Re: [Dnsmasq-discuss] Show host names in dnsmasq's log

Hey Michael and Simon, Thanks. I already have added a cache lookup myself using dnsmasq's cache_find_by_addr(). However, this is unsuitable for getting the host names of the forward servers or if you are not the DHCP server. How could I trigger a PTR request from within dnsmasq? This will add the

Re: [Dnsmasq-discuss] --synth-domain enhancement

On 16.02.2018 16:01, Simon Kelley wrote: > To clarify, the serial numbers in > the names correspond to the addresses in the range supplied. If you use > a subnet to specify the range, for instance 192.168.202.0/24, then yes > dyn-1 will be 192.168.202.0, but if you use start,end to specify the > ra

Re: [Dnsmasq-discuss] dnsmasq + Cloudflare's DoH service + netflix = stalled

Hey Simon, I hope you have also seen my other mail (providing some more details about the TCP issue). It' actually likely that the debugger test was with "-d" to prevent dnsmasq from forking. Would running it with "-k" be better in the debugger? The main concern is that dnsmasq even hangs when in

[Dnsmasq-discuss] [PATCH] Remove upper limit of 10, 000 for cache size

From c3fdb31d68d80e08679524ebe02113fe1f11b0b2 Mon Sep 17 00:00:00 2001 From: Dominik Derigs Date: Tue, 8 May 2018 18:44:41 +0200 Subject: [PATCH] Remove upper limit of 10,000 for cache size. We should allow  users to set any (maximum) cache size they like to set. Even embedded devices  usually shi

Re: [Dnsmasq-discuss] Remove upper limit of 10,000 for cache size

Dear Geert and mailinglist members, > Thing I wonder about is how the cache size clipping was discovered. I recently sent a SIGUSR1 to our dnsmasq because a user said that some queries have continuously been answered NXDOMAIN although they shouldn't. As they have been answered within less than a m

Re: [Dnsmasq-discuss] [PATCH] Remove upper limit of 10, 000 for cache size

[PATCH] Remove upper limit of 10,000 for cache size Signed-off-by: Dominik Derigs ---  src/option.c | 2 --  1 file changed, 2 deletions(-) diff --git a/src/option.c b/src/option.c index 65df93a..180517a 100644 --- a/src/option.c +++ b/src/option.c @@ -2589,8 +2589,6 @@ static int one_opt(int opt

Re: [Dnsmasq-discuss] upstream server selection algorithm - bug?

Dear Kevin, > Obviously it has to at least try the others occasionally to check it’s made > the correct choice. But I’m seeing dnsmasq make the same request to *ALL* > servers quite frequently and am curious as to why? dnsmasq is trying all servers quite frequently, either every 50 queries or

[Dnsmasq-discuss] Non-monotonic serial number in log-queries=extra

Dear Simon, I use "--log-queries=extra". I noticed that when sending queries over TCP, that the serial number (daemon->log_id) of the queries jump by 100, e.g. Jun 14 17:38:40 dnsmasq[30831]: 4 10.8.0.2/36989 query[A] google.de from 10.8.0.2 Jun 14 17:38:40 dnsmasq[30831]: 4 10.8.0.2/36989 forwar

[Dnsmasq-discuss] HOSTS not applied to cannonical names

Dear mailing list members, it appears like that dnsmasq does not check the cache for canonical names. Assume the following situation: I defined "127.0.0.1 lb2.pi-hole.io" in /etc/hosts If I query this domain directly, i.e. > $ dig lb2.pi-hole.net > > ;; ANSWER SECTION: > lb2.pi-hole.io.

[Dnsmasq-discuss] dig +trace failing

Dear list members, I expect "dig +trace" to show a trace of the delegation path from the root name servers for the name being looked up. This behavior is broken since commit 087eb76140725f8f1892ba6f251ea052d3440966

[Dnsmasq-discuss] Fwd: dig +trace failing

Hey Simon, On 19.09.2018 13:27, Simon Kelley wrote: > when rd is not set, never answer > from the cache, but always forward the query. That would allow dig > +trace to work. > > Does hat seem sensible? Yes, that seems useful. Best, Dominik ___ Dnsmas

Re: [Dnsmasq-discuss] Cannot look up disa.mil (dnssec related)

Hey all, it seems to be working fine for me with dnsmasq v2.80. I'm also running a local unbound instance which is why queries are getting forwarded to 127.0.0.1. $ dig disa.mil @127.0.0.1 +dnssec +short 156.112.108.76 A 8 2 7200 20181117145327 20181018145327 52983 disa.mil. dMS5WbQ5xJ0HuCBPZUkuo

[Dnsmasq-discuss] Logging of NXDOMAIN without SOA

Dear all, I observe that dnsmasq does not log the result of a query that was replied to with NXDOMAIN when the response does not include an SOA record. To my understanding, this is because, without an SOA record, no TTL is available and the logging event when adding a domain to the internal cache

