> On Jan 14, 2023, at 8:44 AM, Buck Horn wrote:
>
> On 14.01.2023 12:40:18, Chris Webb wrote:
>
>> If we are advertising local (ULA) prefixes but no globally-routeable
>> prefixes, we should similarly not configure clients with a default route.
>> Set the router lifetime to zero in this case
ulnerability cannot be
> triggered. ra-only should only broadcast its prefix(es) to end stations
> without accepting messages from them. It should be safe.
>
> Regards,
> Petr
>
> On 4/1/22 16:37, Lonnie Abelbeck wrote:
>>> On Mar 31, 2022, at 2:04 PM, Petr Menšík wro
> On Mar 31, 2022, at 2:04 PM, Petr Menšík wrote:
>
> Possible vulnerability were found in latest dnsmasq. It were found with help
> of oss-fuzz Google project by me and short after that independently also by
> Richard Johnson of Trellix Threat Labs.
>
> It is affected only by DHCPv6 requests
> On Feb 5, 2022, at 5:32 AM, Simon Kelley wrote:
>
> Let's try thinking out of the box here. Given the motivation to save storage,
> I was wondering if there could be a way to use compression, gzip etc to save
> more space.
>
> Building a decompressor into dnsmasq seems ugly, but then I cam
Hi Andre, et al.
> On Aug 11, 2021, at 1:36 AM, Andre Heider wrote:
>
> I'm using 2.86test6 on OpenWrt, and I think I've found a bug. Detail's are
> vague so far but ever since I've started DoT with stubby as upstream server,
> dnsmasq every now and then gets into a mode where it stops respond
> On May 23, 2021, at 12:47 PM, Cyberfusion wrote:
>
>> Op 23 mei 2021 om 19:31 heeft Lonnie Abelbeck
>> het volgende geschreven:
>>
>>> On May 23, 2021, at 11:08 AM, Cyberfusion wrote:
>>>
>>> Maybe it’s better to always validate the c
> On May 23, 2021, at 11:08 AM, Cyberfusion wrote:
>
> Maybe it’s better to always validate the config before you restart dnsmasq.
# dnsmasq --test
dnsmasq: syntax check OK.
Lonnie
___
Dnsmasq-discuss mailing list
Dnsmasq-discu
> On Mar 29, 2021, at 9:19 AM, Roland Giesler wrote:
>
> On Mon, 29 Mar 2021 at 08:52, Geert Stappers via Dnsmasq-discuss
> wrote:
> On Sun, Mar 28, 2021 at 10:11:01PM +0200, Roland Giesler wrote:
> > Is it possible to set up a split zone in dnsmasq?
> >
Yes, you can.
For split-horizon DNS
> On Feb 26, 2021, at 9:59 AM, Fred F wrote:
>
> Hi Matthias,
>
> unfortunately I need the global addresses in DNS, as that's the only
> way for me to reference the hosts in firewall rules (FreeBSD's packet
> filter supports DNS aliases natively). So unfortunately ULA does not
> help in this s
> On Jan 25, 2021, at 5:21 PM, Lonnie Abelbeck
> wrote:
>
>
>> Get it here:
>>
>> http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.84.tar.gz
>
> The version string generated is "2.84rc2"
>
> $ cat dnsmasq-2.84/VERSION
> (HEAD ->
> Get it here:
>
> http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.84.tar.gz
The version string generated is "2.84rc2"
$ cat dnsmasq-2.84/VERSION
(HEAD -> master, tag: v2.84rc2, tag: v2.84, origin/master, origin/HEAD)
Lonnie
___
Dnsmasq-discuss
> On Jan 22, 2021, at 4:33 PM, Simon Kelley wrote:
>
> Apolgies about your wasted time. Once more with 2.84test3 ?
Thanks Simon, 2.84test3 solves all "failed to send packet" logs in my testing
...
