   (Yes, that are two changes!)


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

2023-09-11 Thread Yann ILAS

Hi !

I get an issue with version 2.89 of dnsmasq, on Debian 12. There seems to
be a regression. I did see the changelog
 for version 2.87, which
states that the /#/ bug has been fixed... but I don't see it with version
2.89 (the last version installed on Debian). The /#/ in the config file
seems still to be an issue.

With the dnsmasq version 2.89, the default nameserver is not configured
(which is not the case for the version 2.85)

Here are the tests I made ⤵️

>From both linux servers (debian 11 and 12), I use that config file :

listen-address=127.0.0.1

bind-interfaces

server=/#/8.8.8.8

server=/svc.cluster.local/10.96.0.10

cache-size=500



*From the Debian 11 VM*

*root@debian11*:*~*# dnsmasq --version

Dnsmasq version 2.85  Copyright (c) 2000-2021 Simon Kelley

Compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6
no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify
dumpfile


This software comes with ABSOLUTELY NO WARRANTY.

Dnsmasq is free software, and you are welcome to redistribute it

under the terms of the GNU General Public License, version 2 or 3.

*Request* :

*vagrant@debian11*:*~*$ dig @127.0.0.1 perdu.com


; <<>> DiG 9.16.37-Debian <<>> @127.0.0.1 perdu.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60505

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;perdu.com. IN A


;; ANSWER SECTION:

perdu.com. 300 IN A 104.21.5.178

perdu.com. 300 IN A 172.67.133.176


;; Query time: 20 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Thu Sep 07 15:12:10 UTC 2023

;; MSG SIZE  rcvd: 70


*From the server side* :

*root@debian11*:*~*# dnsmasq --no-daemon --log-queries --log-debug

dnsmasq: started, version 2.85 cachesize 500

dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP
DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect
inotify dumpfile

dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local

dnsmasq: using nameserver 8.8.8.8#53 for default

dnsmasq: reading /etc/resolv.conf

dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local

dnsmasq: using nameserver 8.8.8.8#53 for default

dnsmasq: using nameserver 4.2.2.1#53

dnsmasq: using nameserver 4.2.2.2#53

dnsmasq: using nameserver 208.67.220.220#53

dnsmasq: read /etc/hosts - 6 addresses





dnsmasq: query[A] perdu.com from 127.0.0.1

dnsmasq: forwarded perdu.com to 8.8.8.8

dnsmasq: reply perdu.com is 104.21.5.178

dnsmasq: reply perdu.com is 172.67.133.176






*From the Debian 12 VM*

root@bookworm:~# dnsmasq --version

Dnsmasq version 2.89  Copyright (c) 2000-2022 Simon Kelley

Compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6
no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC loop-detect
inotify dumpfile


This software comes with ABSOLUTELY NO WARRANTY.

Dnsmasq is free software, and you are welcome to redistribute it

under the terms of the GNU General Public License, version 2 or 3.

*Request* :

root@bookworm:~# dig @127.0.0.1 perdu.com


; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> @127.0.0.1 perdu.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 24503

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

; EDE: 14 (Not Ready)

;; QUESTION SECTION:

;perdu.com. IN A


;; Query time: 4 msec

;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)

;; WHEN: Thu Sep 07 15:01:42 UTC 2023

;; MSG SIZE  rcvd: 44

*From the server side* :

root@bookworm:~# dnsmasq --no-daemon --log-queries --log-debug

dnsmasq: started, version 2.89 cachesize 500

dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP
DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
loop-detect inotify dumpfile

dnsmasq: using nameserver 8.8.8.8#53 for domain #

dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local

dnsmasq: reading /etc/resolv.conf

dnsmasq: using nameserver 8.8.8.8#53 for domain #

dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local

dnsmasq: ignoring nameserver 127.0.0.1 - local interface

dnsmasq: read /etc/hosts - 7 names


dnsmasq: query[A] perdu.com from 127.0.0.1

dnsmasq: config error is REFUSED (EDE: not ready)
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

[Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

8 matches

Site Navigation

Mail list logo

Footer information