> FYI: The originator of this tweet just fessed up to me that it was a fake.
I am talking to Marco now [1]. If this really was a fake, he's in trouble!
-JP
[1] https://twitter.com/jpmens/status/649980467928780800
___
Dnsmasq-discuss mailing li
> Do you think there's any chance to solve this correctly without
> switching from dnsmasq to Unbound or the like?
I don't think this is going to be possible.
BTW, AVM seem to have DNSSEC validation on (at least) their 7390 [1].
As somebody with a lot of clout, such as you have at c't :-), I woul
> Anyway I'd like to be able to mark answers for local hosts within the
> local network as validated. Is there an option to enable this?
I hope not because it would be a lie; that zone has not been signed and
thus cannot be validated. Indicating Authentic Data would be a lie.
My curiousity forces
> but I cannot find any option for DLV.
ISC will stop accepting domains for DLV in 2016 and will terminate
service alltogether in 2017 [1]
-JP
[1] https://dlv.isc.org
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
htt
> Is unbound-anchor fairly stand-alone? Maybe run unbound-anchor and
> then covert the format of the resulting trust-anchors file would be
> a viable solution?
Fairly, yes, but: if people can run unbound-anchor they have Unbound, so
what would be the point of dnsmasq as a validator? ;-)
-
> One thing to note: I've also completely changed the way the trust
> anchors are specified, from DNSKEYS to DS records.
Very nice and, yes, it works. :)
All that's left is to find a way to obtain those securely when dnsmasq
starts up, somewhat in the way unbound-anchor(1) from Unbound does.
> So scrap this report for now, we should check, however, if dnsmasq
> forwarding to a second instance of itself works properly. :)
It does! :-)
-JP
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelley
> I moved forward to test7, and now the FIRST query (the one shipping the
> RRSIG and other additional stuff) lacks the AD flag, subsequent
> responses carry it.
I cannot confirm that. The first query sets the AD flag (and returns an
RRSIG in the response), and subsequent queries also set AD flag
> Ooops. Try now.
Very nice, Simon; looks good to me.
-JP
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> Answering my previous question, this behaviour is specified in RFC
> 6840 para 5.7. Code changes to implement it are in git now.
Have they been comitted? ;-) No visible change here ...
-JP
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@list
> >1. I am getting different results on two subsequent identical queries
> >WRT RRSIG record and AD flag.
> The second answer comes from the cache, and the D0 bit is not set in
> the query, so the answer doesn't have the AD flag or RRSIG, if you
> add "+dnssec" to the dig command you should see b
Relying on round-robin has short-comings: e.g. getaddrinfo() which
obsoletes gethostbyname() orders results. See [1].
-JP
[1]
http://daniel.haxx.se/blog/2012/01/03/getaddrinfo-with-round-robin-dns-and-happy-eyeballs/
___
Dnsmasq-discuss mailin
> IMHO, no effort is currently necessary.
I follow many mailing-lists, and dnsmasq-discuss is the _only_ one I
follow, in which I see spam.
And I neither use Thunderbird, nor is "click here" the solution.
-JP
___
Dnsmasq-discuss mailing list
D
> Is there anyway to update the mailing list to block this repeated spam?
Yes, *please*; it's getting out of hand.
-JP
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsm
> My idea was to use something
> more lightweight than bind, since from a featureset point of view, bind
> would be really way too big for our purpose, since we basically need
> forwarding servers only.
Have you looked at Unbound (unbound.net) ?
-JP
__
> For dnsmasq, I can see that active-passive is easy to do. Take your
> diagram above, and delete dnsmasq B. dnsmasq A keeps the tryant instance
> A up-to-date with the lease database and that gets replicated to tyrant
> B. If dnsmasq A fails, then dnsmasq B is started, intialises its lease
> datab
> I'd suggest SQLite as a possibility. Easy to include, and as they
> say: "Small. Fast. Reliable. Choose any three."
SQLite was my first option, but it doesn't replicate "automatically".
Easy to set up with rsync or something like it, of course, but that
wouldn't enable two dnsmasq servers to co
1,$s/Tryant/Tyrant/g
-JP
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Starting just a few days before the day the machine running dnsmasq in
my SOHO died, I was giving some thought to how I'd go about ensuring
a backup copy of dnsmasq could take over if my only running instance
died. Needless to say, the death of the machine left my small network in
shambles, because
> relaxing the hex parsing to make colons and leading zeros optional gets
> the possibility of something that's almost an natural encoding in this
> case, and may be generally useful if less easy to use.
>
> dns-rr=44,2:1:123456789abcdef67890123456789abcdef67890
>
> Opinions?
Go for it!
I recom
> keys as "SSHFP-Record"s, so that I'm able to call via < user@remotehost-o "VerifyHostKeyDNS=yes">> and get a result line like
> "Matching host key
> fingerprint found in DNS".
This may or not be painful, if you're not using DNSSEC. (You may like to
glance at a discussion, and the comments, at [1
> When using dnsmasq to serve dhcp, what option or parameter must be set
> in dnsmasq.conf to set which DNS servers the client will use?
dhcp-option=option:dns-server,
ought to do the trick.
-JP
___
Dnsmasq-discuss mailing list
Dnsmasq
> Maybe take it one step further,
> --host-record=,[,,,...] so we can keep the
> CNAMEs right there too.
Sounds sensible, as long as multiple --host-record are allowed for one
(multi-homed, IPv4, IPv6)
-JP
___
Dnsmasq-discuss mailing list
Dnsm
> which has fixes for everything which has come up so far, including a
> crash when only IPv4 DHCP is enabled.
Has been running here flawlessly for a few hours now, including Lua.
Thank you for solving the reported crash. :-)
-JP
___
Dnsmasq-di
> This has pretty much feature-complete, but very lightly tested DHCPv6
> support. I'd really like as much testing of this done as possible.
It works for me with dnsmasq running on Mac OS/X 10.6.8 and a client
using dibbler [1].
Good show, Simon!
-JP
[1] http://klub.com.pl/
__
25 matches
Mail list logo