--
Jan 22 18:44:22 gw-lan daemon.info dnsmasq[3297]: started, version 2.84test3
cachesize 4096
Address family not
> supported by protocol”. However, it is mostly “Network Unreachable” and they
> are pretty continuous (much more than the 10 you have). Dnscrypt is
> configured to use DoH to cloudflare servers. On my side, doesn’t seem to be
> related to activity level…
> On Jan 21, 2021, at 5:53 PM, Steve Hirsch wrote:
>
> After upgrading dnsmasq from version 2.82 to version 2.83 on Arch Linux
> (kernel 5.10.9), “failed to send packet: Network is unreachable” errors
> continually show up. However, name resolution still appears to work with
> v2.83. Downg
> On Dec 9, 2020, at 4:38 AM, Petr Menšík wrote:
>
> I doubt limiting to 1221 can fix virtually anything. I doubt it would
> fix anything even on Windows. I am sure it would not prevent any attack
> on dnsmasq.
>
> I think the best mitigation would be blocking any external IP addresses
> to dn
The dnsmasq commit that removed HAVE_IPV6 means dnsmasq must be compiled on a
system with IPv6 headers.
But at runtime, dnsmasq works on a IPv4-only (ipv6 module not loaded) Linux
system. Even without the ipv6 network stack (no protocol family 10 registered)
dnsmasq will happily resolve r
> On Jul 27, 2020, at 1:12 PM, d...@lutean.com wrote:
>
> Hi everyone,
>
> The following proposed patch includes my attempt at a man page change. It
> also includes Vladislav Grishenko's suggestion to tag LAA source addresses
> independently from multicast addresses.
>
> If these changes ar
Greetings,
So how would dnsmasq users go about not granting DHCP leases to LAA (anonymous)
MAC addresses ?
I liken this to a PBX not accepting calls with anonymous/invalid caller-id
entries.
Lonnie
> On Jul 26, 2020, at 10:04 AM, themiron...@gmail.com wrote:
>
> Hi,
>
> LAA stands for loca
> On Nov 5, 2019, at 12:39 PM, bln 77 wrote:
>
> Hi everyone,
>
> I have a 10.1.0.0/16 network.
> I want to have clients in the same network because I want to be able to
> receive IP-broadcast for autodiscovery.
> I configured two VLANs and the router has an interface/ip in both:
> lan1: 10.
> On Apr 16, 2018, at 4:02 PM, Lonnie Abelbeck
> wrote:
>
>
> On Oct 19, 2017, at 7:16 PM, Matt Taggart wrote:
>
>> Hi,
>>
>> Back in Sept 2015 I started a thread about DNS-over-TLS
>>
>> http://lists.thekelleys.org.uk/pipermail/dnsmasq-di
On Oct 19, 2017, at 7:16 PM, Matt Taggart wrote:
> Hi,
>
> Back in Sept 2015 I started a thread about DNS-over-TLS
>
> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q3/009833.html
>
> Since then there is now RFC7858 ( https://tools.ietf.org/html/rfc7858 )
> and port 853 (tcp) h
Dominik,
I'm thinking you do not want to call
--
in->name[strlen(in->name)-1];
--
before testing for "if (in->len == 0"
Lonnie
On Feb 11, 2018, at 10:10 AM, Dominik Derigs wrote:
> Forgot to attach the proposed patch.
>
> Best,
> Dominik
>
>
> On 11.02.2018 17:02, Dominik Derigs wrote:
>>
The netcalc project by Joachim Nilsson (@troglobit), is originally based on
sipcalc, and the just released netcalc 2.1.1 has some new features dnsmasq
configurations may be interested in.
https://github.com/troglobit/netcalc
For example, while a /24 network does not need fancy tools to calculat
On May 25, 2016, at 4:08 PM, wkitt...@gmail.com wrote:
> On 05/25/2016 03:24 PM, Johnny Appleseed wrote:
>> dig +dnssec wikipedia.org
>> ;; Truncated, retrying in TCP mode.
