From matthias.andree at gmx.de Thu Oct 1 11:51:50 2009 From: matthias.andree at gmx.de (Matthias Andree) Date: Thu, 01 Oct 2009 12:51:50 +0200 Subject: [Dnsmasq-discuss] Announce: dnsmasq-2.51rc1 In-Reply-To: <4AC2692B.8090703@thekelleys.org.uk> References: <4AC2692B.8090703@thekelleys.org.uk> Message-ID: Am 29.09.2009, 22:08 Uhr, schrieb Simon Kelley : > The development branch of dnsmasq has amassed quite a few changes, going > back 3 months in some cases: most of the work was done before the 2.50 > security-only release. I think it's time therefore to make a new > release, and I'm making a first release-candidate available at > > http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.51rc1.tar.gz > http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.51rc1.tar.lzma > > Please test this, and/or translate it, as appropriate. (Translators, > drop me a note if you're working and I'll hold off a final release until > you're done.) > > version 2.51 > Add support for internationalised DNS. Non-ASCII characters > in domain names found in /etc/hosts, /etc/ethers and > /etc/dnsmasq.conf will be correctly handled by translation > to punycode, as specified in RFC3490. This function is only > available if dnsmasq is compiled with internationalisation > support, and adds a dependency on GNU libidn. Without i18n > support, dnsmasq continues to be compilable with just > standard tools. Thanks to Yves Dorfsman for the > suggestion. Some findings of the -rc1: - During build, I18N - which currently comprises IDN _and_ NLS as an inseparable union - only works with GNU make, not with BSD's make. - IDN needs pkg-config (just like DBus also needs pkg-config) - there are some GNUisms, but I don't have good/efficiently implemented ideas to avoid these. GNU make is readily available on most systems though. These two requirements are not documented, please consider documenting them. - Unless I'm missing some links in setup.html, the whole build is massively underdocumented, no mention of DBus or i18n anywhere, and setup.html doesn't appear to be linked from doc.html and vice versa. I'd suggest to add the whole COPT=-Dfoo system to setup.html, too, or at least point to src/config.h and mention how to most efficiently set these options. - I wonder how dnsmasq will figure out the proper character set for these files -- or will it just assume UTF-8? Older systems might use some ISO-8859-* variant. (Sorry, no time to read source now.) - The "all-i18n" target creates the .mo files under /src which I find counterintuitive. - The German translation is - with 17/313 messages - so incomplete it's not worth shipping. I don't have sufficient time to do it on short notice though, so I'll not try. Best regards Matthias -- Matthias Andree From matthias.andree at gmx.de Thu Oct 1 11:57:45 2009 From: matthias.andree at gmx.de (Matthias Andree) Date: Thu, 01 Oct 2009 12:57:45 +0200 Subject: [Dnsmasq-discuss] dnsmasq 2.51 rc1 for FreeBSD (was: Announce: dnsmasq-2.51rc1) In-Reply-To: <4AC2692B.8090703@thekelleys.org.uk> References: <4AC2692B.8090703@thekelleys.org.uk> Message-ID: Am 29.09.2009, 22:08 Uhr, schrieb Simon Kelley : > The development branch of dnsmasq has amassed quite a few changes, going > back 3 months in some cases: most of the work was done before the 2.50 > security-only release. I think it's time therefore to make a new > release, and I'm making a first release-candidate available at > > http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.51rc1.tar.gz > http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.51rc1.tar.lzma Greetings, for FreeBSD, I have submitted a 2.51rc1 port update for ports/dns/dnsmasq, which will enable IDN and NLS by default and pull in gettext-related packages, iconv, libidn, and gmake. You can change that in the "make config" dialogue. At time of this writing, the update has not yet been committed to the ports tree; in the meanwhile you can get the patch against the 2.50 version in the ports tree from the problem report tracker at (deep link to the patch: ). Please send me feedback that are port-specific off-list (or at least Cc: me), and general feedback on the software to Simon or the list. Thank you. Best regards -- Matthias Andree From simon at thekelleys.org.uk Thu Oct 1 13:19:02 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Thu, 01 Oct 2009 13:19:02 +0100 Subject: [Dnsmasq-discuss] Announce: dnsmasq-2.51rc1 In-Reply-To: References: <4AC2692B.8090703@thekelleys.org.uk> Message-ID: <4AC49E36.6030507@thekelleys.org.uk> Matthias Andree wrote: > Am 29.09.2009, 22:08 Uhr, schrieb Simon Kelley : > >> The development branch of dnsmasq has amassed quite a few changes, going >> back 3 months in some cases: most of the work was done before the 2.50 >> security-only release. I think it's time therefore to make a new >> release, and I'm making a first release-candidate available at >> >> http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.51rc1.tar.gz >> >> http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.51rc1.tar.lzma >> >> >> Please test this, and/or translate it, as appropriate. (Translators, >> drop me a note if you're working and I'll hold off a final release until >> you're done.) >> >> version 2.51 >> Add support for internationalised DNS. Non-ASCII characters >> in domain names found in /etc/hosts, /etc/ethers and >> /etc/dnsmasq.conf will be correctly handled by translation >> to punycode, as specified in RFC3490. This function is only >> available if dnsmasq is compiled with internationalisation >> support, and adds a dependency on GNU libidn. Without i18n >> support, dnsmasq continues to be compilable with just >> standard tools. Thanks to Yves Dorfsman for the >> suggestion. > > Some findings of the -rc1: > > - During build, I18N - which currently comprises IDN _and_ NLS as an > inseparable union - only works with GNU make, not with BSD's make. Where is the problem? I ensured that the build works with BSD make, but only for the non-IDN build, it would be good to fix that. > > - IDN needs pkg-config (just like DBus also needs pkg-config) - there > are some GNUisms, but I don't have good/efficiently implemented ideas to > avoid these. GNU make is readily available on most systems though. > > These two requirements are not documented, please consider documenting > them. > > - Unless I'm missing some links in setup.html, the whole build is > massively underdocumented, no mention of DBus or i18n anywhere, and > setup.html doesn't appear to be linked from doc.html and vice versa. I'd > suggest to add the whole COPT=-Dfoo system to setup.html, too, or at > least point to src/config.h and mention how to most efficiently set > these options. > A valid criticism, I guess that since almost everyone installs dnsmasq from an OS or distribution package these days, such documenation has a much smaller audience (and therefore priority) than user-level documentation. It is sadly lacking. > - I wonder how dnsmasq will figure out the proper character set for > these files -- or will it just assume UTF-8? Older systems might use > some ISO-8859-* variant. (Sorry, no time to read source now.) It calls idna_to_ascii_lz() which uses the current locale. from "man idna_to_ascii_lz" DESCRIPTION Convert domain name in the locale?s encoding to ASCII string. The domain name may contain several labels, separated by dots. The output buffer must be deallocated by the caller. > > - The "all-i18n" target creates the .mo files under /src which I find > counterintuitive. I can't remember why it's done like that. It must have made sense at the time! > > - The German translation is - with 17/313 messages - so incomplete it's > not worth shipping. I don't have sufficient time to do it on short > notice though, so I'll not try. Any volunteers on the list? Cheers, Simon. From matthias.andree at gmx.de Thu Oct 1 15:00:56 2009 From: matthias.andree at gmx.de (Matthias Andree) Date: Thu, 01 Oct 2009 16:00:56 +0200 Subject: [Dnsmasq-discuss] Announce: dnsmasq-2.51rc1 In-Reply-To: <4AC49E36.6030507@thekelleys.org.uk> References: <4AC2692B.8090703@thekelleys.org.uk> <4AC49E36.6030507@thekelleys.org.uk> Message-ID: Am 01.10.2009, 14:19 Uhr, schrieb Simon Kelley : >> - During build, I18N - which currently comprises IDN _and_ NLS as an >> inseparable union - only works with GNU make, not with BSD's make. > > Where is the problem? I ensured that the build works with BSD make, but > only for the non-IDN build, it would be good to fix that. Dear Simon, The problem lies in bld/Makefile which uses %-pattern rules (a GNUism) on line 16 rather than traditional suffix rules (lines 7 - 8). 1 CFLAGS = -Wall -W -O2 2 3 OBJS = cache.o rfc1035.o util.o option.o forward.o network.o \ 4 dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \ 5 helper.o tftp.o log.o 6 7 .c.o: 8 $(CC) $(CFLAGS) $(COPTS) $(I18N) $(DNSMASQ_CFLAGS) $(RPM_OPT_FLAGS) -c $< 9 10 dnsmasq : $(OBJS) 11 $(CC) $(LDFLAGS) -o $@ $(OBJS) $(DNSMASQ_LIBS) $(LIBS) 12 13 dnsmasq.pot : $(OBJS:.o=.c) dnsmasq.h config.h 14 $(XGETTEXT) -d dnsmasq --foreign-user --omit-header --keyword=_ -o $@ -i $(OBJS:.o=.c) 15 16 %.mo : ../po/%.po dnsmasq.pot 17 $(MSGMERGE) -o - ../po/$*.po dnsmasq.pot | $(MSGFMT) -o $*.mo - ll 13f: The ":.o=.c" modifier is supported on SysV and BSD, but I'm not sure about its portability to other systems. l 16: The % patterns are unsupported in BSD make; in a traditional .po.mo: pattern you cannot directly list the prerequisite dnsmasq.pot, and if you list a $(MAKE) dnsmasq.pot you'll break parallel builds (make -j3) (so better list it in the command block of another rule instead), and I'm not sure how you could express the ../po/ path insert at all. Perhaps a POFILES=da.po de.po es pt_BR ro... style variable which you substitue from might help a bit, too. Relevant documentation: - Tutorial http://www.freebsd.org/doc/en_US.ISO8859-1/books/pmake/ - Manpage http://www.freebsd.org/cgi/man.cgi?query=make&apropos=0&sektion=0&manpath=FreeBSD+6.3-RELEASE&format=html Note that overriding CFLAGS (line 1) is frowned upon in BSD, too, although I think DNSMASQ_CFLAGS and RPM_OPT_FLAGS offers plenty ways to merge things. [IDN] >> - I wonder how dnsmasq will figure out the proper character set for >> these files -- or will it just assume UTF-8? Older systems might use >> some ISO-8859-* variant. (Sorry, no time to read source now.) > > It calls idna_to_ascii_lz() which uses the current locale. ...which derives from implicit assumptions that the user starting dnsmasq uses the proper locale for the /etc/ files subjected to IDN/Punycode handling, particularly on systems where root users don't usually log in, but use sudo (Ubuntu Linux) - the console locale used to edit files may differ from the locale in effect when /etc/init.d/dnsmasq or init or Upstart or whichever launches the daemon. This should be documented very clearly in the manpage and the relevant .html file to avoid surprises - the locale used to edit these /etc/ files must get set in the environment where dnsmasq is launched. >> - The "all-i18n" target creates the .mo files under /src which I find >> counterintuitive. > > I can't remember why it's done like that. It must have made sense at the > time! Well at least they are side to side with the .o files which also end up in src/, and then I wonder what the bld/ directory is for if it's static. I would've guessed from the name that bld/ is build/ and hence where the outputs are supposed to end up, but apparently not so. :) Cheers -- Matthias Andree From RLynn at fundamentalsltd.co.uk Fri Oct 2 11:05:03 2009 From: RLynn at fundamentalsltd.co.uk (Roger Lynn) Date: Fri, 02 Oct 2009 11:05:03 +0100 Subject: [Dnsmasq-discuss] FAQ entry - Debian hostnames Message-ID: <4AC5D04F.4040703@fundamentalsltd.co.uk> Hi, In the dnsmasq FAQ there's a question: "I'm running Debian, and my machines get an address fine with DHCP, but their names are not appearing in the DNS." The answer includes "Update: the lastest dhcpcd packages _do_ send the hostname by default." This isn't true for Debian, unless you are talking about the experimental packages of ISC DHCP 4.1. A patch has apparently been applied in Ubuntu, but the Debian maintainers are waiting for upstream to fix it. See http://bugs.debian.org/151820 and http://bugs.debian.org/522889 for details. Thanks for your work on dnsmasq, Roger From simon at thekelleys.org.uk Fri Oct 2 13:19:50 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Fri, 02 Oct 2009 13:19:50 +0100 Subject: [Dnsmasq-discuss] Announce: dnsmasq-2.51rc1 In-Reply-To: References: <4AC2692B.8090703@thekelleys.org.uk> <4AC49E36.6030507@thekelleys.org.uk> Message-ID: <4AC5EFE6.7070202@thekelleys.org.uk> Matthias Andree wrote: > [IDN] >>> - I wonder how dnsmasq will figure out the proper character set for >>> these files -- or will it just assume UTF-8? Older systems might use >>> some ISO-8859-* variant. (Sorry, no time to read source now.) >> >> It calls idna_to_ascii_lz() which uses the current locale. > > ...which derives from implicit assumptions that the user starting > dnsmasq uses the proper locale for the /etc/ files subjected to > IDN/Punycode handling, particularly on systems where root users don't > usually log in, but use sudo (Ubuntu Linux) - the console locale used to > edit files may differ from the locale in effect when /etc/init.d/dnsmasq > or init or Upstart or whichever launches the daemon. > > This should be documented very clearly in the manpage and the relevant > .html file to avoid surprises - the locale used to edit these /etc/ > files must get set in the environment where dnsmasq is launched. I had assumed that the system locale would be set by and inherited from init, but looking more closely, that's not true. On Debian (and Ubuntu) the system default locale is stored in /etc/default/locale, and the startup scripts for daemons which care about this have to source that file and export LANG. I've fixed dnsmasq's Debian init script to do this, and that will feed through to Ubuntu too. Other packagers need to take this into account. I'll add to the documentation. > >>> - The "all-i18n" target creates the .mo files under /src which I >>> find counterintuitive. >> >> I can't remember why it's done like that. It must have made sense at >> the time! > > Well at least they are side to side with the .o files which also end up > in src/, and then I wonder what the bld/ directory is for if it's > static. I would've guessed from the name that bld/ is build/ and hence > where the outputs are supposed to end up, but apparently not so. :) > /bld is a place to keep build infrastructure, rather than cluttering up the root directory. Cheers, Simon. From matthias.andree at gmx.de Fri Oct 2 13:35:27 2009 From: matthias.andree at gmx.de (Matthias Andree) Date: Fri, 02 Oct 2009 14:35:27 +0200 Subject: [Dnsmasq-discuss] Announce: dnsmasq-2.51rc1 In-Reply-To: <4AC5EFE6.7070202@thekelleys.org.uk> References: <4AC2692B.8090703@thekelleys.org.uk> <4AC49E36.6030507@thekelleys.org.uk> <4AC5EFE6.7070202@thekelleys.org.uk> Message-ID: Dear Simon, list subscribers, Am 02.10.2009, 14:19 Uhr, schrieb Simon Kelley : > I had assumed that the system locale would be set by and inherited from > init, but looking more closely, that's not true. On Debian (and Ubuntu) > the system default locale is stored in /etc/default/locale, and the > startup scripts for daemons which care about this have to source that > file and export LANG. I've fixed dnsmasq's Debian init script to do > this, and that will feed through to Ubuntu too. Other packagers need to > take this into account. I'll add to the documentation. Thank you. I wonder - also from experiences drawn from my own projects such as fetchmail - how much of documentation, and for which target group in respect, is required. It appears to me that decent projects will benefit from a documentation that addresses end users as well as packagers. One more train of thought (a bit dialectic), if you read a system-wide locale configuration, that may still not match a user-specific locale setting; however this would likely be a less common configuration for dnsmasq. Also, given that many distributions are converging on UTF-8 encodings, at least the character representation will be the same, so that documentation would likely suffice for dnsmasq. > /bld is a place to keep build infrastructure, rather than cluttering up > the root directory. Fine. Cheers -- Matthias Andree From simon at thekelleys.org.uk Fri Oct 2 13:50:30 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Fri, 02 Oct 2009 13:50:30 +0100 Subject: [Dnsmasq-discuss] Announce: dnsmasq-2.51rc1 In-Reply-To: References: <4AC2692B.8090703@thekelleys.org.uk> <4AC49E36.6030507@thekelleys.org.uk> <4AC5EFE6.7070202@thekelleys.org.uk> Message-ID: <4AC5F716.8010101@thekelleys.org.uk> Matthias Andree wrote: > Dear Simon, list subscribers, > > Am 02.10.2009, 14:19 Uhr, schrieb Simon Kelley : > >> I had assumed that the system locale would be set by and inherited >> from init, but looking more closely, that's not true. On Debian (and >> Ubuntu) the system default locale is stored in /etc/default/locale, >> and the startup scripts for daemons which care about this have to >> source that file and export LANG. I've fixed dnsmasq's Debian init >> script to do this, and that will feed through to Ubuntu too. Other >> packagers need to take this into account. I'll add to the documentation. > > Thank you. > > I wonder - also from experiences drawn from my own projects such as > fetchmail - how much of documentation, and for which target group in > respect, is required. > It appears to me that decent projects will benefit from a documentation > that addresses end users as well as packagers. There can never be too much documentation, and for dnsmasq most of the required documentation is needed by both packagers and users. The things that you identified as missing to be with build targets and variables, are probably things that users don't need, if they are using packaged software. > > One more train of thought (a bit dialectic), if you read a system-wide > locale configuration, that may still not match a user-specific locale > setting; however this would likely be a less common configuration for > dnsmasq. Also, given that many distributions are converging on UTF-8 > encodings, at least the character representation will be the same, so > that documentation would likely suffice for dnsmasq. > One of the files in question is /etc/hosts. The format of that is well defined, so there's no way to add a charset tag to it. Since it's a system-wide configuration file, then the only valid assumption is that it uses the system-default locale, I think. When I was doing this work, I experimented with non-ascii characters in /etc/hosts. At least with gnu libc, the resolver library works fine, but I suspect it may not if the locale associated with a process has a different character encoding to that used in /etc/hosts. Cheers, Simon. From hashimoh at tmtv.ne.jp Sun Oct 4 04:05:25 2009 From: hashimoh at tmtv.ne.jp (Hisashi Hashimoto) Date: Sun, 04 Oct 2009 12:05:25 +0900 Subject: [Dnsmasq-discuss] dnsmasq as DHCP server on vmware client machine Message-ID: <4AC810F5.4000102@tmtv.ne.jp> Hi, I am using Dnsmasq 2.45, a little bit old on my Local distribution. I am trying to use dnsmasq as a DHCP server on vmware host machine instead of using vmware original DHCP server, vmnet-dhcpd. Why I prefer using dnsmasq is that vmnet-dhcpd is based on ISC DHCPD 2.0(old) and I prefer to use dnsmasq configuration. I have one problem now. This proble appeared after I moved VMware workstation 6.5 from 5.0. Problem is: Dnsmasq does not look at the vmnet1, 4, 8(Virtual network on host machine created by VMware). Why I think so, is : (1) When I use vmnet-dhcpd or ISC DHCPD 3.0, they answered the query from guest machines. but when I use dnsmasq, it did not answer. So, network interfaces had been created and work without problems. (2) While I run ISC DHCPD, I started dnsmasq with DHCP-RANGE option, Dnsmasq did not make any claim that port had been used by ISC DHCPD. Any suggestions are welcome. --------------------------------------------------- Here is my configuration related DHCP. interface=vmnet1 interface=vmnet4 interface=vmnet8 interface=lo bind-interfaces dhcp-range=192.168.219.101,192.168.219.128,255.255.255.0,12h dhcp-range=192.168.140.101,192.168.140.254,255.255.255.0,12h dhcp-range=192.168.167.101,192.168.167.254,255.255.255.0,12h Below is output of ifconfig. vmnet1 Link encap:Ethernet HWaddr 00:50:56:C0:00:01 inet addr:192.168.140.1 Bcast:192.168.140.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) vmnet4 Link encap:Ethernet HWaddr 00:50:56:C0:00:04 inet addr:192.168.219.1 Bcast:192.168.219.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fec0:4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:25 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08 inet addr:192.168.167.1 Bcast:192.168.167.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Hashimoto Hisashi From itamar at ispbrasil.com.br Mon Oct 5 08:48:23 2009 From: itamar at ispbrasil.com.br (Itamar Reis Peixoto) Date: Mon, 5 Oct 2009 04:48:23 -0300 Subject: [Dnsmasq-discuss] sending patches do dnsmasq Message-ID: there are some patches in fedora, Can I send to this list ? also can I send a patch to port dnsmasq to use gnu-autotools ? gnu auto-tools is for ./configure make make install -- ------------ Itamar Reis Peixoto e-mail/msn: itamar at ispbrasil.com.br sip: itamar at ispbrasil.com.br skype: itamarjp icq: 81053601 +55 11 4063 5033 +55 34 3221 8599 From mark at jemms.net Mon Oct 5 15:48:04 2009 From: mark at jemms.net (Mark Beierl) Date: Mon, 05 Oct 2009 10:48:04 -0400 Subject: [Dnsmasq-discuss] dnsmasq as DHCP server on vmware client machine In-Reply-To: <4AC810F5.4000102@tmtv.ne.jp> References: <4AC810F5.4000102@tmtv.ne.jp> Message-ID: <4ACA0724.9010605@jemms.net> I use dnsmasq 2.50-1 with Vmware Workstation 6.5 and do not have any problems with vmnets. The only difference I see is that I do not use bind-interfaces... Regards, Mark Hisashi Hashimoto wrote: > Hi, > > I am using Dnsmasq 2.45, a little bit old on my Local distribution. > I am trying to use dnsmasq as a DHCP server on vmware host machine > instead of using vmware original DHCP server, vmnet-dhcpd. > Why I prefer using dnsmasq is that vmnet-dhcpd is based on ISC DHCPD > 2.0(old) and I prefer to use dnsmasq configuration. > > I have one problem now. > This proble appeared after I moved VMware workstation 6.5 from 5.0. > Problem is: > Dnsmasq does not look at the vmnet1, 4, 8(Virtual network on host > machine created by VMware). > > Why I think so, is : > (1) When I use vmnet-dhcpd or ISC DHCPD 3.0, they answered the query > from guest machines. but when I use dnsmasq, it did not answer. > So, network interfaces had been created and work without problems. > (2) While I run ISC DHCPD, I started dnsmasq with DHCP-RANGE option, > Dnsmasq did not make any claim that port had been used by ISC DHCPD. > > Any suggestions are welcome. > --------------------------------------------------- > Here is my configuration related DHCP. > interface=vmnet1 > interface=vmnet4 > interface=vmnet8 > interface=lo > bind-interfaces > dhcp-range=192.168.219.101,192.168.219.128,255.255.255.0,12h > dhcp-range=192.168.140.101,192.168.140.254,255.255.255.0,12h > dhcp-range=192.168.167.101,192.168.167.254,255.255.255.0,12h > > Below is output of ifconfig. > vmnet1 Link encap:Ethernet HWaddr 00:50:56:C0:00:01 > inet addr:192.168.140.1 Bcast:192.168.140.255 > Mask:255.255.255.0 > inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > vmnet4 Link encap:Ethernet HWaddr 00:50:56:C0:00:04 > inet addr:192.168.219.1 Bcast:192.168.219.255 > Mask:255.255.255.0 > inet6 addr: fe80::250:56ff:fec0:4/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:25 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08 > inet addr:192.168.167.1 Bcast:192.168.167.255 > Mask:255.255.255.0 > inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > Hashimoto Hisashi > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From simon at thekelleys.org.uk Mon Oct 5 21:20:34 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Mon, 05 Oct 2009 21:20:34 +0100 Subject: [Dnsmasq-discuss] FAQ entry - Debian hostnames In-Reply-To: <4AC5D04F.4040703@fundamentalsltd.co.uk> References: <4AC5D04F.4040703@fundamentalsltd.co.uk> Message-ID: <4ACA5512.90908@thekelleys.org.uk> Roger Lynn wrote: > Hi, > > In the dnsmasq FAQ there's a question: "I'm running Debian, and my machines get > an address fine with DHCP, but their names are not appearing in the DNS." The > answer includes "Update: the lastest dhcpcd packages _do_ send the hostname by > default." This isn't true for Debian, unless you are talking about the > experimental packages of ISC DHCP 4.1. > > A patch has apparently been applied in Ubuntu, but the Debian maintainers are > waiting for upstream to fix it. See http://bugs.debian.org/151820 and > http://bugs.debian.org/522889 for details. > > Thanks for your work on dnsmasq, > Unfortunate naming here. The FAQ entry refers to dhcpcd, which is a completely different DHCP client than ISC offering, which is called dhclient, I think. The statement in the FAQ is true for dhcpcd. Cheers, Simon. From itamar at ispbrasil.com.br Tue Oct 6 00:09:32 2009 From: itamar at ispbrasil.com.br (Itamar Reis Peixoto) Date: Mon, 5 Oct 2009 20:09:32 -0300 Subject: [Dnsmasq-discuss] cosmetic patch use /var/lib/dnsmasq/ instead /var/lib/misc/ Message-ID: cosmetic patch use /var/lib/dnsmasq/ instead /var/lib/misc/ -#dhcp-leasefile=/var/lib/misc/dnsmasq.leases +#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases this patch is in fedora and I like to upstream it. patch attached -- ------------ Itamar Reis Peixoto e-mail/msn: itamar at ispbrasil.com.br sip: itamar at ispbrasil.com.br skype: itamarjp icq: 81053601 +55 11 4063 5033 +55 34 3221 8599 -------------- next part -------------- A non-text attachment was scrubbed... Name: dnsmasq-configuration-cosmetic.patch Type: application/octet-stream Size: 1934 bytes Desc: not available Url : http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091005/fcf745b9/attachment.obj From itamar at ispbrasil.com.br Tue Oct 6 00:10:10 2009 From: itamar at ispbrasil.com.br (Itamar Reis Peixoto) Date: Mon, 5 Oct 2009 20:10:10 -0300 Subject: [Dnsmasq-discuss] dnsmasq initscript for fedora/centos and other rpm distro.s Message-ID: patch attached -- ------------ Itamar Reis Peixoto e-mail/msn: itamar at ispbrasil.com.br sip: itamar at ispbrasil.com.br skype: itamarjp icq: 81053601 +55 11 4063 5033 +55 34 3221 8599 -------------- next part -------------- A non-text attachment was scrubbed... Name: dnsmasq-2.5.0-initscript.patch Type: application/octet-stream Size: 2251 bytes Desc: not available Url : http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091005/53c495ef/attachment.obj From grexk at yahoo.com Wed Oct 7 02:36:54 2009 From: grexk at yahoo.com (Greek Ordono) Date: Tue, 6 Oct 2009 18:36:54 -0700 (PDT) Subject: [Dnsmasq-discuss] dnsmasq dhcp-option 120 Message-ID: <867824.39501.qm@web53903.mail.re2.yahoo.com> Hi I getting segfaults when I try to set "dhcp-option=120,servername:port/cmcprov/login". I'm currently using dnsmasq-2.45-12.16.1 from openSUSE. TIA -- Greek Ordono myppa: launchpad.net/~grexk/+archive/ppa -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091006/676cc840/attachment.htm From simon at thekelleys.org.uk Wed Oct 7 10:11:53 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Wed, 07 Oct 2009 10:11:53 +0100 Subject: [Dnsmasq-discuss] dnsmasq dhcp-option 120 In-Reply-To: <867824.39501.qm@web53903.mail.re2.yahoo.com> References: <867824.39501.qm@web53903.mail.re2.yahoo.com> Message-ID: <4ACC5B59.3000708@thekelleys.org.uk> Greek Ordono wrote: > Hi > > I getting segfaults when I try to set > "dhcp-option=120,servername:port/cmcprov/login". I'm currently using > dnsmasq-2.45-12.16.1 from openSUSE. TIA > > -- > Greek Ordono > myppa: launchpad.net/~grexk/+archive/ppa > > Thanks for the report: this is fixed in later versions. Cheers, Simon. From hashimoh at tmtv.ne.jp Thu Oct 8 14:32:34 2009 From: hashimoh at tmtv.ne.jp (Hisashi Hashimoto) Date: Thu, 08 Oct 2009 22:32:34 +0900 Subject: [Dnsmasq-discuss] dnsmasq as DHCP server on vmware client machine In-Reply-To: <4ACA0724.9010605@jemms.net> References: <4AC810F5.4000102@tmtv.ne.jp> <4ACA0724.9010605@jemms.net> Message-ID: <4ACDE9F2.70907@tmtv.ne.jp> Mark, Thank you for your reply. I comment out bind-interface, but nothing has been changed. Hisashi Mark Beierl wrote > I use dnsmasq 2.50-1 with Vmware Workstation 6.5 and do not have any > problems with vmnets. The only difference I see is that I do not use > bind-interfaces... > > Regards, > Mark > > Hisashi Hashimoto wrote: >> Hi, >> >> I am using Dnsmasq 2.45, a little bit old on my Local distribution. >> I am trying to use dnsmasq as a DHCP server on vmware host machine >> instead of using vmware original DHCP server, vmnet-dhcpd. >> Why I prefer using dnsmasq is that vmnet-dhcpd is based on ISC DHCPD >> 2.0(old) and I prefer to use dnsmasq configuration. >> >> I have one problem now. >> This proble appeared after I moved VMware workstation 6.5 from 5.0. >> Problem is: >> Dnsmasq does not look at the vmnet1, 4, 8(Virtual network on host >> machine created by VMware). >> >> Why I think so, is : >> (1) When I use vmnet-dhcpd or ISC DHCPD 3.0, they answered the query >> from guest machines. but when I use dnsmasq, it did not answer. >> So, network interfaces had been created and work without problems. >> (2) While I run ISC DHCPD, I started dnsmasq with DHCP-RANGE option, >> Dnsmasq did not make any claim that port had been used by ISC DHCPD. >> >> Any suggestions are welcome. >> --------------------------------------------------- >> Here is my configuration related DHCP. >> interface=vmnet1 >> interface=vmnet4 >> interface=vmnet8 >> interface=lo >> bind-interfaces >> dhcp-range=192.168.219.101,192.168.219.128,255.255.255.0,12h >> dhcp-range=192.168.140.101,192.168.140.254,255.255.255.0,12h >> dhcp-range=192.168.167.101,192.168.167.254,255.255.255.0,12h >> >> Below is output of ifconfig. >> vmnet1 Link encap:Ethernet HWaddr 00:50:56:C0:00:01 >> inet addr:192.168.140.1 Bcast:192.168.140.255 >> Mask:255.255.255.0 >> inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) >> >> vmnet4 Link encap:Ethernet HWaddr 00:50:56:C0:00:04 >> inet addr:192.168.219.1 Bcast:192.168.219.255 >> Mask:255.255.255.0 >> inet6 addr: fe80::250:56ff:fec0:4/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:25 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) >> >> vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08 >> inet addr:192.168.167.1 Bcast:192.168.167.255 >> Mask:255.255.255.0 >> inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) >> >> Hashimoto Hisashi >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss at lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > From bcook at poughkeepsieschools.org Thu Oct 8 17:49:35 2009 From: bcook at poughkeepsieschools.org (B. Cook) Date: Thu, 08 Oct 2009 12:49:35 -0400 Subject: [Dnsmasq-discuss] reload and restart; difference between? Message-ID: <4ACE181F.3080606@poughkeepsieschools.org> This might be a FreeBSD -only- question but.. Dnsmasq version 2.50 Copyright (C) 2000-2009 Simon Kelley Compile time options no-IPv6 GNU-getopt no-DBus no-I18N DHCP TFTP So I have a seemingly complex setup.. but suffice to say it all works as designed.. I only hand out dhcp to known addresses; we recently had a deployment of 300 new computers, which did not get entered into the "known hosts" file. I did add the "known hostname" which allowed the pc to get an IP while its machine name matched the "known". I made a little script that would grep the logs for the MAC addresses of the "known" hostname and add it to the "known hosts" file; and then restart the dnsmasq process (which was also doing dns). This usually takes dnsmasq about 3-5 seconds to restart, which then causes people to be w/o dns (on a network of almost 3k machines) and makes the phone ring from time to time.. breaks cups in weird ways.. i.e. creates problems.. So I found that I could -reload- dnsmasq instead of -restart- it, but it seems that -reload- does not -reread- everything that has changed.. Is there someway to make this happen? or someway to get a -reload- to look at all the .conf and/or include files again? Or is there something easier that I could do to accomplish what I am looking for? From ourspamtrap at yahoo.com Thu Oct 8 18:00:09 2009 From: ourspamtrap at yahoo.com (nitmd) Date: Thu, 8 Oct 2009 10:00:09 -0700 (PDT) Subject: [Dnsmasq-discuss] Local addresses don't come back as local Message-ID: <150154.10237.qm@web53902.mail.re2.yahoo.com> I'm working on installing dnsmasq for my small network.? I have it up and running, but the addresses I'm getting don't make sense. My network is 192.168.27.?? I have a machine named fred.? If I ping fred, I get a response Reply from 216.146.8.16:? etc etc I'm wondering what I missed in setup, as it should come back from 192.168.27.xx -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091008/95da580d/attachment.htm From ourspamtrap at yahoo.com Thu Oct 8 18:05:17 2009 From: ourspamtrap at yahoo.com (nitmd) Date: Thu, 8 Oct 2009 10:05:17 -0700 (PDT) Subject: [Dnsmasq-discuss] local dns not local [solved??] Message-ID: <19741.13407.qm@web53912.mail.re2.yahoo.com> I found part of the problem, at least; my windows machine reverted to an older dns server setting for some reason and was ignoring the local machine.? I'll see if this happens again and deal with it then. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091008/082a996e/attachment.htm From ourspamtrap at yahoo.com Thu Oct 8 21:11:23 2009 From: ourspamtrap at yahoo.com (nitmd) Date: Thu, 8 Oct 2009 13:11:23 -0700 (PDT) Subject: [Dnsmasq-discuss] DNS server changing -solved Message-ID: <46756.46425.qm@web53911.mail.re2.yahoo.com> I was having trouble with my dnsmasq server being ignored, discovered it was because my windows machine was changing my dns server addresses without my knowledge.? I found out this is because I am using the dyndns updater, and had the "internet guide" enabled.? This apparently causes dyndns to change your server settings to use their server, eliminating the settings you have put in.? If you use that updater, watch for the option to enable/disable this service when you install. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091008/21adc163/attachment.htm From david at howes.net.nz Thu Oct 8 23:29:11 2009 From: david at howes.net.nz (David Howes) Date: Fri, 9 Oct 2009 11:29:11 +1300 Subject: [Dnsmasq-discuss] Setting to always serve from /etc/hosts, even when upstream servers are down. Message-ID: Hi! I have DNSMasq in a local network, we have one issue. When the upstream servers are down DNSMasq won't even serve entries from the /etc/hosts file. I need DNSMasq always to serve from the /etc/hosts file if an entry exists, even if the upstream servers are down. Is this possible with DNSMasq currently, if not, can it be added? Thanks in advance, David Howes. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091009/580cc6f8/attachment.htm From richardvoigt at gmail.com Fri Oct 9 01:54:44 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Thu, 8 Oct 2009 19:54:44 -0500 Subject: [Dnsmasq-discuss] reload and restart; difference between? In-Reply-To: <4ACE181F.3080606@poughkeepsieschools.org> References: <4ACE181F.3080606@poughkeepsieschools.org> Message-ID: <2e59e6970910081754t378517esbe8594d956929b79@mail.gmail.com> Use a separate hostsfile, which is read during reload. The configuration file cannot be reprocessed without a complete restart because dnsmasq drops root early on and no longer has the permission needed to listen on privileged ports.. On Thu, Oct 8, 2009 at 11:49 AM, B. Cook wrote: > This might be a FreeBSD -only- question but.. > > Dnsmasq version 2.50 ?Copyright (C) 2000-2009 Simon Kelley > Compile time options no-IPv6 GNU-getopt no-DBus no-I18N DHCP TFTP > > > So I have a seemingly complex setup.. but suffice to say it all works as > ?designed.. > > I only hand out dhcp to known addresses; we recently had a deployment of > 300 new computers, which did not get entered into the "known hosts" file. > > I did add the "known hostname" which allowed the pc to get an IP while > its machine name matched the "known". ?I made a little script that would > grep the logs for the MAC addresses of the "known" hostname and add it > to the "known hosts" file; and then restart the dnsmasq process (which > was also doing dns). > > This usually takes dnsmasq about 3-5 seconds to restart, which then > causes people to be w/o dns (on a network of almost 3k machines) and > makes the phone ring from time to time.. breaks cups in weird ways.. > i.e. creates problems.. > > So I found that I could -reload- dnsmasq instead of -restart- it, but it > seems that -reload- does not -reread- everything that has changed.. > > Is there someway to make this happen? or someway to get a -reload- to > look at all the .conf and/or include files again? > > Or is there something easier that I could do to accomplish what I am > looking for? > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From eldonz at atlanticdb.com Sat Oct 10 17:57:46 2009 From: eldonz at atlanticdb.com (Eldon Ziegler) Date: Sat, 10 Oct 2009 12:57:46 -0400 Subject: [Dnsmasq-discuss] Use Fedora 11 kickstart with dnsmasq? Message-ID: <1255193866.2926.423.camel@carmen.atlantic> Simon, Is there a way to have dnsmasq give a Fedora 11 install the location of a kickstart file? From http://docs.fedoraproject.org/install-guide/f11/en-US/html/s2-kickstart2-networkbased.html Here is an example of a line from the dhcpd.conf file for the DHCP server: filename "/usr/new-machine/kickstart/"; next-server blarg.redhat.com; Note that you should replace the value after filename with the name of the kickstart file (or the directory in which the kickstart file resides) and the value after next-server with the NFS server name. Thanks, Eldon From richardvoigt at gmail.com Sat Oct 10 19:17:20 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Sat, 10 Oct 2009 13:17:20 -0500 Subject: [Dnsmasq-discuss] Use Fedora 11 kickstart with dnsmasq? In-Reply-To: <1255193866.2926.423.camel@carmen.atlantic> References: <1255193866.2926.423.camel@carmen.atlantic> Message-ID: <2e59e6970910101117v785e0de5j163b6a9e856f17ff@mail.gmail.com> dnsmasq can give out NFS file information, it's needed for BOOTP. You'll want to make sure to mark the configuration so the kickstart information only goes out to fedora-class clients. Having a BOOTP BIOS try to load your kickstart as a kernel is probably not going to have the results you want. On Sat, Oct 10, 2009 at 11:57 AM, Eldon Ziegler wrote: > Simon, > > Is there a way to have dnsmasq give a Fedora 11 install the location of > a kickstart file? > > From > http://docs.fedoraproject.org/install-guide/f11/en-US/html/s2-kickstart2-networkbased.html > > Here is an example of a line from the dhcpd.conf file for the DHCP server: > > filename "/usr/new-machine/kickstart/"; next-server blarg.redhat.com; > > Note that you should replace the value after filename with the name of > the kickstart file (or the directory in which the kickstart file > resides) and the value after next-server with the NFS server name. > > Thanks, > Eldon > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From eldonz at atlanticdb.com Sun Oct 11 12:42:38 2009 From: eldonz at atlanticdb.com (Eldon Ziegler) Date: Sun, 11 Oct 2009 07:42:38 -0400 Subject: [Dnsmasq-discuss] Use Fedora 11 kickstart with dnsmasq? In-Reply-To: <2e59e6970910101117v785e0de5j163b6a9e856f17ff@mail.gmail.com> References: <1255193866.2926.423.camel@carmen.atlantic> <2e59e6970910101117v785e0de5j163b6a9e856f17ff@mail.gmail.com> Message-ID: <1255261358.2926.429.camel@carmen.atlantic> Thanks for the information. What should be added to the dnsmasq.conf file to make this work? On Sat, 2009-10-10 at 13:17 -0500, richardvoigt at gmail.com wrote: > dnsmasq can give out NFS file information, it's needed for BOOTP. > > You'll want to make sure to mark the configuration so the kickstart > information only goes out to fedora-class clients. Having a BOOTP > BIOS try to load your kickstart as a kernel is probably not going to > have the results you want. > > On Sat, Oct 10, 2009 at 11:57 AM, Eldon Ziegler wrote: > > Simon, > > > > Is there a way to have dnsmasq give a Fedora 11 install the location of > > a kickstart file? > > > > From > > http://docs.fedoraproject.org/install-guide/f11/en-US/html/s2-kickstart2-networkbased.html > > > > Here is an example of a line from the dhcpd.conf file for the DHCP server: > > > > filename "/usr/new-machine/kickstart/"; next-server blarg.redhat.com; > > > > Note that you should replace the value after filename with the name of > > the kickstart file (or the directory in which the kickstart file > > resides) and the value after next-server with the NFS server name. > > > > Thanks, > > Eldon > > > > > > > > _______________________________________________ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss at lists.thekelleys.org.uk > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > From clintonlee.taylor at gmail.com Sun Oct 11 14:26:34 2009 From: clintonlee.taylor at gmail.com (Clinton Lee Taylor) Date: Sun, 11 Oct 2009 15:26:34 +0200 Subject: [Dnsmasq-discuss] Multiple resolv.conf files ... Message-ID: Greetings ... Got to thank Simon for some really great work ... DnsMasq has made my life so much easier for so long, thanks does not seem enough ... Been looking into creating a Linux Router that can be used for internet connection fall over, when the primary internet connection fails, I would like to have the router switch to the backup. I know that DnsMasq can't really help with this, but, I'm looking at making a second connection, using 3G ... So, my problem is that without making very complicated scripts, could we not make DnsMasq be able to read multiple resolv.conf type files ... The reason I would like this, is that each internet facing interface, using something like DHCP, would have their own DNS server list that I could get DnsMasq to read/use, so that DNS queries would be sent down each active internet interface ... Thanks Mailed LeeT From richardvoigt at gmail.com Sun Oct 11 20:04:38 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Sun, 11 Oct 2009 14:04:38 -0500 Subject: [Dnsmasq-discuss] Use Fedora 11 kickstart with dnsmasq? In-Reply-To: <1255261358.2926.429.camel@carmen.atlantic> References: <1255193866.2926.423.camel@carmen.atlantic> <2e59e6970910101117v785e0de5j163b6a9e856f17ff@mail.gmail.com> <1255261358.2926.429.camel@carmen.atlantic> Message-ID: <2e59e6970910111204l7e4f8193x7f2c06fc940099c9@mail.gmail.com> Sorry for the misinformation. BOOTP support in dnsmasq provides a TFTP server. Are you sure the reference to NFS in the kickstart docs shouldn't really be TFTP? In any case, the BOOTP RFC seems to suggest that alternate protocols are possible. Try using the dhcp-boot directive in your dnsmasq configuration. Also try reading the excellent man page provided by Simon (dnsmasq's author). On Sun, Oct 11, 2009 at 6:42 AM, Eldon Ziegler wrote: > Thanks for the information. What should be added to the dnsmasq.conf > file to make this work? > > > On Sat, 2009-10-10 at 13:17 -0500, richardvoigt at gmail.com wrote: >> dnsmasq can give out NFS file information, it's needed for BOOTP. >> >> You'll want to make sure to mark the configuration so the kickstart >> information only goes out to fedora-class clients. ?Having a BOOTP >> BIOS try to load your kickstart as a kernel is probably not going to >> have the results you want. >> >> On Sat, Oct 10, 2009 at 11:57 AM, Eldon Ziegler wrote: >> > Simon, >> > >> > Is there a way to have dnsmasq give a Fedora 11 install the location of >> > a kickstart file? >> > >> > From >> > http://docs.fedoraproject.org/install-guide/f11/en-US/html/s2-kickstart2-networkbased.html >> > >> > Here is an example of a line from the dhcpd.conf file for the DHCP server: >> > >> > filename "/usr/new-machine/kickstart/"; next-server blarg.redhat.com; >> > >> > Note that you should replace the value after filename with the name of >> > the kickstart file (or the directory in which the kickstart file >> > resides) and the value after next-server with the NFS server name. >> > >> > Thanks, >> > Eldon >> > >> > >> > >> > _______________________________________________ >> > Dnsmasq-discuss mailing list >> > Dnsmasq-discuss at lists.thekelleys.org.uk >> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > > > From richardvoigt at gmail.com Sun Oct 11 20:07:38 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Sun, 11 Oct 2009 14:07:38 -0500 Subject: [Dnsmasq-discuss] Multiple resolv.conf files ... In-Reply-To: References: Message-ID: <2e59e6970910111207w7672041bt9c7dd932f9adb467@mail.gmail.com> On Sun, Oct 11, 2009 at 8:26 AM, Clinton Lee Taylor wrote: > Greetings ... > > ?Got to thank Simon for some really great work ... DnsMasq has made my > life so much easier for so long, thanks does not seem enough ... > > ?Been looking into creating a Linux Router that can be used for > internet connection fall over, when the primary internet connection > fails, I would like to have the router switch to the backup. ?I know > that DnsMasq can't really help with this, but, I'm looking at making a > second connection, using 3G ... > > ?So, my problem is that without making very complicated scripts, could > we not make DnsMasq be able to read multiple resolv.conf type files Simon already has this covered, read your man page, which says "Dnsmasq can be told to poll more than one resolv.conf file". http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html You'll solve your problem a lot faster than waiting for an answer from the list. > ... > > ?The reason I would like this, is that each internet facing interface, > using something like DHCP, would have their own DNS server list that I > could get DnsMasq to read/use, so that DNS queries would be sent down > each active internet interface ... > > Thanks > Mailed > LeeT > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From simon at thekelleys.org.uk Tue Oct 13 18:04:56 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Tue, 13 Oct 2009 18:04:56 +0100 Subject: [Dnsmasq-discuss] Announce: dnsmasq-2.51 Message-ID: <4AD4B338.7080206@thekelleys.org.uk> Dnsmasq 2.51 is now available from http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.51.tar.gz The Changelog looks like this: Add support for internationalised DNS. Non-ASCII characters in domain names found in /etc/hosts, /etc/ethers and /etc/dnsmasq.conf will be correctly handled by translation to punycode, as specified in RFC3490. This function is only available if dnsmasq is compiled with internationalisation support, and adds a dependency on GNU libidn. Without i18n support, dnsmasq continues to be compilable with just standard tools. Thanks to Yves Dorfsman for the suggestion. Add two more environment variables for lease-change scripts: First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname supplied by a client, even if the actual hostname used is over-ridden by dhcp-host or dhcp-ignore-names directives. Also DNSMASQ_RELAY_ADDRESS which gives the address of a DHCP relay, if used. Suggestions from Michael Rack. Fix regression which broke echo of relay-agent options. Thanks to Michael Rack for spotting this. Don't treat option 67 as being interchangeable with dhcp-boot parameters if it's specified as dhcp-option-force. Make the code to call scripts on lease-change compile-time optional. It can be switched off by editing src/config.h or building with "make COPTS=-DNO_SCRIPT". Make the TFTP server cope with filenames from Windows/DOS which use '\' as pathname separator. Thanks to Ralf for the patch. Updated Polish translation. Thanks to Jan Psota. Warn if an IP address is duplicated in /etc/ethers. Thanks to Felix Schwarz for pointing this out. Teach --conf-dir to take an option list of file suffices which will be ignored when scanning the directory. Useful for backup files etc. Thanks to Helmut Hullen for the suggestion. Add new DHCP option named tftpserver-address, which corresponds to the third argument of dhcp-boot. This allows the complete functionality of dhcp-boot to be replicated with dhcp-option. Useful when using dhcp-optsfile. Test which upstream nameserver to use every 10 seconds or 50 queries and not just when a query times out and is retried. This should improve performance when there is a slow nameserver in the list. Thanks to Joe for the suggestion. Don't do any PXE processing, even for clients with the correct vendorclass, unless at least one pxe-prompt or pxe-service option is given. This stops dnsmasq interfering with proxy PXE subsystems when it is just the DHCP server. Thanks to Spencer Clark for spotting this. Limit the blocksize used for TFTP transfers to a value which avoids packet fragmentation, based on the MTU of the local interface. Many netboot ROMs can't cope with fragmented packets. Honour dhcp-ignore configuration for PXE and proxy-PXE requests. Thanks to Niels Basjes for the bug report. Updated French translation. Thanks to Gildas Le Nadan. Cheers, Simon. From tommy at brander.nu Wed Oct 14 08:29:07 2009 From: tommy at brander.nu (Tommy Brander) Date: Wed, 14 Oct 2009 09:29:07 +0200 Subject: [Dnsmasq-discuss] Problems with custom dhcp-script and leasefile-ro Message-ID: <1255505347.5144.0.camel@pisces> Hi All I'm using dnsmasq version 2.47 on Ubuntu Server Jaunty with a custom dhcp-script and the option leasefile-ro. The script is a PHP file which stores the lease database together with available DHCP options (vendorid and so on) in a PostgreSQL database. After a restart of dnsmasq, when the script is called with init, i read the active leases and print them with the following statement: fputs(STDOUT, "$lease"); where $lease = '1255470657 00:1f:29:b4:84:82 192.168.0.194 pisces *'. Observe that this is without any added \n. I also log this to a log file, that after init contains the following: 2009-10-13 23:23:18 - init: 1255470657 00:1f:29:b4:84:82 192.168.0.194 pisces * 2009-10-13 23:23:18 - init: 1255470430 00:01:38:99:52:80 192.168.0.182 betelgeuse 01:00:01:38:99:52:80 2009-10-13 23:23:18 - init: 1255470317 00:21:00:d2:25:4e 192.168.0.113 Delphinus 01:00:21:00:d2:25:4e 2009-10-13 23:23:18 - init: 1255470271 08:00:27:23:dd:64 192.168.0.104 caelum 01:08:00:27:23:dd:64 2009-10-13 23:23:18 - init: 1255470066 00:02:61:0f:c2:ec 192.168.0.123 * 01:00:02:61:0f:c2:ec In the syslog, the following rows has appeared: Oct 13 23:23:17 aurora dnsmasq[5420]: exiting on receipt of SIGTERM Oct 13 23:23:18 aurora dnsmasq[5611]: started, version 2.47 cachesize 150 Oct 13 23:23:18 aurora dnsmasq[5611]: compile time options: IPv6 GNU-getopt DBus I18N TFTP Oct 13 23:23:18 aurora dnsmasq[5611]: DHCP, IP range 192.168.0.101 -- 192.168.0.199, lease time 30m Oct 13 23:23:18 aurora dnsmasq[5611]: reading /etc/resolv.conf Oct 13 23:23:18 aurora dnsmasq[5611]: using nameserver 195.54.122.200#53 Oct 13 23:23:18 aurora dnsmasq[5611]: using nameserver 195.54.122.198#53 Oct 13 23:23:18 aurora dnsmasq[5611]: read /etc/hosts - 21 addresses The problem I'm having with this setup is that when the host pisces, which is a Ubuntu Karmic host, request it's next IP, the event generated is not an 'Old' but an 'Add'. This is the row that appears in my dhcp log file: 2009-10-13 23:23:45 - add: 00:1f:29:b4:84:82 192.168.0.194 pisces eth1 1800 brander.local Is that correct? The client first does two DHCPREQUEST, which dnsmasq host responds with DHCPNAK. Then the client does a DHCPDISCOVER and gets an IP - some times the same IP, some times a different IP. Is this a feature or a bug? Since dnsmasq read the lease file during init, it should give out the same address and generate an 'Old' event. Or am I just stupid? Can anyone help me? Best Regards, Tommy Brander tommy at brander.nu ? www.brander.nu Viam inveniam aut faciam - I shall either find a way or make one Best Regards, Tommy Brander tommy at brander.nu ? www.brander.nu Viam inveniam aut faciam - I shall either find a way or make one -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091014/5a18ed9f/attachment.htm From simon at thekelleys.org.uk Wed Oct 14 09:07:34 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Wed, 14 Oct 2009 09:07:34 +0100 Subject: [Dnsmasq-discuss] Problems with custom dhcp-script and leasefile-ro In-Reply-To: <1255505347.5144.0.camel@pisces> References: <1255505347.5144.0.camel@pisces> Message-ID: <4AD586C6.2050709@thekelleys.org.uk> Tommy Brander wrote: > Hi All > > I'm using dnsmasq version 2.47 on Ubuntu Server Jaunty with a custom > dhcp-script and the option leasefile-ro. The script is a PHP file which > stores the lease database together with available DHCP options (vendorid > and so on) in a PostgreSQL database. > After a restart of dnsmasq, when the script is called with init, i read > the active leases and print them with the following statement: > > fputs(STDOUT, "$lease"); > > where $lease = '1255470657 00:1f:29:b4:84:82 192.168.0.194 pisces *'. > Observe that this is without any added \n. > > I also log this to a log file, that after init contains the following: > > 2009-10-13 23:23:18 - init: 1255470657 00:1f:29:b4:84:82 192.168.0.194 > pisces * > 2009-10-13 23:23:18 - init: 1255470430 00:01:38:99:52:80 192.168.0.182 > betelgeuse 01:00:01:38:99:52:80 > 2009-10-13 23:23:18 - init: 1255470317 00:21:00:d2:25:4e 192.168.0.113 > Delphinus 01:00:21:00:d2:25:4e > 2009-10-13 23:23:18 - init: 1255470271 08:00:27:23:dd:64 192.168.0.104 > caelum 01:08:00:27:23:dd:64 > 2009-10-13 23:23:18 - init: 1255470066 00:02:61:0f:c2:ec 192.168.0.123 * > 01:00:02:61:0f:c2:ec > > In the syslog, the following rows has appeared: > > Oct 13 23:23:17 aurora dnsmasq[5420]: exiting on receipt of SIGTERM > Oct 13 23:23:18 aurora dnsmasq[5611]: started, version 2.47 cachesize 150 > Oct 13 23:23:18 aurora dnsmasq[5611]: compile time options: IPv6 > GNU-getopt DBus I18N TFTP > Oct 13 23:23:18 aurora dnsmasq[5611]: DHCP, IP range 192.168.0.101 -- > 192.168.0.199, lease time 30m > Oct 13 23:23:18 aurora dnsmasq[5611]: reading /etc/resolv.conf > Oct 13 23:23:18 aurora dnsmasq[5611]: using nameserver 195.54.122.200#53 > Oct 13 23:23:18 aurora dnsmasq[5611]: using nameserver 195.54.122.198#53 > Oct 13 23:23:18 aurora dnsmasq[5611]: read /etc/hosts - 21 addresses > > The problem I'm having with this setup is that when the host pisces, > which is a Ubuntu Karmic host, request it's next IP, the event generated > is not an 'Old' but an 'Add'. This is the row that appears in my dhcp > log file: > > 2009-10-13 23:23:45 - add: 00:1f:29:b4:84:82 192.168.0.194 pisces eth1 > 1800 brander.local > > Is that correct? The client first does two DHCPREQUEST, which dnsmasq > host responds with DHCPNAK. Then the client does a DHCPDISCOVER and gets > an IP - some times the same IP, some times a different IP. Is this a > feature or a bug? > > Since dnsmasq read the lease file during init, it should give out the > same address and generate an 'Old' event. Or am I just stupid? > > Can anyone help me? > I guess the first step is to find out exactly what leases dnsmasq has in its database after the "init" event. The easiest way to do this is to run dnsmasq with the --no-daemon --log-queries flags, and then send it a USR1 signal. That will dump the DNS cache to the stdout. DNS entries which arise from DHCP leases will have a "D" in the flags field. You should see one for each of your DHCP leases which have a name. My guess, without looking in detail, is that you have already found the problem - the lack of newline characters. HTH Simon. From dnsmasq.list at michaelrack.de Wed Oct 14 09:47:20 2009 From: dnsmasq.list at michaelrack.de (Michael Rack) Date: Wed, 14 Oct 2009 10:47:20 +0200 Subject: [Dnsmasq-discuss] Problems with custom dhcp-script and leasefile-ro In-Reply-To: <4AD586C6.2050709@thekelleys.org.uk> References: <1255505347.5144.0.camel@pisces> <4AD586C6.2050709@thekelleys.org.uk> Message-ID: <4AD59018.5070309@michaelrack.de> Of course, the newline character ist the problem :-D fwrite is a binary-safe file write function. You have to replace your code-line with: fputs(STDOUT, $lease . chr(10)); And please .. PLEASE .. remove the double-quotes! What to the hell should the double-quotes make sense? Double-Quotes in PHP make the script execution slower, because PHP have to handle inline-defined-variables. Cheers, Michael. Am 14.10.2009 10:07, schrieb Simon Kelley: > Tommy Brander wrote: > >> Hi All >> >> I'm using dnsmasq version 2.47 on Ubuntu Server Jaunty with a custom >> dhcp-script and the option leasefile-ro. The script is a PHP file which >> stores the lease database together with available DHCP options (vendorid >> and so on) in a PostgreSQL database. >> After a restart of dnsmasq, when the script is called with init, i read >> the active leases and print them with the following statement: >> >> fputs(STDOUT, "$lease"); >> >> where $lease = '1255470657 00:1f:29:b4:84:82 192.168.0.194 pisces *'. >> Observe that this is without any added \n. >> >> I also log this to a log file, that after init contains the following: >> >> 2009-10-13 23:23:18 - init: 1255470657 00:1f:29:b4:84:82 192.168.0.194 >> pisces * >> 2009-10-13 23:23:18 - init: 1255470430 00:01:38:99:52:80 192.168.0.182 >> betelgeuse 01:00:01:38:99:52:80 >> 2009-10-13 23:23:18 - init: 1255470317 00:21:00:d2:25:4e 192.168.0.113 >> Delphinus 01:00:21:00:d2:25:4e >> 2009-10-13 23:23:18 - init: 1255470271 08:00:27:23:dd:64 192.168.0.104 >> caelum 01:08:00:27:23:dd:64 >> 2009-10-13 23:23:18 - init: 1255470066 00:02:61:0f:c2:ec 192.168.0.123 * >> 01:00:02:61:0f:c2:ec >> >> In the syslog, the following rows has appeared: >> >> Oct 13 23:23:17 aurora dnsmasq[5420]: exiting on receipt of SIGTERM >> Oct 13 23:23:18 aurora dnsmasq[5611]: started, version 2.47 cachesize 150 >> Oct 13 23:23:18 aurora dnsmasq[5611]: compile time options: IPv6 >> GNU-getopt DBus I18N TFTP >> Oct 13 23:23:18 aurora dnsmasq[5611]: DHCP, IP range 192.168.0.101 -- >> 192.168.0.199, lease time 30m >> Oct 13 23:23:18 aurora dnsmasq[5611]: reading /etc/resolv.conf >> Oct 13 23:23:18 aurora dnsmasq[5611]: using nameserver 195.54.122.200#53 >> Oct 13 23:23:18 aurora dnsmasq[5611]: using nameserver 195.54.122.198#53 >> Oct 13 23:23:18 aurora dnsmasq[5611]: read /etc/hosts - 21 addresses >> >> The problem I'm having with this setup is that when the host pisces, >> which is a Ubuntu Karmic host, request it's next IP, the event generated >> is not an 'Old' but an 'Add'. This is the row that appears in my dhcp >> log file: >> >> 2009-10-13 23:23:45 - add: 00:1f:29:b4:84:82 192.168.0.194 pisces eth1 >> 1800 brander.local >> >> Is that correct? The client first does two DHCPREQUEST, which dnsmasq >> host responds with DHCPNAK. Then the client does a DHCPDISCOVER and gets >> an IP - some times the same IP, some times a different IP. Is this a >> feature or a bug? >> >> Since dnsmasq read the lease file during init, it should give out the >> same address and generate an 'Old' event. Or am I just stupid? >> >> Can anyone help me? >> >> > I guess the first step is to find out exactly what leases dnsmasq has in > its database after the "init" event. The easiest way to do this is to > run dnsmasq with the --no-daemon --log-queries flags, and then send it a > USR1 signal. That will dump the DNS cache to the stdout. DNS entries > which arise from DHCP leases will have a "D" in the flags field. You > should see one for each of your DHCP leases which have a name. > > My guess, without looking in detail, is that you have already found the > problem - the lack of newline characters. > > HTH > > Simon. > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From clintonlee.taylor at gmail.com Wed Oct 14 11:51:54 2009 From: clintonlee.taylor at gmail.com (Clinton Lee Taylor) Date: Wed, 14 Oct 2009 12:51:54 +0200 Subject: [Dnsmasq-discuss] Multiple resolv.conf files ... In-Reply-To: <2e59e6970910111207w7672041bt9c7dd932f9adb467@mail.gmail.com> References: <2e59e6970910111207w7672041bt9c7dd932f9adb467@mail.gmail.com> Message-ID: Greetings ... >> ?Been looking into creating a Linux Router that can be used for >> internet connection fall over, when the primary internet connection >> fails, I would like to have the router switch to the backup. ?I know >> that DnsMasq can't really help with this, but, I'm looking at making a >> second connection, using 3G ... >> >> ?So, my problem is that without making very complicated scripts, could >> we not make DnsMasq be able to read multiple resolv.conf type files > > Simon already has this covered, read your man page, which says > "Dnsmasq can be told to poll more than one resolv.conf file". Arh, yes ... I did see this and hoped that it would work similar to other multiple options ... > http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html Went through that, but I did not get it to work as I had hoped ... > You'll solve your problem a lot faster than waiting for an answer from the list. Mmm, right and wrong ... If you read the little bit before, I was hoping that I could read multiple resolv.conf type files, but testing showed something that did not seem to be working as I had expected ... Was hoping that either what I was epxecting, could be helped or maybe another insight into another way to do a similar thing ... >> ?The reason I would like this, is that each internet facing interface, >> using something like DHCP, would have their own DNS server list that I >> could get DnsMasq to read/use, so that DNS queries would be sent down >> each active internet interface ... I added to my dnsmasq.conf file two lines as follows ... resolv-file=/etc/resolv.conf.dnsmasq-eth0 resolv-file=/etc/resolv.conf.dnsmasq-3g But when I restart dnsmasq, it only list the last resolv.conf file and the dns server there in ... Do I need to use the -r option from the command line ( init script ) or can this option be used in the dnsmasq.conf file? Oct 14 12:49:30 hermes dnsmasq[8652]: exiting on receipt of SIGTERM Oct 14 12:49:30 hermes dnsmasq[8700]: started, version 2.45 cachesize 150 Oct 14 12:49:30 hermes dnsmasq[8700]: compile time options: IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N TFTP Oct 14 12:49:30 hermes dnsmasq[8700]: DHCP, IP range 192.168.1.65 -- 192.168.1.115, lease time 4h Oct 14 12:49:30 hermes dnsmasq[8700]: reading /etc/resolv.conf.dnsmasq-3g Oct 14 12:49:30 hermes dnsmasq[8700]: using nameserver 208.67.222.222#53 Oct 14 12:49:30 hermes dnsmasq[8700]: read /etc/hosts - 8 addresses Thanks Mailed LeeT From simon at thekelleys.org.uk Wed Oct 14 12:03:28 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Wed, 14 Oct 2009 12:03:28 +0100 Subject: [Dnsmasq-discuss] Multiple resolv.conf files ... In-Reply-To: References: <2e59e6970910111207w7672041bt9c7dd932f9adb467@mail.gmail.com> Message-ID: <4AD5B000.1030708@thekelleys.org.uk> Clinton Lee Taylor wrote: > Greetings ... > >>> Been looking into creating a Linux Router that can be used for >>> internet connection fall over, when the primary internet connection >>> fails, I would like to have the router switch to the backup. I know >>> that DnsMasq can't really help with this, but, I'm looking at making a >>> second connection, using 3G ... >>> >>> So, my problem is that without making very complicated scripts, could >>> we not make DnsMasq be able to read multiple resolv.conf type files >> Simon already has this covered, read your man page, which says >> "Dnsmasq can be told to poll more than one resolv.conf file". > Arh, yes ... I did see this and hoped that it would work similar to > other multiple options ... > >> http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html > Went through that, but I did not get it to work as I had hoped ... > >> You'll solve your problem a lot faster than waiting for an answer from the list. > Mmm, right and wrong ... If you read the little bit before, I was > hoping that I could read multiple resolv.conf type files, but testing > showed something that did not seem to be working as I had expected ... > Was hoping that either what I was epxecting, could be helped or maybe > another insight into another way to do a similar thing ... > >>> The reason I would like this, is that each internet facing interface, >>> using something like DHCP, would have their own DNS server list that I >>> could get DnsMasq to read/use, so that DNS queries would be sent down >>> each active internet interface ... > > I added to my dnsmasq.conf file two lines as follows ... > > resolv-file=/etc/resolv.conf.dnsmasq-eth0 > resolv-file=/etc/resolv.conf.dnsmasq-3g > > But when I restart dnsmasq, it only list the last resolv.conf file > and the dns server there in ... Do I need to use the -r option from > the command line ( init script ) or can this option be used in the > dnsmasq.conf file? > > Oct 14 12:49:30 hermes dnsmasq[8652]: exiting on receipt of SIGTERM > Oct 14 12:49:30 hermes dnsmasq[8700]: started, version 2.45 cachesize 150 > Oct 14 12:49:30 hermes dnsmasq[8700]: compile time options: IPv6 > GNU-getopt no-ISC-leasefile no-DBus no-I18N TFTP > Oct 14 12:49:30 hermes dnsmasq[8700]: DHCP, IP range 192.168.1.65 -- > 192.168.1.115, lease time 4h > Oct 14 12:49:30 hermes dnsmasq[8700]: reading /etc/resolv.conf.dnsmasq-3g > Oct 14 12:49:30 hermes dnsmasq[8700]: using nameserver 208.67.222.222#53 > Oct 14 12:49:30 hermes dnsmasq[8700]: read /etc/hosts - 8 addresses > > Thanks > Mailed > LeeT Dnsmasq checks the modification times of both (all) the files, and uses the one that was changed last. Try this: touch /etc/resolv.conf.dnsmasq-eth0 dig www.google.com You should see dnsmasq read the eth0 file and start to use the nameservers in there. You need to ensure that the relevant resolv.conf file is updated when a network link goes live and all should be well. Cheers, Simon. From clintonlee.taylor at gmail.com Wed Oct 14 13:27:09 2009 From: clintonlee.taylor at gmail.com (Clinton Lee Taylor) Date: Wed, 14 Oct 2009 14:27:09 +0200 Subject: [Dnsmasq-discuss] Multiple resolv.conf files ... In-Reply-To: <4AD5B000.1030708@thekelleys.org.uk> References: <2e59e6970910111207w7672041bt9c7dd932f9adb467@mail.gmail.com> <4AD5B000.1030708@thekelleys.org.uk> Message-ID: Greetings ... Thanks for the quick responce ... >>>> ?Been looking into creating a Linux Router that can be used for >>>> internet connection fall over, when the primary internet connection >>>> fails, I would like to have the router switch to the backup. ?I know >>>> that DnsMasq can't really help with this, but, I'm looking at making a >>>> second connection, using 3G ... >>>> >>>> ?So, my problem is that without making very complicated scripts, could >>>> we not make DnsMasq be able to read multiple resolv.conf type files >>> >>> Simon already has this covered, read your man page, which says >>> "Dnsmasq can be told to poll more than one resolv.conf file". >> >> ?Arh, yes ... I did see this and hoped that it would work similar to >> other multiple options ... >> >>> http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html >> >> ?Went through that, but I did not get it to work as I had hoped ... >> >>> You'll solve your problem a lot faster than waiting for an answer from >>> the list. >> >> ?Mmm, right and wrong ... If you read the little bit before, I was >> hoping that I could read multiple resolv.conf type files, but testing >> showed something that did not seem to be working as I had expected ... >> Was hoping that either what I was epxecting, could be helped or maybe >> another insight into another way to do a similar thing ... >> >>>> ?The reason I would like this, is that each internet facing interface, >>>> using something like DHCP, would have their own DNS server list that I >>>> could get DnsMasq to read/use, so that DNS queries would be sent down >>>> each active internet interface ... >> >> ?I added to my dnsmasq.conf file two lines as follows ... >> >> resolv-file=/etc/resolv.conf.dnsmasq-eth0 >> resolv-file=/etc/resolv.conf.dnsmasq-3g >> >> ?But when I restart dnsmasq, it only list the last resolv.conf file >> and the dns server there in ... Do I need to use the -r option from >> the command line ( init script ) or can this option be used in the >> dnsmasq.conf file? >> >> Oct 14 12:49:30 hermes dnsmasq[8652]: exiting on receipt of SIGTERM >> Oct 14 12:49:30 hermes dnsmasq[8700]: started, version 2.45 cachesize 150 >> Oct 14 12:49:30 hermes dnsmasq[8700]: compile time options: IPv6 >> GNU-getopt no-ISC-leasefile no-DBus no-I18N TFTP >> Oct 14 12:49:30 hermes dnsmasq[8700]: DHCP, IP range 192.168.1.65 -- >> 192.168.1.115, lease time 4h >> Oct 14 12:49:30 hermes dnsmasq[8700]: reading /etc/resolv.conf.dnsmasq-3g >> Oct 14 12:49:30 hermes dnsmasq[8700]: using nameserver 208.67.222.222#53 >> Oct 14 12:49:30 hermes dnsmasq[8700]: read /etc/hosts - 8 addresses >> >> Thanks >> Mailed >> LeeT > > Dnsmasq checks the modification times of both (all) the files, and uses the > one that was changed last. Try this: > > touch /etc/resolv.conf.dnsmasq-eth0 > dig www.google.com Arh! Okay, when I was restarting dnsmasq, I was only seeing the changes of the last file ... > You should see dnsmasq read the eth0 file and start to use the nameservers > in there. Oct 14 13:38:38 neuropeptide dnsmasq[20760]: reading /etc/resolv.conf.dnsmasq Oct 14 13:38:38 neuropeptide dnsmasq[20760]: using nameserver 196.212.159.193#53 Oct 14 13:38:38 neuropeptide dnsmasq[20760]: using nameserver 168.210.2.2#53 Oct 14 13:38:44 neuropeptide dnsmasq[20760]: reading /etc/resolv.conf.dnsmasq-odns Oct 14 13:38:44 neuropeptide dnsmasq[20760]: using nameserver 208.67.220.220#53 Oct 14 13:38:44 neuropeptide dnsmasq[20760]: using nameserver 208.67.222.222#53 Should not dnsmasq list all name servers and resolv files when restarted or started? Touching the resolv files works like a charm though!! > You need to ensure that the relevant resolv.conf file is updated when a > network link goes live and all should be well. dhclient or pppd ip-up or up-down should change these files, so it should not be a problem ... Thanks Mailed LeeT From blmink at gmail.com Wed Oct 14 14:37:10 2009 From: blmink at gmail.com (blmink at gmail.com) Date: Wed, 14 Oct 2009 17:37:10 +0400 Subject: [Dnsmasq-discuss] dnsmasq: failed to bind server socket for 192.168.255.1 lo: Invalid argument Message-ID: <84b6b9d40910140637k7b5288c3i2eafae228f40ce39@mail.gmail.com> Hi, everybody, i start dnsmasq as following: /usr/sbin/dnsmasq -K -D -y -Z -b -E -z -s local -S /local/ -S /somedomain.su/192.168.255.1#54 at lo -l /tmp/dhcp.leases -r /tmp/resolv.conf.auto.isp --dhcp-range=lan,192.168.255.100,192.168.255.250,255.255.255.0,12h -2 eth1 -2 eth0.1 and i get following error: dnsmasq: failed to bind server socket for 192.168.255.1 lo: Invalid argument Is this a bug? The system is OpenWRT on MIPSEL. Dnsmasq versions 2.50 and 2.51 tested. This error message appears when I use -z option. I've tried following: -z -z -i br-lan (which has 192.168.255.1 address) -z -a 192.168.255.1 -z -a 192.168.252.2 -z -a 192.168.253.1 all these cases lead to the above error message. I think if address doesn't matter here, so it is a bug. Thanks in advance, Fedor. From sfzhi at yahoo.com Sat Oct 17 13:04:48 2009 From: sfzhi at yahoo.com (Sergei Zhirikov) Date: Sat, 17 Oct 2009 14:04:48 +0200 Subject: [Dnsmasq-discuss] Answering DHCPINFORM from other interfaces Message-ID: Hi, I'm using dnsmasq as a DHCP and DNS server on my Linux home gateway, which is also a IPSec/L2TP VPN server. For IP address allocation for the VPN PPP tunnels I use ppp-dhcpc plugin, which pretends to be a DHCP relay and requests IP addresses from dnsmasq. That part works fine. However, when the PPP link has been established the VPN client (a Windows PC in my case, but I don't think it's relevant) send DHCPINFORM request to the broadcast address 255.255.255.255. That request reaches the Linux gateway via the PPP link, but dnsmasq does not reply, because it can see that the request is coming from an interface it is not configured to serve. I would really like dnsmasq to reply to those DHCPINFORM requests coming in through the PPP links, but I haven't been able to configure dnsmasq for that. I can't tell it to serve the PPP interface, because the interface name is assigned dynamically (thus not known in advance). I can not tell dnsmasq to serve all interfaces with some exceptions either, because then the list of the exceptions would have to contain dynamically assigned names. I have tried some tricks with iptables. Tried to use "-j ROUTE --iif ifname" to make the packets appear coming form another interface with a fixed name that dnsmasq is configured to serve, but dnsmasq still does not reply as if it somehow can see the original interface name. I have tried to use a pair of VETH interfaces to route the incoming packets to one end of the virtual tunnel so that they would appear to dnsmasq coming out of the other end, but that didn't work, because I didn't manage to get the routing work the way I wanted (perhaps, because I lack necessary knowledge about advanced routing). I would appreciate any kind of help with this problem. Thank you, Kind regards, Sergei. From dnsmasq.list at michaelrack.de Sat Oct 17 15:51:08 2009 From: dnsmasq.list at michaelrack.de (Michael Rack) Date: Sat, 17 Oct 2009 16:51:08 +0200 Subject: [Dnsmasq-discuss] Answering DHCPINFORM from other interfaces In-Reply-To: References: Message-ID: <4AD9D9DC.8000309@michaelrack.de> You have to setup a bridge on your linux-router and assign every dynamic created ppp-interface to that. brctl addif br0 pppx Configure DNSMASQ to listen on the bridges interface. interface=br0 bind-interfaces And well, you're done. Cheers, Michael. Am 17.10.2009 14:04, schrieb Sergei Zhirikov: > Hi, > > I'm using dnsmasq as a DHCP and DNS server on my Linux home gateway, which is also a IPSec/L2TP VPN server. For IP address allocation for the VPN PPP tunnels I use ppp-dhcpc plugin, which pretends to be a DHCP relay and requests IP addresses from dnsmasq. That part works fine. > > However, when the PPP link has been established the VPN client (a Windows PC in my case, but I don't think it's relevant) send DHCPINFORM request to the broadcast address 255.255.255.255. That request reaches the Linux gateway via the PPP link, but dnsmasq does not reply, because it can see that the request is coming from an interface it is not configured to serve. > > I would really like dnsmasq to reply to those DHCPINFORM requests coming in through the PPP links, but I haven't been able to configure dnsmasq for that. I can't tell it to serve the PPP interface, because the interface name is assigned dynamically (thus not known in advance). I can not tell dnsmasq to serve all interfaces with some exceptions either, because then the list of the exceptions would have to contain dynamically assigned names. > > I have tried some tricks with iptables. Tried to use "-j ROUTE --iif ifname" to make the packets appear coming form another interface with a fixed name that dnsmasq is configured to serve, but dnsmasq still does not reply as if it somehow can see the original interface name. > > I have tried to use a pair of VETH interfaces to route the incoming packets to one end of the virtual tunnel so that they would appear to dnsmasq coming out of the other end, but that didn't work, because I didn't manage to get the routing work the way I wanted (perhaps, because I lack necessary knowledge about advanced routing). > > I would appreciate any kind of help with this problem. > > Thank you, > Kind regards, > > Sergei. > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss From sfzhi at yahoo.com Sat Oct 17 19:18:39 2009 From: sfzhi at yahoo.com (Sergei Zhirikov) Date: Sat, 17 Oct 2009 20:18:39 +0200 Subject: [Dnsmasq-discuss] Answering DHCPINFORM from other interfaces In-Reply-To: <4AD9D9DC.8000309@michaelrack.de> References: <4AD9D9DC.8000309@michaelrack.de> Message-ID: Michael Rack wrote: > You have to setup a bridge on your linux-router and assign every dynamic > created ppp-interface to that. > > brctl addif br0 pppx > > Configure DNSMASQ to listen on the bridges interface. > > interface=br0 > bind-interfaces > > And well, you're done. > > Cheers, > Michael. Thanks for the suggestion, Michael. I have tried it, but unfortunately it doesn't work :(. The command "brctl addif br0 ppp0" fails with "can't add ppp0 to bridge br0: Invalid argument". It looks like point-to-point interfaces can not be added to a bridge (I tried also with a TUN device, just to see if it could be added, and got the same error message). -- Kind regards, Sergei. > Am 17.10.2009 14:04, schrieb Sergei Zhirikov: >> Hi, >> >> I'm using dnsmasq as a DHCP and DNS server on my Linux home gateway, which is also a IPSec/L2TP VPN server. For IP address allocation for the VPN PPP tunnels I use ppp-dhcpc plugin, which pretends to be a DHCP relay and requests IP addresses from dnsmasq. That part works fine. >> >> However, when the PPP link has been established the VPN client (a Windows PC in my case, but I don't think it's relevant) send DHCPINFORM request to the broadcast address 255.255.255.255. That request reaches the Linux gateway via the PPP link, but dnsmasq does not reply, because it can see that the request is coming from an interface it is not configured to serve. >> >> I would really like dnsmasq to reply to those DHCPINFORM requests coming in through the PPP links, but I haven't been able to configure dnsmasq for that. I can't tell it to serve the PPP interface, because the interface name is assigned dynamically (thus not known in advance). I can not tell dnsmasq to serve all interfaces with some exceptions either, because then the list of the exceptions would have to contain dynamically assigned names. >> >> I have tried some tricks with iptables. Tried to use "-j ROUTE --iif ifname" to make the packets appear coming form another interface with a fixed name that dnsmasq is configured to serve, but dnsmasq still does not reply as if it somehow can see the original interface name. >> >> I have tried to use a pair of VETH interfaces to route the incoming packets to one end of the virtual tunnel so that they would appear to dnsmasq coming out of the other end, but that didn't work, because I didn't manage to get the routing work the way I wanted (perhaps, because I lack necessary knowledge about advanced routing). >> >> I would appreciate any kind of help with this problem. >> >> Thank you, >> Kind regards, >> >> Sergei. >> >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss at lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss From dnsmasq.list at michaelrack.de Sat Oct 17 22:24:05 2009 From: dnsmasq.list at michaelrack.de (Michael Rack) Date: Sat, 17 Oct 2009 23:24:05 +0200 Subject: [Dnsmasq-discuss] Answering DHCPINFORM from other interfaces In-Reply-To: References: <4AD9D9DC.8000309@michaelrack.de> Message-ID: <4ADA35F5.6080300@michaelrack.de> correct. ppp is a point to point interface and can not assigned to a ethernet-bridge. But ppp-server have to serve ip-adresses without a dhcp-server?!? you have to manage the dynamic ip-adresses by your ppp-server. What server is running on your machine? You use a dhcpc-plugin, this plugin have to relay all broadcast messages to dnsmasq. I think the problem is located on your dhcpc-plugin. Am 17.10.2009 20:18, schrieb Sergei Zhirikov: > Michael Rack wrote: >> You have to setup a bridge on your linux-router and assign every dynamic >> created ppp-interface to that. >> >> brctl addif br0 pppx >> >> Configure DNSMASQ to listen on the bridges interface. >> >> interface=br0 >> bind-interfaces >> >> And well, you're done. >> >> Cheers, >> Michael. > > Thanks for the suggestion, Michael. > > I have tried it, but unfortunately it doesn't work :(. > The command "brctl addif br0 ppp0" fails with "can't add ppp0 to bridge br0: Invalid argument". It looks like point-to-point interfaces can not be added to a bridge (I tried also with a TUN device, just to see if it could be added, and got the same error message). > -- > Kind regards, > Sergei. > > >> Am 17.10.2009 14:04, schrieb Sergei Zhirikov: >>> Hi, >>> >>> I'm using dnsmasq as a DHCP and DNS server on my Linux home gateway, which is also a IPSec/L2TP VPN server. For IP address allocation for the VPN PPP tunnels I use ppp-dhcpc plugin, which pretends to be a DHCP relay and requests IP addresses from dnsmasq. That part works fine. >>> >>> However, when the PPP link has been established the VPN client (a Windows PC in my case, but I don't think it's relevant) send DHCPINFORM request to the broadcast address 255.255.255.255. That request reaches the Linux gateway via the PPP link, but dnsmasq does not reply, because it can see that the request is coming from an interface it is not configured to serve. >>> >>> I would really like dnsmasq to reply to those DHCPINFORM requests coming in through the PPP links, but I haven't been able to configure dnsmasq for that. I can't tell it to serve the PPP interface, because the interface name is assigned dynamically (thus not known in advance). I can not tell dnsmasq to serve all interfaces with some exceptions either, because then the list of the exceptions would have to contain dynamically assigned names. >>> >>> I have tried some tricks with iptables. Tried to use "-j ROUTE --iif ifname" to make the packets appear coming form another interface with a fixed name that dnsmasq is configured to serve, but dnsmasq still does not reply as if it somehow can see the original interface name. >>> >>> I have tried to use a pair of VETH interfaces to route the incoming packets to one end of the virtual tunnel so that they would appear to dnsmasq coming out of the other end, but that didn't work, because I didn't manage to get the routing work the way I wanted (perhaps, because I lack necessary knowledge about advanced routing). >>> >>> I would appreciate any kind of help with this problem. >>> >>> Thank you, >>> Kind regards, >>> >>> Sergei. >>> >>> >>> _______________________________________________ >>> Dnsmasq-discuss mailing list >>> Dnsmasq-discuss at lists.thekelleys.org.uk >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss From richardvoigt at gmail.com Sat Oct 17 22:56:36 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Sat, 17 Oct 2009 16:56:36 -0500 Subject: [Dnsmasq-discuss] Answering DHCPINFORM from other interfaces In-Reply-To: References: <4AD9D9DC.8000309@michaelrack.de> Message-ID: <2e59e6970910171456y50a35127q4275ce46d9c266ee@mail.gmail.com> On Sat, Oct 17, 2009 at 1:18 PM, Sergei Zhirikov wrote: > Michael Rack wrote: >> You have to setup a bridge on your linux-router and assign every dynamic >> created ppp-interface to that. >> >> ? ? ? brctl addif br0 pppx >> >> Configure DNSMASQ to listen on the bridges interface. >> >> ? ? ? interface=br0 >> ? ? ? bind-interfaces >> >> And well, you're done. >> >> Cheers, >> Michael. > > Thanks for the suggestion, Michael. > > I have tried it, but unfortunately it doesn't work :(. > The command "brctl addif br0 ppp0" fails with "can't add ppp0 to bridge br0: Invalid argument". It looks like point-to-point interfaces can not be added to a bridge (I tried also with a TUN device, just to see if it could be added, and got the same error message). Did you create a bridge first? brctl addbr br0 What is the output of brctl show Of course, an alternate way to deal with your problem is to let dnsmasq listen on all interfaces, and use iptables to block the traffic on the interfaces where dhcp is not wanted. > -- > Kind regards, > Sergei. > > >> Am 17.10.2009 14:04, schrieb Sergei Zhirikov: >>> Hi, >>> >>> I'm using dnsmasq as a DHCP and DNS server on my Linux home gateway, which is also a IPSec/L2TP VPN server. For IP address allocation for the VPN PPP tunnels I use ppp-dhcpc plugin, which pretends to be a DHCP relay and requests IP addresses from dnsmasq. That part works fine. >>> >>> However, when the PPP link has been established the VPN client (a Windows PC in my case, but I don't think it's relevant) send DHCPINFORM request to the broadcast address 255.255.255.255. That request reaches the Linux gateway via the PPP link, but dnsmasq does not reply, because it can see that the request is coming from an interface it is not configured to serve. >>> >>> I would really like dnsmasq to reply to those DHCPINFORM requests coming in through the PPP links, but I haven't been able to configure dnsmasq for that. I can't tell it to serve the PPP interface, because the interface name is assigned dynamically (thus not known in advance). I can not tell dnsmasq to serve all interfaces with some exceptions either, because then the list of the exceptions would have to contain dynamically assigned names. >>> >>> I have tried some tricks with iptables. Tried to use "-j ROUTE --iif ifname" to make the packets appear coming form another interface with a fixed name that dnsmasq is configured to serve, but dnsmasq still does not reply as if it somehow can see the original interface name. >>> >>> I have tried to use a pair of VETH interfaces to route the incoming packets to one end of the virtual tunnel so that they would appear to dnsmasq coming out of the other end, but that didn't work, because I didn't manage to get the routing work the way I wanted (perhaps, because I lack necessary knowledge about advanced routing). >>> >>> I would appreciate any kind of help with this problem. >>> >>> Thank you, >>> Kind regards, >>> >>> Sergei. >>> >>> >>> _______________________________________________ >>> Dnsmasq-discuss mailing list >>> Dnsmasq-discuss at lists.thekelleys.org.uk >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From sfzhi at yahoo.com Sun Oct 18 16:41:31 2009 From: sfzhi at yahoo.com (Sergei Zhirikov) Date: Sun, 18 Oct 2009 17:41:31 +0200 Subject: [Dnsmasq-discuss] Answering DHCPINFORM from other interfaces In-Reply-To: <2e59e6970910171456y50a35127q4275ce46d9c266ee@mail.gmail.com> References: <4AD9D9DC.8000309@michaelrack.de> <2e59e6970910171456y50a35127q4275ce46d9c266ee@mail.gmail.com> Message-ID: richardvoigt at gmail.com wrote: > On Sat, Oct 17, 2009 at 1:18 PM, Sergei Zhirikov wrote: >> Michael Rack wrote: >>> You have to setup a bridge on your linux-router and assign every dynamic >>> created ppp-interface to that. >>> >>> brctl addif br0 pppx >>> >>> Configure DNSMASQ to listen on the bridges interface. >>> >>> interface=br0 >>> bind-interfaces >>> >>> And well, you're done. >>> >>> Cheers, >>> Michael. >> Thanks for the suggestion, Michael. >> >> I have tried it, but unfortunately it doesn't work :(. >> The command "brctl addif br0 ppp0" fails with "can't add ppp0 to bridge br0: Invalid argument". It looks like point-to-point interfaces can not be added to a bridge (I tried also with a TUN device, just to see if it could be added, and got the same error message). > > Did you create a bridge first? > > brctl addbr br0 Of course, I did :) > > What is the output of > > brctl show > # brctl show bridge name bridge id STP enabled interfaces br0 8000.000000000000 no I don't think it is meant to work with PPP interfaces. > Of course, an alternate way to deal with your problem is to let > dnsmasq listen on all interfaces, and use iptables to block the > traffic on the interfaces where dhcp is not wanted. > > >> -- >> Kind regards, >> Sergei. >> >> >>> Am 17.10.2009 14:04, schrieb Sergei Zhirikov: >>>> Hi, >>>> >>>> I'm using dnsmasq as a DHCP and DNS server on my Linux home gateway, which is also a IPSec/L2TP VPN server. For IP address allocation for the VPN PPP tunnels I use ppp-dhcpc plugin, which pretends to be a DHCP relay and requests IP addresses from dnsmasq. That part works fine. >>>> >>>> However, when the PPP link has been established the VPN client (a Windows PC in my case, but I don't think it's relevant) send DHCPINFORM request to the broadcast address 255.255.255.255. That request reaches the Linux gateway via the PPP link, but dnsmasq does not reply, because it can see that the request is coming from an interface it is not configured to serve. >>>> >>>> I would really like dnsmasq to reply to those DHCPINFORM requests coming in through the PPP links, but I haven't been able to configure dnsmasq for that. I can't tell it to serve the PPP interface, because the interface name is assigned dynamically (thus not known in advance). I can not tell dnsmasq to serve all interfaces with some exceptions either, because then the list of the exceptions would have to contain dynamically assigned names. >>>> >>>> I have tried some tricks with iptables. Tried to use "-j ROUTE --iif ifname" to make the packets appear coming form another interface with a fixed name that dnsmasq is configured to serve, but dnsmasq still does not reply as if it somehow can see the original interface name. >>>> >>>> I have tried to use a pair of VETH interfaces to route the incoming packets to one end of the virtual tunnel so that they would appear to dnsmasq coming out of the other end, but that didn't work, because I didn't manage to get the routing work the way I wanted (perhaps, because I lack necessary knowledge about advanced routing). >>>> >>>> I would appreciate any kind of help with this problem. >>>> >>>> Thank you, >>>> Kind regards, >>>> >>>> Sergei. >>>> >>>> >>>> _______________________________________________ >>>> Dnsmasq-discuss mailing list >>>> Dnsmasq-discuss at lists.thekelleys.org.uk >>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss at lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss From sfzhi at yahoo.com Sun Oct 18 17:02:53 2009 From: sfzhi at yahoo.com (Sergei Zhirikov) Date: Sun, 18 Oct 2009 18:02:53 +0200 Subject: [Dnsmasq-discuss] Answering