[Dnsmasq-discuss] DNSSEC BOGUS still replied to with IP

Dear list members, to my understanding, dnsmasq should not return any valid records for BOGUS domains. However, using Cloudflare (1.1.1.1 / 1.0.0.1) as upstream, I see a domains being validated as BOGUS in the log, however, the A query still succeeds and the client receives valid IP addresses. I

Re: [Dnsmasq-discuss] DNSSEC BOGUS still replied to with IP

Hey Simon, I was assuming dnsmasq was sending the address to the client as it was able to resolve the page (as in able to access it). However, this could very well have been caused by the client sending out multiple queries and at least one of the were answered with IPs. This seems to be the e

[Dnsmasq-discuss] [PATCH] Remove redundant prototypes from dnsmasq.h

Dear Simon, the attached patch removes three redundant prototypes from dnsmasq.h. There is no functional change. Best regards, Dominik From c0b2ccfd20c4eec9d09468fdfe9b4ca8a8f8591e Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 10 Mar 2019 19:34:07 +0100 Subject: [PATCH] Remove redundant proto

Re: [Dnsmasq-discuss] DNSSEC Retry causes SEGFAULT

FYI: Shared the requested PCAP file directly with Simon as it contains sensitive information (browsing behavior). Best, Dominik On Mon, 2019-10-07 at 17:58 +0100, Simon Kelley wrote: > On 05/10/2019 11:22, Dominik wrote: > > Hey all, > > > > I'm reporting a bug on behold of another user that do

[Dnsmasq-discuss] [PATCH] DHCPv6 IAID should be of unsigned type

* outpacket.c:put_opt6_long(), its definition should reflect this to avoid inconsistencies. RFC3315 (section 22.4) confirms that the IAID is a 4 bytes long unsigned integer. Best, Dominik From 93490e98789bf91d86d46e96c643feea4a08e387 Mon Sep 17 00:00:00 2001 From: Dominik DL6ER Date: Sun, 20 Oct

[Dnsmasq-discuss] [PATCH] Add EDE status "no matching key found"

bated if this is intended. Following RFC 8914, Sec. 4.1, they can be included as EXTRA-TEXT for EDE code 0. This is not included in this patch but could be easily added in a follow-up. Best, Dominik From c7b5dc9c5dc16c9ea9aa6e76d4f49c842645e3e1 Mon Sep 17 00:00:00 2001 From: Dominik DL6ER Date: Sun

[Dnsmasq-discuss] [BUG] dnsmasq rewriting NXDOMAIN to NOERROR

Hey Simon, the current dnsmasq master version contains a bug rewriting all NXDOMAIN replies from upstream with NOERROR. The error has been introduced in commit d0ae3f5a4dc094e8fe2a3c607028c1c59f42f473 (see attached diff) and is ultimately caused by > lookup_domain(daemon->namebuff, F_CONFIG, NUL

Re: [Dnsmasq-discuss] [BUG] dnsmasq rewriting NXDOMAIN to NOERROR

On Mon, 2021-07-05 at 21:06 +0100, Simon Kelley wrote: > Nice catch, thanks. I believe that > df25f204ba822c9c00bc9372c85da58e9aff6e86 > should fix this. Looks good. We've started a Pi-hole beta testing round which uses the tip of dnsmasq's master branch. Hereby we will have many more users testin

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

Hey, On Fri, 2021-07-16 at 02:22 +0200, f...@gmx.de wrote: > If i ask dnsmasq BY ipv6, ALL A recorrd are returned (there is no ) man dnsmasq explicitly says: > localise-queries > Return answers to DNS queries from /etc/hosts and --interface-name > and --dynamic-host which depend on the i

Re: [Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

Hey, there is some confusion about IPv4/IPv6 addresses and A/ records here, so I'll clarify a bit: You can make any query (may it be A or ) over IPv4 or IPv6 and there will be no difference (when "localise-queries" is not used!). This is also the nomenclature used by the dnsmasq man page.

Re: [Dnsmasq-discuss] Dnsmasq replying with refuse without forwarding request to upstream server.