>>
>> ; <<>> DiG 9.8.3-P1 <<>> +dnssec wikipedia.org
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode
On Jan 6, 2016, at 12:04 PM, Simon Kelley wrote:
> The do_script_run calls need to be removed from the compilation when
> DHCP is not included. Since the scripting system used to just about
> DHCP events, it was automatically removed from the compilation when
> DHCP was removed. Now the script s
On Jan 5, 2016, at 10:29 AM, Matthias Fischer
wrote:
> Hi,
>
> On 05.01.2016 17:05, Lonnie Abelbeck wrote:
>> Hi Matthias,
>>
>> It seems you have disabled HAVE_DHCP with enabled HAVE_SCRIPT.
>>
>> Try disabling HAVE_SCRIPT in your build system...
On Jan 4, 2016, at 7:13 PM, Matthias Fischer
wrote:
> Hi,
>
> sorry, this will be rather long...
>
> I'm trying to compile 'dnsmasq 2.75' (for use with 'IPFire 2.17 (i586) -
> core95') with
> all available patches but I'm always runnning into errors.
...
> cd /usr/src/dnsmasq-2.76test4 && se
Doesn't DNSCrypt https://dnscrypt.org solve the same problem ?
Lonnie
On Dec 2, 2015, at 3:21 AM, Dave Taht wrote:
> DNS cookies look kind of interesting...
>
>
> -- Forwarded message --
> From: Mark Andrews
> Date: Wed, Dec 2, 2015 at 1:39 AM
> Subject: Re: strategies to mi
On Oct 13, 2015, at 2:03 PM, Carlos Carvalho wrote:
> Shaun Lynch (em2s...@yahoo.com) wrote on Tue, Oct 13, 2015 at 01:16:35AM BRT:
>> I am building a IPv4-IPv6 dual-stack gateway device for a virtual sandbox in
>> which to experiment with different system configurations. The current
>> gatewa
On Sep 7, 2015, at 2:04 PM, Matt Taggart wrote:
> Hi,
>
> Have you seen this draft for adding TLS to DNS?
>
> https://tools.ietf.org/html/draft-ietf-dprive-start-tls-for-dns-01
>
> What would it take to implement in dnsmasq?
> Both as a server and as a client.
Take a look at DNSCrypt:
https
Robert,
Looking at the code there is an upper limit of 1 for --cache-size
-- src/option.c --
case 'c': /* --cache-size */
{
int size;
if (!atoi_check(arg, &size))
ret_err(gen_err);
else
{
/* zero is OK, and means no caching.
On May 15, 2015, at 2:37 PM, Simon Kelley wrote:
> Anyone running 2.67rc6 or 2.67rc7 should be aware that there's a
> remotely exploitable buffer overflow in those trees. I just tagged
> 2.67rc8, which includes the fix.
>
>
> Cheers,
>
> Simon.
I think you meant to type 2.73rc6 ... 2.73rc7 .
Hi,
I'm in the process of moving from radvd to dnsmasq for ra-only...
Everything works as before with radvd, except for one side case, if a user
chooses for interface eth1...
--
no-dhcp-interface=eth1
dhcp-range=lan,2001:db8:1:2::,ra-only,64,24h
--
Then router advertisements seem to also be disa
On Sep 27, 2014, at 7:01 AM, Matthias Andree wrote:
> Am 27.09.2014 um 12:01 schrieb Roy Marples:
>> On Friday 26 Sep 2014 21:14:20 Simon Kelley wrote:
>>> This is just a heads-up that if you're using the --dhcp-script option in
>>> dnsmasq, and the script you're calling is being interpreted by
On Apr 14, 2014, at 11:17 AM, Stéphane Guedon wrote:
> Hello
>
> I have written a huge tutorial/article on my blog, and dnsmasq is one
> of the main topic.