DHCPINFORM from other interfaces In-Reply-To: <4ADA35F5.6080300@michaelrack.de> References: <4AD9D9DC.8000309@michaelrack.de> <4ADA35F5.6080300@michaelrack.de> Message-ID: Michael Rack wrote: > correct. ppp is a point to point interface and can not assigned to a > ethernet-bridge. > > But ppp-server have to serve ip-adresses without a dhcp-server?!? you > have to manage the dynamic ip-adresses by your ppp-server. The whole point of what I'm trying to do is *not* doing that. I want all IP addresses to be managed in a single place, which is dnsmasq. The reason is that it also provides DNS service. If pppd were assigning IP addresses itself, the DNS server would be unaware of that. Moreover, the auto-configuration possibilities of PPP are inferior compared to DHCP. > What server is running on your machine? What kind of server do you mean? If you are asking about the PPP server, it's the classic pppd from http://ppp.samba.org/. > You use a dhcpc-plugin, this plugin have to relay all broadcast messages > to dnsmasq. I think the problem is located on your dhcpc-plugin. The plugin can't relay anything. It seems you misunderstood the purpose of it. The plugin is not involved in the communication with the PPP peers in any way at all. When pppd needs an IP address to assign to a peer it asks the plugin. The plugin performes DHCP negotiation with dnsmasq while the rest of pppd is waiting (completely unaware of that fact). When the plugin gets an IP address it returns it to pppd and the configuration of the PPP link continues. After that the plugin remains idle, since its job has been done. The subsequent DHCPINFORM messages come from the peer via the PPP link, so as far as pppd is concerned, those are just normal traffic. Kind regards, Sergei. > > Am 17.10.2009 20:18, schrieb Sergei Zhirikov: >> Michael Rack wrote: >>> You have to setup a bridge on your linux-router and assign every dynamic >>> created ppp-interface to that. >>> >>> brctl addif br0 pppx >>> >>> Configure DNSMASQ to listen on the bridges interface. >>> >>> interface=br0 >>> bind-interfaces >>> >>> And well, you're done. >>> >>> Cheers, >>> Michael. >> Thanks for the suggestion, Michael. >> >> I have tried it, but unfortunately it doesn't work :(. >> The command "brctl addif br0 ppp0" fails with "can't add ppp0 to bridge br0: Invalid argument". It looks like point-to-point interfaces can not be added to a bridge (I tried also with a TUN device, just to see if it could be added, and got the same error message). >> -- >> Kind regards, >> Sergei. >> >> >>> Am 17.10.2009 14:04, schrieb Sergei Zhirikov: >>>> Hi, >>>> >>>> I'm using dnsmasq as a DHCP and DNS server on my Linux home gateway, which is also a IPSec/L2TP VPN server. For IP address allocation for the VPN PPP tunnels I use ppp-dhcpc plugin, which pretends to be a DHCP relay and requests IP addresses from dnsmasq. That part works fine. >>>> >>>> However, when the PPP link has been established the VPN client (a Windows PC in my case, but I don't think it's relevant) send DHCPINFORM request to the broadcast address 255.255.255.255. That request reaches the Linux gateway via the PPP link, but dnsmasq does not reply, because it can see that the request is coming from an interface it is not configured to serve. >>>> >>>> I would really like dnsmasq to reply to those DHCPINFORM requests coming in through the PPP links, but I haven't been able to configure dnsmasq for that. I can't tell it to serve the PPP interface, because the interface name is assigned dynamically (thus not known in advance). I can not tell dnsmasq to serve all interfaces with some exceptions either, because then the list of the exceptions would have to contain dynamically assigned names. >>>> >>>> I have tried some tricks with iptables. Tried to use "-j ROUTE --iif ifname" to make the packets appear coming form another interface with a fixed name that dnsmasq is configured to serve, but dnsmasq still does not reply as if it somehow can see the original interface name. >>>> >>>> I have tried to use a pair of VETH interfaces to route the incoming packets to one end of the virtual tunnel so that they would appear to dnsmasq coming out of the other end, but that didn't work, because I didn't manage to get the routing work the way I wanted (perhaps, because I lack necessary knowledge about advanced routing). >>>> >>>> I would appreciate any kind of help with this problem. >>>> >>>> Thank you, >>>> Kind regards, >>>> >>>> Sergei. >>>> >>>> >>>> _______________________________________________ >>>> Dnsmasq-discuss mailing list >>>> Dnsmasq-discuss at lists.thekelleys.org.uk >>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss at lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss From kiswono at gmail.com Mon Oct 19 04:49:34 2009 From: kiswono at gmail.com (Kiswono Prayogo) Date: Mon, 19 Oct 2009 10:49:34 +0700 Subject: [Dnsmasq-discuss] DHCP for multiple address not in the eth0 Message-ID: <99024f5f0910182049ode932dn8b2644954e08c687@mail.gmail.com> hi, i have linux server with eth0 only: 192.168.0.1i already set dnsmasq as DNS server for that server i'm using L3 switch that enable DHCP relay from any addresses. is it possible to set dnsmasq for DHCP server for addresses 10.0.0.0/8 that not in my eth0 subnet? Regards, GB -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091019/178a7470/attachment.htm From richardvoigt at gmail.com Mon Oct 19 05:45:14 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Sun, 18 Oct 2009 23:45:14 -0500 Subject: [Dnsmasq-discuss] Answering DHCPINFORM from other interfaces In-Reply-To: References: <4AD9D9DC.8000309@michaelrack.de> <2e59e6970910171456y50a35127q4275ce46d9c266ee@mail.gmail.com> Message-ID: <2e59e6970910182145q3590c311g3f999945aad8334f@mail.gmail.com> On Sun, Oct 18, 2009 at 10:41 AM, Sergei Zhirikov wrote: > richardvoigt at gmail.com wrote: >> On Sat, Oct 17, 2009 at 1:18 PM, Sergei Zhirikov wrote: >>> Michael Rack wrote: >>>> You have to setup a bridge on your linux-router and assign every dynamic >>>> created ppp-interface to that. >>>> >>>> ? ? ? brctl addif br0 pppx >>>> >>>> Configure DNSMASQ to listen on the bridges interface. >>>> >>>> ? ? ? interface=br0 >>>> ? ? ? bind-interfaces >>>> >>>> And well, you're done. >>>> >>>> Cheers, >>>> Michael. >>> Thanks for the suggestion, Michael. >>> >>> I have tried it, but unfortunately it doesn't work :(. >>> The command "brctl addif br0 ppp0" fails with "can't add ppp0 to bridge br0: Invalid argument". It looks like point-to-point interfaces can not be added to a bridge (I tried also with a TUN device, just to see if it could be added, and got the same error message). >> >> Did you create a bridge first? >> >> brctl addbr br0 > > Of course, I did :) > >> >> What is the output of >> >> brctl show >> > > # brctl show > bridge name ? ? bridge id ? ? ? ? ? ? ? STP enabled ? ? interfaces > br0 ? ? ? ? ? ? 8000.000000000000 ? ? ? no > > I don't think it is meant to work with PPP interfaces. Right, since ppp doesn't use an ethernet physical address (MAC address) the bridge can't learn which endpoints are through which ports. I'm not sure how the remote peer can generate DHCPINFORM messages when it got its address through the PPP protocol and not through DHCP at all. That seems really wrong, what if you had a PPP server configured to issue addresses from its own pool, without any DHCP involved? Are the DHCP messages actually coming from a host or interface beyond the far end of the tunnel (i.e. not the ppp interface on the remote endpoint)? From sfzhi at yahoo.com Mon Oct 19 21:01:02 2009 From: sfzhi at yahoo.com (Sergei Zhirikov) Date: Mon, 19 Oct 2009 22:01:02 +0200 Subject: [Dnsmasq-discuss] Answering DHCPINFORM from other interfaces (solved) In-Reply-To: References: Message-ID: Sergei Zhirikov wrote: > Hi, > > I'm using dnsmasq as a DHCP and DNS server on my Linux home gateway, which is also a IPSec/L2TP VPN server. For IP address allocation for the VPN PPP tunnels I use ppp-dhcpc plugin, which pretends to be a DHCP relay and requests IP addresses from dnsmasq. That part works fine. > > However, when the PPP link has been established the VPN client (a Windows PC in my case, but I don't think it's relevant) send DHCPINFORM request to the broadcast address 255.255.255.255. That request reaches the Linux gateway via the PPP link, but dnsmasq does not reply, because it can see that the request is coming from an interface it is not configured to serve. > > I would really like dnsmasq to reply to those DHCPINFORM requests coming in through the PPP links, but I haven't been able to configure dnsmasq for that. I can't tell it to serve the PPP interface, because the interface name is assigned dynamically (thus not known in advance). I can not tell dnsmasq to serve all interfaces with some exceptions either, because then the list of the exceptions would have to contain dynamically assigned names. > > I have tried some tricks with iptables. Tried to use "-j ROUTE --iif ifname" to make the packets appear coming form another interface with a fixed name that dnsmasq is configured to serve, but dnsmasq still does not reply as if it somehow can see the original interface name. > > I have tried to use a pair of VETH interfaces to route the incoming packets to one end of the virtual tunnel so that they would appear to dnsmasq coming out of the other end, but that didn't work, because I didn't manage to get the routing work the way I wanted (perhaps, because I lack necessary knowledge about advanced routing). > > I would appreciate any kind of help with this problem. > > Thank you, > Kind regards, > > Sergei. Thanks to everyone who tried to help. I have managed to come up with a working solution. In case someone wants to know, the basic idea is to create a linked pair of virtual ethernet interfaces: ip link add name dhcp type veth peer name pipe (I'll omit the trivial stuff like assigning IP addresses and bringing the interfaces up.) Then direct the DHCP traffic coming from the remote PPP endpoints into one side of the tunnel: iptables -t mangle -A PREROUTING ! -i dhcp -m iprange --src-range 192.168.6.16-192.168.6.254 -p udp --sport 68 --dport 67 -j ROUTE --oif pipe And configure dnsmasq to provide DHCP service on the 'dhcp' interface. Well, I wouldn't call this the most elegant solution, but it works for me, so it's good enough for the time being, until I come up with a better way. -- Sergei. From sfzhi at yahoo.com Mon Oct 19 21:01:58 2009 From: sfzhi at yahoo.com (Sergei Zhirikov) Date: Mon, 19 Oct 2009 22:01:58 +0200 Subject: [Dnsmasq-discuss] Answering DHCPINFORM from other interfaces In-Reply-To: <2e59e6970910182145q3590c311g3f999945aad8334f@mail.gmail.com> References: <4AD9D9DC.8000309@michaelrack.de> <2e59e6970910171456y50a35127q4275ce46d9c266ee@mail.gmail.com> <2e59e6970910182145q3590c311g3f999945aad8334f@mail.gmail.com> Message-ID: richardvoigt at gmail.com wrote: > On Sun, Oct 18, 2009 at 10:41 AM, Sergei Zhirikov wrote: >> richardvoigt at gmail.com wrote: >>> On Sat, Oct 17, 2009 at 1:18 PM, Sergei Zhirikov wrote: >>>> Michael Rack wrote: >>>>> You have to setup a bridge on your linux-router and assign every dynamic >>>>> created ppp-interface to that. >>>>> >>>>> brctl addif br0 pppx >>>>> >>>>> Configure DNSMASQ to listen on the bridges interface. >>>>> >>>>> interface=br0 >>>>> bind-interfaces >>>>> >>>>> And well, you're done. >>>>> >>>>> Cheers, >>>>> Michael. >>>> Thanks for the suggestion, Michael. >>>> >>>> I have tried it, but unfortunately it doesn't work :(. >>>> The command "brctl addif br0 ppp0" fails with "can't add ppp0 to bridge br0: Invalid argument". It looks like point-to-point interfaces can not be added to a bridge (I tried also with a TUN device, just to see if it could be added, and got the same error message). >>> Did you create a bridge first? >>> >>> brctl addbr br0 >> Of course, I did :) >> >>> What is the output of >>> >>> brctl show >>> >> # brctl show >> bridge name bridge id STP enabled interfaces >> br0 8000.000000000000 no >> >> I don't think it is meant to work with PPP interfaces. > > Right, since ppp doesn't use an ethernet physical address (MAC > address) the bridge can't learn which endpoints are through which > ports. > > I'm not sure how the remote peer can generate DHCPINFORM messages when > it got its address through the PPP protocol and not through DHCP at > all. That seems really wrong, what if you had a PPP server configured > to issue addresses from its own pool, without any DHCP involved? As far as I understand, the whole purpose of DHCPINFORM is to allow hosts that got their IP addresses in a way other than DHCP to obtain the configuration information that may not be available in that other way. In this particular case, for example, this could be NTP server, WPAD URL, etc. I don't see anything wrong with that. Most of the DHCP options are common for the whole subnet, so it doesn't really matter if the IP address was not assigned by the DHCP server, as long as it is in the correct subnet. Although in case of PPP it would probably be more correct to talk about IP ranges rather than subnets, but the idea remains the same. By the way, DHCPINFORM can also be used by the hosts that have statically configured IP addresses. > Are the DHCP messages actually coming from a host or interface beyond the > far end of the tunnel (i.e. not the ppp interface on the remote > endpoint)? There is nothing beyond the far end of the tunnel. It's just a single host, without any further routing involved. So, the DHCP messages are coming from the remote PPP endpoint. Anyway, thank you for trying to help. I think I have solved the problem for the time being (see my other post). -- Sergei. From sun at freemail.hu Tue Oct 20 08:33:42 2009 From: sun at freemail.hu (=?ISO-8859-2?Q?Nagy_P=E9ter?=) Date: Tue, 20 Oct 2009 09:33:42 +0200 Subject: [Dnsmasq-discuss] Home network Message-ID: <4ADD67D6.6040106@freemail.hu> Hi all, I have a small network at home, and it works well locally. But now, I should like to look out of the world. I got a dynamic address from my ISP, and I registered it on DynDNS.com (e.g. nap.homelinux.net). Is it possible that my local machines can be reachable from the internet, as e.g. fileserver.nap.homelinux.net? If yes, how shall I configure DNSMASQ? Thanks Peter From richardvoigt at gmail.com Tue Oct 20 18:12:09 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Tue, 20 Oct 2009 12:12:09 -0500 Subject: [Dnsmasq-discuss] Home network In-Reply-To: <4ADD67D6.6040106@freemail.hu> References: <4ADD67D6.6040106@freemail.hu> Message-ID: <2e59e6970910201012v1d804c9dh9f039ad422f10bdb@mail.gmail.com> No, you have only one routable IP address, so your entire network appears to the outside world as one computer (the router). But it can forward incoming connections to another computer, either all to a single computer or based on port number. This is outside the realm of dns, A records don't carry any port number information at all (SRV records do, but most software doesn't use those). You'll be using iptables for directing incoming connections. Good search keywords: "+iptables +dmz" On Tue, Oct 20, 2009 at 2:33 AM, Nagy P?ter wrote: > Hi all, > > I have a small network at home, and it works well locally. But now, I > should like to look out of the world. > > I got a dynamic address from my ISP, and I registered it on DynDNS.com > (e.g. nap.homelinux.net). Is it possible that my local machines can be > reachable from the internet, as e.g. fileserver.nap.homelinux.net? > If yes, how ?shall I configure ?DNSMASQ? > > Thanks > > Peter > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From cl at isbd.net Tue Oct 20 20:55:12 2009 From: cl at isbd.net (Chris G) Date: Tue, 20 Oct 2009 20:55:12 +0100 Subject: [Dnsmasq-discuss] Home network In-Reply-To: <2e59e6970910201012v1d804c9dh9f039ad422f10bdb@mail.gmail.com> References: <4ADD67D6.6040106@freemail.hu> <2e59e6970910201012v1d804c9dh9f039ad422f10bdb@mail.gmail.com> Message-ID: <20091020195512.GE25461@chris> On Tue, Oct 20, 2009 at 12:12:09PM -0500, richardvoigt at gmail.com wrote: > On Tue, Oct 20, 2009 at 2:33 AM, Nagy P?ter wrote: > > Hi all, > > > > I have a small network at home, and it works well locally. But now, I > > should like to look out of the world. > > > > I got a dynamic address from my ISP, and I registered it on DynDNS.com > > (e.g. nap.homelinux.net). Is it possible that my local machines can be > > reachable from the internet, as e.g. fileserver.nap.homelinux.net? > > If yes, how ?shall I configure ?DNSMASQ? > > > No, you have only one routable IP address, so your entire network > appears to the outside world as one computer (the router). But it can > forward incoming connections to another computer, either all to a > single computer or based on port number. This is outside the realm of > dns, A records don't carry any port number information at all (SRV > records do, but most software doesn't use those). > Yes, it's usually down to the firewall *and* something called (maybe) Port Redirection under NAT in the router. You have to tell the router to connect incoming requests for port XX to a particular computer on your intranet *and* you have to open the firewall to the same thing. Quite why routers don't combine the above two into one I have never understood but, so far, I have never found a router that does. > You'll be using iptables for directing incoming connections. Good > search keywords: "+iptables +dmz" > > > Thanks > > > > Peter > > > > > > _______________________________________________ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss at lists.thekelleys.org.uk > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -- Chris Green From psmith at gnu.org Wed Oct 21 22:26:06 2009 From: psmith at gnu.org (Paul Smith) Date: Wed, 21 Oct 2009 17:26:06 -0400 Subject: [Dnsmasq-discuss] Ideas for handing out "per blade" information Message-ID: <1256160366.2856.685.camel@homebase> Hi all. I have an environment with lots of blades (on the order of 150-200 or so), all getting IP information from a central server using dnsmasq as the DHCP server. What I need to do is provide some information to each blade when it registers, and (some of) this information will be specific to a given blade (said another way, it will be different for each blade). I was hoping to use the DHCP response to supply this information, rather than invent some new protocol of my own, create a daemon, etc. etc. On the server I actually already know the MAC addresses that the blades will register with, so I was going to use that as a key to look up the per-blade information when the DHCP request is received. Also, ideally the information would be obtained by running a script with the MAC address as the argument, since these addresses can change during the runtime of the system (someone can pull a blade and put a new one, with a different MAC, in, for example, or they could even swap two blades which means the information I want give them will change, since some of it is position-dependent) and I'd prefer to grab these dynamically rather than having some kind of timeout etc. But, if that's not possible I can work with it. I've been looking through the dnsmasq man page and there are a lot of options, but I'm not sure how to use them to do what I want. The only mapping it appears that I can do based on MAC is dhcp-host (maybe creating a file and giving it with dhcp-hostsfile). But the only way I can set options, that I can see, is using dhcp-option which is based on network-id. There is no way to set the network-id based on the MAC etc. that I can see. There doesn't seem to be any way to give specific options for a specific client. Soooo... anyone have any ideas for me? Thanks! -- ------------------------------------------------------------------------------- Paul D. Smith Find some GNU make tips at: http://www.gnu.org http://make.mad-scientist.net "Please remain calm...I may be mad, but I am a professional." --Mad Scientist From mythtv at maxbarry.com Thu Oct 22 04:37:10 2009 From: mythtv at maxbarry.com (Max Barry) Date: Thu, 22 Oct 2009 14:37:10 +1100 Subject: [Dnsmasq-discuss] About 127.0.0.1 in resolv.conf [WAS: Web hang ups after repeated access to one site - dnsmasq related?] Message-ID: <4ADFD366.1070400@maxbarry.com> Simon Kelley wrote: > Hugo Heden wrote: >> But what happens if dnsmasq then >> forwards a ("non-local") dns-query to 127.0.0.1, i.e to itself? Could >> that not result in some kind of infinite loop weirdness? > > dnsmasq knows that it's listening on 127.0.0.1 so it's clever enough not > to forward requests there. Hello! Sorry to gravedig, but I'm having this problem: dnsmasq listens on 127.0.0.1 and forwards requests to itself. From /var/log/daemon.log: Oct 15 09:24:35 eve dnsmasq[2396]: started, version 2.47 cachesize 150 Oct 15 09:24:35 eve dnsmasq[2396]: compile time options: IPv6 GNU-getopt DBus I18N TFTP Oct 15 09:24:35 eve dnsmasq[2396]: no servers found in /etc/resolv.conf, will retry Oct 15 09:24:35 eve dnsmasq[2396]: read /etc/hosts - 16 addresses Oct 15 09:24:41 eve NetworkManager: starting... ...snip... Oct 15 09:24:49 eve NetworkManager: address 192.168.0.2 Oct 15 09:24:49 eve NetworkManager: prefix 24 (255.255.255.0) Oct 15 09:24:49 eve NetworkManager: gateway 192.168.0.1 Oct 15 09:24:49 eve NetworkManager: nameserver '127.0.0.1' Oct 15 09:24:49 eve NetworkManager: nameserver '61.9.134.49' Oct 15 09:24:49 eve NetworkManager: nameserver '61.9.133.193' Oct 15 09:24:49 eve NetworkManager: nameserver '208.67.222.222' Oct 15 09:24:49 eve NetworkManager: nameserver '208.67.220.220' Oct 15 09:24:49 eve NetworkManager: nameserver '192.168.0.1' Oct 15 09:24:49 eve NetworkManager: domain name 'vic.bigpond.net.au' Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage 5 of 5 (IP Configure Commit) scheduled... Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage 4 of 5 (IP Configure Get) complete. Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage 5 of 5 (IP Configure Commit) started... Oct 15 09:24:51 eve NetworkManager: (wlan1): device state change: 7 -> 8 Oct 15 09:24:51 eve dnsmasq[2396]: reading /etc/resolv.conf Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 208.67.220.220#53 Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 208.67.222.222#53 Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 61.9.133.193#53 Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 61.9.134.49#53 Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 127.0.0.1#53 Note the line above. If I manually restart dnsmasq, that line instead looks like "dnsmasq[3853]: ignoring nameserver 127.0.0.1 - local interface". But each time I turn on my computer each day, and dnsmasq starts automatically, it's as per the above, and it listens to the local interface: Oct 15 09:25:49 eve dnsmasq[2396]: query[A] www.bom.gov.au from 127.0.0.1 Oct 15 09:25:49 eve dnsmasq[2396]: forwarded www.bom.gov.au to 127.0.0.1 Oct 15 09:25:49 eve dnsmasq[2396]: query[A] weather.noaa.gov from 127.0.0.1 Oct 15 09:25:49 eve dnsmasq[2396]: forwarded weather.noaa.gov to 127.0.0.1 Oct 15 09:25:49 eve dnsmasq[2396]: query[A] ntp.ubuntu.com from 127.0.0.1 Oct 15 09:25:49 eve dnsmasq[2396]: forwarded ntp.ubuntu.com to 127.0.0.1 Oct 15 09:25:49 eve dnsmasq[2396]: query[A] imap.gmail.com from 127.0.0.1 Oct 15 09:25:49 eve dnsmasq[2396]: forwarded imap.gmail.com to 127.0.0.1 Oct 15 09:25:49 eve dnsmasq[2396]: query[A] ntp.ubuntu.com from 127.0.0.1 Oct 15 09:25:49 eve dnsmasq[2396]: forwarded ntp.ubuntu.com to 127.0.0.1 These requests time out, making everything very slow. $ more /etc/resolv.conf # Generated by NetworkManager domain vic.bigpond.net.au search vic.bigpond.net.au nameserver 127.0.0.1 nameserver 61.9.134.49 nameserver 61.9.133.193 # NOTE: the libc resolver may not support more than 3 nameservers. # The nameservers listed below may not be recognized. nameserver 208.67.222.222 nameserver 208.67.220.220 This problem only began after I started using NetworkManager on Ubuntu (previously I had manually configured /etc/network/interfaces). Any help appreciated! Max. From richardvoigt at gmail.com Thu Oct 22 05:14:37 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Wed, 21 Oct 2009 23:14:37 -0500 Subject: [Dnsmasq-discuss] Ideas for handing out "per blade" information In-Reply-To: <1256160366.2856.685.camel@homebase> References: <1256160366.2856.685.camel@homebase> Message-ID: <2e59e6970910212114m3ee9df2cvbbea191caf0de961@mail.gmail.com> > The only mapping it appears that I can do based on MAC is dhcp-host > (maybe creating a file and giving it with dhcp-hostsfile). ?But the only > way I can set options, that I can see, is using dhcp-option which is > based on network-id. ?There is no way to set the network-id based on the > MAC etc. that I can see. ?There doesn't seem to be any way to give > specific options for a specific client. Part of the dhcp-host command allows you to set one or more network-id tags, which you can match in the dhcp-option settings. Not dynamic as you want, but you can definitely set options with a granularity down to individual hosts. > > > Soooo... anyone have any ideas for me? > > Thanks! > > > -- > ------------------------------------------------------------------------------- > ?Paul D. Smith ? ? ? ? ?Find some GNU make tips at: > ?http://www.gnu.org ? ? ? ? ? ? ? ? ? ? ?http://make.mad-scientist.net > ?"Please remain calm...I may be mad, but I am a professional." --Mad Scientist > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From simon at thekelleys.org.uk Thu Oct 22 13:06:13 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Thu, 22 Oct 2009 13:06:13 +0100 Subject: [Dnsmasq-discuss] About 127.0.0.1 in resolv.conf [WAS: Web hang ups after repeated access to one site - dnsmasq related?] In-Reply-To: <4ADFD366.1070400@maxbarry.com> References: <4ADFD366.1070400@maxbarry.com> Message-ID: <4AE04AB5.7050508@thekelleys.org.uk> Max Barry wrote: > Simon Kelley wrote: >> Hugo Heden wrote: >>> But what happens if dnsmasq then >>> forwards a ("non-local") dns-query to 127.0.0.1, i.e to itself? Could >>> that not result in some kind of infinite loop weirdness? >> dnsmasq knows that it's listening on 127.0.0.1 so it's clever enough not >> to forward requests there. > > Hello! Sorry to gravedig, but I'm having this problem: dnsmasq listens > on 127.0.0.1 and forwards requests to itself. > > From /var/log/daemon.log: > > Oct 15 09:24:35 eve dnsmasq[2396]: started, version 2.47 cachesize 150 > Oct 15 09:24:35 eve dnsmasq[2396]: compile time options: IPv6 GNU-getopt > DBus I18N TFTP > Oct 15 09:24:35 eve dnsmasq[2396]: no servers found in /etc/resolv.conf, > will retry > Oct 15 09:24:35 eve dnsmasq[2396]: read /etc/hosts - 16 addresses > Oct 15 09:24:41 eve NetworkManager: starting... > ...snip... > Oct 15 09:24:49 eve NetworkManager: address 192.168.0.2 > Oct 15 09:24:49 eve NetworkManager: prefix 24 (255.255.255.0) > Oct 15 09:24:49 eve NetworkManager: gateway 192.168.0.1 > Oct 15 09:24:49 eve NetworkManager: nameserver '127.0.0.1' > Oct 15 09:24:49 eve NetworkManager: nameserver '61.9.134.49' > Oct 15 09:24:49 eve NetworkManager: nameserver '61.9.133.193' > Oct 15 09:24:49 eve NetworkManager: nameserver '208.67.222.222' > Oct 15 09:24:49 eve NetworkManager: nameserver '208.67.220.220' > Oct 15 09:24:49 eve NetworkManager: nameserver '192.168.0.1' > Oct 15 09:24:49 eve NetworkManager: domain name > 'vic.bigpond.net.au' > Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage 5 > of 5 (IP Configure Commit) scheduled... > Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage 4 > of 5 (IP Configure Get) complete. > Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage 5 > of 5 (IP Configure Commit) started... > Oct 15 09:24:51 eve NetworkManager: (wlan1): device state > change: 7 -> 8 > Oct 15 09:24:51 eve dnsmasq[2396]: reading /etc/resolv.conf > Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 208.67.220.220#53 > Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 208.67.222.222#53 > Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 61.9.133.193#53 > Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 61.9.134.49#53 > Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 127.0.0.1#53 > > Note the line above. If I manually restart dnsmasq, that line instead > looks like "dnsmasq[3853]: ignoring nameserver 127.0.0.1 - local > interface". But each time I turn on my computer each day, and dnsmasq > starts automatically, it's as per the above, and it listens to the local > interface: > > Oct 15 09:25:49 eve dnsmasq[2396]: query[A] www.bom.gov.au from 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: forwarded www.bom.gov.au to 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: query[A] weather.noaa.gov from 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: forwarded weather.noaa.gov to 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: query[A] ntp.ubuntu.com from 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: forwarded ntp.ubuntu.com to 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: query[A] imap.gmail.com from 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: forwarded imap.gmail.com to 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: query[A] ntp.ubuntu.com from 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: forwarded ntp.ubuntu.com to 127.0.0.1 > > These requests time out, making everything very slow. > > $ more /etc/resolv.conf > # Generated by NetworkManager > domain vic.bigpond.net.au > search vic.bigpond.net.au > nameserver 127.0.0.1 > nameserver 61.9.134.49 > nameserver 61.9.133.193 > # NOTE: the libc resolver may not support more than 3 nameservers. > # The nameservers listed below may not be recognized. > nameserver 208.67.222.222 > nameserver 208.67.220.220 > > This problem only began after I started using NetworkManager on Ubuntu > (previously I had manually configured /etc/network/interfaces). > > Any help appreciated! > It would be useful to get to the bottom of this. I guess it's something to do with the order in which things happen at startup. Dnsmasq doesn't treat 127.0.0.1 specially: when it starts up is enumerates all the interfaces on the machine and notes those with the "loopback" flag set. If an address turns up later in /etc/resolv.conf which matches one which was owned by a loopback interface during the enumeration, then it is rejected. So, if, at the time dnsmasq is started, the "lo" interface either 1) doesn't exist, 2) doesn't have the loopback flag set or 3) doesn't have address 127.0.0.1 then the address 127.0.0.1 will not be weeded out. Could you add something like ip addr show >/tmp/interface-state to the /etc/init.d dnsmasq start script, reboot, and post the results here? Cheers, Simon. From simon at thekelleys.org.uk Thu Oct 22 13:13:16 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Thu, 22 Oct 2009 13:13:16 +0100 Subject: [Dnsmasq-discuss] Ideas for handing out "per blade" information In-Reply-To: <1256160366.2856.685.camel@homebase> References: <1256160366.2856.685.camel@homebase> Message-ID: <4AE04C5C.1050903@thekelleys.org.uk> Paul Smith wrote: > Hi all. > > I have an environment with lots of blades (on the order of 150-200 or > so), all getting IP information from a central server using dnsmasq as > the DHCP server. > > What I need to do is provide some information to each blade when it > registers, and (some of) this information will be specific to a given > blade (said another way, it will be different for each blade). I was > hoping to use the DHCP response to supply this information, rather than > invent some new protocol of my own, create a daemon, etc. etc. > > On the server I actually already know the MAC addresses that the blades > will register with, so I was going to use that as a key to look up the > per-blade information when the DHCP request is received. > > Also, ideally the information would be obtained by running a script with > the MAC address as the argument, since these addresses can change during > the runtime of the system (someone can pull a blade and put a new one, > with a different MAC, in, for example, or they could even swap two > blades which means the information I want give them will change, since > some of it is position-dependent) and I'd prefer to grab these > dynamically rather than having some kind of timeout etc. But, if that's > not possible I can work with it. > > I've been looking through the dnsmasq man page and there are a lot of > options, but I'm not sure how to use them to do what I want. > > The only mapping it appears that I can do based on MAC is dhcp-host > (maybe creating a file and giving it with dhcp-hostsfile). But the only > way I can set options, that I can see, is using dhcp-option which is > based on network-id. There is no way to set the network-id based on the > MAC etc. that I can see. There doesn't seem to be any way to give > specific options for a specific client. > > > Soooo... anyone have any ideas for me? > > Thanks! > > network-ids are sadly misnamed: they have grown into much more general tags now. You can certainly set a net-id tag in a dhcp-host line, and then use that to select the options to be sent to a particular host. There's no way to change this information completely dynamically. You can however put all the dhcp-host information into a file and point at that file with --dhcp-hostsfile, similarly with options and dhcp-optsfile. Unlike a general configuration, these files _are_ re-read when dnsmasq gets SIGHUP. HTH Simon. From jnelson+dnsmasq at jamponi.net Thu Oct 22 15:27:48 2009 From: jnelson+dnsmasq at jamponi.net (Jon Nelson) Date: Thu, 22 Oct 2009 09:27:48 -0500 Subject: [Dnsmasq-discuss] dnsmasq and dhcp relaying Message-ID: I've got a setup (working) that looks like this: workstations <-> server <-> firewall <-> internet firewall is running dnsmasq, server is using dhcrelay Both firewall and server have iptables-based firewalls The setup is working fine, except 1. I don't like dhcrelay 2. I get lots of deny lines in server's firewall logs, *even though the requests work*. Pertinent to item 2, this is what tcpdump shows (on the 'firewall' interface of 'server'). - a workstation will broadcast or unicast for an address - the server receives it on eth1, iptables allows it in, dhcrelay grabs it, and sends out a new packet on eth0 (the 'firewall' side of 'server') - dnsmasq (on 'firewall') receives it (through iptables), generates a response, and sends it. Here's where it gets sticky. dhcrelay receives the request on eth1, and sends out a request on eth0. The "Relay agent IP address" in the payload is eth1's IP address. dnsmasq sends the reply *to this address* (eth1), rather than the address it was received from (eth0). The dnsmasq payload appears correct, with the "Next server IP address" and "Relay agent IP address" properly set (eth1). This seems to be a bug in dnsmasq - shouldn't it reply using address that the packet was received on? The payload is correct, the UDP destination is wrong (it seems to me). That's the reason for the deny lines in the firewall logs, btw - iptables sees a request go out eth0 and come back in eth0 /destined for eth1/. Should dhcrelay be putting eth0 into the "Relay agent IP address" field? -- Jon From simon at thekelleys.org.uk Thu Oct 22 16:06:40 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Thu, 22 Oct 2009 16:06:40 +0100 Subject: [Dnsmasq-discuss] dnsmasq and dhcp relaying In-Reply-To: References: Message-ID: <4AE07500.3050400@thekelleys.org.uk> Jon Nelson wrote: > I've got a setup (working) that looks like this: > > workstations <-> server <-> firewall <-> internet > > firewall is running dnsmasq, server is using dhcrelay > Both firewall and server have iptables-based firewalls > > The setup is working fine, except > > 1. I don't like dhcrelay > 2. I get lots of deny lines in server's firewall logs, *even though > the requests work*. > > Pertinent to item 2, this is what tcpdump shows (on the 'firewall' > interface of 'server'). > > - a workstation will broadcast or unicast for an address > - the server receives it on eth1, iptables allows it in, dhcrelay > grabs it, and sends out a new packet on eth0 (the 'firewall' side of > 'server') > - dnsmasq (on 'firewall') receives it (through iptables), generates a > response, and sends it. > > Here's where it gets sticky. dhcrelay receives the request on eth1, > and sends out a request on eth0. The "Relay agent IP address" in the > payload is eth1's IP address. dnsmasq sends the reply *to this > address* (eth1), rather than the address it was received from (eth0). > The dnsmasq payload appears correct, with the "Next server IP address" > and "Relay agent IP address" properly set (eth1). > > This seems to be a bug in dnsmasq - shouldn't it reply using address > that the packet was received on? The payload is correct, the UDP > destination is wrong (it seems to me). The current behaviour is right, according to RFC2131: If the 'giaddr' field in a DHCP message from a client is non-zero, the server sends any return messages to the 'DHCP server' port on the BOOTP relay agent whose address appears in 'giaddr'. > > That's the reason for the deny lines in the firewall logs, btw - > iptables sees a request go out eth0 and come back in eth0 /destined > for eth1/. Should dhcrelay be putting eth0 into the "Relay agent IP > address" field? No. That would completely break things because the Relay Agent IP address is used to determine which subnet the client is connected to and therefore what IP address to allocate to it. Using the address of eth0 would result in the client getting an address on the network shared by the server and the firewall rather than one on the network shared by the server and workstations. The fix (if any) here lies in modifiying the firewall rules. If you don't like dhcrelay, you could look at http://thekelleys.org.uk/dhcp-helper/ as an alternative. Cheers, Simon. > > > > From jnelson+dnsmasq at jamponi.net Thu Oct 22 16:29:08 2009 From: jnelson+dnsmasq at jamponi.net (Jon Nelson) Date: Thu, 22 Oct 2009 10:29:08 -0500 Subject: [Dnsmasq-discuss] dnsmasq and dhcp relaying In-Reply-To: <4AE07500.3050400@thekelleys.org.uk> References: <4AE07500.3050400@thekelleys.org.uk> Message-ID: On Thu, Oct 22, 2009 at 10:06 AM, Simon Kelley wrote: > Jon Nelson wrote: >> >> I've got a setup (working) that looks like this: >> >> workstations <-> server <-> firewall <-> internet >> >> firewall is running dnsmasq, server is using dhcrelay >> Both firewall and server have iptables-based firewalls >> >> The setup is working fine, except >> >> 1. I don't like dhcrelay >> 2. I get lots of deny lines in server's firewall logs, *even though >> the requests work*. >> >> Pertinent to item 2, this is what tcpdump shows (on the 'firewall' >> interface of 'server'). >> >> - a workstation will broadcast or unicast for an address >> - the server receives it on eth1, iptables allows it in, dhcrelay >> grabs it, and sends out a new packet on eth0 (the 'firewall' side of >> 'server') >> - dnsmasq (on 'firewall') receives it (through iptables), generates a >> response, and sends it. >> >> Here's where it gets sticky. dhcrelay receives the request on eth1, >> and sends out a request on eth0. The "Relay agent IP address" in the >> payload is eth1's IP address. dnsmasq sends the reply *to this >> address* (eth1), rather than the address it was received from (eth0). >> The dnsmasq payload appears correct, with the "Next server IP address" >> and "Relay agent IP address" properly set (eth1). >> >> This seems to be a bug in dnsmasq - shouldn't it reply using address >> that the packet was received on? The payload is correct, the UDP >> destination is wrong (it seems to me). > > The current behaviour is right, according to RFC2131: > > ? If the 'giaddr' field in a DHCP message from a client is non-zero, > ? the server sends any return messages to the 'DHCP server' port on the > ? BOOTP relay agent whose address appears in 'giaddr'. Is "Relay agent IP address" synonymous with 'giaddr' ? For now, I will assume it is. >> That's the reason for the deny lines in the firewall logs, btw - >> iptables sees a request go out eth0 and come back in eth0 /destined >> for eth1/. Should dhcrelay be putting eth0 into the "Relay agent IP >> address" field? > > No. That would completely break things because the Relay Agent IP address is > used to determine which subnet the client is connected to and therefore what > IP address to allocate to it. Using the address of eth0 would result in the > client getting an address on the network shared by the server and the > firewall rather than one on the network shared by the ?server and > workstations. Ah, yes - I see. Therefore, what I'm seeing is expected from an RFC point of view - the address being requested is in eth1's network, so dhrelay puts eth1 into giaddr. However, the request goes out eth0. Despite being received on eth0, dnsmasq sends its reply to the address in the payload, rather than the address the packet was received from - and it is this that confuses me. Using the normal rules of packet forwarding, packets should go back whence they came - DHCP, however, uses contents of the payload to determine the reply and in this case that conflicts with the actual network layout. This seems like a broken-ness of DHCP. > If you don't like dhcrelay, you could look at > http://thekelleys.org.uk/dhcp-helper/ as an alternative. I will! -- Jon From jnelson+dnsmasq at jamponi.net Thu Oct 22 16:39:59 2009 From: jnelson+dnsmasq at jamponi.net (Jon Nelson) Date: Thu, 22 Oct 2009 10:39:59 -0500 Subject: [Dnsmasq-discuss] dnsmasq and dhcp relaying In-Reply-To: <4AE07500.3050400@thekelleys.org.uk> References: <4AE07500.3050400@thekelleys.org.uk> Message-ID: On Thu, Oct 22, 2009 at 10:06 AM, Simon Kelley wrote: > If you don't like dhcrelay, you could look at > http://thekelleys.org.uk/dhcp-helper/ as an alternative. I've modified my firewall rules and switched to dhcp-helper. It appears to work just great! Thanks! -- Jon From simon at thekelleys.org.uk Thu Oct 22 16:47:08 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Thu, 22 Oct 2009 16:47:08 +0100 Subject: [Dnsmasq-discuss] dnsmasq and dhcp relaying In-Reply-To: References: <4AE07500.3050400@thekelleys.org.uk> Message-ID: <4AE07E7C.1000708@thekelleys.org.uk> Jon Nelson wrote: > On Thu, Oct 22, 2009 at 10:06 AM, Simon Kelley wrote: >> Jon Nelson wrote: >>> I've got a setup (working) that looks like this: >>> >>> workstations <-> server <-> firewall <-> internet >>> >>> firewall is running dnsmasq, server is using dhcrelay >>> Both firewall and server have iptables-based firewalls >>> >>> The setup is working fine, except >>> >>> 1. I don't like dhcrelay >>> 2. I get lots of deny lines in server's firewall logs, *even though >>> the requests work*. >>> >>> Pertinent to item 2, this is what tcpdump shows (on the 'firewall' >>> interface of 'server'). >>> >>> - a workstation will broadcast or unicast for an address >>> - the server receives it on eth1, iptables allows it in, dhcrelay >>> grabs it, and sends out a new packet on eth0 (the 'firewall' side of >>> 'server') >>> - dnsmasq (on 'firewall') receives it (through iptables), generates a >>> response, and sends it. >>> >>> Here's where it gets sticky. dhcrelay receives the request on eth1, >>> and sends out a request on eth0. The "Relay agent IP address" in the >>> payload is eth1's IP address. dnsmasq sends the reply *to this >>> address* (eth1), rather than the address it was received from (eth0). >>> The dnsmasq payload appears correct, with the "Next server IP address" >>> and "Relay agent IP address" properly set (eth1). >>> >>> This seems to be a bug in dnsmasq - shouldn't it reply using address >>> that the packet was received on? The payload is correct, the UDP >>> destination is wrong (it seems to me). >> The current behaviour is right, according to RFC2131: >> >> If the 'giaddr' field in a DHCP message from a client is non-zero, >> the server sends any return messages to the 'DHCP server' port on the >> BOOTP relay agent whose address appears in 'giaddr'. > > Is "Relay agent IP address" synonymous with 'giaddr' ? For now, I will > assume it is. It is. > >>> That's the reason for the deny lines in the firewall logs, btw - >>> iptables sees a request go out eth0 and come back in eth0 /destined >>> for eth1/. Should dhcrelay be putting eth0 into the "Relay agent IP >>> address" field? >> No. That would completely break things because the Relay Agent IP address is >> used to determine which subnet the client is connected to and therefore what >> IP address to allocate to it. Using the address of eth0 would result in the >> client getting an address on the network shared by the server and the >> firewall rather than one on the network shared by the server and >> workstations. > > Ah, yes - I see. > > Therefore, what I'm seeing is expected from an RFC point of view - the > address being requested is in eth1's network, so dhrelay puts eth1 > into