Hey Sunil, I encountered this situation only when dnsmasq didn't have any working upstream server it could forward your query to. Could you please 1. add "log-queries=extra" and "log-facility=/tmp/dnsmasq.log" to your configuration, 2. restart dnsmasq, 3. do the DNS query that ends up in REFUSED,

[Dnsmasq-discuss] [PATCH] Some upstream replies not being logged

g 27 10:35:53 dnsmasq[1497049]: 1 127.0.0.1/42014 reply > txt.dns.netmeister.org is Format: Best, Dominik From b84cf751e933ec7b0fb6113bc0e8a751e25a7178 Mon Sep 17 00:00:00 2001 From: Dominik DL6ER Date: Fri, 27 Aug 2021 10:28:09 +0200 Subject: [PATCH] Also log non-cacheable replies Signed-off-

Re: [Dnsmasq-discuss] [PATCH] Some upstream replies not being logged

On Fri, 2021-08-27 at 11:04 +0200, Dominik DL6ER wrote: > > The attached patch fixes this by ensuring we call log_query() also > for replies that do not enter the cache. I also moved the printing of > TXT records here so "log-queries=extra" works as expected for those, >

Re: [Dnsmasq-discuss] [PATCH 2] Some upstream replies not being logged

On Fri, 2021-08-27 at 14:39 +0200, Dominik DL6ER wrote: > Slightly simplified/optimized patch attached. This ensures replies > cannot be mistakenly logged as "cached" under certain circumstances > by hard-coding flags handed to log_query(). I missed non-cacheable PTR replies.

Re: [Dnsmasq-discuss] [PATCH 3] Some upstream replies not being logged

ve already found a more elegant way of handling logging. Best, Dominik From dc21d73e4c681fdfb805104191f8c87c31c19f8e Mon Sep 17 00:00:00 2001 From: Dominik DL6ER Date: Sun, 29 Aug 2021 15:28:55 +0200 Subject: [PATCH] Log non-cacheable replies where answer type != question type (commonly seen for A

Re: [Dnsmasq-discuss] Noob question

Hey all, [TL;DR: Check out the last paragraph] d Pi-hole, an free and open source ad-blocker, is based on dnsmasq. As blocking is at our hearth, we've done studies on which blocking "modes" would work the best in which situation. Our studies included serving fixed addresses (to a self-hosted page

Re: [Dnsmasq-discuss] [PATCH 3] Some upstream replies not being logged

;ll report back if anything odd comes up. Silence will be a good thing. Best, Dominik From 9f9e0ca1f0458d2bce3b3d364ded1694996cd465 Mon Sep 17 00:00:00 2001 From: Dominik DL6ER Date: Wed, 1 Sep 2021 13:37:55 +0200 Subject: [PATCH] Print "(DNSSEC signed)" for signed TXT records when log-queries=extr

Re: [Dnsmasq-discuss] Patch with option to filter A records

Hey Treysis, On Thu, 2021-09-02 at 22:18 +0200, Trey Sis wrote: > I would really love to have some feedback if you are missing some > detail. Your log_queries() call seems incorrect: > F_CONFIG | F_IPV6 | F_NEG will lead to > config is NODATA-IPv6 however, you obviously want > config is NO

[Dnsmasq-discuss] [PATCH] Add RFC 4833 DHCP timezone options

Hey Simon, this small patch adds the DHCP options "posix-timezone" and "tzdb- timezone" as defined in RFC 4833, Section 2: https://datatracker.ietf.org/doc/html/rfc4833#section-2 Examples for valid options are > dhcp-option = option:posix-timezone,"CEST- 1CET,M3.2.0/2:00:00,M11.1.0/2:00:00" and

Re: [Dnsmasq-discuss] Question about --all-servers in man page

Hey Masanari, On Fri, 2021-09-03 at 19:26 +0900, Masanari Iida wrote: > dnsmasq-2.85 (Fedora 33, x86_64) > multiple upstream DNS servers in config file. > No --strict-order, No --all-server setting . > > Symptom > Explanation about --all-servers in dnsmasq(8) man page could > be different from a

Re: [Dnsmasq-discuss] 2.86rc1

On Sat, 2021-09-04 at 22:04 +0100, Simon Kelley wrote: > Dominik, you were the one pushing for 2.86. Thoughts? Hey Simon, I didn't really intend to push for v2.86, but, yes, I'd personally like to see it soon(ish). Also given that v2.85 was almost half a year ago. Maybe we could get a v2.87 still

[Dnsmasq-discuss] [PATCH]

ing. I'm involved in the process now and get notified if the IANA RR types table gets updated and will send new patches if this is the case. Best, Dominik From 97ca3ae9ff6a33ac70fb982d282a1728dee5a9cd Mon Sep 17 00:00:00 2001 From: Dominik DL6ER Date: Thu, 9 Sep 2021 14:28:28 +0200 Subjec

Re: [Dnsmasq-discuss] [PATCH]

minik From e0d56e962e058add871c2d49c0e224d41157057a Mon Sep 17 00:00:00 2001 From: Dominik DL6ER Date: Fri, 10 Sep 2021 10:00:56 +0200 Subject: [PATCH] Move call to querystr() inside log_query() to ensure it is only called when logging is enabled. Signed-off-by: DL6ER --- src/auth.c

Re: [Dnsmasq-discuss] rev-server=fe80::/10, 192.168.178.1 no longer accepted (version 2.86)