>
> You may find it here :
>
> http://www.22decembre.eu/2014/04/14/local-dns-setup-with-dnsmasq-nsd-and-unbound/
While sharing "forest f
On Mar 25, 2014, at 4:52 PM, Simon Kelley wrote:
> On 25/03/14 21:25, Lonnie Abelbeck wrote:
>>
>>
>> Is the decision to not support OpenSSL shared libraries a final decision, or
>> is there a chance you may reconsider ?
>>
>
> The very early DNSSEC c
On Mar 25, 2014, at 4:13 PM, Simon Kelley wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 25/03/14 14:43, Alex Xu wrote:
>> I'm writing the Gentoo ebuild for dnsmasq 2.69rc1
>> (https://bugs.gentoo.org/show_bug.cgi?id=504154), and I was
>> wondering if dnsmasq requires nettle an
On Feb 7, 2014, at 7:15 AM, Maciej Soltysiak wrote:
> On Fri, Feb 7, 2014 at 1:42 PM, Lonnie Abelbeck
> wrote:
>> I admit is is nice to know that no-one is silently altering DNS
>> queries/responses in transit to a trusted DNS server, but is that being
>> overly para
DNS Gurus,
With all the excellent work on DNSSEC, I'd like to get this list's thoughts on
the merits of using DNSCrypt.
http://dnscrypt.org/
I cross-compiled dnscrypt-proxy 1.3.3 together with libsodium 0.4.5 from
source, and it works splendidly with our beloved dnsmasq.
FYI, I started dnscryp
On Oct 3, 2013, at 8:05 AM, Nehal J Wani wrote:
>> Yes. I just added contrib/mactable/macscript to the git repo, which is your
>> previous script slightly less elegantly modified by me for this
>> circumstance. I also put back the "make new file then atomically rename"
>> behaviour since that mea
On Sep 27, 2013, at 6:51 AM, Simon Kelley wrote:
>
> There's one change which needs to be made to the script. When dnsmasq is
> restarted, it won't know the MAC addresses for DHCPv6 (because they're not in
> the leasefile). So at start-up it will execute "old" script runs on each
> lease with
On Sep 25, 2013, at 11:20 AM, Simon Kelley wrote:
>
> HAVE_SCRIPT isn't very big and this tiny shell script makes a file of
> (IP-address, MAC-address) pairs. It's trivial to alter it to split IPv4 and
> IPv6 into different files or include any information from the fields exposed
> by the scri
On Jul 29, 2013, at 1:50 PM, Simon Kelley wrote:
> On 27/07/13 23:02, Lonnie Abelbeck wrote:
>>
>> On Jul 25, 2013, at 4:44 PM, Lonnie Abelbeck wrote:
>>
>>>
>>> On Jul 25, 2013, at 4:06 PM, Simon Kelley wrote:
>>>
>>>> On 23/06
On Jul 25, 2013, at 4:44 PM, Lonnie Abelbeck wrote:
>
> On Jul 25, 2013, at 4:06 PM, Simon Kelley wrote:
>
>> On 23/06/13 20:34, Lonnie Abelbeck wrote:
>>> Hi,
>>>
>>> I'd like to suggest that enable-tftp and no-dhcp-interface should be
>>&
On Jul 25, 2013, at 4:06 PM, Simon Kelley wrote:
> On 23/06/13 20:34, Lonnie Abelbeck wrote:
>> Hi,
>>
>> I'd like to suggest that enable-tftp and no-dhcp-interface should be
>> decoupled.
>>
>> Not only is it confusing that no-dhcp-interface als
Hi,
I'd like to suggest that enable-tftp and no-dhcp-interface should be decoupled.
Not only is it confusing that no-dhcp-interface also disables enable-tftp for
that interface, but it is sometimes desirable to allow DNS and TFTP on an
interface without DHCP.
Looking at "src/tftp.c" is seems t
46 matches
Mail list logo