giaddr. However, the request goes out eth0. Despite being > received on eth0, dnsmasq sends its reply to the address in the > payload, rather than the address the packet was received from - and it > is this that confuses me. Using the normal rules of packet > forwarding, packets should go back whence they came - DHCP, however, > uses contents of the payload to determine the reply and in this case > that conflicts with the actual network layout. This seems like a > broken-ness of DHCP. There is quite a lot of that. It does seem to be universal in the DHCP spec to ignore the source address and source port of received DHCP packets. Cheers, Simon. From simon at thekelleys.org.uk Thu Oct 22 21:06:24 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Thu, 22 Oct 2009 21:06:24 +0100 Subject: [Dnsmasq-discuss] About 127.0.0.1 in resolv.conf [WAS: Web hang ups after repeated access to one site - dnsmasq related?] In-Reply-To: <4ADFD366.1070400@maxbarry.com> References: <4ADFD366.1070400@maxbarry.com> Message-ID: <4AE0BB40.6040004@thekelleys.org.uk> Max Barry wrote: > Simon Kelley wrote: >> Hugo Heden wrote: >>> But what happens if dnsmasq then >>> forwards a ("non-local") dns-query to 127.0.0.1, i.e to itself? Could >>> that not result in some kind of infinite loop weirdness? >> dnsmasq knows that it's listening on 127.0.0.1 so it's clever enough not >> to forward requests there. > > Hello! Sorry to gravedig, but I'm having this problem: dnsmasq listens > on 127.0.0.1 and forwards requests to itself. > > From /var/log/daemon.log: > > Oct 15 09:24:35 eve dnsmasq[2396]: started, version 2.47 cachesize 150 > Oct 15 09:24:35 eve dnsmasq[2396]: compile time options: IPv6 GNU-getopt > DBus I18N TFTP > Oct 15 09:24:35 eve dnsmasq[2396]: no servers found in /etc/resolv.conf, > will retry > Oct 15 09:24:35 eve dnsmasq[2396]: read /etc/hosts - 16 addresses > Oct 15 09:24:41 eve NetworkManager: starting... > ...snip... > Oct 15 09:24:49 eve NetworkManager: address 192.168.0.2 > Oct 15 09:24:49 eve NetworkManager: prefix 24 (255.255.255.0) > Oct 15 09:24:49 eve NetworkManager: gateway 192.168.0.1 > Oct 15 09:24:49 eve NetworkManager: nameserver '127.0.0.1' > Oct 15 09:24:49 eve NetworkManager: nameserver '61.9.134.49' > Oct 15 09:24:49 eve NetworkManager: nameserver '61.9.133.193' > Oct 15 09:24:49 eve NetworkManager: nameserver '208.67.222.222' > Oct 15 09:24:49 eve NetworkManager: nameserver '208.67.220.220' > Oct 15 09:24:49 eve NetworkManager: nameserver '192.168.0.1' > Oct 15 09:24:49 eve NetworkManager: domain name > 'vic.bigpond.net.au' > Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage 5 > of 5 (IP Configure Commit) scheduled... > Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage 4 > of 5 (IP Configure Get) complete. > Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage 5 > of 5 (IP Configure Commit) started... > Oct 15 09:24:51 eve NetworkManager: (wlan1): device state > change: 7 -> 8 > Oct 15 09:24:51 eve dnsmasq[2396]: reading /etc/resolv.conf > Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 208.67.220.220#53 > Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 208.67.222.222#53 > Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 61.9.133.193#53 > Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 61.9.134.49#53 > Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 127.0.0.1#53 > > Note the line above. If I manually restart dnsmasq, that line instead > looks like "dnsmasq[3853]: ignoring nameserver 127.0.0.1 - local > interface". But each time I turn on my computer each day, and dnsmasq > starts automatically, it's as per the above, and it listens to the local > interface: > > Oct 15 09:25:49 eve dnsmasq[2396]: query[A] www.bom.gov.au from 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: forwarded www.bom.gov.au to 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: query[A] weather.noaa.gov from 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: forwarded weather.noaa.gov to 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: query[A] ntp.ubuntu.com from 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: forwarded ntp.ubuntu.com to 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: query[A] imap.gmail.com from 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: forwarded imap.gmail.com to 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: query[A] ntp.ubuntu.com from 127.0.0.1 > Oct 15 09:25:49 eve dnsmasq[2396]: forwarded ntp.ubuntu.com to 127.0.0.1 > > These requests time out, making everything very slow. > > $ more /etc/resolv.conf > # Generated by NetworkManager > domain vic.bigpond.net.au > search vic.bigpond.net.au > nameserver 127.0.0.1 > nameserver 61.9.134.49 > nameserver 61.9.133.193 > # NOTE: the libc resolver may not support more than 3 nameservers. > # The nameservers listed below may not be recognized. > nameserver 208.67.222.222 > nameserver 208.67.220.220 > > This problem only began after I started using NetworkManager on Ubuntu > (previously I had manually configured /etc/network/interfaces). > > Any help appreciated! > > Max. Could you try http://www.thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.52test3.tar.gz and let me know if that fixes things? Cheers, Simon. From mythtv at maxbarry.com Thu Oct 22 23:05:41 2009 From: mythtv at maxbarry.com (Max Barry) Date: Fri, 23 Oct 2009 09:05:41 +1100 Subject: [Dnsmasq-discuss] About 127.0.0.1 in resolv.conf [WAS: Web hang ups after repeated access to one site - dnsmasq related?] Message-ID: <4AE0D735.7050707@maxbarry.com> Simon Kelly wrote: > Max Barry wrote: >> Simon Kelley wrote: >>> Hugo Heden wrote: >>>> But what happens if dnsmasq then >>>> forwards a ("non-local") dns-query to 127.0.0.1, i.e to itself? Could >>>> that not result in some kind of infinite loop weirdness? >>> dnsmasq knows that it's listening on 127.0.0.1 so it's clever enough not >>> to forward requests there. >> >> Hello! Sorry to gravedig, but I'm having this problem: dnsmasq listens >> on 127.0.0.1 and forwards requests to itself. >> >> From /var/log/daemon.log: >> >> Oct 15 09:24:35 eve dnsmasq[2396]: started, version 2.47 cachesize 150 >> Oct 15 09:24:35 eve dnsmasq[2396]: compile time options: IPv6 GNU-getopt >> DBus I18N TFTP >> Oct 15 09:24:35 eve dnsmasq[2396]: no servers found in /etc/resolv.conf, >> will retry >> Oct 15 09:24:35 eve dnsmasq[2396]: read /etc/hosts - 16 addresses >> Oct 15 09:24:41 eve NetworkManager: starting... >> ...snip... >> Oct 15 09:24:49 eve NetworkManager: address 192.168.0.2 >> Oct 15 09:24:49 eve NetworkManager: prefix 24 (255.255.255.0) >> Oct 15 09:24:49 eve NetworkManager: gateway 192.168.0.1 >> Oct 15 09:24:49 eve NetworkManager: nameserver '127.0.0.1' >> Oct 15 09:24:49 eve NetworkManager: nameserver '61.9.134.49' >> Oct 15 09:24:49 eve NetworkManager: nameserver '61.9.133.193' >> Oct 15 09:24:49 eve NetworkManager: nameserver '208.67.222.222' >> Oct 15 09:24:49 eve NetworkManager: nameserver '208.67.220.220' >> Oct 15 09:24:49 eve NetworkManager: nameserver '192.168.0.1' >> Oct 15 09:24:49 eve NetworkManager: domain name >> 'vic.bigpond.net.au' >> Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage 5 >> of 5 (IP Configure Commit) scheduled... >> Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage 4 >> of 5 (IP Configure Get) complete. >> Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage 5 >> of 5 (IP Configure Commit) started... >> Oct 15 09:24:51 eve NetworkManager: (wlan1): device state >> change: 7 -> 8 >> Oct 15 09:24:51 eve dnsmasq[2396]: reading /etc/resolv.conf >> Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 208.67.220.220#53 >> Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 208.67.222.222#53 >> Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 61.9.133.193#53 >> Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 61.9.134.49#53 >> Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 127.0.0.1#53 >> >> Note the line above. If I manually restart dnsmasq, that line instead >> looks like "dnsmasq[3853]: ignoring nameserver 127.0.0.1 - local >> interface". But each time I turn on my computer each day, and dnsmasq >> starts automatically, it's as per the above, and it listens to the local >> interface: >> >> Oct 15 09:25:49 eve dnsmasq[2396]: query[A] www.bom.gov.au from 127.0.0.1 >> Oct 15 09:25:49 eve dnsmasq[2396]: forwarded www.bom.gov.au to 127.0.0.1 >> Oct 15 09:25:49 eve dnsmasq[2396]: query[A] weather.noaa.gov from 127.0.0.1 >> Oct 15 09:25:49 eve dnsmasq[2396]: forwarded weather.noaa.gov to 127.0.0.1 >> Oct 15 09:25:49 eve dnsmasq[2396]: query[A] ntp.ubuntu.com from 127.0.0.1 >> Oct 15 09:25:49 eve dnsmasq[2396]: forwarded ntp.ubuntu.com to 127.0.0.1 >> Oct 15 09:25:49 eve dnsmasq[2396]: query[A] imap.gmail.com from 127.0.0.1 >> Oct 15 09:25:49 eve dnsmasq[2396]: forwarded imap.gmail.com to 127.0.0.1 >> Oct 15 09:25:49 eve dnsmasq[2396]: query[A] ntp.ubuntu.com from 127.0.0.1 >> Oct 15 09:25:49 eve dnsmasq[2396]: forwarded ntp.ubuntu.com to 127.0.0.1 >> >> These requests time out, making everything very slow. >> >> $ more /etc/resolv.conf >> # Generated by NetworkManager >> domain vic.bigpond.net.au >> search vic.bigpond.net.au >> nameserver 127.0.0.1 >> nameserver 61.9.134.49 >> nameserver 61.9.133.193 >> # NOTE: the libc resolver may not support more than 3 nameservers. >> # The nameservers listed below may not be recognized. >> nameserver 208.67.222.222 >> nameserver 208.67.220.220 >> >> This problem only began after I started using NetworkManager on Ubuntu >> (previously I had manually configured /etc/network/interfaces). >> >> Any help appreciated! >> > > It would be useful to get to the bottom of this. > > I guess it's something to do with the order in which things happen at > startup. Dnsmasq doesn't treat 127.0.0.1 specially: when it starts up > is enumerates all the interfaces on the machine and notes those with the > "loopback" flag set. If an address turns up later in /etc/resolv.conf > which matches one which was owned by a loopback interface during the > enumeration, then it is rejected. > > So, if, at the time dnsmasq is started, the "lo" interface either 1) > doesn't exist, 2) doesn't have the loopback flag set or 3) doesn't have > address 127.0.0.1 then the address 127.0.0.1 will not be weeded out. > > Could you add something like > > ip addr show >/tmp/interface-state > > to the /etc/init.d dnsmasq start script, reboot, and post the results here? > > > Cheers, > > Simon. Thanks for the help! Results: 1: lo: mtu 16436 qdisc noop state DOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth2: mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:1f:c6:85:29:28 brd ff:ff:ff:ff:ff:ff 3: wmaster0: mtu 1500 qdisc noop state DOWN qlen 1000 link/ieee802.11 00:24:01:12:87:8d brd ff:ff:ff:ff:ff:ff 4: wlan1: mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:24:01:12:87:8d brd ff:ff:ff:ff:ff:ff For comparison, this is what it looks like if I then restart dnsmasq manually: 1: lo: mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth2: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:1f:c6:85:29:28 brd ff:ff:ff:ff:ff:ff 3: wmaster0: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ieee802.11 00:24:01:12:87:8d brd ff:ff:ff:ff:ff:ff 4: wlan1: mtu 1492 qdisc pfifo_fast state UP qlen 1000 link/ether 00:24:01:12:87:8d brd ff:ff:ff:ff:ff:ff inet 192.168.0.2/24 brd 192.168.0.255 scope global wlan1 inet6 fe80::224:1ff:fe12:878d/64 scope link valid_lft forever preferred_lft forever I will see if I can get dnsmasq-2.52test3 working as per your other post. Thanks again! Max. From psmith at gnu.org Thu Oct 22 23:18:02 2009 From: psmith at gnu.org (Paul Smith) Date: Thu, 22 Oct 2009 18:18:02 -0400 Subject: [Dnsmasq-discuss] Ideas for handing out "per blade" information In-Reply-To: <4AE04C5C.1050903@thekelleys.org.uk> References: <1256160366.2856.685.camel@homebase> <4AE04C5C.1050903@thekelleys.org.uk> Message-ID: <1256249882.31890.82.camel@psmith-ubeta.netezza.com> On Thu, 2009-10-22 at 13:13 +0100, Simon Kelley wrote: > network-ids are sadly misnamed: they have grown into much more general > tags now. You can certainly set a net-id tag in a dhcp-host line, and > then use that to select the options to be sent to a particular host. I see it clearly now; I don't know how I missed it. My only excuse is that the summary for dhcp-options talks about while the summary for dhcp-hosts talks about ... but that's pretty weak! :-) So, suppose I wanted to provide some location information in the DHCP response packet: something like rack number + chassis number + slot number etc. Say a sequence of N integers. I checked the DHCP RFCs and didn't find a DHCP option that seemed appropriate. I'd prefer to do this in the most standards-compliant way possible: anyone have a suggestion for a good option to use? > There's no way to change this information completely dynamically. You > can however put all the dhcp-host information into a file and point at > that file with --dhcp-hostsfile, similarly with options and > dhcp-optsfile. Unlike a general configuration, these files _are_ > re-read when dnsmasq gets SIGHUP. I guess I need to set up a cronjob or something to do this. I can imagine, though, that the latency between when you put a new board in, and when the information is available to dnsmasq to respond properly to DHCP requests from that board, could become a source of frustration. I'll just have to code the board to continue to do DHCP requests until it gets back a response containing the location information I need, or something. Thanks for your help! From mythtv at maxbarry.com Fri Oct 23 03:33:57 2009 From: mythtv at maxbarry.com (Max Barry) Date: Fri, 23 Oct 2009 13:33:57 +1100 Subject: [Dnsmasq-discuss] About 127.0.0.1 in resolv.conf [WAS: Web hang ups after repeated access to one site - dnsmasq related?] In-Reply-To: <4AE0D735.7050707@maxbarry.com> References: <4AE0D735.7050707@maxbarry.com> Message-ID: <4AE11615.1090509@maxbarry.com> On 23/10/09 09:05, Max Barry wrote: > > Simon Kelly wrote: >> Max Barry wrote: >>> Simon Kelley wrote: >>>> Hugo Heden wrote: >>>>> But what happens if dnsmasq then >>>>> forwards a ("non-local") dns-query to 127.0.0.1, i.e to itself? Could >>>>> that not result in some kind of infinite loop weirdness? >>>> dnsmasq knows that it's listening on 127.0.0.1 so it's clever enough >>>> not to forward requests there. >>> >>> Hello! Sorry to gravedig, but I'm having this problem: dnsmasq >>> listens on 127.0.0.1 and forwards requests to itself. >>> >>> From /var/log/daemon.log: >>> >>> Oct 15 09:24:35 eve dnsmasq[2396]: started, version 2.47 cachesize 150 >>> Oct 15 09:24:35 eve dnsmasq[2396]: compile time options: IPv6 >>> GNU-getopt DBus I18N TFTP >>> Oct 15 09:24:35 eve dnsmasq[2396]: no servers found in >>> /etc/resolv.conf, will retry >>> Oct 15 09:24:35 eve dnsmasq[2396]: read /etc/hosts - 16 addresses >>> Oct 15 09:24:41 eve NetworkManager: starting... >>> ...snip... >>> Oct 15 09:24:49 eve NetworkManager: address 192.168.0.2 >>> Oct 15 09:24:49 eve NetworkManager: prefix 24 (255.255.255.0) >>> Oct 15 09:24:49 eve NetworkManager: gateway 192.168.0.1 >>> Oct 15 09:24:49 eve NetworkManager: nameserver '127.0.0.1' >>> Oct 15 09:24:49 eve NetworkManager: nameserver '61.9.134.49' >>> Oct 15 09:24:49 eve NetworkManager: nameserver '61.9.133.193' >>> Oct 15 09:24:49 eve NetworkManager: nameserver >>> '208.67.222.222' >>> Oct 15 09:24:49 eve NetworkManager: nameserver >>> '208.67.220.220' >>> Oct 15 09:24:49 eve NetworkManager: nameserver '192.168.0.1' >>> Oct 15 09:24:49 eve NetworkManager: domain name >>> 'vic.bigpond.net.au' >>> Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage >>> 5 of 5 (IP Configure Commit) scheduled... >>> Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage >>> 4 of 5 (IP Configure Get) complete. >>> Oct 15 09:24:49 eve NetworkManager: Activation (wlan1) Stage >>> 5 of 5 (IP Configure Commit) started... >>> Oct 15 09:24:51 eve NetworkManager: (wlan1): device state >>> change: 7 -> 8 >>> Oct 15 09:24:51 eve dnsmasq[2396]: reading /etc/resolv.conf >>> Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 208.67.220.220#53 >>> Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 208.67.222.222#53 >>> Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 61.9.133.193#53 >>> Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 61.9.134.49#53 >>> Oct 15 09:24:51 eve dnsmasq[2396]: using nameserver 127.0.0.1#53 >>> >>> Note the line above. If I manually restart dnsmasq, that line instead >>> looks like "dnsmasq[3853]: ignoring nameserver 127.0.0.1 - local >>> interface". But each time I turn on my computer each day, and dnsmasq >>> starts automatically, it's as per the above, and it listens to the >>> local interface: >>> >>> Oct 15 09:25:49 eve dnsmasq[2396]: query[A] www.bom.gov.au from >>> 127.0.0.1 >>> Oct 15 09:25:49 eve dnsmasq[2396]: forwarded www.bom.gov.au to 127.0.0.1 >>> Oct 15 09:25:49 eve dnsmasq[2396]: query[A] weather.noaa.gov from >>> 127.0.0.1 >>> Oct 15 09:25:49 eve dnsmasq[2396]: forwarded weather.noaa.gov to >>> 127.0.0.1 >>> Oct 15 09:25:49 eve dnsmasq[2396]: query[A] ntp.ubuntu.com from >>> 127.0.0.1 >>> Oct 15 09:25:49 eve dnsmasq[2396]: forwarded ntp.ubuntu.com to 127.0.0.1 >>> Oct 15 09:25:49 eve dnsmasq[2396]: query[A] imap.gmail.com from >>> 127.0.0.1 >>> Oct 15 09:25:49 eve dnsmasq[2396]: forwarded imap.gmail.com to 127.0.0.1 >>> Oct 15 09:25:49 eve dnsmasq[2396]: query[A] ntp.ubuntu.com from >>> 127.0.0.1 >>> Oct 15 09:25:49 eve dnsmasq[2396]: forwarded ntp.ubuntu.com to 127.0.0.1 >>> >>> These requests time out, making everything very slow. >>> >>> $ more /etc/resolv.conf >>> # Generated by NetworkManager >>> domain vic.bigpond.net.au >>> search vic.bigpond.net.au >>> nameserver 127.0.0.1 >>> nameserver 61.9.134.49 >>> nameserver 61.9.133.193 >>> # NOTE: the libc resolver may not support more than 3 nameservers. >>> # The nameservers listed below may not be recognized. >>> nameserver 208.67.222.222 >>> nameserver 208.67.220.220 >>> >>> This problem only began after I started using NetworkManager on >>> Ubuntu (previously I had manually configured /etc/network/interfaces). >>> >>> Any help appreciated! >>> >> >> It would be useful to get to the bottom of this. >> >> I guess it's something to do with the order in which things happen at >> startup. Dnsmasq doesn't treat 127.0.0.1 specially: when it starts up >> is enumerates all the interfaces on the machine and notes those with >> the "loopback" flag set. If an address turns up later in >> /etc/resolv.conf which matches one which was owned by a loopback >> interface during the enumeration, then it is rejected. >> >> So, if, at the time dnsmasq is started, the "lo" interface either 1) >> doesn't exist, 2) doesn't have the loopback flag set or 3) doesn't >> have address 127.0.0.1 then the address 127.0.0.1 will not be weeded out. >> >> Could you add something like >> >> ip addr show >/tmp/interface-state >> >> to the /etc/init.d dnsmasq start script, reboot, and post the results >> here? >> >> >> Cheers, >> >> Simon. > > Thanks for the help! Results: > > 1: lo: mtu 16436 qdisc noop state DOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > 2: eth2: mtu 1500 qdisc noop state DOWN qlen 1000 > link/ether 00:1f:c6:85:29:28 brd ff:ff:ff:ff:ff:ff > 3: wmaster0: mtu 1500 qdisc noop state DOWN qlen 1000 > link/ieee802.11 00:24:01:12:87:8d brd ff:ff:ff:ff:ff:ff > 4: wlan1: mtu 1500 qdisc noop state DOWN qlen 1000 > link/ether 00:24:01:12:87:8d brd ff:ff:ff:ff:ff:ff > > For comparison, this is what it looks like if I then restart dnsmasq > manually: > > 1: lo: mtu 16436 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth2: mtu 1500 qdisc pfifo_fast state > UNKNOWN qlen 1000 > link/ether 00:1f:c6:85:29:28 brd ff:ff:ff:ff:ff:ff > 3: wmaster0: mtu 1500 qdisc pfifo_fast > state UNKNOWN qlen 1000 > link/ieee802.11 00:24:01:12:87:8d brd ff:ff:ff:ff:ff:ff > 4: wlan1: mtu 1492 qdisc pfifo_fast > state UP qlen 1000 > link/ether 00:24:01:12:87:8d brd ff:ff:ff:ff:ff:ff > inet 192.168.0.2/24 brd 192.168.0.255 scope global wlan1 > inet6 fe80::224:1ff:fe12:878d/64 scope link > valid_lft forever preferred_lft forever > > I will see if I can get dnsmasq-2.52test3 working as per your other post. Yay! dnsmasq-2.52test3 does indeed seem to work correctly. While the 'ip addr show' results are the same upon boot (lo registered as LOOPBACK but not with address 127.0.0.1), dnsmasq correctly refuses to listen to it: Oct 23 13:12:34 eve dnsmasq[2404]: started, version 2.52test3 cachesize 150 Oct 23 13:12:34 eve dnsmasq[2404]: compile time options: IPv6 GNU-getopt no-DBus no-I18N DHCP TFTP Oct 23 13:12:34 eve dnsmasq[2404]: no servers found in /etc/resolv.conf, will re try Oct 23 13:12:34 eve dnsmasq[2404]: read /etc/hosts - 16 addresses Oct 23 13:12:40 eve NetworkManager: starting... ...snip... Oct 23 13:12:57 eve NetworkManager: Activation (wlan1) Stage 5 of 5 (IP Configure Commit) complete. Oct 23 13:12:57 eve dnsmasq[2404]: query[SOA] local from 127.0.0.1 Oct 23 13:12:57 eve dnsmasq[2404]: query[SOA] local from 127.0.0.1 Oct 23 13:12:58 eve ntpd[2972]: ntpd exiting on signal 15 Oct 23 13:12:58 eve dnsmasq[2404]: reading /etc/resolv.conf Oct 23 13:12:58 eve dnsmasq[2404]: using nameserver 208.67.220.220#53 Oct 23 13:12:58 eve dnsmasq[2404]: using nameserver 208.67.222.222#53 Oct 23 13:12:58 eve dnsmasq[2404]: using nameserver 61.9.133.193#53 Oct 23 13:12:58 eve dnsmasq[2404]: using nameserver 61.9.134.49#53 Oct 23 13:12:58 eve dnsmasq[2404]: ignoring nameserver 127.0.0.1 - local interface I notice the compile-time options are slightly different this time around (no-DBus vs DBus, no I18N) but am not sure if that's relevant. Thanks for the help! Max. From linuxuser09 at gmx.com Fri Oct 23 03:46:40 2009 From: linuxuser09 at gmx.com (Linux User) Date: Thu, 22 Oct 2009 22:46:40 -0400 Subject: [Dnsmasq-discuss] Dnsmasq is ignoring dhcp-option=option:router, 192.168.0.1 Message-ID: <200910222246.40627.linuxuser09@gmx.com> My primary computer serves as a DHCP/DNS server and sends out request to my second computer. Everything on the second computer is setup properly except I can't get my second computer to connect to the internet. Firewall is setup fine, I don't see in dmesg that it's denying my second computer access to the internet. Matter of fact, I don't see anything that says my second computer is trying to connect to the net. Things I can do on the second computer ping 192.168.0.1 works host google.com works ping (google.com ip address) fail When I issue the route command, I see: (The name of my DHCP/DNS server is netsrv.comp1.localnet.webwaredev.org) default netsrv.comp1.lo 0.0.0.0 UG 0 0 eth0 I had set dhcp-option=option:router,192.168.0.1 and I think it should display: default 192.168.0.1 0.0.0.0 UG 0 0 eth0 but it doesn't... Any help I can get to help resolve this would be appreciated... linuxuser09 at gmx.com Thank You From tim at theallinghams.com Fri Oct 23 05:19:46 2009 From: tim at theallinghams.com (Tim Allingham) Date: Fri, 23 Oct 2009 15:19:46 +1100 Subject: [Dnsmasq-discuss] Dnsmasq is ignoring dhcp-option=option:router, 192.168.0.1 In-Reply-To: <200910222246.40627.linuxuser09@gmx.com> References: <200910222246.40627.linuxuser09@gmx.com> Message-ID: <1256271586.3637.13.camel@tim-laptop.hampton.247ads.com.au> Have you set up any routing for the first PC to pass packets back and forth to the net? I assume PC 1 is a linux box? if so you'll generally need to enable ip_forward in the /proc filesystem normally to do this is ~# echo 1 > /proc/sys/net/ipv4/ip_forward for routing, you'll also need to enable NAT or IP Masquerading to allow the second PC to access the net. if your not sure how to do this in iptables/ipfw or your preferred firewall software, let me know I would be happy to help you out with this outside of the list as to your route, it is correct now, it is using the hostname to report the default gateway, however the hostname is getting cut off due to the column width in the route table report ie netsrv.comp1.localnet.webwaredev.org gets netsrv.comp1.lo Cheers Tim Allingham -----Original Message----- From: Linux User To: dnsmasq-discuss at lists.thekelleys.org.uk Subject: [Dnsmasq-discuss] Dnsmasq is ignoring dhcp-option=option:router, 192.168.0.1 Date: Thu, 22 Oct 2009 22:46:40 -0400 My primary computer serves as a DHCP/DNS server and sends out request to my second computer. Everything on the second computer is setup properly except I can't get my second computer to connect to the internet. Firewall is setup fine, I don't see in dmesg that it's denying my second computer access to the internet. Matter of fact, I don't see anything that says my second computer is trying to connect to the net. Things I can do on the second computer ping 192.168.0.1 works host google.com works ping (google.com ip address) fail When I issue the route command, I see: (The name of my DHCP/DNS server is netsrv.comp1.localnet.webwaredev.org) default netsrv.comp1.lo 0.0.0.0 UG 0 0 eth0 I had set dhcp-option=option:router,192.168.0.1 and I think it should display: default 192.168.0.1 0.0.0.0 UG 0 0 eth0 but it doesn't... Any help I can get to help resolve this would be appreciated... linuxuser09 at gmx.com Thank You _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss at lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091023/5bffdad3/attachment.htm From linuxuser09 at gmx.com Fri Oct 23 06:35:06 2009 From: linuxuser09 at gmx.com (Linux User) Date: Fri, 23 Oct 2009 01:35:06 -0400 Subject: [Dnsmasq-discuss] Dnsmasq is ignoring dhcp-option=option:router, 192.168.0.1 Message-ID: <200910230135.06680.linuxuser09@gmx.com> On Friday 23 October 2009 12:19:46 am you wrote: > Have you set up any routing for the first PC to pass packets back and > forth to the net? I assume PC 1 is a linux box? > > > if so you'll generally need to enable ip_forward in the /proc filesystem > > normally to do this is > ~# echo 1 > /proc/sys/net/ipv4/ip_forward > > for routing, you'll also need to enable NAT or IP Masquerading to allow > the second PC to access the net. > > if your not sure how to do this in iptables/ipfw or your preferred > firewall software, let me know I would be happy to help you out with > this outside of the list > > > as to your route, it is correct now, it is using the hostname to report > the default gateway, however the hostname is getting cut off due to the > column width in the route table report > > ie > netsrv.comp1.localnet.webwaredev.org > gets > netsrv.comp1.lo > > > Cheers > > Tim Allingham > > -----Original Message----- > From: Linux User > To: dnsmasq-discuss at lists.thekelleys.org.uk > Subject: [Dnsmasq-discuss] Dnsmasq is ignoring > dhcp-option=option:router, 192.168.0.1 > Date: Thu, 22 Oct 2009 22:46:40 -0400 > > > My primary computer serves as a DHCP/DNS server and sends out request to my > second computer. Everything on the second computer is setup properly except > I can't get my second computer to connect to the internet. Firewall is > setup fine, I don't see in dmesg that it's denying my second computer > access to the internet. Matter of fact, I don't see anything that says my > second computer is trying to connect to the net. > > Things I can do on the second computer > ping 192.168.0.1 works > host google.com works > ping (google.com ip address) fail > > When I issue the route command, I see: (The name of my DHCP/DNS server is > netsrv.comp1.localnet.webwaredev.org) > default netsrv.comp1.lo 0.0.0.0 UG 0 0 eth0 > > I had set dhcp-option=option:router,192.168.0.1 and I think it should > display: default 192.168.0.1 0.0.0.0 UG 0 0 eth0 > > but it doesn't... > > Any help I can get to help resolve this would be appreciated... > > linuxuser09 at gmx.com > Thank You > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > Thank YOU Tim Allingham, it was echo 1 > /proc/sys/net/ipv4/ip_forward all along. My fwbuilder Firewall script was suppose to enabled that during boot. I'll don't know what happened and I'm investigating why not. Thanks again... linuxuser09 at gmx.com Thank You P.S. Tim Allingham if you got allot of emails, it was meant to go to this list. Didn't realize until now From simon at thekelleys.org.uk Fri Oct 23 09:27:04 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Fri, 23 Oct 2009 09:27:04 +0100 Subject: [Dnsmasq-discuss] About 127.0.0.1 in resolv.conf [WAS: Web hang ups after repeated access to one site - dnsmasq related?] In-Reply-To: <4AE11615.1090509@maxbarry.com> References: <4AE0D735.7050707@maxbarry.com> <4AE11615.1090509@maxbarry.com> Message-ID: <4AE168D8.2060208@thekelleys.org.uk> Max Barry wrote: > Yay! dnsmasq-2.52test3 does indeed seem to work correctly. While the 'ip > addr show' results are the same upon boot (lo registered as LOOPBACK but > not with address 127.0.0.1), dnsmasq correctly refuses to listen to it: Excellent. I'll work on getting that fix released ASAP. The change is simply to re-check the interface configuration just before installing a new set of upstream servers. > > I notice the compile-time options are slightly different this time > around (no-DBus vs DBus, no I18N) but am not sure if that's relevant. > It doesn't affect the results of the test at all. If you want a dnsmasq binary with the same capabilities as standard, and assuming you're running Debian or Ubuntu, then you have all the bits needed to build packages which will have them sudo apt-get build-dep dnsmasq will pull in the tools needed, then cd dnsmasq-2.52; debian/rules binary will build the dnsmasq and dnsmasq-base .debs. > Thanks for the help! No problem, thanks for you help. Cheers, Simon. From ranceh at gmail.com Fri Oct 23 16:34:28 2009 From: ranceh at gmail.com (Rance Hall) Date: Fri, 23 Oct 2009 10:34:28 -0500 Subject: [Dnsmasq-discuss] Ideas for handing out "per blade" information In-Reply-To: <1256249882.31890.82.camel@psmith-ubeta.netezza.com> References: <1256160366.2856.685.camel@homebase> <4AE04C5C.1050903@thekelleys.org.uk> <1256249882.31890.82.camel@psmith-ubeta.netezza.com> Message-ID: <845c0f80910230834i4d91e737r7bdf3399d88a8e17@mail.gmail.com> On Thu, Oct 22, 2009 at 5:18 PM, Paul Smith wrote: > So, suppose I wanted to provide some location information in the DHCP > response packet: something like rack number + chassis number + slot > number etc. ?Say a sequence of N integers. ?I checked the DHCP RFCs and > didn't find a DHCP option that seemed appropriate. ?I'd prefer to do > this in the most standards-compliant way possible: anyone have a > suggestion for a good option to use? > >> There's no way to change this information completely dynamically. You >> can however put all the dhcp-host information into a file and point at >> that file with --dhcp-hostsfile, similarly with options and >> dhcp-optsfile. Unlike a general configuration, these files _are_ >> re-read when dnsmasq gets SIGHUP. > > I guess I need to set up a cronjob or something to do this. ?I can > imagine, though, that the latency between when you put a new board in, > and when the information is available to dnsmasq to respond properly to > DHCP requests from that board, could become a source of frustration. > I'll just have to code the board to continue to do DHCP requests until > it gets back a response containing the location information I need, or > something. > > > Thanks for your help! I have an idea that may help with part of this problem. Ived used this idea successfully with many other projects so theres no reason why this wont work for you. Keep in mind that this is designed to replace the cron job idea of regular updates. This idea triggers updates only when needed. I originally found this while looking for a way to tell a mail filter server about new email addresses changes as they occured and not whenever a cron job got around to running. Run a looping script that creates a named pipe, such that if the pipe ever dies the script doesnt exit but instead creates the pipe again (yes its an infinite loop, be careful). Run a second script that watches that named pipe for input. The pipe-watcher script will trigger a third script. This third script will then update a dnsmasq configuration file, and send dnsmasq a SIGHUP or whatever other signal it needs to send. The three script model here is a little cumbersome, but very modular and its able to be used in an amazing variety of ways. Let me know if you are interested in pursuing something like this, and I can point you in the right direction to make it happen. As to your other question about making dnsmasq happy and following the standards as closely as possible, keep reading, Im sure Simon or someone else on this list who is much better at the dhcp protocol level can help you come up with something that sense. From toobyddum at gmail.com Sun Oct 25 03:17:03 2009 From: toobyddum at gmail.com (toobyddum at gmail.com) Date: Sun, 25 Oct 2009 11:17:03 +0800 Subject: [Dnsmasq-discuss] BUG: unable to handle kernel paging request at 0040b4e0 Message-ID: <41416c740910242017m38a1c673p1fbfe55cf580dd80@mail.gmail.com> hello, everyone~~~ I got a kernel panic after dnsmasq has running about 1 days, dnsmasq version is 2.4.9, kernel is: 2.6.26.8 Any reply or suggestion is great appreciated. :) dmesg details as follows: BUG: unable to handle kernel paging request at 0040b4e0 IP: [] d_instantiate+0xf/0x2b *pde = 00000000 Oops: 0002 [#1] Modules linked in: sch_ingress act_mirred cls_u32 sch_sfq sch_htb pcspkr ppp_mppe ipt_TTL xt_hashlimit nf_nat_pptp nf_nat_proto_gre nf_conntrack_pptp nf_conntrack_proto_gre ipt_REDIRECT ipt_set xt_mark xt_TCPMSS ip_set_iphash ip_set xt_conntrack ipt_ACCOUNT iptable_raw arpt_mangle 8250_pnp 8250_pci 8250 serial_core nf_nat_ftp pppoe pppox nf_conntrack_ftp nf_conntrack_netlink ppp_generic slhc xt_owner xt_TEE xt_condition compat_xtables ipt_NETMAP arptable_filter arp_tables ipt_MASQUERADE ipt_ULOG ipt_recent xt_multiport ipt_REJECT xt_DSCP xt_time xt_layer7 xt_iprange ipt_ipp2p iptable_mangle iptable_filter iptable_nat nf_nat nf_conntrack_ipv4 ip_tables xt_connlimit xt_helper xt_string xt_MARK xt_comment xt_state nf_conntrack xt_limit xt_mac xt_tcpudp x_tables nfnetlink ifb via_rhine e100 fbcon font bitblit softcursor vga16fb fb cfbcopyarea vgastate cfbimgblt cfbfillrect tcp_bic Pid: 17755, comm: dnsmasq Not tainted (2.6.26.8-i386 #182) EIP: 0060:[] EFLAGS: 00010286 CPU: 0 EIP is at d_instantiate+0xf/0x2b EAX: 0040b4dc EBX: df010898 ECX: df009344 EDX: df0108d4 ESI: df009320 EDI: df010898 EBP: de1a0000 ESP: de1a1f48 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 Process dnsmasq (pid: 17755, ti=de1a0000 task=de7694a0 task.ti=de1a0000) Stack: de0f61a0 c046fade 00000000 00000000 c05a6c16 0000001b 0000001b df009320 c046fb45 de0f61a0 00000000 f04b2fdc 0806d410 c0470534 df009320 00000000 c0470cac 00000002 00000002 00000000 00000002 00000002 00000000 00000000 Call Trace: [] sock_attach_fd+0x4f/0x95 [] sock_map_fd+0x21/0x4a [] sys_socket+0x27/0x3a [] sys_socketcall+0x51/0x181 [] sysenter_past_esp+0x6a/0x91 ======================= Code: c3 56 89 d6 53 e8 fd fc ff ff 85 c0 89 c3 74 07 89 f0 e8 b8 07 00 00 89 d8 5b 5e c3 85 d2 89 d1 53 89 c3 74 15 8d 50 3c 8b 41 18 <89> 50 04 89 43 3c 8d 41 18 89 43 40 89 51 18 89 4b 08 89 d8 89 EIP: [] d_instantiate+0xf/0x2b SS:ESP 0068:de1a1f48 Clocksource tsc unstable (delta = 18747400082 ns) ---[ end trace 4d6c85ead67accb1 ]--- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091025/201c3596/attachment.htm From richardvoigt at gmail.com Sun Oct 25 04:46:07 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Sat, 24 Oct 2009 23:46:07 -0500 Subject: [Dnsmasq-discuss] BUG: unable to handle kernel paging request at 0040b4e0 In-Reply-To: <41416c740910242017m38a1c673p1fbfe55cf580dd80@mail.gmail.com> References: <41416c740910242017m38a1c673p1fbfe55cf580dd80@mail.gmail.com> Message-ID: <2e59e6970910242146h37520ed9jeafd10546c66b9ff@mail.gmail.com> On Sat, Oct 24, 2009 at 10:17 PM, wrote: > hello, everyone~~~ > > I got a kernel panic after dnsmasq has running about 1 days, dnsmasq version > is 2.4.9, kernel is: 2.6.26.8 Most likely a hardware problem, possibly a kernel bug. It's not possible for an application such as dnsmasq, with no kernel components, to create a kernel panic. > > Any reply or suggestion is great appreciated. :) > > dmesg details as follows: > > BUG: unable to handle kernel paging request at 0040b4e0 > IP: [] d_instantiate+0xf/0x2b > *pde = 00000000 > Oops: 0002 [#1] > Modules linked in: sch_ingress act_mirred cls_u32 sch_sfq sch_htb pcspkr > ppp_mppe ipt_TTL xt_hashlimit nf_nat_pptp nf_nat_proto_gre nf_conntrack_pptp > nf_conntrack_proto_gre ipt_REDIRECT ipt_set xt_mark xt_TCPMSS ip_set_iphash > ip_set xt_conntrack ipt_ACCOUNT iptable_raw arpt_mangle 8250_pnp 8250_pci > 8250 serial_core nf_nat_ftp pppoe pppox nf_conntrack_ftp > nf_conntrack_netlink ppp_generic slhc xt_owner xt_TEE xt_condition > compat_xtables ipt_NETMAP arptable_filter arp_tables ipt_MASQUERADE ipt_ULOG > ipt_recent xt_multiport ipt_REJECT xt_DSCP xt_time xt_layer7 xt_iprange > ipt_ipp2p iptable_mangle iptable_filter iptable_nat nf_nat nf_conntrack_ipv4 > ip_tables xt_connlimit xt_helper xt_string xt_MARK xt_comment xt_state > nf_conntrack xt_limit xt_mac xt_tcpudp x_tables nfnetlink ifb via_rhine e100 > fbcon font bitblit softcursor vga16fb fb cfbcopyarea vgastate cfbimgblt > cfbfillrect tcp_bic > > Pid: 17755, comm: dnsmasq Not tainted (2.6.26.8-i386 #182) > EIP: 0060:[] EFLAGS: 00010286 CPU: 0 > EIP is at d_instantiate+0xf/0x2b > EAX: 0040b4dc EBX: df010898 ECX: df009344 EDX: df0108d4 > ESI: df009320 EDI: df010898 EBP: de1a0000 ESP: de1a1f48 > ?DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 > Process dnsmasq (pid: 17755, ti=de1a0000 task=de7694a0 task.ti=de1a0000) > Stack: de0f61a0 c046fade 00000000 00000000 c05a6c16 0000001b 0000001b > df009320 > ?????? c046fb45 de0f61a0 00000000 f04b2fdc 0806d410 c0470534 df009320 > 00000000 > ?????? c0470cac 00000002 00000002 00000000 00000002 00000002 00000000 > 00000000 > Call Trace: > ?[] sock_attach_fd+0x4f/0x95 > ?[] sock_map_fd+0x21/0x4a > ?[] sys_socket+0x27/0x3a > ?[] sys_socketcall+0x51/0x181 > ?[] sysenter_past_esp+0x6a/0x91 > ?======================= > Code: c3 56 89 d6 53 e8 fd fc ff ff 85 c0 89 c3 74 07 89 f0 e8 b8 07 00 00 > 89 d8 5b 5e c3 85 d2 89 d1 53 89 c3 74 15 8d 50 3c 8b 41 18 <89> 50 04 89 43 > 3c 8d 41 18 89 43 40 89 51 18 89 4b 08 89 d8 89 > EIP: [] d_instantiate+0xf/0x2b SS:ESP 0068:de1a1f48 > Clocksource tsc unstable (delta = 18747400082 ns) > ---[ end trace 4d6c85ead67accb1 ]--- > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > From knud.skrald at guldberg.info Tue Oct 27 13:14:26 2009 From: knud.skrald at guldberg.info (knud.skrald at guldberg.info) Date: Tue, 27 Oct 2009 14:14:26 +0100 Subject: [Dnsmasq-discuss] Logrotate again Message-ID: <20091027141426.21013w6nwunjcqwi@webmail-srv2.servage.net> Hi I am new to this list... As says...I have a problem getting logrotate to work with the log file from dnsmasq. I have searched the earlierer postings Problem: When the logfile (dnsmasq) is rotated, dnsmasq log file is renamed to dnsmasq-date-xxx as usual logfiles. A new dnsmasq log file is created with size of zero bytes but it keeps to be of size zero and dnsmasq-date-xxx is kepp growing in size eg. dnsamsq is keep writing to this file instead of the newly created file. Sending "kill -s SIGUSR2 `cat /var/run/dnsmasq.pid`" from a command prompt makes dnsmasq to write to the "normal log file "dnsmasq" to setup: fedora 11 dnsmasq 2.46 from the fedora 11 packaged snip from logrotate.conf >>>>>>>>>>>>>>> /var/log/dnsmasq { missingok daily rotate 3 size 100k create 0640 nobody root postrotate kill -s USR2 `cat /var/run/dnsmasq.pid` endscript } Knud From richardvoigt at gmail.com Tue Oct 27 15:03:45 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Tue, 27 Oct 2009 10:03:45 -0500 Subject: [Dnsmasq-discuss] Logrotate again In-Reply-To: <20091027141426.21013w6nwunjcqwi@webmail-srv2.servage.net> References: <20091027141426.21013w6nwunjcqwi@webmail-srv2.servage.net> Message-ID: <2e59e6970910270803u5a860ee1ke91705807cc3d730@mail.gmail.com> On Tue, Oct 27, 2009 at 8:14 AM, wrote: > Hi > > I am new to this list... > > As says...I have a problem getting logrotate to work > with the log file from dnsmasq. > I have searched the earlierer postings > > Problem: > When the logfile (dnsmasq) is rotated, dnsmasq log file is renamed to > dnsmasq-date-xxx as usual logfiles. > A new dnsmasq log file is created with size of zero bytes but it keeps > to be of size zero and dnsmasq-date-xxx is kepp growing in size eg. > dnsamsq is keep writing to this file instead of the newly created file. > > Sending "kill -s SIGUSR2 `cat /var/run/dnsmasq.pid`" from a command > prompt makes dnsmasq to write to the "normal log file "dnsmasq" Command prompt of what user? Does it work as the logrotate user? > > to setup: > fedora 11 > dnsmasq 2.46 from the fedora 11 packaged > > snip from logrotate.conf >>>>>>>>>>>>>>>> > /var/log/dnsmasq { > ? ? missingok > ? ? daily > ? ? rotate 3 > ? ? size 100k > ? ? create 0640 nobody root > ? ? postrotate > ? ? ? ?kill -s USR2 `cat /var/run/dnsmasq.pid` I'd try the usual suspects, such as writing to syslog from the postrotate step to make sure it's being executed and the pid is as expected (the file might not be readable, etc). > ? ? endscript > } > > Knud > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From tom at punkave.com Tue Oct 27 16:46:42 2009 From: tom at punkave.com (Tom Boutell) Date: Tue, 27 Oct 2009 12:46:42 -0400 Subject: [Dnsmasq-discuss] Using dnsmasq to test coworkers' dev web sites within the office Message-ID: We're web developers. Each of us runs Apache on our individual computer in order to do web development. Later we sync to staging and production servers as needed. For some time I've wanted to set things up so that we can check out each other's live development sites within the office and when on the VPN. Also I'd like to make it easy to access a dev site from a virtual machine (eg Windows running IE6 in VMware...) without tweaking the host file on the virtual machine to know where to find the site. I recently set this up with dnsmasq. dnsmasq runs on our Intranet server as our DHCP and DNS server. Anything in the tom.punk domain resolves to my IP, so if you visit anyclientsite.tom.punk from within the office you always reach my machine. This is working, and that's great. But I'm wondering if it's possible to do it more elegantly, using names rather than IPs in more situations. Perhaps we could even use the DHCP client ID (although that could lead to problems when a guest in the office innocently used a conflicting ID, or when both the wireless and wired interfaces of the same computer connect and are supposed to get the same IP - who wins?). We also use pptpd, which allows us to do the same trick when some or all of us are connected via our VPN. (Yes I know about the security concerns of PPTP, however if you use a truly random password it doesn't seem to be practical to crack it. It's definitely not safe to use more typical passwords with PPTP.) This is what it looks like in dnsmasq.conf: # These IPs must also appear in /etc/ppp/chap-secrets # and below as dhcp-host entries with MAC addresses # I replaced the actual fixed IP for me for privacy reasons, but this is a fixed IP address=/tom.punk/x.x.x.y dhcp-host=my.mac.address,x.x.x.y This is two places the IP must appear. Is there a way to improve on that? Can we ditch the MAC address in favor of a DHCP client ID somehow? Also, in ppp/chap-secrets: tom * obnoxious-password-here x.x.x.y Perhaps I could get away with tom.punk rather than x.x.x.y here? Will pppd resolve it? If no one sees an obvious way to improve on this scheme, I'll probably write a script to build these configuration files from a single configuration file of names, mac addresses, passwords and fixed IPs (or perhaps determine the fixed IPs on the fly). It's working great, I'm just looking to make sure I'm not making it difficult for myself. Thanks! -- Tom Boutell P'unk Avenue 215 755 1330 punkave.com window.punkave.com From knud.skrald at guldberg.info Tue Oct 27 17:41:30 2009 From: knud.skrald at guldberg.info (knud.skrald at guldberg.info) Date: Tue, 27 Oct 2009 18:41:30 +0100 Subject: [Dnsmasq-discuss] Logrotate again In-Reply-To: <2e59e6970910270803u5a860ee1ke91705807cc3d730@mail.gmail.com> References: <20091027141426.21013w6nwunjcqwi@webmail-srv2.servage.net> <2e59e6970910270803u5a860ee1ke91705807cc3d730@mail.gmail.com> Message-ID: <4AE730CA.3020802@guldberg.info> richardvoigt at gmail.com wrote: > On Tue, Oct 27, 2009 at 8:14 AM, wrote: >> Hi >> >> I am new to this list... >> >> As says...I have a problem getting logrotate to work >> with the log file from dnsmasq. >> I have searched the earlierer postings >> >> Problem: >> When the logfile (dnsmasq) is rotated, dnsmasq log file is renamed to >> dnsmasq-date-xxx as usual logfiles. >> A new dnsmasq log file is created with size of zero bytes but it keeps >> to be of size zero and