Hey Joerg, On Fri, 2021-09-10 at 10:13 +0200, jo...@schuetter.org wrote: > rev-server=fe80::/10,192.168.178.1 dnsmasq always only accepted IPv6 prefixes that are a multiple of 4. There was just no enforcing of this before v2.86. Looking at the v2.85 code, dnsmasq will have added > fe80::/8 for y

Re: [Dnsmasq-discuss] rev-server=fe80::/10, 192.168.178.1 no longer accepted (version 2.86)

7.html Everything is combined in one patch now. Best, Dominik From bb26695b7e6db84736c9725c50d9a95aec9eb936 Mon Sep 17 00:00:00 2001 From: Dominik DL6ER Date: Mon, 6 Sep 2021 22:27:00 +0200 Subject: [PATCH] --rev-server: Add support for arbitrary IPv4/6 prefix-lengths. So far, the prefix was limited to [8,16

Re: [Dnsmasq-discuss] rev-server=fe80::/10, 192.168.178.1 no longer accepted (version 2.86)

Hey Simon, On Sat, 2021-09-11 at 23:42 +0100, Simon Kelley wrote: > 1) gen_rev6 fails to allocate the *domains array, and crashes. what did you try? It didn't crash for me. But I see that adding malloc failsafe checks is something I've forgotten. I'll resubmit the patch, also with removed explana

Re: [Dnsmasq-discuss] rev-server=fe80::/10, 192.168.178.1 no longer accepted (version 2.86)

re servers to be shown that we log (this is limited by SERVERS_LOGGED = 30) Best, Dominik From 58343618ffee18c24a9c81b7a668cb5dcc7e847d Mon Sep 17 00:00:00 2001 From: Dominik DL6ER Date: Mon, 6 Sep 2021 22:27:00 +0200 Subject: [PATCH] --rev-server: Add support for arbitrary IPv4/6 prefix-lengt

[Dnsmasq-discuss] [BUG] [PATCH] Segmentation fault in src/forward.c

ss=/apiwaka.azure-api.net/:: server=/wakanim-vid.akamaized.net/# address=/wakanim-vid.akamaized.net/# server=/wakanimksm.azurewebsites.net/# address=/wakanimksm.azurewebsites.net/:: From 716387397b0e1cffc0238c4fc499478da08ade26 Mon Sep 17 00:00:00 2001 From: Dominik DL6ER Date: Wed, 15 Sep 2021 17:50:43 +0200 Subject: [PATCH

Re: [Dnsmasq-discuss] [BUG] [PATCH] Segmentation fault in src/forward.c

Hi again, after applying my patch from my previous mail, dnsmasq stopped crashing. However, this only started to reveal abnormal and partially conflicting behavior in certain configurations. For instance, using the new attached configuration does make dnsmasq behave strangely. The log contains wh

Re: [Dnsmasq-discuss] change in behavior where v4 address exists but not v6 in 2.86

Hey Todd, On Thu, 2021-09-16 at 02:29 -0400, Todd Derr wrote: > I recently upgraded and ran into an issue with a name that has > a v4 address but no v6 address, like so: > > > log-queries > > log-facility=/usr/local/var/log/dnsmasq.log > > address=/dummy.com/127.0.0.2 > > > On 2.85 and below, th

Re: [Dnsmasq-discuss] [BUG] [PATCH] Segmentation fault in src/forward.c

Addendum: Depending on the configuration, it can happen that the query is sent to another server that is configured to be used for an altogether different domain, e.g. > server=127.0.0.1#5353 > server=::1#5353 > rev-server=192.168.0.1/24,192.168.0.1 > server=/fritz.box/192.168.0.1 > server=/bo.net

Re: [Dnsmasq-discuss] Nonstandard Formatting?

Hey Carson, this question comes up every one to two years. Sometimes trailing whitespace are part of it. Plenty of details can be found in the mailing list archive (link at the bottom of each mail). The archive is also indexed by Google et al. On Thu, 2021-09-16 at 20:19 +, Carson Riker wrote

Re: [Dnsmasq-discuss] TXT replies in log-queries=extra

Hey Joseph, On Fri, 2021-09-17 at 17:03 -0400, Joseph Ward via Dnsmasq- discuss wrote: > However, for TXT records, it'll provide the serial/ip/port for > the query, but the response is missing that information. That is caused by logging of the TXT record replies happening separately from everythi

[Dnsmasq-discuss] [PATCH] Two small fixes

70c6da391 Mon Sep 17 00:00:00 2001 From: Dominik DL6ER Date: Sat, 18 Sep 2021 16:05:34 +0200 Subject: [PATCH 2/2] Check if allocation of 66573 bytes succeeded before accessing the memory to avoid crash in busy times Signed-off-by: DL6ER --- src/forward.c | 2 ++ 1 file changed, 2 insertio