dnsmasq-date-xxx is kepp growing in size eg. >> dnsamsq is keep writing to this file instead of the newly created file. >> >> Sending "kill -s SIGUSR2 `cat /var/run/dnsmasq.pid`" from a command >> prompt makes dnsmasq to write to the "normal log file "dnsmasq" > > Command prompt of what user? Does it work as the logrotate user? root I have tried and another user ...non of the logrotate aktivities are then allowed I dont know which user the logrotate run under .. > >> to setup: >> fedora 11 >> dnsmasq 2.46 from the fedora 11 packaged >> >> snip from logrotate.conf >> /var/log/dnsmasq { >> missingok >> daily >> rotate 3 >> size 100k >> create 0640 nobody root >> postrotate >> kill -s USR2 `cat /var/run/dnsmasq.pid` > > I'd try the usual suspects, such as writing to syslog from the > postrotate step to make sure it's being executed and the pid is as > expected (the file might not be readable, etc). Hmmm....just tested from root user(again)...now it works as expected By setting the size to something small...and deleting the log file from today logrotate -f /etc/logrotate.conf I will wait and see this night what happend Knud From tim at theallinghams.com Tue Oct 27 23:51:00 2009 From: tim at theallinghams.com (Tim Allingham) Date: Wed, 28 Oct 2009 10:51:00 +1100 Subject: [Dnsmasq-discuss] Logrotate again In-Reply-To: <4AE730CA.3020802@guldberg.info> References: <20091027141426.21013w6nwunjcqwi@webmail-srv2.servage.net> <2e59e6970910270803u5a860ee1ke91705807cc3d730@mail.gmail.com> <4AE730CA.3020802@guldberg.info> Message-ID: <1256687460.3733.7.camel@tim-laptop.hampton.247ads.com.au> Have you tried restarting the service after the logrotate? It sounds like the file handle is being kept open by dnsmasq, rather then opened and closed per write. Restarting the service should kick it back onto writing into the new file, as the handle will be re-initiated. You can configure this as a post-rotate action in your logrotate conf. Cheers Tim -----Original Message----- From: knud.skrald at guldberg.info To: dnsmasq-discuss at lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Logrotate again Date: Tue, 27 Oct 2009 18:41:30 +0100 richardvoigt at gmail.com wrote: > On Tue, Oct 27, 2009 at 8:14 AM, wrote: >> Hi >> >> I am new to this list... >> >> As says...I have a problem getting logrotate to work >> with the log file from dnsmasq. >> I have searched the earlierer postings >> >> Problem: >> When the logfile (dnsmasq) is rotated, dnsmasq log file is renamed to >> dnsmasq-date-xxx as usual logfiles. >> A new dnsmasq log file is created with size of zero bytes but it keeps >> to be of size zero and dnsmasq-date-xxx is kepp growing in size eg. >> dnsamsq is keep writing to this file instead of the newly created file. >> >> Sending "kill -s SIGUSR2 `cat /var/run/dnsmasq.pid`" from a command >> prompt makes dnsmasq to write to the "normal log file "dnsmasq" > > Command prompt of what user? Does it work as the logrotate user? root I have tried and another user ...non of the logrotate aktivities are then allowed I dont know which user the logrotate run under .. > >> to setup: >> fedora 11 >> dnsmasq 2.46 from the fedora 11 packaged >> >> snip from logrotate.conf >> /var/log/dnsmasq { >> missingok >> daily >> rotate 3 >> size 100k >> create 0640 nobody root >> postrotate >> kill -s USR2 `cat /var/run/dnsmasq.pid` > > I'd try the usual suspects, such as writing to syslog from the > postrotate step to make sure it's being executed and the pid is as > expected (the file might not be readable, etc). Hmmm....just tested from root user(again)...now it works as expected By setting the size to something small...and deleting the log file from today logrotate -f /etc/logrotate.conf I will wait and see this night what happend Knud _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss at lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091028/6ba4371f/attachment.htm From knud.skrald at guldberg.info Wed Oct 28 06:51:16 2009 From: knud.skrald at guldberg.info (knud.skrald at guldberg.info) Date: Wed, 28 Oct 2009 07:51:16 +0100 Subject: [Dnsmasq-discuss] Logrotate again In-Reply-To: <1256687460.3733.7.camel@tim-laptop.hampton.247ads.com.au> References: <20091027141426.21013w6nwunjcqwi@webmail-srv2.servage.net> <2e59e6970910270803u5a860ee1ke91705807cc3d730@mail.gmail.com> <4AE730CA.3020802@guldberg.info> <1256687460.3733.7.camel@tim-laptop.hampton.247ads.com.au> Message-ID: <20091028075116.14923vhsvho0yk10@webmail-srv2.servage.net> Strange... this night it made the log rotation just as expected ! I have not changed anything...! I will keep it under observation... Suggestion: Could SIG's be written to the logfile ? It would be nice in a case like this to see if the SIG is received by DNSMASQ Knud Citat af Tim Allingham : > Have you tried restarting the service after the logrotate? Yes then DNSMASQ use the new file instead the old handle > > It sounds like the file handle is being kept open by dnsmasq, rather > then opened and closed per write. > Yes my conclussion was the same > > Restarting the service should kick it back onto writing into the new > file, as the handle will be re-initiated. You can configure this as a > post-rotate action in your logrotate conf. Yes but so far I understand sigusr2 should actually close and reopen the log file > > Cheers > > Tim > > -----Original Message----- > From: knud.skrald at guldberg.info > To: dnsmasq-discuss at lists.thekelleys.org.uk > Subject: Re: [Dnsmasq-discuss] Logrotate again > Date: Tue, 27 Oct 2009 18:41:30 +0100 > > > richardvoigt at gmail.com wrote: >> On Tue, Oct 27, 2009 at 8:14 AM, wrote: >>> Hi >>> >>> I am new to this list... >>> >>> As says...I have a problem getting logrotate to work >>> with the log file from dnsmasq. >>> I have searched the earlierer postings >>> >>> Problem: >>> When the logfile (dnsmasq) is rotated, dnsmasq log file is renamed to >>> dnsmasq-date-xxx as usual logfiles. >>> A new dnsmasq log file is created with size of zero bytes but it keeps >>> to be of size zero and dnsmasq-date-xxx is kepp growing in size eg. >>> dnsamsq is keep writing to this file instead of the newly created file. >>> >>> Sending "kill -s SIGUSR2 `cat /var/run/dnsmasq.pid`" from a command >>> prompt makes dnsmasq to write to the "normal log file "dnsmasq" >> >> Command prompt of what user? Does it work as the logrotate user? > > root > I have tried and another user ...non of the logrotate aktivities are > then allowed > I dont know which user the logrotate run under .. > >> >>> to setup: >>> fedora 11 >>> dnsmasq 2.46 from the fedora 11 packaged >>> >>> snip from logrotate.conf >>> /var/log/dnsmasq { >>> missingok >>> daily >>> rotate 3 >>> size 100k >>> create 0640 nobody root >>> postrotate >>> kill -s USR2 `cat /var/run/dnsmasq.pid` >> >> I'd try the usual suspects, such as writing to syslog from the >> postrotate step to make sure it's being executed and the pid is as >> expected (the file might not be readable, etc). > > Hmmm....just tested from root user(again)...now it works as expected > By setting the size to something small...and deleting the log file from > today > > logrotate -f /etc/logrotate.conf > > I will wait and see this night what happend > > > > Knud > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From knud.skrald at guldberg.info Thu Oct 29 12:17:50 2009 From: knud.skrald at guldberg.info (knud.skrald at guldberg.info) Date: Thu, 29 Oct 2009 13:17:50 +0100 Subject: [Dnsmasq-discuss] Logrotate again In-Reply-To: <20091028075116.14923vhsvho0yk10@webmail-srv2.servage.net> References: <20091027141426.21013w6nwunjcqwi@webmail-srv2.servage.net> <2e59e6970910270803u5a860ee1ke91705807cc3d730@mail.gmail.com> <4AE730CA.3020802@guldberg.info> <1256687460.3733.7.camel@tim-laptop.hampton.247ads.com.au> <20091028075116.14923vhsvho0yk10@webmail-srv2.servage.net> Message-ID: <20091029131750.16026u37kdtg2nla@webmail-srv2.servage.net> Still working correct... Strange ! Knud > Strange... this night it made the log rotation just as expected ! > I have not changed anything...! > I will keep it under observation... > > Suggestion: > Could SIG's be written to the logfile ? > It would be nice in a case like this to see if the SIG is received by DNSMASQ > > Knud > > > Citat af Tim Allingham : > >> Have you tried restarting the service after the logrotate? > > Yes then DNSMASQ use the new file instead the old handle > >> >> It sounds like the file handle is being kept open by dnsmasq, rather >> then opened and closed per write. >> > Yes my conclussion was the same > >> >> Restarting the service should kick it back onto writing into the new >> file, as the handle will be re-initiated. You can configure this as a >> post-rotate action in your logrotate conf. > > Yes but so far I understand sigusr2 should actually close and reopen > the log file > >> >> Cheers >> >> Tim >> >> -----Original Message----- >> From: knud.skrald at guldberg.info >> To: dnsmasq-discuss at lists.thekelleys.org.uk >> Subject: Re: [Dnsmasq-discuss] Logrotate again >> Date: Tue, 27 Oct 2009 18:41:30 +0100 >> >> >> richardvoigt at gmail.com wrote: >>> On Tue, Oct 27, 2009 at 8:14 AM, wrote: >>>> Hi >>>> >>>> I am new to this list... >>>> >>>> As says...I have a problem getting logrotate to work >>>> with the log file from dnsmasq. >>>> I have searched the earlierer postings >>>> >>>> Problem: >>>> When the logfile (dnsmasq) is rotated, dnsmasq log file is renamed to >>>> dnsmasq-date-xxx as usual logfiles. >>>> A new dnsmasq log file is created with size of zero bytes but it keeps >>>> to be of size zero and dnsmasq-date-xxx is kepp growing in size eg. >>>> dnsamsq is keep writing to this file instead of the newly created file. >>>> >>>> Sending "kill -s SIGUSR2 `cat /var/run/dnsmasq.pid`" from a command >>>> prompt makes dnsmasq to write to the "normal log file "dnsmasq" >>> >>> Command prompt of what user? Does it work as the logrotate user? >> >> root >> I have tried and another user ...non of the logrotate aktivities are >> then allowed >> I dont know which user the logrotate run under .. >> >>> >>>> to setup: >>>> fedora 11 >>>> dnsmasq 2.46 from the fedora 11 packaged >>>> >>>> snip from logrotate.conf >>>> /var/log/dnsmasq { >>>> missingok >>>> daily >>>> rotate 3 >>>> size 100k >>>> create 0640 nobody root >>>> postrotate >>>> kill -s USR2 `cat /var/run/dnsmasq.pid` >>> >>> I'd try the usual suspects, such as writing to syslog from the >>> postrotate step to make sure it's being executed and the pid is as >>> expected (the file might not be readable, etc). >> >> Hmmm....just tested from root user(again)...now it works as expected >> By setting the size to something small...and deleting the log file from >> today >> >> logrotate -f /etc/logrotate.conf >> >> I will wait and see this night what happend >> >> >> >> Knud >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss at lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > > > From tim at theallinghams.com Fri Oct 30 00:09:07 2009 From: tim at theallinghams.com (Tim Allingham) Date: Fri, 30 Oct 2009 11:09:07 +1100 Subject: [Dnsmasq-discuss] Logrotate again In-Reply-To: <20091029131750.16026u37kdtg2nla@webmail-srv2.servage.net> References: <20091027141426.21013w6nwunjcqwi@webmail-srv2.servage.net> <2e59e6970910270803u5a860ee1ke91705807cc3d730@mail.gmail.com> <4AE730CA.3020802@guldberg.info> <1256687460.3733.7.camel@tim-laptop.hampton.247ads.com.au> <20091028075116.14923vhsvho0yk10@webmail-srv2.servage.net> <20091029131750.16026u37kdtg2nla@webmail-srv2.servage.net> Message-ID: <1256861347.3700.2.camel@tim-laptop.hampton.247ads.com.au> I have had this occur intermittently in the past with Apache, solution was to restart apache on the postrotate, I'd still suggest doing this to avoid future occurences Cheers Tim -----Original Message----- From: knud.skrald at guldberg.info Cc: DNS-DISCUSS Subject: Re: [Dnsmasq-discuss] Logrotate again Date: Thu, 29 Oct 2009 13:17:50 +0100 Still working correct... Strange ! Knud > Strange... this night it made the log rotation just as expected ! > I have not changed anything...! > I will keep it under observation... > > Suggestion: > Could SIG's be written to the logfile ? > It would be nice in a case like this to see if the SIG is received by DNSMASQ > > Knud > > > Citat af Tim Allingham : > >> Have you tried restarting the service after the logrotate? > > Yes then DNSMASQ use the new file instead the old handle > >> >> It sounds like the file handle is being kept open by dnsmasq, rather >> then opened and closed per write. >> > Yes my conclussion was the same > >> >> Restarting the service should kick it back onto writing into the new >> file, as the handle will be re-initiated. You can configure this as a >> post-rotate action in your logrotate conf. > > Yes but so far I understand sigusr2 should actually close and reopen > the log file > >> >> Cheers >> >> Tim >> >> -----Original Message----- >> From: knud.skrald at guldberg.info >> To: dnsmasq-discuss at lists.thekelleys.org.uk >> Subject: Re: [Dnsmasq-discuss] Logrotate again >> Date: Tue, 27 Oct 2009 18:41:30 +0100 >> >> >> richardvoigt at gmail.com wrote: >>> On Tue, Oct 27, 2009 at 8:14 AM, wrote: >>>> Hi >>>> >>>> I am new to this list... >>>> >>>> As says...I have a problem getting logrotate to work >>>> with the log file from dnsmasq. >>>> I have searched the earlierer postings >>>> >>>> Problem: >>>> When the logfile (dnsmasq) is rotated, dnsmasq log file is renamed to >>>> dnsmasq-date-xxx as usual logfiles. >>>> A new dnsmasq log file is created with size of zero bytes but it keeps >>>> to be of size zero and dnsmasq-date-xxx is kepp growing in size eg. >>>> dnsamsq is keep writing to this file instead of the newly created file. >>>> >>>> Sending "kill -s SIGUSR2 `cat /var/run/dnsmasq.pid`" from a command >>>> prompt makes dnsmasq to write to the "normal log file "dnsmasq" >>> >>> Command prompt of what user? Does it work as the logrotate user? >> >> root >> I have tried and another user ...non of the logrotate aktivities are >> then allowed >> I dont know which user the logrotate run under .. >> >>> >>>> to setup: >>>> fedora 11 >>>> dnsmasq 2.46 from the fedora 11 packaged >>>> >>>> snip from logrotate.conf >>>> /var/log/dnsmasq { >>>> missingok >>>> daily >>>> rotate 3 >>>> size 100k >>>> create 0640 nobody root >>>> postrotate >>>> kill -s USR2 `cat /var/run/dnsmasq.pid` >>> >>> I'd try the usual suspects, such as writing to syslog from the >>> postrotate step to make sure it's being executed and the pid is as >>> expected (the file might not be readable, etc). >> >> Hmmm....just tested from root user(again)...now it works as expected >> By setting the size to something small...and deleting the log file from >> today >> >> logrotate -f /etc/logrotate.conf >> >> I will wait and see this night what happend >> >> >> >> Knud >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss at lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > > > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss at lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091030/2579bebe/attachment.htm From hs.samix at gmail.com Fri Oct 30 01:02:03 2009 From: hs.samix at gmail.com (H. S.) Date: Thu, 29 Oct 2009 21:02:03 -0400 Subject: [Dnsmasq-discuss] dnsmasq problem: nokia cell phone does not accept dhcp offer Message-ID: Hello, I am trying to connect a nokia cell phone to my home wifi network. The same phone has reportedly worked properly on another home wifi network which has a Belkin wireless router. The phone is set to acquire an IP address automatically, i.e. via dhcp. BTW, my home wifi network is provided by a wireless card in a machine running Debian Testing and 2.6.26-2-686 kernel. The cars is D-Link DWL-G520 working in ap mode and has WPA encryption enabled. The wireless is network provided by hostapd using madwifi driver. Windows and Mac machines work properly with this wifi network (at least no big problems noted, certainly not in Windows clients). When I try to get the Nokia phone to connect to the wifi network, I get these lines in my dnsmasq log (to see lines without wrapping, here is the pastebin link for convenience - http://pastebin.com/m466c8fd2): ----------------------------------------------------------- Oct 27 13:25:21 red hostapd: ath0: STA 11:22:33:44:55:66 IEEE 802.11: disassociated Oct 27 13:25:21 red hostapd: ath0: STA 11:22:33:44:55:66 IEEE 802.11: associated Oct 27 13:25:21 red hostapd: ath0: STA 11:22:33:44:55:66 RADIUS: starting accounting session 4AE664FA-00000036 Oct 27 13:25:21 red hostapd: ath0: STA 11:22:33:44:55:66 WPA: pairwise key handshake completed (WPA) Oct 27 13:25:21 red hostapd: ath0: STA 11:22:33:44:55:66 WPA: group key handshake completed (WPA) Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 Available DHCP range: 192.168.5.150 -- 192.168.5.199 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 DHCPDISCOVER(ath0) 0.0.0.0 11:22:33:44:55:66 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 DHCPOFFER(ath0) 192.168.5.21 11:22:33:44:55:66 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 requested options: 12:hostname, 6:dns-server, 15:domain-name, Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 requested options: 1:netmask, 3:router, 28:broadcast, 120:sip-server Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 tags: known, ath0 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 next server: 192.168.5.1 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 sent size: 1 option: 53:message-type 02 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 sent size: 4 option: 54:server-identifier 192.168.5.1 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 sent size: 4 option: 51:lease-time 00:00:46:50 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 sent size: 4 option: 58:T1 00:00:23:28 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 sent size: 4 option: 59:T2 00:00:3d:86 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 sent size: 4 option: 1:netmask 255.255.255.0 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 sent size: 4 option: 28:broadcast 192.168.5.255 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 sent size: 4 option: 3:router 192.168.5.1 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 sent size: 4 option: 6:dns-server 192.168.5.1 Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 sent size: 8 option: 15:domain-name home.pvt Oct 27 13:25:21 red dnsmasq-dhcp[11451]: 3875439214 sent size: 3 option: 12:hostname NokiaCellPhone --------------------------------------------------------------- Anybody know the problem might be? If I switch off dnsmasq dhcp queries logging, i.e. if I decrease the verbosity of the log, all I see are two lines of DHCPDISCOVER(ath0) and DHCPOFFER(ath0) repeatedly in the log with no acceptance by the cell phone. It appears as though the phone is not accepting the dhcp offer. However, if I give the phone a static IP address in its configuration, it works properly on the wifi network. So it appears as though the problem is dhcp related. Hints? Suggestions? Installed stuff: $> dpkg -l *dnsmasq* hostap* | grep ^i ii dnsmasq 2.50-1 A small caching DNS proxy and DHCP/TFTP server ii dnsmasq-base 2.50-1 A small caching DNS proxy and DHCP/TFTP server ii hostapd 1:0.6.9-3 user space IEEE 802.11 AP and IEEE 802.1X/WPA/ Thanks. From knud.skrald at guldberg.info Fri Oct 30 06:58:58 2009 From: knud.skrald at guldberg.info (knud.skrald at guldberg.info) Date: Fri, 30 Oct 2009 07:58:58 +0100 Subject: [Dnsmasq-discuss] Logrotate again In-Reply-To: <1256861347.3700.2.camel@tim-laptop.hampton.247ads.com.au> References: <20091027141426.21013w6nwunjcqwi@webmail-srv2.servage.net> <2e59e6970910270803u5a860ee1ke91705807cc3d730@mail.gmail.com> <4AE730CA.3020802@guldberg.info> <1256687460.3733.7.camel@tim-laptop.hampton.247ads.com.au> <20091028075116.14923vhsvho0yk10@webmail-srv2.servage.net> <20091029131750.16026u37kdtg2nla@webmail-srv2.servage.net> <1256861347.3700.2.camel@tim-laptop.hampton.247ads.com.au> Message-ID: <20091030075858.167150jp40rj069e@webmail-srv2.servage.net> Just for the book... Still working.... Knud Citat af Tim Allingham : > I have had this occur intermittently in the past with Apache, solution > was to restart apache on the postrotate, I'd still suggest doing this to > avoid future occurences > > > Cheers > > Tim > > -----Original Message----- > From: knud.skrald at guldberg.info > Cc: DNS-DISCUSS > Subject: Re: [Dnsmasq-discuss] Logrotate again > Date: Thu, 29 Oct 2009 13:17:50 +0100 > > > Still working correct... > > Strange ! > > Knud > > > >> Strange... this night it made the log rotation just as expected ! >> I have not changed anything...! >> I will keep it under observation... >> >> Suggestion: >> Could SIG's be written to the logfile ? >> It would be nice in a case like this to see if the SIG is received >> by DNSMASQ >> >> Knud >> >> >> Citat af Tim Allingham : >> >>> Have you tried restarting the service after the logrotate? >> >> Yes then DNSMASQ use the new file instead the old handle >> >>> >>> It sounds like the file handle is being kept open by dnsmasq, rather >>> then opened and closed per write. >>> >> Yes my conclussion was the same >> >>> >>> Restarting the service should kick it back onto writing into the new >>> file, as the handle will be re-initiated. You can configure this as a >>> post-rotate action in your logrotate conf. >> >> Yes but so far I understand sigusr2 should actually close and reopen >> the log file >> >>> >>> Cheers >>> >>> Tim >>> >>> -----Original Message----- >>> From: knud.skrald at guldberg.info >>> To: dnsmasq-discuss at lists.thekelleys.org.uk >>> Subject: Re: [Dnsmasq-discuss] Logrotate again >>> Date: Tue, 27 Oct 2009 18:41:30 +0100 >>> >>> >>> richardvoigt at gmail.com wrote: >>>> On Tue, Oct 27, 2009 at 8:14 AM, wrote: >>>>> Hi >>>>> >>>>> I am new to this list... >>>>> >>>>> As says...I have a problem getting logrotate to work >>>>> with the log file from dnsmasq. >>>>> I have searched the earlierer postings >>>>> >>>>> Problem: >>>>> When the logfile (dnsmasq) is rotated, dnsmasq log file is renamed to >>>>> dnsmasq-date-xxx as usual logfiles. >>>>> A new dnsmasq log file is created with size of zero bytes but it keeps >>>>> to be of size zero and dnsmasq-date-xxx is kepp growing in size eg. >>>>> dnsamsq is keep writing to this file instead of the newly created file. >>>>> >>>>> Sending "kill -s SIGUSR2 `cat /var/run/dnsmasq.pid`" from a command >>>>> prompt makes dnsmasq to write to the "normal log file "dnsmasq" >>>> >>>> Command prompt of what user? Does it work as the logrotate user? >>> >>> root >>> I have tried and another user ...non of the logrotate aktivities are >>> then allowed >>> I dont know which user the logrotate run under .. >>> >>>> >>>>> to setup: >>>>> fedora 11 >>>>> dnsmasq 2.46 from the fedora 11 packaged >>>>> >>>>> snip from logrotate.conf >>>>> /var/log/dnsmasq { >>>>> missingok >>>>> daily >>>>> rotate 3 >>>>> size 100k >>>>> create 0640 nobody root >>>>> postrotate >>>>> kill -s USR2 `cat /var/run/dnsmasq.pid` >>>> >>>> I'd try the usual suspects, such as writing to syslog from the >>>> postrotate step to make sure it's being executed and the pid is as >>>> expected (the file might not be readable, etc). >>> >>> Hmmm....just tested from root user(again)...now it works as expected >>> By setting the size to something small...and deleting the log file from >>> today >>> >>> logrotate -f /etc/logrotate.conf >>> >>> I will wait and see this night what happend >>> >>> >>> >>> Knud >>> >>> _______________________________________________ >>> Dnsmasq-discuss mailing list >>> Dnsmasq-discuss at lists.thekelleys.org.uk >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >>> >> >> >> > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From hs.samix at gmail.com Fri Oct 30 21:57:07 2009 From: hs.samix at gmail.com (H.S.) Date: Fri, 30 Oct 2009 17:57:07 -0400 Subject: [Dnsmasq-discuss] dhcp-option 120, sip server, how? Message-ID: Hello, How do I specify dhcp-option 120 (for sip server) in my dnsmasq conf file? I have tried: dhcp-option: dhcp-option=120,1,192.168.5.1 but after searching the web have not verified if this is the correct method (there are reports of specifying it in hex as well). Suggestions, please? Thanks. -- Please reply to this list only. I read this list on its corresponding newsgroup on gmane.org. Replies sent to my email address are just filtered to a folder in my mailbox and get periodically deleted without ever having been read. From simon at thekelleys.org.uk Sun Nov 1 21:41:44 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Sun, 01 Nov 2009 21:41:44 +0000 Subject: [Dnsmasq-discuss] dhcp-option 120, sip server, how? In-Reply-To: References: Message-ID: <4AEE0098.5060909@thekelleys.org.uk> H.S. wrote: > Hello, > > How do I specify dhcp-option 120 (for sip server) in my dnsmasq conf > file? I have tried: > dhcp-option: > dhcp-option=120,1,192.168.5.1 > > but after searching the web have not verified if this is the correct > method (there are reports of specifying it in hex as well). > > Suggestions, please? > > Thanks. Current version of dnsmasq know about the peculiar format of option 120, so you can just do: dhcp-option=120,192.168.5.1 or taking advantage of the fact that dnsmasq now knows the names of most options dhcp-option=option:sip,192.168.5.1 finally, the name version of the SIP option is supported too: dhcp-option=option:sip,sipserver.mydomain.com HTH Simon. From justin.mcateer at gmail.com Mon Nov 2 16:16:01 2009 From: justin.mcateer at gmail.com (Justin McAteer) Date: Mon, 2 Nov 2009 08:16:01 -0800 Subject: [Dnsmasq-discuss] dhcp-option 120, sip server, how? In-Reply-To: <4AEE0098.5060909@thekelleys.org.uk> References: <4AEE0098.5060909@thekelleys.org.uk> Message-ID: <39b4dffd0911020816o78a7330ftc43d94fe10fb736c@mail.gmail.com> I believe many clients also support the setting of more than one SIP server. I seem to recall testing this and having it work, but that's been a while back. Thank You, Justin McAteer On Sun, Nov 1, 2009 at 1:41 PM, Simon Kelley wrote: > H.S. wrote: >> Hello, >> >> How do I specify dhcp-option 120 (for sip server) in my dnsmasq conf >> file? I have tried: >> dhcp-option: >> dhcp-option=120,1,192.168.5.1 >> >> but after searching the web have not verified if this is the correct >> method (there are reports of specifying it in hex as well). >> >> Suggestions, please? >> >> Thanks. > > Current version of dnsmasq know about the peculiar format of option 120, > so you can just do: > > dhcp-option=120,192.168.5.1 > > or taking advantage of the fact that dnsmasq now knows the names of most > options > > dhcp-option=option:sip,192.168.5.1 > > finally, the name version of the SIP option is supported too: > > dhcp-option=option:sip,sipserver.mydomain.com > > > HTH > > Simon. > > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From cl at isbd.net Mon Nov 2 22:30:14 2009 From: cl at isbd.net (Chris G) Date: Mon, 2 Nov 2009 22:30:14 +0000 Subject: [Dnsmasq-discuss] Should I install resolvconf? Message-ID: <20091102223014.GA1538@chris> I just noticed that ubuntu says:- Suggested packages: resolvconf when I install dnsmasq. So, should I install resolvconf and will it do me any good? -- Chris Green From cl at isbd.net Mon Nov 2 23:32:18 2009 From: cl at isbd.net (Chris G) Date: Mon, 2 Nov 2009 23:32:18 +0000 Subject: [Dnsmasq-discuss] Is it normal to need to edit /etc/hosts for dnsmasq Message-ID: <20091102233217.GA6689@chris> I have just moved my dnsmasq server from my desktop machine to a much lower powered machine so I can turn my desktop off and save some electricity. The new machine is called 'server' (original eh!) and has a static address of 192.168.1.2. It had a totally unmodified installation of Ubuntu Server 9.10 before I installed dnsmasq. Thus its /etc/hosts contained:- 127.0.0.1 localhost 127.0.1.1 server server.isbd.net # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts Now this causes a problem - when asked for the address of 'server' it returns 127.0.1.1 which isn't correct as the client machine will think it itself is 'server'. I notice I fixed this before by changing the 127.0.1.1 to the actual IP address of the dnsmasq machine. Is this normally necessary? -- Chris Green From daveesq at gmail.com Tue Nov 3 13:42:08 2009 From: daveesq at gmail.com (David J. Haines) Date: Tue, 3 Nov 2009 08:42:08 -0500 Subject: [Dnsmasq-discuss] SOA Records Message-ID: Hello all, I was wondering whether there was any way for dnsmasq 2.47 to "fake" an SOA record for the local domain. I'd like to have my LAN running in the ".local" TLD, but there's a Mac OS X 10.6.1 host that's not cooperating (due to Zeroconf inappropriately taking priority). I understand that a possible solution is adding an SOA record for .local, and I'd like to give it a whirl. Any thoughts? Thanks, David From simon at thekelleys.org.uk Tue Nov 3 13:59:24 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Tue, 03 Nov 2009 13:59:24 +0000 Subject: [Dnsmasq-discuss] SOA Records In-Reply-To: References: Message-ID: <4AF0373C.4020707@thekelleys.org.uk> David J. Haines wrote: > Hello all, > > I was wondering whether there was any way for dnsmasq 2.47 to "fake" > an SOA record for the local domain. I'd like to have my LAN running > in the ".local" TLD, but there's a Mac OS X 10.6.1 host that's not > cooperating (due to Zeroconf inappropriately taking priority). I > understand that a possible solution is adding an SOA record > for .local, and I'd like to give it a whirl. Any thoughts? > There isn't, but if it could be proved useful, such a facility could be added. The problem with Apple usurping the .local TLD has come up before, and the best advice seems to be "use another TLD", BTW. Cheers, Simon. From stefano.bridi at gmail.com Tue Nov 3 15:11:03 2009 From: stefano.bridi at gmail.com (Stefano Bridi) Date: Tue, 3 Nov 2009 16:11:03 +0100 Subject: [Dnsmasq-discuss] use of "localise-queries" Message-ID: Hi all, I'm using "localise-queries" on dnsmasq to resolve the same name with multiple IP based on the interface they are coming from. When a client in the dmz(192.168.0.0/24) ask for example the IP for the hostname "test" it will receive an ip like 192.168.0.10 but I want also that a client on a vpn connection(10.15.0.0/24) that ask for the same hostname will receive the same private IP and in the meantime the clients on the lan interface (192.168.1.0/24) get the public IP of the server(21.22.23.24) "test" I have added both the IP adesses for the hostname "test" in the hosts file and, as expected, when asked from the lan or from the vpn reply alternatively the private IP and the public one. Is there a way to do that? thanks Stefano From simon at thekelleys.org.uk Tue Nov 3 20:37:27 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Tue, 03 Nov 2009 20:37:27 +0000 Subject: [Dnsmasq-discuss] use of "localise-queries" In-Reply-To: References: Message-ID: <4AF09487.4000700@thekelleys.org.uk> Stefano Bridi wrote: > Hi all, > I'm using "localise-queries" on dnsmasq to resolve the same name with > multiple IP based on the interface they are coming from. > When a client in the dmz(192.168.0.0/24) ask for example the IP for the > hostname "test" it will receive an ip like 192.168.0.10 but I want also that > a client on a vpn connection(10.15.0.0/24) that ask for the same hostname > will receive the same private IP and in the meantime the clients on the lan > interface (192.168.1.0/24) get the public IP of the server(21.22.23.24) "test" > I have added both the IP adesses for the hostname "test" in the hosts file > and, as expected, when asked from the lan or from the vpn reply alternatively > the private IP and the public one. > Is there a way to do that? > > > Localise-queries depends on matching the source of the query with possible answers, which isn't what you want. To get what you want will need different instances of dnsmasq running on each interface, using the --interface and --bind-interfaces flags. It will be messy, I'm afraid. Cheers, Simon. From kiswono at gmail.com Wed Nov 4 04:47:34 2009 From: kiswono at gmail.com (Kiswono Prayogo) Date: Wed, 4 Nov 2009 11:47:34 +0700 Subject: [Dnsmasq-discuss] dnmasq slow for local network Message-ID: <99024f5f0911032047y3b8820b4xe9847b3050010b6@mail.gmail.com> Hi, i use dnsmasq for resolving my local network address, here's my /etc/hosts file (real ip and domain name changed to fake): ## cat /etc/hosts 127.0.0.1 genesis 127.0.0.1 localhost 1.1.1.1 dns00.mysecretdomain.ac.id dns00 1.1.1.1 dns.mysecretdomain.ac.id dns 1.1.1.1 mail.mysecretdomain.ac.id proxy . . . #20 more server hosts . . . #and 15000 more advertisement-blocking hosts that redirected ti 1.1.1.1 # cat /etc/dnsmasq.conf | egrep -a -v '^[[:space:]]*#' $1 | egrep -a '[[:print:]]' cache-size=1024 bogus-nxdomain=1.1.1.1 conf-file=/etc/kyz/hosts/block conf-file=/etc/kyz/hosts/mail ## cat /etc/resolv.conf | egrep -a -v '^[[:space:]]*#' $1 | egrep -a '[[:print:]]' search mysecretdomain.ac.id nameserver 208.67.222.222 # opendns nameserver 208.67.220.220 # opendns nameserver 1.1.1.4 # dns4 nameserver 1.1.1.3 # dns3 nameserver 1.1.1.2 # dns2 all my client dns request was redirected to 1.1.1.1 ## cat /etc/network/if-up.d/custom #some iptables clearing rules . . . real1 = 1.1.1.1 reals = 1.1.1.1/28 wifis = 10.0.0.0/8 staff = 192.168.0.0/16 iptables -A PREROUTING -t nat -p TCP -s $wifis -d ! $reals --dport 53 -j DNAT --to $real1:53 iptables -A PREROUTING -t nat -p UDP -s $wifis -d ! $reals --dport 53 -j DNAT --to $real1:53 iptables -A PREROUTING -t nat -p TCP -s $staff -d ! $reals --dport 53 -j DNAT --to $real1:53 iptables -A PREROUTING -t nat -p UDP -s $staff -d ! $reals --dport 53 -j DNAT --to $real1:53 . . . #some default rules and the interface of the gateway server are: eth0 = 192.168.1.1, eth1 = 1.1.1.1 all clients dns configuration was set to 192.168.1.1. and if i open for example dns00.mysecretdomain.ac.id, it always lag for 3-25 seconds (and showing "Resolving host..." on Chromium or "Looking up dns00.mysecretdomain.ac.id...") before it show the web.. and it does not happened for non local web.. i wonder where is the lag problem source? Regards, Kiswono GB -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091104/3718f9dd/attachment.htm From richardvoigt at gmail.com Wed Nov 4 06:40:54 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Wed, 4 Nov 2009 00:40:54 -0600 Subject: [Dnsmasq-discuss] dnmasq slow for local network In-Reply-To: <99024f5f0911032047y3b8820b4xe9847b3050010b6@mail.gmail.com> References: <99024f5f0911032047y3b8820b4xe9847b3050010b6@mail.gmail.com> Message-ID: <2e59e6970911032240h51228c4q8d38476bb0b52f04@mail.gmail.com> On Tue, Nov 3, 2009 at 10:47 PM, Kiswono Prayogo wrote: > Hi, i use dnsmasq for resolving my local network address, > here's my /etc/hosts file (real ip and domain name changed to fake): > ## cat /etc/hosts > 127.0.0.1 genesis > 127.0.0.1 ? ? ? localhost > 1.1.1.1 dns00.mysecretdomain.ac.id ? ? ? ? ? dns00 > 1.1.1.1 dns.mysecretdomain.ac.id ? ? ? ? ? ? dns > 1.1.1.1 mail.mysecretdomain.ac.id ? ? ? ? ? proxy > . . . > #20 more server hosts > . . . > #and 15000 more advertisement-blocking hosts that redirected ti 1.1.1.1 > # cat /etc/dnsmasq.conf | egrep -a -v '^[[:space:]]*#' $1 | egrep -a > '[[:print:]]' > cache-size=1024 > bogus-nxdomain=1.1.1.1 > conf-file=/etc/kyz/hosts/block > conf-file=/etc/kyz/hosts/mail > ## cat /etc/resolv.conf | egrep -a -v '^[[:space:]]*#' $1 | egrep -a > '[[:print:]]' > search?mysecretdomain.ac.id > nameserver 208.67.222.222 # opendns > nameserver 208.67.220.220 # opendns > nameserver 1.1.1.4 # dns4 > nameserver 1.1.1.3 # dns3 > nameserver 1.1.1.2 # dns2 > all my client?dns request?was redirected to 1.1.1.1 > ## cat /etc/network/if-up.d/custom > #some iptables clearing rules > . . . > real1 = 1.1.1.1 > reals = 1.1.1.1/28 > wifis = 10.0.0.0/8 > staff = 192.168.0.0/16 > iptables -A PREROUTING -t nat -p TCP -s $wifis -d ! $reals --dport 53 -j > DNAT --to $real1:53 > iptables -A PREROUTING -t nat -p UDP -s $wifis -d ! $reals --dport 53 -j > DNAT --to $real1:53 > iptables -A PREROUTING -t nat -p TCP -s $staff -d ! $reals --dport 53 -j > DNAT --to $real1:53 > iptables -A PREROUTING -t nat -p UDP -s $staff -d ! $reals --dport 53 -j > DNAT --to $real1:53 > . . . > #some default rules > and the interface of the gateway server are:?eth0 = 192.168.1.1, eth1 = > 1.1.1.1 > all clients dns configuration was set to 192.168.1.1. > and if i open for example?dns00.mysecretdomain.ac.id, it always lag for 3-25 > seconds (and showing "Resolving host..." on Chromium or "Looking > up?dns00.mysecretdomain.ac.id...") before it show the web.. and it does not > happened for non local web.. > i wonder where is the lag problem source? I don't think that bogus-nxdomain applies to /etc/hosts listings, the man page only says it covers replies from upstream servers. So your browser is probably actually trying to contact 1.1.1.1 and timing out. You can verify this with "ping dns00.mysecretdomain.ac.id" and see if it fails to get an address, or tries to contact 1.1.1.1 > Regards, > Kiswono > GB > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > From gerrit at pmp.uni-hannover.de Wed Nov 4 11:35:03 2009 From: gerrit at pmp.uni-hannover.de (Gerrit =?ISO-8859-1?Q?K=FChn?=) Date: Wed, 4 Nov 2009 12:35:03 +0100 Subject: [Dnsmasq-discuss] dnsmasq forwards requests for unknown hosts in its own domain Message-ID: <20091104123503.179fc6ca.gerrit@pmp.uni-hannover.de> Hi folks, I have a bit of a problem here getting two dnsmasq instances on two different machines to talk to each other properly: I have one dnsmasq serving for my subnet (resolving DHCP and external addresses), and another one serving for an intranet of private IPs inside the subnet (sitting on a NAT-router). Now I have hosts in the subnet that can access the intranet hosts via openvpn, so it would be nice if the subnet dnsmasq could also resolve names for the intranet (most clients do not know how to use split-dns, so I need one for all). I set this up via the "server" statement: server=/intranet.my.domain/ This works insofar that requests for hostname.intranet.my.domain are forwarded to the intranet dnsmasq machine and get answered there. However, I have a severe problem if I ask for an unknown intranet host like unknown.intranet.my.domain. This gets forwarded to the intranet dnsmasq, but it does not answer something like "unknown host" but forwards the query back to the querying dnsmasq. From there on there queries go ping-pong until I stop one server. Does anyone here have a hint for me how to setup this correctly and how to prevent queries for unknown hosts being sent back from the intranet dnsmasq? cu Gerrit From simon at thekelleys.org.uk Wed Nov 4 11:41:03 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Wed, 04 Nov 2009 11:41:03 +0000 Subject: [Dnsmasq-discuss] dnsmasq forwards requests for unknown hosts in its own domain In-Reply-To: <20091104123503.179fc6ca.gerrit@pmp.uni-hannover.de> References: <20091104123503.179fc6ca.gerrit@pmp.uni-hannover.de> Message-ID: <4AF1684F.8060203@thekelleys.org.uk> Gerrit K?hn wrote: > Hi folks, > > I have a bit of a problem here getting two dnsmasq instances on two > different machines to talk to each other properly: > > I have one dnsmasq serving for my subnet (resolving DHCP and external > addresses), and another one serving for an intranet of private IPs inside > the subnet (sitting on a NAT-router). Now I have hosts in the subnet that > can access the intranet hosts via openvpn, so it would be nice if the > subnet dnsmasq could also resolve names for the intranet (most clients do > not know how to use split-dns, so I need one for all). > > I set this up via the "server" statement: > server=/intranet.my.domain/ > > This works insofar that requests for hostname.intranet.my.domain are > forwarded to the intranet dnsmasq machine and get answered there. However, > I have a severe problem if I ask for an unknown intranet host like > unknown.intranet.my.domain. This gets forwarded to the intranet dnsmasq, > but it does not answer something like "unknown host" but forwards the > query back to the querying dnsmasq. From there on there queries go > ping-pong until I stop one server. > > Does anyone here have a hint for me how to setup this correctly and how to > prevent queries for unknown hosts being sent back from the intranet > dnsmasq? > local=/intranet.my.domain/ on the intranet server will stop it forwarding any requests for that domain. I think that's what you need. HTH Simon. From gerrit at pmp.uni-hannover.de Wed Nov 4 12:18:45 2009 From: gerrit at pmp.uni-hannover.de (Gerrit =?ISO-8859-1?Q?K=FChn?=) Date: Wed, 4 Nov 2009 13:18:45 +0100 Subject: [Dnsmasq-discuss] dnsmasq forwards requests for unknown hosts in its own domain In-Reply-To: <4AF1684F.8060203@thekelleys.org.uk> References: <20091104123503.179fc6ca.gerrit@pmp.uni-hannover.de> <4AF1684F.8060203@thekelleys.org.uk> Message-ID: <20091104131845.923ffb44.gerrit@pmp.uni-hannover.de> On Wed, 04 Nov 2009 11:41:03 +0000 Simon Kelley wrote about Re: [Dnsmasq-discuss] dnsmasq forwards requests for unknown hosts in its own domain: SK> > Does anyone here have a hint for me how to setup this correctly and SK> > how to prevent queries for unknown hosts being sent back from the SK> > intranet dnsmasq? SK> local=/intranet.my.domain/ SK> on the intranet server will stop it forwarding any requests for that SK> domain. I think that's what you need. Yes, that's exactly what I needed, thanks a lot! cu Gerrit From bramzhou at gmail.com Wed Nov 4 12:41:51 2009 From: bramzhou at gmail.com (Bo Zhou) Date: Wed, 4 Nov 2009 13:41:51 +0100 Subject: [Dnsmasq-discuss] Questio on DHCP option 125 Message-ID: <8ade8a010911040441v5f1c826cw398cca193cddf01f@mail.gmail.com> Hi, I'm a new comer to this mail list. I noticed that 2 years ago, there were some people talking about DHCP option 125 support in the dnsmasq. ( http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2007q3/001590.html) I am just wondering what is the status for that. I checked dnsmasq v2.51, seems it still doesn't support option 125. Anyone has news on that? I do apologize that if there's maill thread already discussed similiar question but could anybody give me the link as reference if there is. Thanks a lot. /Bram -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091104/c07396a0/attachment.htm From simon at thekelleys.org.uk Wed Nov 4 13:24:29 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Wed, 04 Nov 2009 13:24:29 +0000 Subject: [Dnsmasq-discuss] Questio on DHCP option 125 In-Reply-To: <8ade8a010911040441v5f1c826cw398cca193cddf01f@mail.gmail.com> References: <8ade8a010911040441v5f1c826cw398cca193cddf01f@mail.gmail.com> Message-ID: <4AF1808D.7020604@thekelleys.org.uk> Bo Zhou wrote: > Hi, > > I'm a new comer to this mail list. I noticed that 2 years ago, there > were some people talking about DHCP option 125 support in the dnsmasq. > (http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2007q3/001590.html) > I am just wondering what is the status for that. I checked dnsmasq > v2.51, seems it still doesn't support option 125. Anyone has news on that? > > I do apologize that if there's maill thread already discussed similiar > question but could anybody give me the link as reference if there is. > Thanks a lot. > The thread in 2007 was the last time this was discussed, and you are correct, option 125 is still not supported. Kunal either didn't produce a patch, or didn't share it. What is the application. The observation that you can hand-code anything in hex still applies, and that may be a solution. Cheers, Simon. From kiswono at gmail.com Fri Nov 6 01:25:38 2009 From: kiswono at gmail.com (Kiswono Prayogo) Date: Fri, 6 Nov 2009 08:25:38 +0700 Subject: [Dnsmasq-discuss] dnmasq slow for local network In-Reply-To: <99024f5f0911032251w40f5cc59hc2620f9e8cad1b48@mail.gmail.com> References: <99024f5f0911032047y3b8820b4xe9847b3050010b6@mail.gmail.com> <2e59e6970911032240h51228c4q8d38476bb0b52f04@mail.gmail.com> <99024f5f0911032251w40f5cc59hc2620f9e8cad1b48@mail.gmail.com> Message-ID: <99024f5f0911051725s3a2305b3r3f4e0e4664599aea@mail.gmail.com> ic, i found the source of problem by sniffing.. it's because i havent input the ipv6 version of ipv4 (in indonesia still use ipv4) and the browser always request for AAAA at first, dnsmasq did not reply for the first time if there is no ipv6 available, and reply for the second time without any result. then the browser request for A record then the page shown.. there is about 3-20 seconds request delay between AAAA request and A request if i haven't input the ipv6 version, such as: ::FFFF:myipv4 myhostname.secretdomain.. hahah ^^, thanks for help you've all provide.. (sorry my english skill not good enough to explain my problem clearly ^^) Regards, GB On Wed, Nov 4, 2009 at 1:51 PM, Kiswono Prayogo wrote: > no, what i mean that, using any web client i have, open a local web always > having slower dns response than opening non local web.. but if i use the > http://ipaddress/ or ping, it doesn't slow at all. i wonder why.. ^^ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091106/cfb3e2fa/attachment.htm From tom at rogie.be Fri Nov 6 12:27:11 2009 From: tom at rogie.be (Tom Rogie) Date: Fri, 06 Nov 2009 13:27:11 +0100 Subject: [Dnsmasq-discuss] 'transparent' dnsmasq servers for local network Message-ID: <1257510431.3579.123.camel@Actarus.Vega> Hello, I'm having a VPN with 2 routers and a dedicated server (vpn-server) on the internet. The 2 routers on 2 different locations/ISPs are in fact Linksys'es with DD-wrt firmware and dnsmasq is servicing DHCP and DNS with dnsmasq for the local networks. The routers connect to a vpn-server (a dedicated server at the hosting company) and so the 2 local networks are almost transparent. In the beginning I had 2 different localnets and everything was working ok. But now most of the computers got replaced by laptops and the users traveling regularly over to the other sites. I'm also planning to have users logging in directly to the vpn-server when they are on the field (outside the 2 local networks, i.e. at home, on the field, using other internet connections,...) I would still like to have the network transparent but as we can't know the position (network) of computers anymore I thought on replacing the 2 networks with a single one and having a 'distributed' network of dnsmasq servers. Centralising the dhcp/dns on 1 site or on the dedicated server is not really an option as the vpn is not guaranteed. I configured the 2 routers and the vpnserver so that they forward local dns queries to the other servers but doesn't seem to be working... What would be the best strategy for my setup? Trogie From hs.samix at gmail.com Sat Nov 7 01:26:33 2009 From: hs.samix at gmail.com (H. S.) Date: Fri, 6 Nov 2009 20:26:33 -0500 Subject: [Dnsmasq-discuss] dhcp-option 120, sip server, how? In-Reply-To: <4AEE0098.5060909@thekelleys.org.uk> References: <4AEE0098.5060909@thekelleys.org.uk> Message-ID: Sorry for the earlier try which sent the post only to Simon (don't use gmail very often, usually gmane newsgroup, and I am not familiar with the behaviour of Reply option in gmail). On Sun, Nov 1, 2009 at 4:41 PM, Simon Kelley wrote: > H.S. wrote: >> >> Hello, >> >> How do I specify dhcp-option 120 (for sip server) in my dnsmasq conf >> file? I have tried: >> dhcp-option: >> dhcp-option=120,1,192.168.5.1 >> >> but after searching the web have not verified if this is the correct >> method (there are reports of specifying it in hex as well). >> >> Suggestions, please? >> >> Thanks. > > Current version of dnsmasq know about the peculiar format of option 120, so > you can just do: > > dhcp-option=120,192.168.5.1 > > or taking advantage of the fact that dnsmasq now knows the names of most > options > > dhcp-option=option:sip,192.168.5.1 > > finally, the name version of the SIP option is supported too: > > dhcp-option=option:sip,sipserver.mydomain.com > Thanks for this info, Simon. I will give this a shot and see how it goes. Regards, ->HS From hs.samix at gmail.com Sat Nov 7 01:30:06 2009 From: hs.samix at gmail.com (H. S.) Date: Fri, 6 Nov 2009 20:30:06 -0500 Subject: [Dnsmasq-discuss] dhcp-option 120, sip server, how? In-Reply-To: <4AEE0098.5060909@thekelleys.org.uk> References: <4AEE0098.5060909@thekelleys.org.uk> Message-ID: On Sun, Nov 1, 2009 at 4:41 PM, Simon Kelley wrote: > > Current version of dnsmasq know about the peculiar format of option 120, so > you can just do: > > dhcp-option=120,192.168.5.1 dnsmasq had no problem with this. Yet to try with the Nokia phone. > > or taking advantage of the fact that dnsmasq now knows the names of most > options > > dhcp-option=option:sip,192.168.5.1 dnsmasq barfed at this: > sudo /etc/init.d/dnsmasq restart Restarting DNS forwarder and DHCP server: dnsmasq dnsmasq: bad dhcp-option at line 99 of /etc/dnsmasq.d/01-home-hosts.conf failed! > > finally, the name version of the SIP option is supported too: > > dhcp-option=option:sip,sipserver.mydomain.com didn't try this. BTW, does the IP address need to be a valid SIP server for the option to be acceptable to dnsmasq? Thanks. From hs.samix at gmail.com Sat Nov 7 01:40:38 2009 From: hs.samix at gmail.com (H. S.) Date: Fri, 6 Nov 2009 20:40:38 -0500 Subject: [Dnsmasq-discuss] dhcp-option 120, sip server, how? In-Reply-To: References: <4AEE0098.5060909@thekelleys.org.uk> Message-ID: On Fri, Nov 6, 2009 at 8:30 PM, H. S. wrote: > On Sun, Nov 1, 2009 at 4:41 PM, Simon Kelley wrote: > >> >> Current version of dnsmasq know about the peculiar format of option 120, so >> you can just do: >> >> dhcp-option=120,192.168.5.1 > > dnsmasq had no problem with this. Yet to try with the Nokia phone. Despite giving that option in dnsmasq and restarting it, the phone still did not grab a DHCP offer :( From cl at isbd.net Sun Nov 8 12:08:04 2009 From: cl at isbd.net (Chris G) Date: Sun, 8 Nov 2009 12:08:04 +0000 Subject: [Dnsmasq-discuss] dnsmasq returns addresses for non-existent hosts - what have I mis-configured? Message-ID: <20091108120803.GA14910@chris> I have dnsmasq working quite happily on a Ubuntu Server 9.10 system providing dns for my small SoHo network. I have just noticed however that if I ask for the address of a non-existent name dnsmasq returns the name of one of my hosting service's machines. It always returns the same address for any non-existent name, e.g.:- chris$ host abcde.isbd.net abcde.isbd.net has address 195.74.61.93 abcde.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. chris$ host xyz xyz.isbd.net has address 195.74.61.93 xyz.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. chris$ host xyz.isbd.net xyz.isbd.net has address 195.74.61.93 xyz.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. I have isbd.net and isbd.co.uk hosted at Gradwell so I do have a connection with them. In fact things are becoming clearer now, 195.74.61.93 is the (quite correct) address returned when you look up isbd.net. So, how can I prevent dnsmasq from returning the parent domain address when I look up .isbd.net ? Presumably it can't find the name locally and sends off the request to the upstream name server which (sort of correctly) returns 195.74.61.93. However it means that if I mis-type a name or if one of my machines dies then I may not notice immediately because DNS still succeeds. -- Chris Green From justin.mcateer at gmail.com Sun Nov 8 15:16:12 2009 From: justin.mcateer at gmail.com (Justin McAteer) Date: Sun, 8 Nov 2009 09:16:12 -0600 Subject: [Dnsmasq-discuss] dhcp-option 120, sip server, how? In-Reply-To: References: <4AEE0098.5060909@thekelleys.org.uk> Message-ID: <39b4dffd0911080716m77615f75ne4dfb7b97a17f9e0@mail.gmail.com> HS, The phone will have to request option 120 from the server or DNSMasq will not send the option. Alternatively, you may use dhcp-option-force to have the server send the option whether the client requests it or not. Thank You, Justin McAteer On Fri, Nov 6, 2009 at 7:40 PM, H. S. wrote: > On Fri, Nov 6, 2009 at 8:30 PM, H. S. wrote: >> On Sun, Nov 1, 2009 at 4:41 PM, Simon Kelley wrote: >> >>> >>> Current version of dnsmasq know about the peculiar format of option 120, so >>> you can just do: >>> >>> dhcp-option=120,192.168.5.1 >> >> dnsmasq had no problem with this. Yet to try with the Nokia phone. > > Despite giving that option in dnsmasq and restarting it, the phone > still did not grab a DHCP offer :( > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From perette at barella.org Sun Nov 8 15:25:11 2009 From: perette at barella.org (Perette Barella) Date: Sun, 8 Nov 2009 10:25:11 -0500 Subject: [Dnsmasq-discuss] dnsmasq returns addresses for non-existent hosts - what have I mis-configured? In-Reply-To: <20091108120803.GA14910@chris> References: <20091108120803.GA14910@chris> Message-ID: It looks like your provider has set up a wildcard A record, which is similar to DNS hijacking as a "helpful" feature to users who miskey a domain name. It's not isolated to you: mugenshi:etc x10$ host ghijk.isbd.net ghijk.isbd.net has address 195.74.61.93 ghijk.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. You could check Gradwell's support pages, but I doubt there is an option to shut it off, since the DNS is published this way. It's a publication problem/"feature", not a bug in dnsmasq. Dnsmasq does have a a bogus-nxdomain option, which you give some IP addresses and those addresses are translated into NXDOMAIN non- existent domain responses. However, if isbd.net (without leading characters) is actually a useful server to you, this solution is not viable because the valid use shares the same IP as the bogus responses. Perette On 2009?11?08?, at 7:08, Chris G wrote: > I have dnsmasq working quite happily on a Ubuntu Server 9.10 system > providing dns for my small SoHo network. > > I have just noticed however that if I ask for the address of a > non-existent name dnsmasq returns the name of one of my hosting > service's machines. It always returns the same address for any > non-existent name, e.g.:- > > chris$ host abcde.isbd.net > abcde.isbd.net has address 195.74.61.93 > abcde.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. > chris$ host xyz > xyz.isbd.net has address 195.74.61.93 > xyz.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. > chris$ host xyz.isbd.net > xyz.isbd.net has address 195.74.61.93 > xyz.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. > > > I have isbd.net and isbd.co.uk hosted at Gradwell so I do have a > connection with them. In fact things are becoming clearer now, > 195.74.61.93 is the (quite correct) address returned when you > look up isbd.net. > > So, how can I prevent dnsmasq from returning the parent domain address > when I look up .isbd.net ? Presumably it can't find > the > name locally and sends off the request to the upstream name server > which (sort of correctly) returns 195.74.61.93. > > However it means that if I mis-type a name or if one of my machines > dies then I may not notice immediately because DNS still succeeds. > > -- > Chris Green > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss From rob0 at gmx.co.uk Sun Nov 8 15:37:36 2009 From: rob0 at gmx.co.uk (/dev/rob0) Date: Sun, 8 Nov 2009 09:37:36 -0600 Subject: [Dnsmasq-discuss] dnsmasq returns addresses for non-existent hosts - what have I mis-configured? In-Reply-To: <20091108120803.GA14910@chris> References: <20091108120803.GA14910@chris> Message-ID: <20091108153715.GB24728@minipax> On Sun, Nov 08, 2009 at 12:08:04PM +0000, Chris G wrote: > So, how can I prevent dnsmasq from returning the parent domain address > when I look up .isbd.net ? Presumably it can't find the See "--local" in the man page. > name locally and sends off the request to the upstream name server > which (sort of correctly) returns 195.74.61.93. NXDOMAIN hijacking is bad, a stupid idea by greedy people who want more Web traffic, but who do not know how DNS is supposed to work. See "--bogus-nxdomain" in the man page. Or better yet, find a better upstream nameserver to use. I run my own named(8) caching resolver on an alternate port for dnsmasq to use. It's pretty simple, using --server and --no-resolv settings. I changed the ports to non-privileged ones, so my named can be started by and run as a non-root user. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header From rob0 at gmx.co.uk Sun Nov 8 22:53:02 2009 From: rob0 at gmx.co.uk (/dev/rob0) Date: Sun, 8 Nov 2009 17:53:02 -0500 Subject: [Dnsmasq-discuss] server=... remote reverse DNS fails Message-ID: <200911081653.02760.rob0@gmx.co.uk> I have a local dnsmasq and another one connected via VPN. The local names and DHCP'ed IP addresses resolve at each place. Each is set up to refer to the other's forward and reverse zone. It seems to work fully going one way, but only for the forward zone from the other. Cast of Characters: +-----------------+ 192.168.8.97 Chestnut.pirate.lan, slamd64 [1] 12.2 192.168.4.9 gazoo.lan, openwrt Kamikaze 8.09.1 (brcm-2.4) 192.168.4.173 sip.gazoo.lan, Sipura SPA-2000 192.168.3.1 Chestnut's OpenVPN IP (the server) 192.168.3.8 gazoo's VPN IP Routing works. Chestnut is the openvpn server, and hosts in gazoo.lan can get to pirate.lan hosts and to other openvpn clients elsewhere. I noticed the problem when setting up gazoo and sip to do remote syslog to chestnut; gazoo appears in logs as "gazoo", sip by IP. Testing from a host in pirate.lan: $ host 192.168.4.173 Host 173.4.168.192.in-addr.arpa. not found: 3(NXDOMAIN) $ host 192.168.4.173 192.168.4.9 Using domain server: Name: 192.168.4.9 Address: 192.168.4.9#53 Aliases: 173.4.168.192.in-addr.arpa domain name pointer sip.gazoo.lan. $ host sip.gazoo.lan. sip.lan has address 192.168.4.173 The dnsmasq.d directory on chestnut.pirate.lan has a file "gazoo", with this: server=/gazoo.lan/192.168.3.8 server=/4.168.192.in-addr.arpa/192.168.3.8 192.168.3.8 is the VPN IP address for the remote dnsmasq, which is a/k/a 192.168.4.9 . The gazoo.lan names resolve, but reverse doesn't work, and test results are the same with either of the VPN or LAN IP addresses. Continuing tests, we see that both forward and reverse work from the other side: $ host 192.168.8.172 172.8.168.192.in-addr.arpa domain name pointer Wii.pirate.lan. $ host 192.168.8.172 192.168.4.9 Using domain server: Name: 192.168.4.9 Address: 192.168.4.9#53 Aliases: 172.8.168.192.in-addr.arpa domain name pointer Wii.pirate.lan. $ host Wii.pirate.lan. Wii.pirate.lan has address 192.168.8.172 ws at whn:~$ host Wii.pirate.lan. 192.168.4.9 Using domain server: Name: 192.168.4.9 Address: 192.168.4.9#53 Aliases: Wii.pirate.lan has address 192.168.8.172 The dnsmasq which is not working properly, Slamd64 12.2: root at chestnut:~# dnsmasq --version Dnsmasq version 2.46 Copyright (C) 2000-2008 Simon Kelley Compile time options IPv6 GNU-getopt no-DBus I18N TFTP The one which is working, openwrt Kamikaze 8.09.1: root at gazoo:~# dnsmasq --version Dnsmasq version 2.47 Copyright (C) 2000-2009 Simon Kelley Compile time options IPv6 GNU-getopt no-DBus no-I18N TFTP I'll try upgrading and report back if that helps. Oh, here's another test: $ dig -x +trace 192.168.4.173 ; <<>> DiG 9.4.2-P2 <<>> -x +trace 192.168.4.173 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28788 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;+trace.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: in-addr.arpa. 10800 IN SOA A.ROOT-SERVERS.NET. dns-ops.ARIN.NET. 2009110804 1800 900 691200 10800 ;; Query time: 166 msec ;; SERVER: 192.168.8.97#53(192.168.8.97) ;; WHEN: Sun Nov 8 15:45:37 2009 ;; MSG SIZE rcvd: 104 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31979 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;192.168.4.173. IN A ;; ANSWER SECTION: 192.168.4.173. 7200 IN A 192.168.4.173 ;; Query time: 2 msec ;; SERVER: 192.168.8.97#53(192.168.8.97) ;; WHEN: Sun Nov 8 15:45:37 2009 ;; MSG SIZE rcvd: 47 Note, all of these tests were done from clients on the pirate.lan side. ATM there's no dig(1) on the gazoo.lan side, and gazoo itself lacks storage capacity to install it. (The busybox implementation of nslookup(1) is even worse than BIND's.) I think the directed queries Curious that there would be an A query and answer. Using ptr for the in-addr.arpa. name rather than -x, it appears to be ignoring the server declaration for the reverse zone: $ dig +trace 173.4.168.192.in-addr.arpa. ptr ; <<>> DiG 9.4.2-P2 <<>> +trace 173.4.168.192.in-addr.arpa. ptr ;; global options: printcmd . 372212 IN NS G.ROOT-SERVERS.NET. . 372212 IN NS B.ROOT-SERVERS.NET. . 372212 IN NS A.ROOT-SERVERS.NET. . 372212 IN NS F.ROOT-SERVERS.NET. . 372212 IN NS I.ROOT-SERVERS.NET. . 372212 IN NS C.ROOT-SERVERS.NET. . 372212 IN NS H.ROOT-SERVERS.NET. . 372212 IN NS M.ROOT-SERVERS.NET. . 372212 IN NS J.ROOT-SERVERS.NET. . 372212 IN NS L.ROOT-SERVERS.NET. . 372212 IN NS D.ROOT-SERVERS.NET. . 372212 IN NS K.ROOT-SERVERS.NET. . 372212 IN NS E.ROOT-SERVERS.NET. ;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms$ dig +trace 173.4.168.192.in-addr.arpa. ptr ; <<>> DiG 9.4.2-P2 <<>> +trace 173.4.168.192.in-addr.arpa. ptr ;; global options: printcmd . 372212 IN NS G.ROOT-SERVERS.NET. . 372212 IN NS B.ROOT-SERVERS.NET. . 372212 IN NS A.ROOT-SERVERS.NET. . 372212 IN NS F.ROOT-SERVERS.NET. . 372212 IN NS I.ROOT-SERVERS.NET. . 372212 IN NS C.ROOT-SERVERS.NET. . 372212 IN NS H.ROOT-SERVERS.NET. . 372212 IN NS M.ROOT-SERVERS.NET. . 372212 IN NS J.ROOT-SERVERS.NET. . 372212 IN NS L.ROOT-SERVERS.NET. . 372212 IN NS D.ROOT-SERVERS.NET. . 372212 IN NS K.ROOT-SERVERS.NET. . 372212 IN NS E.ROOT-SERVERS.NET. ;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms arpa. 172800 IN NS D.ROOT-SERVERS.NET. arpa. 172800 IN NS F.ROOT-SERVERS.NET. arpa. 172800 IN NS G.ROOT-SERVERS.NET. arpa. 172800 IN NS B.ROOT-SERVERS.NET. arpa. 172800 IN NS E.ROOT-SERVERS.NET. arpa. 172800 IN NS M.ROOT-SERVERS.NET. arpa. 172800 IN NS A.ROOT-SERVERS.NET. arpa. 172800 IN NS I.ROOT-SERVERS.NET. arpa. 172800 IN NS H.ROOT-SERVERS.NET. arpa. 172800 IN NS C.ROOT-SERVERS.NET. arpa. 172800 IN NS L.ROOT-SERVERS.NET. arpa. 172800 IN NS K.ROOT-SERVERS.NET. ;; Received 496 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 221 ms 192.in-addr.arpa. 86400 IN NS BASIL.ARIN.NET. 192.in-addr.arpa. 86400 IN NS HENNA.ARIN.NET. 192.in-addr.arpa. 86400 IN NS Z.ARIN.NET. 192.in-addr.arpa. 86400 IN NS X.ARIN.NET. 192.in-addr.arpa. 86400 IN NS Y.ARIN.NET. 192.in-addr.arpa. 86400 IN NS DILL.ARIN.NET. 192.in-addr.arpa. 86400 IN NS INDIGO.ARIN.NET. ;; Received 180 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 96 ms 168.192.in-addr.arpa. 86400 IN NS blackhole-1.iana.org. 168.192.in-addr.arpa. 86400 IN NS blackhole-2.iana.org. ;; Received 104 bytes from 192.55.83.32#53(BASIL.ARIN.NET) in 208 ms 168.192.in-addr.arpa. 300 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800 ;; Received 121 bytes from 192.175.48.6#53(blackhole-1.iana.org) in 106 ms arpa. 172800 IN NS D.ROOT-SERVERS.NET.$ dig +trace 173.4.168.192.in-addr.arpa. ptr ; <<>> DiG 9.4.2-P2 <<>> +trace 173.4.168.192.in-addr.arpa. ptr ;; global options: printcmd . 372212 IN NS G.ROOT-SERVERS.NET. . 372212 IN NS B.ROOT-SERVERS.NET. . 372212 IN NS A.ROOT-SERVERS.NET. . 372212 IN NS F.ROOT-SERVERS.NET. . 372212 IN NS I.ROOT-SERVERS.NET. . 372212 IN NS C.ROOT-SERVERS.NET. . 372212 IN NS H.ROOT-SERVERS.NET. . 372212 IN NS M.ROOT-SERVERS.NET. . 372212 IN NS J.ROOT-SERVERS.NET. . 372212 IN NS L.ROOT-SERVERS.NET. . 372212 IN NS D.ROOT-SERVERS.NET. . 372212 IN NS K.ROOT-SERVERS.NET. . 372212 IN NS E.ROOT-SERVERS.NET. ;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms arpa. 172800 IN NS D.ROOT-SERVERS.NET. arpa. 172800 IN NS F.ROOT-SERVERS.NET. arpa. 172800 IN NS G.ROOT-SERVERS.NET. arpa. 172800 IN NS B.ROOT-SERVERS.NET. arpa. 172800 IN NS E.ROOT-SERVERS.NET. arpa. 172800 IN NS M.ROOT-SERVERS.NET. arpa. 172800 IN NS A.ROOT-SERVERS.NET. arpa. 172800 IN NS I.ROOT-SERVERS.NET. arpa. 172800 IN NS H.ROOT-SERVERS.NET. arpa. 172800 IN NS C.ROOT-SERVERS.NET. arpa. 172800 IN NS L.ROOT-SERVERS.NET. arpa. 172800 IN NS K.ROOT-SERVERS.NET. ;; Received 496 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 221 ms 192.in-addr.arpa. 86400 IN NS BASIL.ARIN.NET. 192.in-addr.arpa. 86400 IN NS HENNA.ARIN.NET. 192.in-addr.arpa. 86400 IN NS Z.ARIN.NET. 192.in-addr.arpa. 86400 IN NS X.ARIN.NET. 192.in-addr.arpa. 86400 IN NS Y.ARIN.NET. 192.in-addr.arpa. 86400 IN NS DILL.ARIN.NET. 192.in-addr.arpa. 86400 IN NS INDIGO.ARIN.NET. ;; Received 180 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 96 ms 168.192.in-addr.arpa. 86400 IN NS blackhole-1.iana.org. 168.192.in-addr.arpa. 86400 IN NS blackhole-2.iana.org. ;; Received 104 bytes from 192.55.83.32#53(BASIL.ARIN.NET) in 208 ms 168.192.in-addr.arpa. 300 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800 ;; Received 121 bytes from 192.175.48.6#53(blackhole-1.iana.org) in 106 ms arpa. 172800 IN NS F.ROOT-SERVERS.NET. arpa. 172800 IN NS G.ROOT-SERVERS.NET. arpa. 172800 IN NS B.ROOT-SERVERS.NET. arpa. 172800 IN NS E.ROOT-SERVERS.NET. arpa. 172800 IN NS M.ROOT-SERVERS.NET. arpa. 172800 IN NS A.ROOT-SERVERS.NET. arpa. 172800 IN NS I.ROOT-SERVERS.NET. arpa. 172800 IN NS H.ROOT-SERVERS.NET. arpa. 172800 IN NS C.ROOT-SERVERS.NET. arpa. 172800 IN NS L.ROOT-SERVERS.NET. arpa. 172800 IN NS K.ROOT-SERVERS.NET. ;; Received 496 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 221 ms 192.in-addr.arpa. 86400 IN NS BASIL.ARIN.NET. 192.in-addr.arpa. 86400 IN NS HENNA.ARIN.NET. 192.in-addr.arpa. 86400 IN NS Z.ARIN.NET. 192.in-addr.arpa. 86400 IN NS X.ARIN.NET. 192.in-addr.arpa. 86400 IN NS Y.ARIN.NET. 192.in-addr.arpa. 86400 IN NS DILL.ARIN.NET. 192.in-addr.arpa. 86400 IN NS INDIGO.ARIN.NET. ;; Received 180 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 96 ms 168.192.in-addr.arpa. 86400 IN NS blackhole-1.iana.org. 168.192.in-addr.arpa. 86400 IN NS blackhole-2.iana.org. ;; Received 104 bytes from 192.55.83.32#53(BASIL.ARIN.NET) in 208 ms 168.192.in-addr.arpa. 300 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800 ;; Received 121 bytes from 192.175.48.6#53(blackhole-1.iana.org) in 106 ms This is all nothing but a minor annoyance for me, but I thought it might be worth looking into. [1] Slamd64 is/was a port of 32-bit Slackware to x86_64, probably in the process of being phased out since Slackware 13 had a x86_64 version. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header From cl at isbd.net Mon Nov 9 13:58:25 2009 From: cl at isbd.net (Chris G) Date: Mon, 9 Nov 2009 13:58:25 +0000 Subject: [Dnsmasq-discuss] dnsmasq returns addresses for non-existent hosts - what have I mis-configured? In-Reply-To: References: <20091108120803.GA14910@chris> Message-ID: <20091109135825.GC14910@chris> On Sun, Nov 08, 2009 at 10:25:11AM -0500, Perette Barella wrote: > It looks like your provider has set up a wildcard A record, which is > similar to DNS hijacking as a "helpful" feature to users who miskey a > domain name. It's not isolated to you: > > mugenshi:etc x10$ host ghijk.isbd.net > ghijk.isbd.net has address 195.74.61.93 > ghijk.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. > > You could check Gradwell's support pages, but I doubt there is an > option to shut it off, since the DNS is published this way. It's a > publication problem/"feature", not a bug in dnsmasq. > I do in fact have the ability to change my domain's zone files. ... and there is what you describe (N.B. this from a web form, not exact zone file syntax) :- * 195.74.61.93 86400 A * 10 mail-in-1.lb.gradwell.net. 86400 MX So can I simply delete these two entries? (OK, people mis-typing domain names *might* be affected but that's mostly me so I don't see a big issue there) -- Chris Green From simon at thekelleys.org.uk Mon Nov 9 21:27:58 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Mon, 09 Nov 2009 21:27:58 +0000 Subject: [Dnsmasq-discuss] dhcp-option 120, sip server, how? In-Reply-To: References: <4AEE0098.5060909@thekelleys.org.uk> Message-ID: <4AF8895E.4020106@thekelleys.org.uk> >> dhcp-option=option:sip,192.168.5.1 > > dnsmasq barfed at this: >> sudo /etc/init.d/dnsmasq restart > Restarting DNS forwarder and DHCP server: dnsmasq > dnsmasq: bad dhcp-option at line 99 of /etc/dnsmasq.d/01-home-hosts.conf > failed! Apologies, the option name is "sip-server", not "sip" Simon. From simon at thekelleys.org.uk Mon Nov 9 21:30:18 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Mon, 09 Nov 2009 21:30:18 +0000 Subject: [Dnsmasq-discuss] dhcp-option 120, sip server, how? In-Reply-To: <39b4dffd0911080716m77615f75ne4dfb7b97a17f9e0@mail.gmail.com> References: <4AEE0098.5060909@thekelleys.org.uk> <39b4dffd0911080716m77615f75ne4dfb7b97a17f9e0@mail.gmail.com> Message-ID: <4AF889EA.9040703@thekelleys.org.uk> Setting log-dhcp in /etc/dnsmasq.conf will give you useful information about exactly what is going on here. Simon. Justin McAteer wrote: > HS, > > The phone will have to request option 120 from the server or DNSMasq > will not send the option. Alternatively, you may use dhcp-option-force > to have the server send the option whether the client requests it or > not. > > Thank You, > Justin McAteer > > > > > On Fri, Nov 6, 2009 at 7:40 PM, H. S. wrote: >> On Fri, Nov 6, 2009 at 8:30 PM, H. S. wrote: >>> On Sun, Nov 1, 2009 at 4:41 PM, Simon Kelley wrote: >>> >>>> Current version of dnsmasq know about the peculiar format of option 120, so >>>> you can just do: >>>> >>>> dhcp-option=120,192.168.5.1 >>> dnsmasq had no problem with this. Yet to try with the Nokia phone. >> Despite giving that option in dnsmasq and restarting it, the phone >> still did not grab a DHCP offer :( >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss at lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From simon at thekelleys.org.uk Mon Nov 9 21:39:30 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Mon, 09 Nov 2009 21:39:30 +0000 Subject: [Dnsmasq-discuss] server=... remote reverse DNS fails In-Reply-To: <200911081653.02760.rob0@gmx.co.uk> References: <200911081653.02760.rob0@gmx.co.uk> Message-ID: <4AF88C12.30103@thekelleys.org.uk> /dev/rob0 wrote: Snip lots of tests. > This is all nothing but a minor annoyance for me, but I thought it > might be worth looking into. > > I'm not aware of anything that could cause this. The best way to see what's going on might be to set --log-queries on both dnsmasq instances. Cheers, Simon From gerrit at pmp.uni-hannover.de Wed Nov 11 10:13:01 2009 From: gerrit at pmp.uni-hannover.de (Gerrit =?ISO-8859-1?Q?K=FChn?=) Date: Wed, 11 Nov 2009 11:13:01 +0100 Subject: [Dnsmasq-discuss] dnsmasq forwards requests for unknown hosts in its own domain In-Reply-To: <4AF1684F.8060203@thekelleys.org.uk> References: <20091104123503.179fc6ca.gerrit@pmp.uni-hannover.de> <4AF1684F.8060203@thekelleys.org.uk> Message-ID: <20091111111301.b85cfe7b.gerrit@pmp.uni-hannover.de> On Wed, 04 Nov 2009 11:41:03 +0000 Simon Kelley wrote about Re: [Dnsmasq-discuss] dnsmasq forwards requests for unknown hosts in its own domain: SK> > Does anyone here have a hint for me how to setup this correctly and SK> > how to prevent queries for unknown hosts being sent back from the SK> > intranet dnsmasq? SK> local=/intranet.my.domain/ SK> on the intranet server will stop it forwarding any requests for that SK> domain. I think that's what you need. This fixed the directly triggerable ping-pong between the two servers. Now I still see these requests sometimes: Nov 11 10:30:19 theq dnsmasq[97791]: query[PTR] db._dns-sd._udp.0.64.168.192.in- addr.arpa from 10.117.15.254 Nov 11 10:30:19 theq dnsmasq[97791]: forwarded db._dns-sd._udp.0.64.168.192.in-a ddr.arpa to 10.117.15.254 These requests/forwards won't stop and put quite some load on dnsmasq running on 10.117.15.254. After stopping, waiting some seconds and starting again dnsmasq on 192.168.64.254, everything is back to normal (for a day or so, until this starts again). Can anyone explain to me what might cause these requests and how I can prevent them either from being requested at all or at least from being forwarded? cu Gerrit From gerrit at pmp.uni-hannover.de Wed Nov 11 10:28:58 2009 From: gerrit at pmp.uni-hannover.de (Gerrit =?ISO-8859-1?Q?K=FChn?=) Date: Wed, 11 Nov 2009 11:28:58 +0100 Subject: [Dnsmasq-discuss] dnsmasq forwards requests for unknown hosts in its own domain In-Reply-To: <20091111111301.b85cfe7b.gerrit@pmp.uni-hannover.de> References: <20091104123503.179fc6ca.gerrit@pmp.uni-hannover.de> <4AF1684F.8060203@thekelleys.org.uk> <20091111111301.b85cfe7b.gerrit@pmp.uni-hannover.de> Message-ID: <20091111112858.065e85c4.gerrit@pmp.uni-hannover.de> On Wed, 11 Nov 2009 11:13:01 +0100 Gerrit K?hn wrote about Re: [Dnsmasq-discuss] dnsmasq forwards requests for unknown hosts in its own domain: GK> Nov 11 10:30:19 theq dnsmasq[97791]: query[PTR] GK> db._dns-sd._udp.0.64.168.192.in- addr.arpa from 10.117.15.254 GK> Nov 11 10:30:19 theq dnsmasq[97791]: forwarded GK> db._dns-sd._udp.0.64.168.192.in-a ddr.arpa to 10.117.15.254 GK> These requests/forwards won't stop and put quite some load on dnsmasq GK> running on 10.117.15.254. Sorry, wrong hostname here. To make the situation clear: dnsmasq is running on two hosts: theq (10.117.1.254) <-> nat-router (10.117.15.254 / 192.168.64.254) I do not know where the requests for 192.168.64.0 stem from, but dnsmasq running on the nat-router forwards them to dnsmasq on theq. cu Gerrit From 4lists at gmail.com Wed Nov 11 11:48:48 2009 From: 4lists at gmail.com (Edson - Lists) Date: Wed, 11 Nov 2009 09:48:48 -0200 Subject: [Dnsmasq-discuss] dnsmasq forwards requests for unknown hosts in its own domain In-Reply-To: <20091111112858.065e85c4.gerrit@pmp.uni-hannover.de> References: <20091104123503.179fc6ca.gerrit@pmp.uni-hannover.de> <4AF1684F.8060203@thekelleys.org.uk> <20091111111301.b85cfe7b.gerrit@pmp.uni-hannover.de> <20091111112858.065e85c4.gerrit@pmp.uni-hannover.de> Message-ID: <4AFAA4A0.1000203@gmail.com> Maybe this hints could help You: 1) make sure that dnsmasq on nat-router is listening on the right interfaces (just internal?) 2) arm syslog for all DNS queries and see from where they are coming. Edson. Gerrit K?hn escreveu: > On Wed, 11 Nov 2009 11:13:01 +0100 Gerrit K?hn > wrote about Re: [Dnsmasq-discuss] dnsmasq > forwards requests for unknown hosts in its own domain: > > GK> Nov 11 10:30:19 theq dnsmasq[97791]: query[PTR] > GK> db._dns-sd._udp.0.64.168.192.in- addr.arpa from 10.117.15.254 > GK> Nov 11 10:30:19 theq dnsmasq[97791]: forwarded > GK> db._dns-sd._udp.0.64.168.192.in-a ddr.arpa to 10.117.15.254 > > GK> These requests/forwards won't stop and put quite some load on dnsmasq > GK> running on 10.117.15.254. > > Sorry, wrong hostname here. To make the situation clear: > dnsmasq is running on two hosts: > > theq (10.117.1.254) <-> nat-router (10.117.15.254 / 192.168.64.254) > > I do not know where the requests for 192.168.64.0 stem from, but dnsmasq > running on the nat-router forwards them to dnsmasq on theq. > > > cu > Gerrit > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From knud.skrald at guldberg.info Sat Nov 14 23:34:19 2009 From: knud.skrald at guldberg.info (knud.skrald at guldberg.info) Date: Sun, 15 Nov 2009 00:34:19 +0100 Subject: [Dnsmasq-discuss] can resolve 1 specific host Message-ID: <4AFF3E7B.302@guldberg.info> Hi From time to time I get problmem with one host name www.dba.dk and camping.dba.dk They can not be solved, seems to be locked in some way on my dnsmasq server. A snip (reduced) of my log file is attached. Knud -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: log1.txt Url: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091115/f28a18c5/attachment.txt From cl at isbd.net Sun Nov 15 10:44:12 2009 From: cl at isbd.net (Chris G) Date: Sun, 15 Nov 2009 10:44:12 +0000 Subject: [Dnsmasq-discuss] dnsmasq returns addresses for non-existent hosts - what have I mis-configured? In-Reply-To: <20091109135825.GC14910@chris> References: <20091108120803.GA14910@chris> <20091109135825.GC14910@chris> Message-ID: <20091115104412.GG15230@chris> On Mon, Nov 09, 2009 at 01:58:25PM +0000, Chris G wrote: > On Sun, Nov 08, 2009 at 10:25:11AM -0500, Perette Barella wrote: > > It looks like your provider has set up a wildcard A record, which is > > similar to DNS hijacking as a "helpful" feature to users who miskey a > > domain name. It's not isolated to you: > > > > mugenshi:etc x10$ host ghijk.isbd.net > > ghijk.isbd.net has address 195.74.61.93 > > ghijk.isbd.net mail is handled by 10 mail-in-1.lb.gradwell.net. > > > > You could check Gradwell's support pages, but I doubt there is an > > option to shut it off, since the DNS is published this way. It's a > > publication problem/"feature", not a bug in dnsmasq. > > > I do in fact have the ability to change my domain's zone files. > > ... and there is what you describe (N.B. this from a web form, not > exact zone file syntax) :- > > * 195.74.61.93 86400 A > * 10 mail-in-1.lb.gradwell.net. 86400 MX > > So can I simply delete these two entries? (OK, people mis-typing domain > names *might* be affected but that's mostly me so I don't see a big > issue there) > ... and the answer is yes. I've deleted the wild card lines from the form and now .isbd.net returns "not found", excellent! Thanks for all the help here. -- Chris Green From simon at thekelleys.org.uk Sun Nov 15 12:18:58 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Sun, 15 Nov 2009 12:18:58 +0000 Subject: [Dnsmasq-discuss] can resolve 1 specific host In-Reply-To: <4AFF3E7B.302@guldberg.info> References: <4AFF3E7B.302@guldberg.info> Message-ID: <4AFFF1B2.8050505@thekelleys.org.uk> knud.skrald at guldberg.info wrote: > Hi > > From time to time I get problmem with one host name > www.dba.dk and camping.dba.dk > > They can not be solved, seems to be locked in some way on my dnsmasq > server. > > A snip (reduced) of my log file is attached. > > Knud > > > ------------------------------------------------------------------------ > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss Nov 14 20:58:46 dnsmasq[21682]: query[A] www.dba.dk from 10.2.1.182 Nov 14 20:58:46 dnsmasq[21682]: forwarded www.dba.dk to 89.184.128.193 Nov 14 20:58:46 dnsmasq[21682]: reply www.dba.dk is 91.213.17.20 That looks good..... Nov 14 20:58:59 dnsmasq[21682]: query[A] camping.dba.dk from 10.2.1.182 Nov 14 20:58:59 dnsmasq[21682]: forwarded camping.dba.dk to 89.184.128.193 Nov 14 20:58:59 dnsmasq[21682]: reply camping.dba.dk is Nov 14 20:58:59 dnsmasq[21682]: reply www.dba.dk is NODATA-IPv4 Now we look up camping.dba.dk, and get back the answer that camping.dba.dk is a CNAME for www.dba.dk, and no data for www.dba.dk. This means that the domain www.dba.dk exists, but there is no "A" record for it. That information is cached, so future attemps to look up www.dba.dk or camping.dba.dk fail, because dnsmasq "knows" that www.dba.dk has no data. There's clearly something wrong in the upstream server at 89.184.128.193, since it gave the correct data to the first request. I've tried a query to 89.184.128.193 and I get the correct information, so it could be a problem which has been resolved: srk at spike$ dig @89.184.128.193 camping.dba.dk ; <<>> DiG 9.5.1-P3 <<>> @89.184.128.193 camping.dba.dk ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19814 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;camping.dba.dk. IN A ;; ANSWER SECTION: camping.dba.dk. 600 IN CNAME www.dba.dk. www.dba.dk. 1444 IN A 91.213.17.20 running this query through my local dnsmasq causes the correct thing to be cached. Summary: the problem seems to be in the upstream nameserver, but it's OK now. If you are still hitting problems, try restarting dnsmasq to clear out the bad cache entries, and try again: If it's still broken, complain to whoever runs that nameserver. Cheers, Simon. From knud.skrald at guldberg.info Sun Nov 15 13:29:11 2009 From: knud.skrald at guldberg.info (Knud) Date: Sun, 15 Nov 2009 14:29:11 +0100 Subject: [Dnsmasq-discuss] can resolve 1 specific host In-Reply-To: <4AFFF1B2.8050505@thekelleys.org.uk> References: <4AFF3E7B.302@guldberg.info> <4AFFF1B2.8050505@thekelleys.org.uk> Message-ID: <4B000227.9010205@guldberg.info> Hi Simon Just tested again...same issue again asking my upstream nameserver... camping.dba.dk => unknown www.dba.dk => ok again camping.dba.dk => now ok ! restart my dnsmasq makes it to known www.dba.dk and camping.dba.dk I am running another dnsmasq server (at a school) with another upstream nameserver...there seems no problems It is another version of dnsmasq included in the FREESCO packged. But it seems not to be a dnsmasq issue but further upstream problem Just strange that this specific host gives problems and not others (to my knowlegde) Knud Simon Kelley wrote: > knud.skrald at guldberg.info wrote: >> Hi >> >> From time to time I get problmem with one host name >> www.dba.dk and camping.dba.dk >> >> They can not be solved, seems to be locked in some way on my dnsmasq >> server. >> >> A snip (reduced) of my log file is attached. >> >> Knud >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss at lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > Nov 14 20:58:46 dnsmasq[21682]: query[A] www.dba.dk from 10.2.1.182 > Nov 14 20:58:46 dnsmasq[21682]: forwarded www.dba.dk to 89.184.128.193 > Nov 14 20:58:46 dnsmasq[21682]: reply www.dba.dk is 91.213.17.20 > > That looks good..... > > > Nov 14 20:58:59 dnsmasq[21682]: query[A] camping.dba.dk from 10.2.1.182 > Nov 14 20:58:59 dnsmasq[21682]: forwarded camping.dba.dk to 89.184.128.193 > Nov 14 20:58:59 dnsmasq[21682]: reply camping.dba.dk is > Nov 14 20:58:59 dnsmasq[21682]: reply www.dba.dk is NODATA-IPv4 > > Now we look up camping.dba.dk, and get back the answer that > camping.dba.dk is a CNAME for www.dba.dk, and no data for www.dba.dk. > This means that the domain www.dba.dk exists, but there is no "A" record > for it. That information is cached, so future attemps to look up > www.dba.dk or camping.dba.dk fail, because dnsmasq "knows" that > www.dba.dk has no data. > > There's clearly something wrong in the upstream server at > 89.184.128.193, since it gave the correct data to the first request. > > I've tried a query to 89.184.128.193 and I get the correct information, > so it could be a problem which has been resolved: > > srk at spike$ dig @89.184.128.193 camping.dba.dk > > ; <<>> DiG 9.5.1-P3 <<>> @89.184.128.193 camping.dba.dk > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19814 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4 > > ;; QUESTION SECTION: > ;camping.dba.dk. IN A > > ;; ANSWER SECTION: > camping.dba.dk. 600 IN CNAME www.dba.dk. > www.dba.dk. 1444 IN A 91.213.17.20 > > running this query through my local dnsmasq causes the correct thing to > be cached. > > > Summary: the problem seems to be in the upstream nameserver, but it's OK > now. If you are still hitting problems, try restarting dnsmasq to clear > out the bad cache entries, and try again: If it's still broken, complain > to whoever runs that nameserver. > > Cheers, > > Simon. > > From simon at thekelleys.org.uk Sun Nov 15 15:32:57 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Sun, 15 Nov 2009 15:32:57 +0000 Subject: [Dnsmasq-discuss] can resolve 1 specific host In-Reply-To: <4B000227.9010205@guldberg.info> References: <4AFF3E7B.302@guldberg.info> <4AFFF1B2.8050505@thekelleys.org.uk> <4B000227.9010205@guldberg.info> Message-ID: <4B001F29.8010806@thekelleys.org.uk> Knud wrote: > Hi Simon > > Just tested again...same issue again > > asking my upstream nameserver... > camping.dba.dk => unknown > www.dba.dk => ok > again camping.dba.dk => now ok ! Yes, I tried again and saw the same thing. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;camping.dba.dk. IN A ;; ANSWER SECTION: camping.dba.dk. 600 IN CNAME www.dba.dk. ;; Query time: 77 msec repeat: ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;camping.dba.dk. IN A ;; ANSWER SECTION: camping.dba.dk. 585 IN CNAME www.dba.dk. www.dba.dk. 1787 IN A 91.213.17.20 ;; AUTHORITY SECTION: dba.dk. 21587 IN NS ns6.netnames.net. dba.dk. 21587 IN NS ns1.netnames.net. dba.dk. 21587 IN NS ns5.netnames.net. dba.dk. 21587 IN NS ns2.netnames.net. ;; ADDITIONAL SECTION: ns6.netnames.net. 168883 IN A 199.7.69.253 ns1.netnames.net. 21747 IN A 204.74.108.253 ns5.netnames.net. 168883 IN A 199.7.68.253 ns2.netnames.net. 168883 IN A 62.128.146.40 ;; Query time: 46 msec Looks like once the upstream server has the CNAME cached, it works OK, but not before. There are more clues there, as it tells us the authoritative nameservers (Ie the ones that hold the configured data) are a netnames.net. We can ask one of those direct: srk at spike$ dig @ns6.netnames.net camping.dba.dk ; <<>> DiG 9.5.1-P3 <<>> @ns6.netnames.net camping.dba.dk ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10510 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;camping.dba.dk. IN A ;; ANSWER SECTION: camping.dba.dk. 600 IN CNAME www.dba.dk. ;; Query time: 22 msec ;; SERVER: 199.7.69.253#53(199.7.69.253) ;; WHEN: Sun Nov 15 15:20:05 2009 ;; MSG SIZE rcvd: 50 Which probably shows a real problem. That nameserver always gives that data without the A record. But even more strange, the netnames.net nameservers are not the real authoritative ones for dba.dk srk at spike:/mnt/onetouch/simon/torrents$ dig ns dba.dk ; <<>> DiG 9.5.1-P3 <<>> ns dba.dk ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46594 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;dba.dk. IN NS ;; ANSWER SECTION: dba.dk. 43888 IN NS ns1.danhost.dk. dba.dk. 43888 IN NS ns0.danhost.dk. ;; ADDITIONAL SECTION: ns0.danhost.dk. 14276 IN A 217.195.182.61 ns1.danhost.dk. 13926 IN A 195.140.132.26 ;; Query time: 9 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Sun Nov 15 15:27:37 2009 ;; MSG SIZE rcvd: 100 so the 89.184.128.193 nameserver you are using is very confused, I think. It's using the wrong authoritative nameservers for dba.dk and getting the wrong answers, which it is passing on. At this point it's probably best to pass the whole mess over to the admins of 89.184.128.193 (your ISP?) CC: me on the mail if you wish, in case I can provide more information. > > restart my dnsmasq makes it to known www.dba.dk and camping.dba.dk > > I am running another dnsmasq server (at a school) with another upstream > nameserver...there seems no problems I see the same: there's something wrong with 89.184.128.193, for sure. > It is another version of dnsmasq included in the FREESCO packged. > But it seems not to be a dnsmasq issue but further upstream problem > > Just strange that this specific host gives problems and not others (to > my knowlegde) Cheers, Simon. From knud.skrald at guldberg.info Sun Nov 15 16:06:02 2009 From: knud.skrald at guldberg.info (Knud) Date: Sun, 15 Nov 2009 17:06:02 +0100 Subject: [Dnsmasq-discuss] can resolve 1 specific host In-Reply-To: <4B001F29.8010806@thekelleys.org.uk> References: <4AFF3E7B.302@guldberg.info> <4AFFF1B2.8050505@thekelleys.org.uk> <4B000227.9010205@guldberg.info> <4B001F29.8010806@thekelleys.org.uk> Message-ID: <4B0026EA.60002@guldberg.info> Hi Simon I have opened a support ticket at my ISP (you right..) Informed them about the strange behavoir of there NS Let us see what happends Otherwise they have been very stable...it's a fiberoptic connection 25/25 Mbit. Knud Simon Kelley wrote: > Knud wrote: >> Hi Simon >> >> Just tested again...same issue again >> >> asking my upstream nameserver... >> camping.dba.dk => unknown >> www.dba.dk => ok >> again camping.dba.dk => now ok ! > > Yes, I tried again and saw the same thing. > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;camping.dba.dk. IN A > > ;; ANSWER SECTION: > camping.dba.dk. 600 IN CNAME www.dba.dk. > > ;; Query time: 77 msec > > > repeat: > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4 > > ;; QUESTION SECTION: > ;camping.dba.dk. IN A > > ;; ANSWER SECTION: > camping.dba.dk. 585 IN CNAME www.dba.dk. > www.dba.dk. 1787 IN A 91.213.17.20 > > ;; AUTHORITY SECTION: > dba.dk. 21587 IN NS ns6.netnames.net. > dba.dk. 21587 IN NS ns1.netnames.net. > dba.dk. 21587 IN NS ns5.netnames.net. > dba.dk. 21587 IN NS ns2.netnames.net. > > ;; ADDITIONAL SECTION: > ns6.netnames.net. 168883 IN A 199.7.69.253 > ns1.netnames.net. 21747 IN A 204.74.108.253 > ns5.netnames.net. 168883 IN A 199.7.68.253 > ns2.netnames.net. 168883 IN A 62.128.146.40 > > ;; Query time: 46 msec > > > Looks like once the upstream server has the CNAME cached, it works OK, > but not before. There are more clues there, as it tells us the > authoritative nameservers (Ie the ones that hold the configured data) > are a netnames.net. > > We can ask one of those direct: > > srk at spike$ dig @ns6.netnames.net camping.dba.dk > > ; <<>> DiG 9.5.1-P3 <<>> @ns6.netnames.net camping.dba.dk > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10510 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;camping.dba.dk. IN A > > ;; ANSWER SECTION: > camping.dba.dk. 600 IN CNAME www.dba.dk. > > ;; Query time: 22 msec > ;; SERVER: 199.7.69.253#53(199.7.69.253) > ;; WHEN: Sun Nov 15 15:20:05 2009 > ;; MSG SIZE rcvd: 50 > > > Which probably shows a real problem. That nameserver always gives that > data without the A record. > > > But even more strange, the netnames.net nameservers are not the real > authoritative ones for dba.dk > > srk at spike:/mnt/onetouch/simon/torrents$ dig ns dba.dk > > ; <<>> DiG 9.5.1-P3 <<>> ns dba.dk > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46594 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 > > ;; QUESTION SECTION: > ;dba.dk. IN NS > > ;; ANSWER SECTION: > dba.dk. 43888 IN NS ns1.danhost.dk. > dba.dk. 43888 IN NS ns0.danhost.dk. > > ;; ADDITIONAL SECTION: > ns0.danhost.dk. 14276 IN A 217.195.182.61 > ns1.danhost.dk. 13926 IN A 195.140.132.26 > > ;; Query time: 9 msec > ;; SERVER: 192.168.0.4#53(192.168.0.4) > ;; WHEN: Sun Nov 15 15:27:37 2009 > ;; MSG SIZE rcvd: 100 > > so the 89.184.128.193 nameserver you are using is very confused, I > think. It's using the wrong authoritative nameservers for dba.dk and > getting the wrong answers, which it is passing on. At this point it's > probably best to pass the whole mess over to the admins of > 89.184.128.193 (your ISP?) CC: me on the mail if you wish, in case I can > provide more information. > >> restart my dnsmasq makes it to known www.dba.dk and camping.dba.dk >> >> I am running another dnsmasq server (at a school) with another upstream >> nameserver...there seems no problems > > I see the same: there's something wrong with 89.184.128.193, for sure. > >> It is another version of dnsmasq included in the FREESCO packged. >> But it seems not to be a dnsmasq issue but further upstream problem >> >> Just strange that this specific host gives problems and not others (to >> my knowlegde) > > > Cheers, > > Simon. > From cscott at agencypja.com Mon Nov 16 20:10:00 2009 From: cscott at agencypja.com (Christopher Scott) Date: Mon, 16 Nov 2009 15:10:00 -0500 Subject: [Dnsmasq-discuss] two stupid questions Message-ID: 1. The '--test' option as described in the manpage doesn't appear to do anything (on my Mac OS X 10.5-based box); am I doing something wrong? shouldn't the command be: /usr/local/sbin/dnsmasq --test 2. I'm unclear on how to review the logs - I see references in the documentation to sending SIGUSR1 and SIGUSR2 commands but don't understand HOW to do that. I'd like to resolve these issues to help ensure that my machine is working properly before rolling it out to the office. Thanks in advance for your help... -Chris From jasiu at belsznica.pl Mon Nov 16 20:59:02 2009 From: jasiu at belsznica.pl (Jan Psota) Date: Mon, 16 Nov 2009 21:59:02 +0100 Subject: [Dnsmasq-discuss] Fw: two stupid questions Message-ID: <20091116215902.576661ce@gandalf> Christopher Scott wrote: > 1. > The '--test' option as described in the manpage doesn't appear to do > anything (on my Mac OS X 10.5-based box); am I doing something > wrong? shouldn't the command be: > > /usr/local/sbin/dnsmasq --test Works as expected on Gentoo Linux: gandalf ~ # dnsmasq --test dnsmasq: syntax check OK. gandalf ~ # dnsmasq --test -kasj dnsmasq: bad command line options: try --help > 2. > I'm unclear on how to review the logs - I see references in the > documentation to sending SIGUSR1 and SIGUSR2 commands but don't > understand HOW to do that. If Mac OS X is as close to UNIX as I expect, running: killall -USR1 dnsmasq as privileged user should provoke dnsmasq to write to log (/var/log/messages for us) something like: Nov 16 21:21:21 gandalf dnsmasq[5553]: time 1258402881 Nov 16 21:21:21 gandalf dnsmasq[5553]: cache size 150, 0/0 cache insertions re-used unexpired cache entries. Nov 16 21:21:21 gandalf dnsmasq[5553]: queries forwarded 0, queries answered locally 0 Nov 16 21:21:21 gandalf dnsmasq[5553]: server 192.168.7.5#53: queries sent 0, retried or failed 0 Nov 16 21:21:21 gandalf dnsmasq[5553]: server 192.168.1.1#53: queries sent 0, retried or failed 0 Alternatively you can check dnsmasq's PID with 'ps' command and then use kill -USR1 [PID] like: gandalf ~ # ps -C dnsmasq PID TTY TIME CMD 6136 ? 00:00:00 dnsmasq gandalf ~ # kill -USR1 6136 gandalf ~ # #[take a look on logs] -- Jan Psota From knud.skrald at guldberg.info Mon Nov 16 21:59:10 2009 From: knud.skrald at guldberg.info (Knud) Date: Mon, 16 Nov 2009 22:59:10 +0100 Subject: [Dnsmasq-discuss] can resolve 1 specific host In-Reply-To: <4B0026EA.60002@guldberg.info> References: <4AFF3E7B.302@guldberg.info> <4AFFF1B2.8050505@thekelleys.org.uk> <4B000227.9010205@guldberg.info> <4B001F29.8010806@thekelleys.org.uk> <4B0026EA.60002@guldberg.info> Message-ID: <4B01CB2E.20902@guldberg.info> Hi My ISP has answerd "You should not use ns1.bbsyd.dk any more, use only DHCP released DNS... a list of 3 nameservers....." Hmm allright it seems to work with those but it would nice to be informed when they change something..not everybody use a simple plain setup ! And why have server running which do not work correctly ? I will see if is stable in the future Knud Knud wrote: > Hi Simon > > I have opened a support ticket at my ISP (you right..) > Informed them about the strange behavoir of there NS > Let us see what happends > > Otherwise they have been very stable...it's a fiberoptic connection > 25/25 Mbit. > > Knud > > Simon Kelley wrote: >> Knud wrote: >>> Hi Simon >>> >>> Just tested again...same issue again >>> >>> asking my upstream nameserver... >>> camping.dba.dk => unknown >>> www.dba.dk => ok >>> again camping.dba.dk => now ok ! >> Yes, I tried again and saw the same thing. >> >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;camping.dba.dk. IN A >> >> ;; ANSWER SECTION: >> camping.dba.dk. 600 IN CNAME www.dba.dk. >> >> ;; Query time: 77 msec >> >> >> repeat: >> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4 >> >> ;; QUESTION SECTION: >> ;camping.dba.dk. IN A >> >> ;; ANSWER SECTION: >> camping.dba.dk. 585 IN CNAME www.dba.dk. >> www.dba.dk. 1787 IN A 91.213.17.20 >> >> ;; AUTHORITY SECTION: >> dba.dk. 21587 IN NS ns6.netnames.net. >> dba.dk. 21587 IN NS ns1.netnames.net. >> dba.dk. 21587 IN NS ns5.netnames.net. >> dba.dk. 21587 IN NS ns2.netnames.net. >> >> ;; ADDITIONAL SECTION: >> ns6.netnames.net. 168883 IN A 199.7.69.253 >> ns1.netnames.net. 21747 IN A 204.74.108.253 >> ns5.netnames.net. 168883 IN A 199.7.68.253 >> ns2.netnames.net. 168883 IN A 62.128.146.40 >> >> ;; Query time: 46 msec >> >> >> Looks like once the upstream server has the CNAME cached, it works OK, >> but not before. There are more clues there, as it tells us the >> authoritative nameservers (Ie the ones that hold the configured data) >> are a netnames.net. >> >> We can ask one of those direct: >> >> srk at spike$ dig @ns6.netnames.net camping.dba.dk >> >> ; <<>> DiG 9.5.1-P3 <<>> @ns6.netnames.net camping.dba.dk >> ; (1 server found) >> ;; global options: printcmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10510 >> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 >> ;; WARNING: recursion requested but not available >> >> ;; QUESTION SECTION: >> ;camping.dba.dk. IN A >> >> ;; ANSWER SECTION: >> camping.dba.dk. 600 IN CNAME www.dba.dk. >> >> ;; Query time: 22 msec >> ;; SERVER: 199.7.69.253#53(199.7.69.253) >> ;; WHEN: Sun Nov 15 15:20:05 2009 >> ;; MSG SIZE rcvd: 50 >> >> >> Which probably shows a real problem. That nameserver always gives that >> data without the A record. >> >> >> But even more strange, the netnames.net nameservers are not the real >> authoritative ones for dba.dk >> >> srk at spike:/mnt/onetouch/simon/torrents$ dig ns dba.dk >> >> ; <<>> DiG 9.5.1-P3 <<>> ns dba.dk >> ;; global options: printcmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46594 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 >> >> ;; QUESTION SECTION: >> ;dba.dk. IN NS >> >> ;; ANSWER SECTION: >> dba.dk. 43888 IN NS ns1.danhost.dk. >> dba.dk. 43888 IN NS ns0.danhost.dk. >> >> ;; ADDITIONAL SECTION: >> ns0.danhost.dk. 14276 IN A 217.195.182.61 >> ns1.danhost.dk. 13926 IN A 195.140.132.26 >> >> ;; Query time: 9 msec >> ;; SERVER: 192.168.0.4#53(192.168.0.4) >> ;; WHEN: Sun Nov 15 15:27:37 2009 >> ;; MSG SIZE rcvd: 100 >> >> so the 89.184.128.193 nameserver you are using is very confused, I >> think. It's using the wrong authoritative nameservers for dba.dk and >> getting the wrong answers, which it is passing on. At this point it's >> probably best to pass the whole mess over to the admins of >> 89.184.128.193 (your ISP?) CC: me on the mail if you wish, in case I can >> provide more information. >> >>> restart my dnsmasq makes it to known www.dba.dk and camping.dba.dk >>> >>> I am running another dnsmasq server (at a school) with another upstream >>> nameserver...there seems no problems >> I see the same: there's something wrong with 89.184.128.193, for sure. >> >>> It is another version of dnsmasq included in the FREESCO packged. >>> But it seems not to be a dnsmasq issue but further upstream problem >>> >>> Just strange that this specific host gives problems and not others (to >>> my knowlegde) >> >> Cheers, >> >> Simon. >> > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From simon at thekelleys.org.uk Tue Nov 17 13:37:45 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Tue, 17 Nov 2009 13:37:45 +0000 Subject: [Dnsmasq-discuss] can resolve 1 specific host In-Reply-To: <4B01CB2E.20902@guldberg.info> References: <4AFF3E7B.302@guldberg.info> <4AFFF1B2.8050505@thekelleys.org.uk> <4B000227.9010205@guldberg.info> <4B001F29.8010806@thekelleys.org.uk> <4B0026EA.60002@guldberg.info> <4B01CB2E.20902@guldberg.info> Message-ID: <4B02A729.5040403@thekelleys.org.uk> Knud wrote: > Hi > > My ISP has answerd > > "You should not use ns1.bbsyd.dk any more, use only DHCP released DNS... > a list of 3 nameservers....." > > Hmm allright it seems to work with those but it would nice to be > informed when they change something..not everybody use a simple plain > setup ! > > And why have server running which do not work correctly ? > > I will see if is stable in the future > I think I'd be able to forgive my ISP such crimes if they provided 25M/25M connectivity! Cheers, Simon. From moparisthebest at hotmail.com Tue Nov 17 18:15:43 2009 From: moparisthebest at hotmail.com (Travis) Date: Tue, 17 Nov 2009 13:15:43 -0500 Subject: [Dnsmasq-discuss] dnsmasq appending .? Message-ID: Hello, I'm having just one problem with dnsmasq. I specify addresses like this, for example, 'address=/mediacenter/192.168.1.20', but a lookup for 'mediacenter' fails, where a lookup for 'mediacenter.' succeeds. I am running ubuntu server hardy, with the dnsmasq from the repos installed: $ dnsmasq -v Dnsmasq version 2.41 Copyright (C) 2000-2008 Simon Kelley Compile time options IPv6 GNU-getopt no-ISC-leasefile DBus I18N TFTP Here are the contents of /etc/dnsmasq.conf: domain-needed bogus-priv no-resolv no-poll server=208.67.222.222 server=208.67.220.220 address=/mytorrentflux1/192.168.1.3 interface=eth1 bind-interfaces no-hosts bogus-nxdomain=208.69.36.132 And a few outputs from my other computer using this server as a caching DNS server: mopar at killer-linux:~$ dig mediacenter ; <<>> DiG 9.5.1-P2 <<>> mediacenter ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64254 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mediacenter. IN A ;; ANSWER SECTION: mediacenter. 0 IN A 192.168.1.20 ;; Query time: 11 msec ;; SERVER: 192.168.1.3#53(192.168.1.3) ;; WHEN: Tue Nov 17 13:06:25 2009 ;; MSG SIZE rcvd: 45 mopar at killer-linux:~$ nslookup mediacenter Server: 192.168.1.3 Address: 192.168.1.3#53 Name: mediacenter.travis.com Address: 192.168.1.1 mopar at killer-linux:~$ nslookup mediacenter. Server: 192.168.1.3 Address: 192.168.1.3#53 Name: mediacenter Address: 192.168.1.20 mopar at killer-linux:~$ host mediacenter mediacenter.travis.com has address 192.168.1.1 mopar at killer-linux:~$ host mediacenter. mediacenter has address 192.168.1.20 As you can see, dig appears to append a . to the request automatically, but nothing else does. Is there a way I can get dnsmasq to return the specified address if I don't append a . to the request? Thanks very much, Travis From ejnersan at gmail.com Wed Nov 18 20:11:21 2009 From: ejnersan at gmail.com (Ejner Fergo) Date: Wed, 18 Nov 2009 21:11:21 +0100 Subject: [Dnsmasq-discuss] Problem listening on only one interface Message-ID: Hola all, I'm a happy dnsmasq user for a couple of years now, though it is first now I turn to this list to hopefully get some help. I run dnsmasq on a server with 6 NICs, where 'eth0' talks to the outside world and 'eth1' is for the local network. The last 4 is bonded into 'bond0'. My problem is I only want to have 'eth1' to listen/respond to DNS/DHCP requests, but no matter which option I use (interface, except-interface, listen-address) the setup breaks and the workstations can't get an address. If all these options are commented out, everything works just fine but some workstations see 'bond0' as the nameserver instead of 'eth1'. Looking at /var/log/messages on the server shows that it is random whether 'eth1' or 'bond0' is used, for example: Nov 18 19:34:37 sol dnsmasq-dhcp[26878]: DHCPDISCOVER(eth1) 08:00:27:b4:b4:dd Nov 18 19:34:37 sol dnsmasq-dhcp[26878]: DHCPOFFER(eth1) 192.168.3.31 08:00:27:b4:b4:dd Nov 18 19:34:37 sol dnsmasq-dhcp[26878]: DHCPDISCOVER(bond0) 08:00:27:b4:b4:dd Nov 18 19:34:37 sol dnsmasq-dhcp[26878]: DHCPOFFER(bond0) 192.168.3.31 08:00:27:b4:b4:dd Nov 18 19:34:37 sol dnsmasq-dhcp[26878]: DHCPREQUEST(eth1) 192.168.3.31 08:00:27:b4:b4:dd Nov 18 19:34:37 sol dnsmasq-dhcp[26878]: DHCPACK(eth1) 192.168.3.31 08:00:27:b4:b4:dd puck Nov 18 19:34:41 sol dnsmasq-dhcp[26878]: DHCPDISCOVER(bond0) 08:00:27:b4:b4:dd Nov 18 19:34:41 sol dnsmasq-dhcp[26878]: DHCPOFFER(bond0) 192.168.3.31 08:00:27:b4:b4:dd Nov 18 19:34:41 sol dnsmasq-dhcp[26878]: DHCPDISCOVER(eth1) 08:00:27:b4:b4:dd Nov 18 19:34:41 sol dnsmasq-dhcp[26878]: DHCPOFFER(eth1) 192.168.3.31 08:00:27:b4:b4:dd Nov 18 19:34:41 sol dnsmasq-dhcp[26878]: DHCPREQUEST(bond0) 192.168.3.31 08:00:27:b4:b4:dd Nov 18 19:34:41 sol dnsmasq-dhcp[26878]: DHCPACK(bond0) 192.168.3.31 08:00:27:b4:b4:dd puck or Nov 18 19:46:45 sol dnsmasq-dhcp[26878]: DHCPREQUEST(eth1) 192.168.3.30 00:0b:cd:3e:41:de Nov 18 19:46:45 sol dnsmasq-dhcp[26878]: DHCPACK(eth1) 192.168.3.30 00:0b:cd:3e:41:de makemake Nov 18 19:46:45 sol dnsmasq-dhcp[26878]: DHCPREQUEST(bond0) 192.168.3.30 00:0b:cd:3e:41:de Nov 18 19:46:45 sol dnsmasq-dhcp[26878]: DHCPACK(bond0) 192.168.3.30 00:0b:cd:3e:41:de makemake So even if it looks like 'eth1' has acknowledged the request it is 'bond0' that "won". If I use the interface=, except-interface= or listen-address= options, like for example: except-interface=bond0 the messages look like this: Nov 18 18:51:07 sol dnsmasq-dhcp[26159]: DHCPDISCOVER(eth1) 00:1e:58:a1:6e:b1 Nov 18 18:51:07 sol dnsmasq-dhcp[26159]: DHCPOFFER(eth1) 192.168.3.5 00:1e:58:a1:6e:b1 Nov 18 18:51:11 sol dnsmasq-dhcp[26159]: DHCPDISCOVER(eth1) 00:1e:58:a1:6e:b1 Nov 18 18:51:11 sol dnsmasq-dhcp[26159]: DHCPOFFER(eth1) 192.168.3.5 00:1e:58:a1:6e:b1 Nov 18 18:51:19 sol dnsmasq-dhcp[26159]: DHCPDISCOVER(eth1) 00:1e:58:a1:6e:b1 Nov 18 18:51:19 sol dnsmasq-dhcp[26159]: DHCPOFFER(eth1) 192.168.3.5 00:1e:58:a1:6e:b1 Nov 18 18:51:34 sol dnsmasq-dhcp[26159]: DHCPDISCOVER(eth1) 00:1e:58:a1:6e:b1 Nov 18 18:51:34 sol dnsmasq-dhcp[26159]: DHCPOFFER(eth1) 192.168.3.5 00:1e:58:a1:6e:b1 ... ... and so on. No matter which options I use, with or without "bind-interfaces", I can't get it to work for only one interface. So until now I just didn't use these options and the workstations uses a mix of either 'eth1' or 'bond0' as nameserver, but I really would like it to be more consistent. My dnsmasq.conf is very simple (which I like) and I read through it some times now but can't figure out why it won't work for only one interface? The server is running Gentoo Linux 2.6.27 and dnsmasq is v2.50. Thank you in advance and please let me know if the info is insufficient. Kind regards, Ejner Fergo From simon at thekelleys.org.uk Wed Nov 18 20:46:33 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Wed, 18 Nov 2009 20:46:33 +0000 Subject: [Dnsmasq-discuss] Problem listening on only one interface In-Reply-To: References: Message-ID: <4B045D29.6080606@thekelleys.org.uk> Ejner Fergo wrote: > Hola all, > > I'm a happy dnsmasq user for a couple of years now, though it is first > now I turn to this list to hopefully get some help. > > I run dnsmasq on a server with 6 NICs, where 'eth0' talks to the > outside world and 'eth1' is for the local network. The last 4 is > bonded into 'bond0'. > My problem is I only want to have 'eth1' to listen/respond to DNS/DHCP > requests, but no matter which option I use (interface, > except-interface, listen-address) the setup breaks and the > workstations can't get an address. If all these options are commented > out, everything works just fine but some workstations see 'bond0' as > the nameserver instead of 'eth1'. > > Looking at /var/log/messages on the server shows that it is random > whether 'eth1' or 'bond0' is used, for example: > Hi, Could you send the output from these two commands, please? cat /proc/net/bonding/bond0 ip addr show Cheers, Simon. From ejnersan at gmail.com Thu Nov 19 14:47:00 2009 From: ejnersan at gmail.com (Ejner Fergo) Date: Thu, 19 Nov 2009 15:47:00 +0100 Subject: [Dnsmasq-discuss] Problem listening on only one interface In-Reply-To: <4B045D29.6080606@thekelleys.org.uk> References: <4B045D29.6080606@thekelleys.org.uk> Message-ID: Hi Simon, Thank you for replying! Here's the output of /proc/net/bonding/bond0: Ethernet Channel Bonding Driver: v3.3.0 (June 10, 2008) Bonding Mode: IEEE 802.3ad Dynamic link aggregation Transmit Hash Policy: layer2 (0) MII Status: up MII Polling Interval (ms): 100 Up Delay (ms): 0 Down Delay (ms): 0 802.3ad info LACP rate: slow Active Aggregator Info: Aggregator ID: 2 Number of ports: 4 Actor Key: 9 Partner Key: 3 Partner Mac Address: 00:1f:28:63:4c:00 Slave Interface: eth2 MII Status: up Link Failure Count: 1 Permanent HW addr: 00:15:17:76:08:f1 Aggregator ID: 2 Slave Interface: eth3 MII Status: up Link Failure Count: 1 Permanent HW addr: 00:15:17:76:08:f0 Aggregator ID: 2 Slave Interface: eth4 MII Status: up Link Failure Count: 1 Permanent HW addr: 00:15:17:76:08:f3 Aggregator ID: 2 Slave Interface: eth5 MII Status: up Link Failure Count: 1 Permanent HW addr: 00:15:17:76:08:f2 Aggregator ID: 2 And here's the output of 'ip addr show': 1: lo: mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:e0:81:b0:70:9a brd ff:ff:ff:ff:ff:ff inet 10.0.0.251/24 brd 10.0.0.255 scope global eth0 3: eth1: mtu 9000 qdisc pfifo_fast state UP qlen 1000 link/ether 00:e0:81:b0:70:9b brd ff:ff:ff:ff:ff:ff inet 192.168.3.1/24 brd 192.168.3.255 scope global eth1 4: eth2: mtu 9000 qdisc pfifo_fast master bond0 state UP qlen 1000 link/ether 00:15:17:76:08:f1 brd ff:ff:ff:ff:ff:ff 5: eth3: mtu 9000 qdisc pfifo_fast master bond0 state UP qlen 1000 link/ether 00:15:17:76:08:f1 brd ff:ff:ff:ff:ff:ff 6: eth4: mtu 9000 qdisc pfifo_fast master bond0 state UP qlen 1000 link/ether 00:15:17:76:08:f1 brd ff:ff:ff:ff:ff:ff 7: eth5: mtu 9000 qdisc pfifo_fast master bond0 state UP qlen 1000 link/ether 00:15:17:76:08:f1 brd ff:ff:ff:ff:ff:ff 8: bond0: mtu 9000 qdisc noqueue state UP link/ether 00:15:17:76:08:f1 brd ff:ff:ff:ff:ff:ff inet 192.168.3.3/24 brd 192.168.3.255 scope global bond0 9: tun0: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/[65534] inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0 Best regards, Ejner Fergo On Wed, Nov 18, 2009 at 9:46 PM, Simon Kelley wrote: > Ejner Fergo wrote: >> Hola all, >> >> I'm a happy dnsmasq user for a couple of years now, though it is first >> now I turn to this list to hopefully get some help. >> >> I run dnsmasq on a server with 6 NICs, where 'eth0' talks to the >> outside world and 'eth1' is for the local network. The last 4 is >> bonded into 'bond0'. >> My problem is I only want to have 'eth1' to listen/respond to DNS/DHCP >> requests, but no matter which option I use (interface, >> except-interface, listen-address) the setup breaks and the >> workstations can't get an address. If all these options are commented >> out, everything works just fine but some workstations see 'bond0' as >> the nameserver instead of 'eth1'. >> >> Looking at /var/log/messages on the server shows that it is random >> whether 'eth1' or 'bond0' is used, for example: >> > > > Hi, > > Could you send the output from these two commands, please? > > cat /proc/net/bonding/bond0 > ip addr show > > Cheers, > > Simon. > From simon at thekelleys.org.uk Thu Nov 19 14:56:50 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Thu, 19 Nov 2009 14:56:50 +0000 Subject: [Dnsmasq-discuss] Problem listening on only one interface In-Reply-To: References: <4B045D29.6080606@thekelleys.org.uk> Message-ID: <4B055CB2.6070507@thekelleys.org.uk> I'm not quite clear what is going on here, but there's one thing which really doesn't look right and may well be confusing things: both eth1 and bond0 are on the same subnet. If it's possible to fix that by changing the address of one of tham, that would be a worthwhile test. Cheers, Simon. Ejner Fergo wrote: > Hi Simon, > > Thank you for replying! > > Here's the output of /proc/net/bonding/bond0: > > Ethernet Channel Bonding Driver: v3.3.0 (June 10, 2008) > > Bonding Mode: IEEE 802.3ad Dynamic link aggregation > Transmit Hash Policy: layer2 (0) > MII Status: up > MII Polling Interval (ms): 100 > Up Delay (ms): 0 > Down Delay (ms): 0 > > 802.3ad info > LACP rate: slow > Active Aggregator Info: > Aggregator ID: 2 > Number of ports: 4 > Actor Key: 9 > Partner Key: 3 > Partner Mac Address: 00:1f:28:63:4c:00 > > Slave Interface: eth2 > MII Status: up > Link Failure Count: 1 > Permanent HW addr: 00:15:17:76:08:f1 > Aggregator ID: 2 > > Slave Interface: eth3 > MII Status: up > Link Failure Count: 1 > Permanent HW addr: 00:15:17:76:08:f0 > Aggregator ID: 2 > > Slave Interface: eth4 > MII Status: up > Link Failure Count: 1 > Permanent HW addr: 00:15:17:76:08:f3 > Aggregator ID: 2 > > Slave Interface: eth5 > MII Status: up > Link Failure Count: 1 > Permanent HW addr: 00:15:17:76:08:f2 > Aggregator ID: 2 > > > And here's the output of 'ip addr show': > > 1: lo: mtu 16436 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 brd 127.255.255.255 scope host lo > 2: eth0: mtu 1500 qdisc pfifo_fast > state UP qlen 1000 > link/ether 00:e0:81:b0:70:9a brd ff:ff:ff:ff:ff:ff > inet 10.0.0.251/24 brd 10.0.0.255 scope global eth0 > 3: eth1: mtu 9000 qdisc pfifo_fast > state UP qlen 1000 > link/ether 00:e0:81:b0:70:9b brd ff:ff:ff:ff:ff:ff > inet 192.168.3.1/24 brd 192.168.3.255 scope global eth1 > 4: eth2: mtu 9000 qdisc > pfifo_fast master bond0 state UP qlen 1000 > link/ether 00:15:17:76:08:f1 brd ff:ff:ff:ff:ff:ff > 5: eth3: mtu 9000 qdisc > pfifo_fast master bond0 state UP qlen 1000 > link/ether 00:15:17:76:08:f1 brd ff:ff:ff:ff:ff:ff > 6: eth4: mtu 9000 qdisc > pfifo_fast master bond0 state UP qlen 1000 > link/ether 00:15:17:76:08:f1 brd ff:ff:ff:ff:ff:ff > 7: eth5: mtu 9000 qdisc > pfifo_fast master bond0 state UP qlen 1000 > link/ether 00:15:17:76:08:f1 brd ff:ff:ff:ff:ff:ff > 8: bond0: mtu 9000 qdisc > noqueue state UP > link/ether 00:15:17:76:08:f1 brd ff:ff:ff:ff:ff:ff > inet 192.168.3.3/24 brd 192.168.3.255 scope global bond0 > 9: tun0: mtu 1500 qdisc > pfifo_fast state UNKNOWN qlen 100 > link/[65534] > inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0 > > > Best regards, > Ejner Fergo > > > On Wed, Nov 18, 2009 at 9:46 PM, Simon Kelley wrote: >> Ejner Fergo wrote: >>> Hola all, >>> >>> I'm a happy dnsmasq user for a couple of years now, though it is first >>> now I turn to this list to hopefully get some help. >>> >>> I run dnsmasq on a server with 6 NICs, where 'eth0' talks to the >>> outside world and 'eth1' is for the local network. The last 4 is >>> bonded into 'bond0'. >>> My problem is I only want to have 'eth1' to listen/respond to DNS/DHCP >>> requests, but no matter which option I use (interface, >>> except-interface, listen-address) the setup breaks and the >>> workstations can't get an address. If all these options are commented >>> out, everything works just fine but some workstations see 'bond0' as >>> the nameserver instead of 'eth1'. >>> >>> Looking at /var/log/messages on the server shows that it is random >>> whether 'eth1' or 'bond0' is used, for example: >>> >> >> Hi, >> >> Could you send the output from these two commands, please? >> >> cat /proc/net/bonding/bond0 >> ip addr show >> >> Cheers, >> >> Simon. >> > From adam.ant at cyberspaceroad.com Fri Nov 20 20:38:13 2009 From: adam.ant at cyberspaceroad.com (Adam Hardy) Date: Fri, 20 Nov 2009 20:38:13 +0000 Subject: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch? Message-ID: <4B06FE35.6010701@cyberspaceroad.com> Hi I have a problem which is not giving up its solution to any of my google searches. I have a lan with a gateway machine running an ADSL modem and two NICs with iptables and dnsmasq. It also runs mysql and tomcat but is currently just a simple gateway, I'm not trying to configure any DMZ or fancier stuff like that. My problem is that I can access mysql using 'localhost:3306' but I can't access it on the same box when using the machine name e.g. 'isengard:3306' and my guess is that I have mis-configured either dnsmasq or iptables. I figure that my command "mysql --host=isengard" is probably being resolved as external and then getting blocked by the firewall. My dnsmasq config file, based on the example config but with comments removed, is: domain-needed bogus-priv filterwin2k local=/localdomain/ domain=localdomain dhcp-range=192.168.0.3,192.168.0.254 dhcp-option=option:router,192.168.0.2 dhcp-option=option:mtu,1500 and my resolv.conf file is: nameserver 194.74.65.68 and I think this is getting continually rewritten by dhcp with the nameserver info from the dhcp server on the modem which gives the outside NIC its internet ip address. Does this make any sense? Or rather does anyone see where my situation is foobarred? Thanks Adam From santiago at zarate.net.ve Fri Nov 20 02:49:28 2009 From: santiago at zarate.net.ve (Santiago Zarate) Date: Thu, 19 Nov 2009 22:19:28 -0430 Subject: [Dnsmasq-discuss] two stupid questions In-Reply-To: References: Message-ID: <200911192219.29143.santiago@zarate.net.ve> >1. >The '--test' option as described in the manpage doesn't appear to do >anything (on my Mac OS X 10.5-based box); am I doing something wrong? >shouldn't the command be: > >/usr/local/sbin/dnsmasq --test Actually the --test option works fine for me... santiago at braindeath:~$ dnsmasq --test dnsmasq: sintaxis correcta. santiago at braindeath:~$ /usr/sbin/dnsmasq --test dnsmasq: sintaxis correcta. also, my dnsmasq version is: santiago at braindeath:~$ dnsmasq -v Dnsmasq versi?n 2.50 Copyright (C) 2000-2009 Simon Kelley Opciones de compilaci?n IPv6 GNU-getopt DBus I18N DHCP TFTP >2. >I'm unclear on how to review the logs - I see references in the >documentation to sending SIGUSR1 and SIGUSR2 commands but don't >understand HOW to do that. Its not exactly a command, its a signal... i use htop to send signals to some process and then watch the log for changes... in OSX, i have no idea... but looking on google might be a good idea... i have few mac pc's at office.. if i remember... ill check later... >I'd like to resolve these issues to help ensure that my machine is >working properly before rolling it out to the office. Thanks in >advance for your help... -- Santiago Zarate santiago at zarate.net.ve (+58) 4129864175 (+58) 4241073905 From lee.essen at me.com Fri Nov 20 22:37:19 2009 From: lee.essen at me.com (Lee Essen) Date: Fri, 20 Nov 2009 22:37:19 +0000 Subject: [Dnsmasq-discuss] Problem compiling 2.51 on Solaris 2009.06 Message-ID: <134545201205494196899049187214966559998-Webmail@me.com> Hi, I've been a dnsmasq user for quite a few years on both Solaris and Linux, but it's been a while since I've tried to build on Solaris. I've just tried to build 2.51 on the latest Solaris build and there seems to be a number of really fundamental issues. I notice Solaris mentioned quite a few times in the changelog so there seems to be a continued effort around this, and I certainly don't remember any issues in the past, however unless I'm doing something fundamentally wrong (which is a distinct possibility) I think a few tweaks are needed... I have attached a patch that covers all the changes I needed to make, although I must confess that whilst it's now compiles I haven't tested it yet. Three main problems... 1. config.h is included after sys/socket.h -- this means that _XPG4_2 isn't defined yet and therefore all of the CMSG_* defines get missed (CMSG_SPACE for example.) 2. struct ifreq seems to have become struct lifrect (at least if you need ifr_mtu), so this impacts a number of references in two or three files. 3. LOG_PRI doesn't seem to exist at all. I'm not suggesting my patch is the right solution, it's probably far from it, but it's enough to highlight the issues. If I'm missed something obvious then please let me know, otherwise I'll continue to test and see if I can come up with a less disruptive way of incorporating these fixes. Thanks, Lee. -------------- next part -------------- A non-text attachment was scrubbed... Name: dnsmasq-2.51-solaris.patch Type: application/octet-stream Size: 4473 bytes Desc: not available Url : http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091120/5a23f33c/attachment.obj From simon at thekelleys.org.uk Sat Nov 21 09:30:19 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Sat, 21 Nov 2009 09:30:19 +0000 Subject: [Dnsmasq-discuss] Problem compiling 2.51 on Solaris 2009.06 In-Reply-To: <134545201205494196899049187214966559998-Webmail@me.com> References: <134545201205494196899049187214966559998-Webmail@me.com> Message-ID: <4B07B32B.9040503@thekelleys.org.uk> Lee Essen wrote: > Hi, > > I've been a dnsmasq user for quite a few years on both Solaris and > Linux, but it's been a while since I've tried to build on Solaris. > I've just tried to build 2.51 on the latest Solaris build and there > seems to be a number of really fundamental issues. > > I notice Solaris mentioned quite a few times in the changelog so > there seems to be a continued effort around this, and I certainly > don't remember any issues in the past, however unless I'm doing > something fundamentally wrong (which is a distinct possibility) I > think a few tweaks are needed... > > I have attached a patch that covers all the changes I needed to make, > although I must confess that whilst it's now compiles I haven't > tested it yet. > > Three main problems... > > 1. config.h is included after sys/socket.h -- this means that > _XPG4_2 isn't defined yet and therefore all of the CMSG_* defines get > missed (CMSG_SPACE for example.) > > 2. struct ifreq seems to have become struct lifrect (at least if you > need ifr_mtu), so this impacts a number of references in two or three > files. > > 3. LOG_PRI doesn't seem to exist at all. > > I'm not suggesting my patch is the right solution, it's probably far > from it, but it's enough to highlight the issues. > > If I'm missed something obvious then please let me know, otherwise > I'll continue to test and see if I can come up with a less disruptive > way of incorporating these fixes. > Many thanks for this. By some weird coincidence, I was working on this yesterday too. I found and fixed your problems 1 and 3 but didn't get bitten by 2. Does that turn up as a compile-time problem, or just run-time? Anyway, the results of my efforts are at http://www.thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.52test7.tar.gz which compile, but have not been functionally tested yet. Please could you check that and let me know if it's OK, or if I need to work-in your lifr stuff? Cheers, Simon. From lee.essen at me.com Sat Nov 21 11:59:10 2009 From: lee.essen at me.com (Lee Essen) Date: Sat, 21 Nov 2009 11:59:10 +0000 Subject: [Dnsmasq-discuss] Problem compiling 2.51 on Solaris 2009.06 In-Reply-To: <88975658192063584747046041514764610356-Webmail@me.com> References: <88975658192063584747046041514764610356-Webmail@me.com> Message-ID: <116875675832733763473130959593417804803-Webmail@me.com> On Saturday, November 21, 2009, at 09:30AM, "Simon Kelley" wrote: >Lee Essen wrote: >> Hi, >> >> I've been a dnsmasq user for quite a few years on both Solaris and >> Linux, but it's been a while since I've tried to build on Solaris. >> I've just tried to build 2.51 on the latest Solaris build and there >> seems to be a number of really fundamental issues. >> >> I notice Solaris mentioned quite a few times in the changelog so >> there seems to be a continued effort around this, and I certainly >> don't remember any issues in the past, however unless I'm doing >> something fundamentally wrong (which is a distinct possibility) I >> think a few tweaks are needed... >> >> I have attached a patch that covers all the changes I needed to make, >> although I must confess that whilst it's now compiles I haven't >> tested it yet. >> >> Three main problems... >> >> 1. config.h is included after sys/socket.h -- this means that >> _XPG4_2 isn't defined yet and therefore all of the CMSG_* defines get >> missed (CMSG_SPACE for example.) >> >> 2. struct ifreq seems to have become struct lifrect (at least if you >> need ifr_mtu), so this impacts a number of references in two or three >> files. >> >> 3. LOG_PRI doesn't seem to exist at all. >> >> I'm not suggesting my patch is the right solution, it's probably far >> from it, but it's enough to highlight the issues. >> >> If I'm missed something obvious then please let me know, otherwise >> I'll continue to test and see if I can come up with a less disruptive >> way of incorporating these fixes. >> >Many thanks for this. > >By some weird coincidence, I was working on this yesterday too. I found >and fixed your problems 1 and 3 but didn't get bitten by 2. Does that >turn up as a compile-time problem, or just run-time? > >Anyway, the results of my efforts are at > >http://www.thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.52test7.tar.gz > >which compile, but have not been functionally tested yet. > >Please could you check that and let me know if it's OK, or if I need to >work-in your lifr stuff? > > >Cheers, > >Simon. > Simon, I still see the same problem with the ifr bits - this is on the latest Solaris release ... it looks like it's just the ifr_mtu field that's the problem, according to the if.h file the struct ifreq is kept for compatibility but there is no ifr_mtu field as part of the union. I've attached if.h for your info, just in case you have an older version. make[1]: Entering directory `/site/internal/build/dnsmasq-2.52test7/src' cc -Wall -W -O2 -c cache.c cc -Wall -W -O2 -c rfc1035.c cc -Wall -W -O2 -c util.c cc -Wall -W -O2 -c option.c cc -Wall -W -O2 -c forward.c cc -Wall -W -O2 -c network.c network.c: In function `iface_allowed': network.c:149: error: structure has no member named `ifr_mtu' network.c: At top level: network.c:555: warning: unused parameter 'intname' network.c:39: warning: unused parameter 'fd' make[1]: *** [network.o] Error 1 make[1]: Leaving directory `/site/internal/build/dnsmasq-2.52test7/src' make: *** [dnsmasq] Error 2 Regards, Lee. -------------- next part -------------- A non-text attachment was scrubbed... Name: if.h Type: application/octet-stream Size: 26310 bytes Desc: not available Url : http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091121/f184b337/attachment-0001.obj From simon at thekelleys.org.uk Sat Nov 21 12:49:44 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Sat, 21 Nov 2009 12:49:44 +0000 Subject: [Dnsmasq-discuss] Problem compiling 2.51 on Solaris 2009.06 In-Reply-To: <116875675832733763473130959593417804803-Webmail@me.com> References: <88975658192063584747046041514764610356-Webmail@me.com> <116875675832733763473130959593417804803-Webmail@me.com> Message-ID: <4B07E1E8.90106@thekelleys.org.uk> Lee Essen wrote: > > On Saturday, November 21, 2009, at 09:30AM, "Simon Kelley" wrote: >> Lee Essen wrote: >>> Hi, >>> >>> I've been a dnsmasq user for quite a few years on both Solaris and >>> Linux, but it's been a while since I've tried to build on Solaris. >>> I've just tried to build 2.51 on the latest Solaris build and there >>> seems to be a number of really fundamental issues. >>> >>> I notice Solaris mentioned quite a few times in the changelog so >>> there seems to be a continued effort around this, and I certainly >>> don't remember any issues in the past, however unless I'm doing >>> something fundamentally wrong (which is a distinct possibility) I >>> think a few tweaks are needed... >>> >>> I have attached a patch that covers all the changes I needed to make, >>> although I must confess that whilst it's now compiles I haven't >>> tested it yet. >>> >>> Three main problems... >>> >>> 1. config.h is included after sys/socket.h -- this means that >>> _XPG4_2 isn't defined yet and therefore all of the CMSG_* defines get >>> missed (CMSG_SPACE for example.) >>> >>> 2. struct ifreq seems to have become struct lifrect (at least if you >>> need ifr_mtu), so this impacts a number of references in two or three >>> files. >>> >>> 3. LOG_PRI doesn't seem to exist at all. >>> >>> I'm not suggesting my patch is the right solution, it's probably far >>> from it, but it's enough to highlight the issues. >>> >>> If I'm missed something obvious then please let me know, otherwise >>> I'll continue to test and see if I can come up with a less disruptive >>> way of incorporating these fixes. >>> >> Many thanks for this. >> >> By some weird coincidence, I was working on this yesterday too. I found >> and fixed your problems 1 and 3 but didn't get bitten by 2. Does that >> turn up as a compile-time problem, or just run-time? >> >> Anyway, the results of my efforts are at >> >> http://www.thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.52test7.tar.gz >> >> which compile, but have not been functionally tested yet. >> >> Please could you check that and let me know if it's OK, or if I need to >> work-in your lifr stuff? >> >> >> Cheers, >> >> Simon. >> > > Simon, > > I still see the same problem with the ifr bits - this is on the latest Solaris release ... it looks like it's just the ifr_mtu field that's the problem, according to the if.h file the struct ifreq is kept for compatibility but there is no ifr_mtu field as part of the union. > > I've attached if.h for your info, just in case you have an older version. > > make[1]: Entering directory `/site/internal/build/dnsmasq-2.52test7/src' > cc -Wall -W -O2 -c cache.c > cc -Wall -W -O2 -c rfc1035.c > cc -Wall -W -O2 -c util.c > cc -Wall -W -O2 -c option.c > cc -Wall -W -O2 -c forward.c > cc -Wall -W -O2 -c network.c > network.c: In function `iface_allowed': > network.c:149: error: structure has no member named `ifr_mtu' > network.c: At top level: > network.c:555: warning: unused parameter 'intname' > network.c:39: warning: unused parameter 'fd' > make[1]: *** [network.o] Error 1 > make[1]: Leaving directory `/site/internal/build/dnsmasq-2.52test7/src' > make: *** [dnsmasq] Error 2 > > Regards, > > Lee. OK, it looks like that's a bug in Solaris 2009.06, since fixed in the svn_127 version I was using. Rather than bending lots of code out of shape to fix a transient problem, the following hack should work: --- src/dnsmasq.h.old 2009-11-21 12:44:49.000000000 +0000 +++ src/dnsmasq.h 2009-11-21 12:48:46.000000000 +0000 @@ -72,6 +72,10 @@ #include #include #include +#if defined(HAVE_SOLARIS_NETWORK) && !defined(ifr_mtu) +/* Some solaris net/if./h omit this. */ +# define ifr_mtu ifr_ifru.ifru_metric +#endif #include #include #include Please could you verify that? Cheers, Simon. From lee.essen at me.com Sat Nov 21 14:16:37 2009 From: lee.essen at me.com (Lee Essen) Date: Sat, 21 Nov 2009 14:16:37 +0000 Subject: [Dnsmasq-discuss] Problem compiling 2.51 on Solaris 2009.06 In-Reply-To: <81633087582746095944215240943366106172-Webmail@me.com> References: <81633087582746095944215240943366106172-Webmail@me.com> Message-ID: <166071646768291866683862012899278593898-Webmail@me.com> On Saturday, November 21, 2009, at 12:49PM, "Simon Kelley" wrote: >Lee Essen wrote: >> >> On Saturday, November 21, 2009, at 09:30AM, "Simon Kelley" wrote: >>> Lee Essen wrote: >>>> Hi, >>>> >>>> I've been a dnsmasq user for quite a few years on both Solaris and >>>> Linux, but it's been a while since I've tried to build on Solaris. >>>> I've just tried to build 2.51 on the latest Solaris build and there >>>> seems to be a number of really fundamental issues. >>>> >>>> I notice Solaris mentioned quite a few times in the changelog so >>>> there seems to be a continued effort around this, and I certainly >>>> don't remember any issues in the past, however unless I'm doing >>>> something fundamentally wrong (which is a distinct possibility) I >>>> think a few tweaks are needed... >>>> >>>> I have attached a patch that covers all the changes I needed to make, >>>> although I must confess that whilst it's now compiles I haven't >>>> tested it yet. >>>> >>>> Three main problems... >>>> >>>> 1. config.h is included after sys/socket.h -- this means that >>>> _XPG4_2 isn't defined yet and therefore all of the CMSG_* defines get >>>> missed (CMSG_SPACE for example.) >>>> >>>> 2. struct ifreq seems to have become struct lifrect (at least if you >>>> need ifr_mtu), so this impacts a number of references in two or three >>>> files. >>>> >>>> 3. LOG_PRI doesn't seem to exist at all. >>>> >>>> I'm not suggesting my patch is the right solution, it's probably far >>>> from it, but it's enough to highlight the issues. >>>> >>>> If I'm missed something obvious then please let me know, otherwise >>>> I'll continue to test and see if I can come up with a less disruptive >>>> way of incorporating these fixes. >>>> >>> Many thanks for this. >>> >>> By some weird coincidence, I was working on this yesterday too. I found >>> and fixed your problems 1 and 3 but didn't get bitten by 2. Does that >>> turn up as a compile-time problem, or just run-time? >>> >>> Anyway, the results of my efforts are at >>> >>> http://www.thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.52test7.tar.gz >>> >>> which compile, but have not been functionally tested yet. >>> >>> Please could you check that and let me know if it's OK, or if I need to >>> work-in your lifr stuff? >>> >>> >>> Cheers, >>> >>> Simon. >>> >> >> Simon, >> >> I still see the same problem with the ifr bits - this is on the latest Solaris release ... it looks like it's just the ifr_mtu field that's the problem, according to the if.h file the struct ifreq is kept for compatibility but there is no ifr_mtu field as part of the union. >> >> I've attached if.h for your info, just in case you have an older version. >> >> make[1]: Entering directory `/site/internal/build/dnsmasq-2.52test7/src' >> cc -Wall -W -O2 -c cache.c >> cc -Wall -W -O2 -c rfc1035.c >> cc -Wall -W -O2 -c util.c >> cc -Wall -W -O2 -c option.c >> cc -Wall -W -O2 -c forward.c >> cc -Wall -W -O2 -c network.c >> network.c: In function `iface_allowed': >> network.c:149: error: structure has no member named `ifr_mtu' >> network.c: At top level: >> network.c:555: warning: unused parameter 'intname' >> network.c:39: warning: unused parameter 'fd' >> make[1]: *** [network.o] Error 1 >> make[1]: Leaving directory `/site/internal/build/dnsmasq-2.52test7/src' >> make: *** [dnsmasq] Error 2 >> >> Regards, >> >> Lee. > > >OK, it looks like that's a bug in Solaris 2009.06, since fixed in the >svn_127 version I was using. Rather than bending lots of code out of >shape to fix a transient problem, the following hack should work: > >--- src/dnsmasq.h.old 2009-11-21 12:44:49.000000000 +0000 >+++ src/dnsmasq.h 2009-11-21 12:48:46.000000000 +0000 >@@ -72,6 +72,10 @@ > #include > #include > #include >+#if defined(HAVE_SOLARIS_NETWORK) && !defined(ifr_mtu) >+/* Some solaris net/if./h omit this. */ >+# define ifr_mtu ifr_ifru.ifru_metric >+#endif > #include > #include > #include > >Please could you verify that? > >Cheers, > >Simon. Simon, Yes this seems to work fine and is much nicer. I'm just puting together a quick script that will create a new Solaris ipkg with the smf stuff in it, any interest in including this in the contrib section? Regards, Lee. From adam.ant at cyberspaceroad.com Mon Nov 23 18:28:06 2009 From: adam.ant at cyberspaceroad.com (Adam Hardy) Date: Mon, 23 Nov 2009 18:28:06 +0000 Subject: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch? In-Reply-To: <4B06FE35.6010701@cyberspaceroad.com> References: <4B06FE35.6010701@cyberspaceroad.com> Message-ID: <4B0AD436.5090605@cyberspaceroad.com> Thought I had a simple problem but I don't really find anything relevant on the web and I'm not getting any responses to my questions here. Just a pointer in the right direction would be helpful - something to put me back on the scent? Thanks Adam Adam Hardy on 20/11/09 20:38, wrote: > I have a lan with a gateway machine running an ADSL modem and two NICs with > iptables and dnsmasq. > > It also runs mysql and tomcat but is currently just a simple gateway, I'm not > trying to configure any DMZ or fancier stuff like that. > > My problem is that I can access mysql using 'localhost:3306' but I can't access > it on the same box when using the machine name e.g. 'isengard:3306' and my guess > is that I have mis-configured either dnsmasq or iptables. > > I figure that my command "mysql --host=isengard" is probably being resolved as > external and then getting blocked by the firewall. > > My dnsmasq config file, based on the example config but with comments removed, is: > > domain-needed > bogus-priv > filterwin2k > local=/localdomain/ > domain=localdomain > dhcp-range=192.168.0.3,192.168.0.254 > dhcp-option=option:router,192.168.0.2 > dhcp-option=option:mtu,1500 > > and my resolv.conf file is: > > nameserver 194.74.65.68 > > and I think this is getting continually rewritten by dhcp with the nameserver > info from the dhcp server on the modem which gives the outside NIC its internet > ip address. > > Does this make any sense? Or rather does anyone see where my situation is > foobarred? From mark at jemms.net Mon Nov 23 19:00:21 2009 From: mark at jemms.net (Mark Beierl) Date: Mon, 23 Nov 2009 14:00:21 -0500 Subject: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch? In-Reply-To: <4B0AD436.5090605@cyberspaceroad.com> References: <4B06FE35.6010701@cyberspaceroad.com> <4B0AD436.5090605@cyberspaceroad.com> Message-ID: <4B0ADBC5.2000104@jemms.net> Silly thought but - is mysql configured to listen to 127.0.0.1 only? Something like sudo netstat -napt | grep 3306 ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306. Regards, Mark Adam Hardy wrote: > Thought I had a simple problem but I don't really find anything relevant on the > web and I'm not getting any responses to my questions here. > > Just a pointer in the right direction would be helpful - something to put me > back on the scent? > > Thanks > Adam > > Adam Hardy on 20/11/09 20:38, wrote: > >> I have a lan with a gateway machine running an ADSL modem and two NICs with >> iptables and dnsmasq. >> >> It also runs mysql and tomcat but is currently just a simple gateway, I'm not >> trying to configure any DMZ or fancier stuff like that. >> >> My problem is that I can access mysql using 'localhost:3306' but I can't access >> it on the same box when using the machine name e.g. 'isengard:3306' and my guess >> is that I have mis-configured either dnsmasq or iptables. >> >> I figure that my command "mysql --host=isengard" is probably being resolved as >> external and then getting blocked by the firewall. >> >> My dnsmasq config file, based on the example config but with comments removed, is: >> >> domain-needed >> bogus-priv >> filterwin2k >> local=/localdomain/ >> domain=localdomain >> dhcp-range=192.168.0.3,192.168.0.254 >> dhcp-option=option:router,192.168.0.2 >> dhcp-option=option:mtu,1500 >> >> and my resolv.conf file is: >> >> nameserver 194.74.65.68 >> >> and I think this is getting continually rewritten by dhcp with the nameserver >> info from the dhcp server on the modem which gives the outside NIC its internet >> ip address. >> >> Does this make any sense? Or rather does anyone see where my situation is >> foobarred? >> > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From b-morgan at concentric.net Mon Nov 23 21:24:44 2009 From: b-morgan at concentric.net (Brad Morgan) Date: Mon, 23 Nov 2009 14:24:44 -0700 Subject: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch? In-Reply-To: <4B0AD436.5090605@cyberspaceroad.com> References: <4B06FE35.6010701@cyberspaceroad.com> <4B0AD436.5090605@cyberspaceroad.com> Message-ID: <007e01ca6c83$61368900$23a39b00$@net> > My dnsmasq config file, based on the example config but with comments removed, is: > > domain-needed > bogus-priv > filterwin2k > local=/localdomain/ > domain=localdomain > dhcp-range=192.168.0.3,192.168.0.254 > dhcp-option=option:router,192.168.0.2 > dhcp-option=option:mtu,1500 > > and my resolv.conf file is: > > nameserver 194.74.65.68 I have a very similar configuration. I think you are close but you may need to tweak your DHCP client. I also have a couple additional lines in my dnsmasq.conf. My /etc/dnsmasq.conf: domain-needed bogus-priv server=/morgan.local/127.0.0.1 local=/morgan.local/ expand-hosts domain=morgan.local dhcp-range=192.168.0.100,192.168.0.199,4h dhcp-option=3,192.168.0.1 dhcp-option=6,192.168.0.1 bogus-nxdomain=208.67.217.130 #OpenDNS bogus-nxdomain=208.69.32.132 #OpenDNS log-facility=/var/log/dnsmasq Take a look at man dhclient.conf to see what might make sense for your configuration. I think "prepend domain-name-servers 127.0.0.1" may be all you need. My /etc/dhclient-eth0.conf: supersede domain-name "morgan.local"; supersede domain-name-servers 127.0.0.1,208.67.222.222,208.67.220.220; #OpenDNS send host-name "bricknix"; # temporary RHL ifup addition Regards, Brad From adam.ant at cyberspaceroad.com Tue Nov 24 11:31:44 2009 From: adam.ant at cyberspaceroad.com (Adam Hardy) Date: Tue, 24 Nov 2009 11:31:44 +0000 Subject: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch? In-Reply-To: <4B0ADBC5.2000104@jemms.net> References: <4B06FE35.6010701@cyberspaceroad.com> <4B0AD436.5090605@cyberspaceroad.com> <4B0ADBC5.2000104@jemms.net> Message-ID: <4B0BC420.2000203@cyberspaceroad.com> You're right. The result from netstat was: tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld after changing the bindaddress config in the mysql config as per the docs to free up networking, it then gives this result: adam at isengard:~$ sudo netstat -napt | grep 3306 tcp 0 0 127.0.1.1:3306 0.0.0.0:* LISTEN 16473/mysqld tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT - which looks weird. But then it's probably just because I don't have much experience in this area. Why has it switched over to 127.0.1.1 ? Thanks Adam Mark Beierl on 23/11/09 19:00, wrote: > Silly thought but - is mysql configured to listen to 127.0.0.1 only? > Something like > > sudo netstat -napt | grep 3306 > > ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306. > > Regards, > Mark > > Adam Hardy wrote: >> Thought I had a simple problem but I don't really find anything >> relevant on the web and I'm not getting any responses to my questions >> here. >> >> Just a pointer in the right direction would be helpful - something to >> put me back on the scent? >> >> Thanks >> Adam >> >> Adam Hardy on 20/11/09 20:38, wrote: >> >>> I have a lan with a gateway machine running an ADSL modem and two >>> NICs with iptables and dnsmasq. >>> >>> It also runs mysql and tomcat but is currently just a simple gateway, >>> I'm not trying to configure any DMZ or fancier stuff like that. >>> >>> My problem is that I can access mysql using 'localhost:3306' but I >>> can't access it on the same box when using the machine name e.g. >>> 'isengard:3306' and my guess is that I have mis-configured either >>> dnsmasq or iptables. >>> >>> I figure that my command "mysql --host=isengard" is probably being >>> resolved as external and then getting blocked by the firewall. >>> >>> My dnsmasq config file, based on the example config but with comments >>> removed, is: >>> >>> domain-needed >>> bogus-priv >>> filterwin2k >>> local=/localdomain/ >>> domain=localdomain >>> dhcp-range=192.168.0.3,192.168.0.254 >>> dhcp-option=option:router,192.168.0.2 >>> dhcp-option=option:mtu,1500 >>> >>> and my resolv.conf file is: >>> >>> nameserver 194.74.65.68 >>> >>> and I think this is getting continually rewritten by dhcp with the >>> nameserver info from the dhcp server on the modem which gives the >>> outside NIC its internet ip address. >>> >>> Does this make any sense? Or rather does anyone see where my >>> situation is foobarred? >>> >> >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss at lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > From mark at jemms.net Tue Nov 24 14:28:48 2009 From: mark at jemms.net (Mark Beierl) Date: Tue, 24 Nov 2009 09:28:48 -0500 Subject: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch? In-Reply-To: <4B0BC420.2000203@cyberspaceroad.com> References: <4B06FE35.6010701@cyberspaceroad.com> <4B0AD436.5090605@cyberspaceroad.com> <4B0ADBC5.2000104@jemms.net> <4B0BC420.2000203@cyberspaceroad.com> Message-ID: <4B0BEDA0.1050304@jemms.net> The TIME_WAIT is not an active socket, it's the remnant of a previous connection. I have no idea at all why mysqld has moved to 127.0.1.1. Is the bind address config line set to the host name and is the host name entry in /etc/hosts 127.0.1.1? Unfortunately, I know very little about mysql, so I can't point you in the right direction for configuration... Regards, Mark Adam Hardy wrote: > You're right. The result from netstat was: > > > tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld > > after changing the bindaddress config in the mysql config as per the docs to > free up networking, it then gives this result: > > adam at isengard:~$ sudo netstat -napt | grep 3306 > tcp 0 0 127.0.1.1:3306 0.0.0.0:* LISTEN 16473/mysqld > tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT - > > which looks weird. But then it's probably just because I don't have much > experience in this area. Why has it switched over to 127.0.1.1 ? > > Thanks > Adam > > > Mark Beierl on 23/11/09 19:00, wrote: > >> Silly thought but - is mysql configured to listen to 127.0.0.1 only? >> Something like >> >> sudo netstat -napt | grep 3306 >> >> ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306. >> >> Regards, >> Mark >> >> Adam Hardy wrote: >> >>> Thought I had a simple problem but I don't really find anything >>> relevant on the web and I'm not getting any responses to my questions >>> here. >>> >>> Just a pointer in the right direction would be helpful - something to >>> put me back on the scent? >>> >>> Thanks >>> Adam >>> >>> Adam Hardy on 20/11/09 20:38, wrote: >>> >>> >>>> I have a lan with a gateway machine running an ADSL modem and two >>>> NICs with iptables and dnsmasq. >>>> >>>> It also runs mysql and tomcat but is currently just a simple gateway, >>>> I'm not trying to configure any DMZ or fancier stuff like that. >>>> >>>> My problem is that I can access mysql using 'localhost:3306' but I >>>> can't access it on the same box when using the machine name e.g. >>>> 'isengard:3306' and my guess is that I have mis-configured either >>>> dnsmasq or iptables. >>>> >>>> I figure that my command "mysql --host=isengard" is probably being >>>> resolved as external and then getting blocked by the firewall. >>>> >>>> My dnsmasq config file, based on the example config but with comments >>>> removed, is: >>>> >>>> domain-needed >>>> bogus-priv >>>> filterwin2k >>>> local=/localdomain/ >>>> domain=localdomain >>>> dhcp-range=192.168.0.3,192.168.0.254 >>>> dhcp-option=option:router,192.168.0.2 >>>> dhcp-option=option:mtu,1500 >>>> >>>> and my resolv.conf file is: >>>> >>>> nameserver 194.74.65.68 >>>> >>>> and I think this is getting continually rewritten by dhcp with the >>>> nameserver info from the dhcp server on the modem which gives the >>>> outside NIC its internet ip address. >>>> >>>> Does this make any sense? Or rather does anyone see where my >>>> situation is foobarred? >>>> >>>> >>> _______________________________________________ >>> Dnsmasq-discuss mailing list >>> Dnsmasq-discuss at lists.thekelleys.org.uk >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >>> >>> > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From ranceh at gmail.com Tue Nov 24 15:13:13 2009 From: ranceh at gmail.com (Rance Hall) Date: Tue, 24 Nov 2009 09:13:13 -0600 Subject: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch? In-Reply-To: <4B0BEDA0.1050304@jemms.net> References: <4B06FE35.6010701@cyberspaceroad.com> <4B0AD436.5090605@cyberspaceroad.com> <4B0ADBC5.2000104@jemms.net> <4B0BC420.2000203@cyberspaceroad.com> <4B0BEDA0.1050304@jemms.net> Message-ID: <845c0f80911240713p19e90305v6e84a483a8bcbc6f@mail.gmail.com> On Tue, Nov 24, 2009 at 8:28 AM, Mark Beierl wrote: > The TIME_WAIT is not an active socket, it's the remnant of a previous > connection. ?I have no idea at all why mysqld has moved to 127.0.1.1. > Is the bind address config line set to the host name and is the host > name entry in /etc/hosts 127.0.1.1? > > Unfortunately, I know very little about mysql, so I can't point you in > the right direction for configuration... > > Regards, > Mark > > Adam Hardy wrote: >> You're right. The result from netstat was: >> >> >> tcp ? 0 ? 0 127.0.0.1:3306 ? 0.0.0.0:* ?LISTEN 2557/mysqld >> >> after changing the bindaddress config in the mysql config as per the docs to >> free up networking, it then gives this result: >> >> adam at isengard:~$ sudo netstat -napt | grep 3306 >> tcp ? 0 ? 0 127.0.1.1:3306 ? ?0.0.0.0:* ? ? ? LISTEN ? ? ?16473/mysqld >> tcp ? 0 ? 0 127.0.1.1:53067 ? 127.0.1.1:3306 ?TIME_WAIT ? - >> >> which looks weird. But then it's probably just because I don't have much >> experience in this area. Why has it switched over to 127.0.1.1 ? >> >> Thanks >> Adam >> The mysql configuration file is my.cnf Its probably in /etc/ somewhere By default mysql listens on the localhost interface only. you can skip networking completely and just use pipes/sockets by using the skip-networking directive in the my.cnf file. Or you can add a bind-address directive to my.cnf. bind-address 0.0.0.0 will listen on all interfaces a series of bind-address x.x.x.x will specify a list of interfaces to listen on (don't forget to include localhost) Rance From adam.ant at cyberspaceroad.com Tue Nov 24 17:47:36 2009 From: adam.ant at cyberspaceroad.com (Adam Hardy) Date: Tue, 24 Nov 2009 17:47:36 +0000 Subject: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch? In-Reply-To: <4B0BEDA0.1050304@jemms.net> References: <4B06FE35.6010701@cyberspaceroad.com> <4B0AD436.5090605@cyberspaceroad.com> <4B0ADBC5.2000104@jemms.net> <4B0BC420.2000203@cyberspaceroad.com> <4B0BEDA0.1050304@jemms.net> Message-ID: <4B0C1C38.8040904@cyberspaceroad.com> I'm sorry, I must be quite annoying, giving stupid answers to the most basic networking questions. I checked in /etc/hosts: 127.0.0.1 localhost 127.0.1.1 isengard.localdomain isengard I didn't edit /etc/hosts myself so I'm not sure why 127.0.1.1 is in there. My lo interface according to ifconfig is 127.0.0.1 Before my previous email, I had also edited my mysql config via the my.cnf file to make the bind-address=isengard. I guess that explains the netstat output. But I have no idea why 127.0.1.1 is there as well as 127.0.0.1 - what installation programs would have written that, other than the debian system install? If it was just from the system installation, can I get rid of 127.0.1.1 and use all on one line: 127.0.0.1 localhost isengard.localdomain isengard I also don't know whether to put some extra lines in my dnsmasq.conf and dhclient.conf, for instance in dnsmasq.conf the example server=/localnet/192.168.0.1 looks useful, judging from the other stuff I just dealt with, although I'm not sure what purpose it serves. The external NIC using dhclient.conf to get its IP address from the modem seems to be rewriting /etc/resolv.conf. Does dnsmasq deal with this on its own or is there a setting I should be using? My dhclient.conf seems OK: option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes; Regards Adam Mark Beierl on 24/11/09 14:28, wrote: > The TIME_WAIT is not an active socket, it's the remnant of a previous > connection. I have no idea at all why mysqld has moved to 127.0.1.1. > Is the bind address config line set to the host name and is the host > name entry in /etc/hosts 127.0.1.1? > > Unfortunately, I know very little about mysql, so I can't point you in > the right direction for configuration... > > Regards, > Mark > > Adam Hardy wrote: >> You're right. The result from netstat was: >> >> >> tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld >> >> after changing the bindaddress config in the mysql config as per the >> docs to free up networking, it then gives this result: >> >> adam at isengard:~$ sudo netstat -napt | grep 3306 >> tcp 0 0 127.0.1.1:3306 0.0.0.0:* LISTEN 16473/mysqld >> tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT - >> >> which looks weird. But then it's probably just because I don't have >> much experience in this area. Why has it switched over to 127.0.1.1 ? >> >> Thanks >> Adam >> >> >> Mark Beierl on 23/11/09 19:00, wrote: >> >>> Silly thought but - is mysql configured to listen to 127.0.0.1 only? >>> Something like >>> >>> sudo netstat -napt | grep 3306 >>> >>> ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306. >>> >>> Regards, >>> Mark >>> >>> Adam Hardy wrote: >>> >>>> Thought I had a simple problem but I don't really find anything >>>> relevant on the web and I'm not getting any responses to my >>>> questions here. >>>> >>>> Just a pointer in the right direction would be helpful - something >>>> to put me back on the scent? >>>> >>>> Thanks >>>> Adam >>>> >>>> Adam Hardy on 20/11/09 20:38, wrote: >>>> >>>> >>>>> I have a lan with a gateway machine running an ADSL modem and two >>>>> NICs with iptables and dnsmasq. >>>>> >>>>> It also runs mysql and tomcat but is currently just a simple >>>>> gateway, I'm not trying to configure any DMZ or fancier stuff like >>>>> that. >>>>> >>>>> My problem is that I can access mysql using 'localhost:3306' but I >>>>> can't access it on the same box when using the machine name e.g. >>>>> 'isengard:3306' and my guess is that I have mis-configured either >>>>> dnsmasq or iptables. >>>>> >>>>> I figure that my command "mysql --host=isengard" is probably being >>>>> resolved as external and then getting blocked by the firewall. >>>>> >>>>> My dnsmasq config file, based on the example config but with >>>>> comments removed, is: >>>>> >>>>> domain-needed >>>>> bogus-priv >>>>> filterwin2k >>>>> local=/localdomain/ >>>>> domain=localdomain >>>>> dhcp-range=192.168.0.3,192.168.0.254 >>>>> dhcp-option=option:router,192.168.0.2 >>>>> dhcp-option=option:mtu,1500 >>>>> >>>>> and my resolv.conf file is: >>>>> >>>>> nameserver 194.74.65.68 >>>>> >>>>> and I think this is getting continually rewritten by dhcp with the >>>>> nameserver info from the dhcp server on the modem which gives the >>>>> outside NIC its internet ip address. >>>>> >>>>> Does this make any sense? Or rather does anyone see where my >>>>> situation is foobarred? From mark at jemms.net Tue Nov 24 20:37:45 2009 From: mark at jemms.net (Mark Beierl) Date: Tue, 24 Nov 2009 15:37:45 -0500 Subject: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch? In-Reply-To: <4B0C1C38.8040904@cyberspaceroad.com> References: <4B06FE35.6010701@cyberspaceroad.com> <4B0AD436.5090605@cyberspaceroad.com> <4B0ADBC5.2000104@jemms.net> <4B0BC420.2000203@cyberspaceroad.com> <4B0BEDA0.1050304@jemms.net> <4B0C1C38.8040904@cyberspaceroad.com> Message-ID: <4B0C4419.5010501@jemms.net> Not a problem... just trying to help too :) The 127.0.1.1 is a common thing these days, but I don't know why. Yes you can merge them into one 127.0.0.1 line. Rance Hall seemed to have hit the config entry on the head: bind-address 0.0.0.0 instead of isengard. Due to isengard resolving to localhost/127.0.0.1 (or 127.0.1.1 as the case may be), it is still the same as telling mysql to listen only to localhost, so that change made no real difference. You must tell mysql explicitly to listen to all addresses (0.0.0.0) with the bind-addresses listed above. Regards, Mark Adam Hardy wrote: > I'm sorry, I must be quite annoying, giving stupid answers to the most basic > networking questions. I checked in /etc/hosts: > > 127.0.0.1 localhost > 127.0.1.1 isengard.localdomain isengard > > I didn't edit /etc/hosts myself so I'm not sure why 127.0.1.1 is in there. My lo > interface according to ifconfig is 127.0.0.1 > > Before my previous email, I had also edited my mysql config via the my.cnf file > to make the bind-address=isengard. I guess that explains the netstat output. > > But I have no idea why 127.0.1.1 is there as well as 127.0.0.1 - what > installation programs would have written that, other than the debian system > install? > > If it was just from the system installation, can I get rid of 127.0.1.1 and use > all on one line: > > 127.0.0.1 localhost isengard.localdomain isengard > > I also don't know whether to put some extra lines in my dnsmasq.conf and > dhclient.conf, for instance in dnsmasq.conf the example > > server=/localnet/192.168.0.1 > > looks useful, judging from the other stuff I just dealt with, although I'm not > sure what purpose it serves. > > The external NIC using dhclient.conf to get its IP address from the modem seems > to be rewriting /etc/resolv.conf. Does dnsmasq deal with this on its own or is > there a setting I should be using? > > My dhclient.conf seems OK: > > option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; > request subnet-mask, broadcast-address, time-offset, routers, > domain-name, domain-name-servers, domain-search, host-name, > netbios-name-servers, netbios-scope, interface-mtu, > rfc3442-classless-static-routes; > > > Regards > Adam > > > > Mark Beierl on 24/11/09 14:28, wrote: > >> The TIME_WAIT is not an active socket, it's the remnant of a previous >> connection. I have no idea at all why mysqld has moved to 127.0.1.1. >> Is the bind address config line set to the host name and is the host >> name entry in /etc/hosts 127.0.1.1? >> >> Unfortunately, I know very little about mysql, so I can't point you in >> the right direction for configuration... >> >> Regards, >> Mark >> >> Adam Hardy wrote: >> >>> You're right. The result from netstat was: >>> >>> >>> tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld >>> >>> after changing the bindaddress config in the mysql config as per the >>> docs to free up networking, it then gives this result: >>> >>> adam at isengard:~$ sudo netstat -napt | grep 3306 >>> tcp 0 0 127.0.1.1:3306 0.0.0.0:* LISTEN 16473/mysqld >>> tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT - >>> >>> which looks weird. But then it's probably just because I don't have >>> much experience in this area. Why has it switched over to 127.0.1.1 ? >>> >>> Thanks >>> Adam >>> >>> >>> Mark Beierl on 23/11/09 19:00, wrote: >>> >>> >>>> Silly thought but - is mysql configured to listen to 127.0.0.1 only? >>>> Something like >>>> >>>> sudo netstat -napt | grep 3306 >>>> >>>> ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306. >>>> >>>> Regards, >>>> Mark >>>> >>>> Adam Hardy wrote: >>>> >>>> >>>>> Thought I had a simple problem but I don't really find anything >>>>> relevant on the web and I'm not getting any responses to my >>>>> questions here. >>>>> >>>>> Just a pointer in the right direction would be helpful - something >>>>> to put me back on the scent? >>>>> >>>>> Thanks >>>>> Adam >>>>> >>>>> Adam Hardy on 20/11/09 20:38, wrote: >>>>> >>>>> >>>>> >>>>>> I have a lan with a gateway machine running an ADSL modem and two >>>>>> NICs with iptables and dnsmasq. >>>>>> >>>>>> It also runs mysql and tomcat but is currently just a simple >>>>>> gateway, I'm not trying to configure any DMZ or fancier stuff like >>>>>> that. >>>>>> >>>>>> My problem is that I can access mysql using 'localhost:3306' but I >>>>>> can't access it on the same box when using the machine name e.g. >>>>>> 'isengard:3306' and my guess is that I have mis-configured either >>>>>> dnsmasq or iptables. >>>>>> >>>>>> I figure that my command "mysql --host=isengard" is probably being >>>>>> resolved as external and then getting blocked by the firewall. >>>>>> >>>>>> My dnsmasq config file, based on the example config but with >>>>>> comments removed, is: >>>>>> >>>>>> domain-needed >>>>>> bogus-priv >>>>>> filterwin2k >>>>>> local=/localdomain/ >>>>>> domain=localdomain >>>>>> dhcp-range=192.168.0.3,192.168.0.254 >>>>>> dhcp-option=option:router,192.168.0.2 >>>>>> dhcp-option=option:mtu,1500 >>>>>> >>>>>> and my resolv.conf file is: >>>>>> >>>>>> nameserver 194.74.65.68 >>>>>> >>>>>> and I think this is getting continually rewritten by dhcp with the >>>>>> nameserver info from the dhcp server on the modem which gives the >>>>>> outside NIC its internet ip address. >>>>>> >>>>>> Does this make any sense? Or rather does anyone see where my >>>>>> situation is foobarred? >>>>>> > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From adam.ant at cyberspaceroad.com Wed Nov 25 20:54:30 2009 From: adam.ant at cyberspaceroad.com (Adam Hardy) Date: Wed, 25 Nov 2009 20:54:30 +0000 Subject: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch? In-Reply-To: <4B0C4419.5010501@jemms.net> References: <4B06FE35.6010701@cyberspaceroad.com> <4B0AD436.5090605@cyberspaceroad.com> <4B0ADBC5.2000104@jemms.net> <4B0BC420.2000203@cyberspaceroad.com> <4B0BEDA0.1050304@jemms.net> <4B0C1C38.8040904@cyberspaceroad.com> <4B0C4419.5010501@jemms.net> Message-ID: <4B0D9986.8070807@cyberspaceroad.com> OK I merged the hosts 127.0.1.1 names onto 127.0.0.1 with no ill effects so far, and with bind-address set to 0.0.0.0 I can see it listening to 0.0.0.0 also no ill effects. I just have to make sure now that I've got it covered from the outside world in iptables. Thanks v. much for the help Adam Mark Beierl on 24/11/09 20:37, wrote: > Not a problem... just trying to help too :) > > The 127.0.1.1 is a common thing these days, but I don't know why. Yes > you can merge them into one 127.0.0.1 line. > > Rance Hall seemed to have hit the config entry on the head: > > bind-address 0.0.0.0 > instead of isengard. Due to isengard resolving to localhost/127.0.0.1 > (or 127.0.1.1 as the case may be), it is still the same as telling mysql > to listen only to localhost, so that change made no real difference. > You must tell mysql explicitly to listen to all addresses (0.0.0.0) with > the bind-addresses listed above. > > Regards, > Mark > > Adam Hardy wrote: >> I'm sorry, I must be quite annoying, giving stupid answers to the most >> basic networking questions. I checked in /etc/hosts: >> >> 127.0.0.1 localhost >> 127.0.1.1 isengard.localdomain isengard >> >> I didn't edit /etc/hosts myself so I'm not sure why 127.0.1.1 is in >> there. My lo interface according to ifconfig is 127.0.0.1 >> >> Before my previous email, I had also edited my mysql config via the >> my.cnf file to make the bind-address=isengard. I guess that explains >> the netstat output. >> >> But I have no idea why 127.0.1.1 is there as well as 127.0.0.1 - what >> installation programs would have written that, other than the debian >> system install? >> >> If it was just from the system installation, can I get rid of >> 127.0.1.1 and use all on one line: >> >> 127.0.0.1 localhost isengard.localdomain isengard >> >> I also don't know whether to put some extra lines in my dnsmasq.conf >> and dhclient.conf, for instance in dnsmasq.conf the example >> >> server=/localnet/192.168.0.1 >> >> looks useful, judging from the other stuff I just dealt with, although >> I'm not sure what purpose it serves. >> >> The external NIC using dhclient.conf to get its IP address from the >> modem seems to be rewriting /etc/resolv.conf. Does dnsmasq deal with >> this on its own or is there a setting I should be using? >> >> My dhclient.conf seems OK: >> >> option rfc3442-classless-static-routes code 121 = array of unsigned >> integer 8; >> request subnet-mask, broadcast-address, time-offset, routers, >> domain-name, domain-name-servers, domain-search, host-name, >> netbios-name-servers, netbios-scope, interface-mtu, >> rfc3442-classless-static-routes; >> >> >> Regards >> Adam >> >> >> >> Mark Beierl on 24/11/09 14:28, wrote: >> >>> The TIME_WAIT is not an active socket, it's the remnant of a previous >>> connection. I have no idea at all why mysqld has moved to >>> 127.0.1.1. Is the bind address config line set to the host name and >>> is the host name entry in /etc/hosts 127.0.1.1? >>> >>> Unfortunately, I know very little about mysql, so I can't point you >>> in the right direction for configuration... >>> >>> Regards, >>> Mark >>> >>> Adam Hardy wrote: >>> >>>> You're right. The result from netstat was: >>>> >>>> >>>> tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld >>>> >>>> after changing the bindaddress config in the mysql config as per the >>>> docs to free up networking, it then gives this result: >>>> >>>> adam at isengard:~$ sudo netstat -napt | grep 3306 >>>> tcp 0 0 127.0.1.1:3306 0.0.0.0:* LISTEN 16473/mysqld >>>> tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT - >>>> >>>> which looks weird. But then it's probably just because I don't have >>>> much experience in this area. Why has it switched over to 127.0.1.1 ? >>>> >>>> Thanks >>>> Adam >>>> >>>> >>>> Mark Beierl on 23/11/09 19:00, wrote: >>>> >>>> >>>>> Silly thought but - is mysql configured to listen to 127.0.0.1 >>>>> only? Something like >>>>> >>>>> sudo netstat -napt | grep 3306 >>>>> >>>>> ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306. >>>>> >>>>> Regards, >>>>> Mark >>>>> >>>>> Adam Hardy wrote: >>>>> >>>>>> Thought I had a simple problem but I don't really find anything >>>>>> relevant on the web and I'm not getting any responses to my >>>>>> questions here. >>>>>> >>>>>> Just a pointer in the right direction would be helpful - something >>>>>> to put me back on the scent? >>>>>> >>>>>> Thanks >>>>>> Adam >>>>>> >>>>>> Adam Hardy on 20/11/09 20:38, wrote: >>>>>> >>>>>> >>>>>>> I have a lan with a gateway machine running an ADSL modem and two >>>>>>> NICs with iptables and dnsmasq. >>>>>>> >>>>>>> It also runs mysql and tomcat but is currently just a simple >>>>>>> gateway, I'm not trying to configure any DMZ or fancier stuff >>>>>>> like that. >>>>>>> >>>>>>> My problem is that I can access mysql using 'localhost:3306' but >>>>>>> I can't access it on the same box when using the machine name >>>>>>> e.g. 'isengard:3306' and my guess is that I have mis-configured >>>>>>> either dnsmasq or iptables. >>>>>>> >>>>>>> I figure that my command "mysql --host=isengard" is probably >>>>>>> being resolved as external and then getting blocked by the firewall. >>>>>>> >>>>>>> My dnsmasq config file, based on the example config but with >>>>>>> comments removed, is: >>>>>>> >>>>>>> domain-needed >>>>>>> bogus-priv >>>>>>> filterwin2k >>>>>>> local=/localdomain/ >>>>>>> domain=localdomain >>>>>>> dhcp-range=192.168.0.3,192.168.0.254 >>>>>>> dhcp-option=option:router,192.168.0.2 >>>>>>> dhcp-option=option:mtu,1500 >>>>>>> >>>>>>> and my resolv.conf file is: >>>>>>> >>>>>>> nameserver 194.74.65.68 >>>>>>> >>>>>>> and I think this is getting continually rewritten by dhcp with >>>>>>> the nameserver info from the dhcp server on the modem which gives >>>>>>> the outside NIC its internet ip address. >>>>>>> >>>>>>> Does this make any sense? Or rather does anyone see where my >>>>>>> situation is foobarred? From adam.ant at cyberspaceroad.com Thu Nov 26 19:00:12 2009 From: adam.ant at cyberspaceroad.com (Adam Hardy) Date: Thu, 26 Nov 2009 19:00:12 +0000 (UTC) Subject: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch? References: <4B06FE35.6010701@cyberspaceroad.com> <4B0AD436.5090605@cyberspaceroad.com> <007e01ca6c83$61368900$23a39b00$@net> Message-ID: Brad Morgan writes: > I have a very similar configuration. I think you are close but you may > to tweak your DHCP client. [snip] > Take a look at man dhclient.conf to see what might make sense for your > configuration. I think "prepend domain-name-servers 127.0.0.1" may be > you need. > > My /etc/dhclient-eth0.conf: > > supersede domain-name "morgan.local"; > supersede domain-name-servers 127.0.0.1,208.67.222.222,208.67.220.220; > #OpenDNS > send host-name "bricknix"; # temporary RHL ifup addition Actually I didn't realise how important those supersede commands were, but without them, the clients on my network won't resolve the actual dnsmasq machine. The windows machine kept resolving the hostname isengard (name of the dnsm machine) to 127.0.0.1! Pretty confusing, and nslookup on the windows machi said something about non-existent domains and PTR records. Anyway, all ship shape now. Ta Adam From laci at monda.hu Sat Nov 28 17:44:00 2009 From: laci at monda.hu (=?UTF-8?B?TMOhc3psw7MgTW9uZGE=?=) Date: Sat, 28 Nov 2009 18:44:00 +0100 Subject: [Dnsmasq-discuss] Using the same IP for the wired and wireless interface of a laptop Message-ID: <4d598e970911280944n43c663c5qd187d24711afaebd@mail.gmail.com> Hi List, I'm trying to bind two MACs which are the wired and the wireless interface of a laptop to one IP by specifying two related lines in /etc/ethers and one related line in /etc/hosts but it seems only the first MAC works. I guess dnsmasq overrides the first with the second. It'd be nice to use the same IP for the laptop regardless whether the wired or the wireless interface used, altough I'm not sure that this is a really good idea because when both of the interfaces are active this can lead to troubles. What do you think? -- Laci From v_cadet at yahoo.fr Sat Nov 28 22:27:20 2009 From: v_cadet at yahoo.fr (Vincent Cadet) Date: Sat, 28 Nov 2009 22:27:20 +0000 (GMT) Subject: [Dnsmasq-discuss] Re : Using the same IP for the wired and wireless interface of a laptop In-Reply-To: <4d598e970911280944n43c663c5qd187d24711afaebd@mail.gmail.com> Message-ID: <822911.22156.qm@web28202.mail.ukl.yahoo.com> Hi L?szl?. > I'm trying to bind two MACs which are the wired and the > wireless > interface of a laptop to one IP by specifying two related > lines in > /etc/ethers and one related line in /etc/hosts but it seems > only the > first MAC works. I guess dnsmasq overrides the first > with the second. > > It'd be nice to use the same IP for the laptop regardless > whether the > wired or the wireless interface used, altough I'm not sure > that this > is a really good idea because when both of the interfaces > are active > this can lead to troubles. > > What do you think? You can use bonding for that. I've successfully used bonding with my wired and wireless interfaces on my laptop. The result is one virtual interface (hece one IP address) that combines both physical interfaces w/ possible failover or load balancing. Vince C. From laci at monda.hu Mon Nov 30 01:53:26 2009 From: laci at monda.hu (=?UTF-8?B?TMOhc3psw7MgTW9uZGE=?=) Date: Mon, 30 Nov 2009 02:53:26 +0100 Subject: [Dnsmasq-discuss] Re : Using the same IP for the wired and wireless interface of a laptop In-Reply-To: <822911.22156.qm@web28202.mail.ukl.yahoo.com> References: <4d598e970911280944n43c663c5qd187d24711afaebd@mail.gmail.com> <822911.22156.qm@web28202.mail.ukl.yahoo.com> Message-ID: <4d598e970911291753w1e41f4b8sbcf3f66407ce7c3c@mail.gmail.com> Hi Vincent, On Sat, Nov 28, 2009 at 11:27 PM, Vincent Cadet wrote: > Hi ?L?szl?. > >> I'm trying to bind two MACs which are the wired and the >> wireless >> interface of a laptop to one IP by specifying two related >> lines in >> /etc/ethers and one related line in /etc/hosts but it seems >> only the >> first MAC works. ?I guess dnsmasq overrides the first >> with the second. >> >> It'd be nice to use the same IP for the laptop regardless >> whether the >> wired or the wireless interface used, altough I'm not sure >> that this >> is a really good idea because when both of the interfaces >> are active >> this can lead to troubles. >> >> What do you think? > > You can use bonding for that. I've successfully used bonding with my wired and wireless interfaces on my laptop. The result is one virtual interface (hece one IP address) that combines both physical interfaces w/ possible failover or load balancing. Great idea! Bonding is much cleaner than my solution. Thanks! -- Laci From simon at thekelleys.org.uk Mon Nov 30 17:23:52 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Mon, 30 Nov 2009 17:23:52 +0000 Subject: [Dnsmasq-discuss] Using the same IP for the wired and wireless interface of a laptop In-Reply-To: <4d598e970911280944n43c663c5qd187d24711afaebd@mail.gmail.com> References: <4d598e970911280944n43c663c5qd187d24711afaebd@mail.gmail.com> Message-ID: <4B13FFA8.6060806@thekelleys.org.uk> L?szl? Monda wrote: > Hi List, > > I'm trying to bind two MACs which are the wired and the wireless > interface of a laptop to one IP by specifying two related lines in > /etc/ethers and one related line in /etc/hosts but it seems only the > first MAC works. I guess dnsmasq overrides the first with the second. > > It'd be nice to use the same IP for the laptop regardless whether the > wired or the wireless interface used, altough I'm not sure that this > is a really good idea because when both of the interfaces are active > this can lead to troubles. > > What do you think? > You can make dnsmasq share the same IP address between two interfaces by putting both MAc addresses on one line in /etc/dnsmasq.conf dhcp-host=,, This will only work if you're careful to make sure that only one interface at a time is up. Cheers, Simon. From marc at marcsallent.com Wed Dec 2 09:53:03 2009 From: marc at marcsallent.com (Marc Sallent) Date: Wed, 2 Dec 2009 10:53:03 +0100 Subject: [Dnsmasq-discuss] Resolve all domains to the same IP Message-ID: <05386E92-A9BD-4AF0-8123-6A5482D3045B@marcsallent.com> Hi! For an interactive installation, I need everybody connecting to my wi- fi network to be shown the same page, hosted in my computer. I have a router with Dnsmasq installed, connected to the computer with the server, IP 1.2.3.4, so everybody looking for, ie. google.com, yahoo.com should see only the contents in the server with IP 1.2.3.4 Is that possible? Thanks! marc From simon at thekelleys.org.uk Wed Dec 2 09:57:04 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Wed, 02 Dec 2009 09:57:04 +0000 Subject: [Dnsmasq-discuss] Resolve all domains to the same IP In-Reply-To: <05386E92-A9BD-4AF0-8123-6A5482D3045B@marcsallent.com> References: <05386E92-A9BD-4AF0-8123-6A5482D3045B@marcsallent.com> Message-ID: <4B1639F0.8080605@thekelleys.org.uk> Marc Sallent wrote: > Hi! > > For an interactive installation, I need everybody connecting to my wi- > fi network to be shown the same page, hosted in my computer. > I have a router with Dnsmasq installed, connected to the computer with > the server, IP 1.2.3.4, so everybody looking for, ie. google.com, > yahoo.com should see only the contents in the server with IP 1.2.3.4 > > Is that possible? > > Thanks! > > marc > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > --address =/#/1.2.3.4 Check the man page for more details. HTH Simon. From laci at monda.hu Wed Dec 2 10:21:27 2009 From: laci at monda.hu (=?UTF-8?B?TMOhc3psw7MgTW9uZGE=?=) Date: Wed, 2 Dec 2009 11:21:27 +0100 Subject: [Dnsmasq-discuss] Resolve all domains to the same IP In-Reply-To: <05386E92-A9BD-4AF0-8123-6A5482D3045B@marcsallent.com> References: <05386E92-A9BD-4AF0-8123-6A5482D3045B@marcsallent.com> Message-ID: <4d598e970912020221i45c4da8ftd189fa9bd15ad270@mail.gmail.com> Hi, First of all, using 1.2.3.4 as a private IP address is a very bad practice because it's not part of the private IP address space - http://en.wikipedia.org/wiki/Private_network Second, what are you really trying to do? If you want to set up a captive portal on OpenWrt then you have some options: root at sunshine:~# opkg list|grep -i captive chillispot - 1.1.0-1 - ChilliSpot is an open source captive portal or wireless LAN pepperspot - 0.1-1 - PepperSpot is a captive portal or wireless LAN access point controller wifidog - 1.1.5-2 - The Wifidog project is a complete and embeddable captive Please CC me in your answer because I won't be on the list. On Wed, Dec 2, 2009 at 10:53 AM, Marc Sallent wrote: > Hi! > > For an interactive installation, I need everybody connecting to my wi- > fi network to be shown the same page, hosted in my computer. > I have a router with Dnsmasq installed, connected to the computer with > the server, IP 1.2.3.4, so everybody looking for, ie. google.com, > yahoo.com should see only the contents in the server with IP 1.2.3.4 > > Is that possible? > > Thanks! > > marc > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -- Laci From laci at monda.hu Wed Dec 2 11:23:46 2009 From: laci at monda.hu (=?UTF-8?B?TMOhc3psw7MgTW9uZGE=?=) Date: Wed, 2 Dec 2009 12:23:46 +0100 Subject: [Dnsmasq-discuss] Resolve all domains to the same IP In-Reply-To: <4B1639F0.8080605@thekelleys.org.uk> References: <05386E92-A9BD-4AF0-8123-6A5482D3045B@marcsallent.com> <4B1639F0.8080605@thekelleys.org.uk> Message-ID: <4d598e970912020323y314edfa7r6ec4e5fbb1883274@mail.gmail.com> On Wed, Dec 2, 2009 at 10:57 AM, Simon Kelley wrote: > Marc Sallent wrote: >> Hi! >> >> For an interactive installation, I need everybody connecting to my wi- >> fi network to be shown the same page, hosted in my computer. >> I have a router with Dnsmasq installed, connected to the computer with >> the server, IP 1.2.3.4, so everybody looking for, ie. google.com, >> yahoo.com should see only the contents in the server with IP 1.2.3.4 >> >> Is that possible? >> >> Thanks! >> >> marc >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss at lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > > > --address =/#/1.2.3.4 > > Check the man page for more details. > > > HTH > > > Simon. > Now I see what it's all about. Thanks for clarifying. > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -- Laci From v_cadet at yahoo.fr Wed Dec 2 15:14:06 2009 From: v_cadet at yahoo.fr (Vincent Cadet) Date: Wed, 2 Dec 2009 15:14:06 +0000 (GMT) Subject: [Dnsmasq-discuss] Re : Resolve all domains to the same IP In-Reply-To: <05386E92-A9BD-4AF0-8123-6A5482D3045B@marcsallent.com> Message-ID: <242697.34737.qm@web28207.mail.ukl.yahoo.com> Hello Marc > For an interactive installation, I need everybody > connecting to my wi- > fi network to be shown the same page, hosted in my > computer. > I have a router with Dnsmasq installed, connected to the > computer with > the server, IP 1.2.3.4, so everybody looking for, ie. > google.com, > yahoo.com should see only the contents in the server with > IP 1.2.3.4 > > Is that possible? As L?szl? Monda wrote, what you are looking for is a captive portal, such as Chillispot (et al.) Such applications are really dedicated to providing a web page where visitors must enter a login and a password to continue surfing. You can use dnsmasq to send visitors to the same IP address. Unlike a captive portal it can't be dynamic as you'd have to stop the redirection as soon as users are identified, which can't be done easily with dnsmasq and most probably not on a per-user basis. Moreover you'd permanently have every network packet sent to the same IP address, not just web traffic. Hope this helps, Vince C. From elaganowski at hotmail.com Wed Dec 2 16:45:57 2009 From: elaganowski at hotmail.com (Eric Laganowski) Date: Wed, 2 Dec 2009 11:45:57 -0500 Subject: [Dnsmasq-discuss] DNS pattern response Message-ID: Hi! I am playing with browser proxy autodiscovery feature and would like dnsmasq to reply with a certain IP address to any DNS query starting with "wpad.", any domain might follow. Is it possible to accomplish this with dnsmasq? -Eric _________________________________________________________________ Chat with Messenger straight from your Hotmail inbox. http://www.microsoft.com/windows/windowslive/hotmail_bl1/hotmail_bl1.aspx?ocid=PID23879::T:WLMTAGL:ON:WL:en-ww:WM_IMHM_4:092009 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091202/b234dc7f/attachment.htm From santiago at zarate.net.ve Wed Dec 2 17:22:35 2009 From: santiago at zarate.net.ve (Santiago Zarate) Date: Wed, 2 Dec 2009 12:52:35 -0430 Subject: [Dnsmasq-discuss] DNS pattern response In-Reply-To: References: Message-ID: <200912021252.35536.santiago@zarate.net.ve> i guess you can use a cname record... address=/wpad.mydomain.net/10.40.60.90 cname=wpad,wpad.mydomain.net tho... i'm pretty sure that cname=wpad,10.40.60.90 will also work... -- Santiago Zarate santiago at zarate.net.ve (+58) 4129864175 (+58) 4241073905 From steve at thestever.net Wed Dec 2 17:32:07 2009 From: steve at thestever.net (Steve Quezadas) Date: Wed, 02 Dec 2009 09:32:07 -0800 Subject: [Dnsmasq-discuss] windows' hostname Message-ID: <4B16A497.8000205@thestever.net> Simple question: Can dnsmasq set the hostname for a windows station? I ghosted an image across 5 computers and now they all have the same hostname. I am hoping that dhcp allows you to set the hostname of each machine by mac address so I won't get the "a duplicate name exists on the network" error. - Steve From b-morgan at concentric.net Wed Dec 2 17:50:46 2009 From: b-morgan at concentric.net (Brad Morgan) Date: Wed, 2 Dec 2009 10:50:46 -0700 Subject: [Dnsmasq-discuss] windows' hostname In-Reply-To: <4B16A497.8000205@thestever.net> References: <4B16A497.8000205@thestever.net> Message-ID: <008501ca7377$fb41b3d0$f1c51b70$@net> > Can dnsmasq set the hostname for a windows station? I ghosted an image > across 5 computers and now they all have the same hostname. I am hoping > that dhcp allows you to set the hostname of each machine by mac address > so I won't get the "a duplicate name exists on the network" error. You are going to have more problems than just the hostname with your Windows systems. They also have duplicate system identifications (SIDs). You will need to run a program like NewSID (http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx) on each system. You can change the hostname as well at this time. Regards, Brad From nikolay.kasatkin at gmail.com Wed Dec 2 18:09:14 2009 From: nikolay.kasatkin at gmail.com (Nikolay Kasatkin) Date: Wed, 2 Dec 2009 21:09:14 +0300 Subject: [Dnsmasq-discuss] windows' hostname In-Reply-To: <4B16A497.8000205@thestever.net> References: <4B16A497.8000205@thestever.net> Message-ID: <78710f9a0912021009v650a59dfge0281f83a790e858@mail.gmail.com> Give a try to Clonezilla and DRBL (clonezilla.org and http://drbl.sourceforge.net). They can change SID and windows hostname after cloning too On Wed, Dec 2, 2009 at 8:32 PM, Steve Quezadas wrote: > Simple question: > > Can dnsmasq set the hostname for a windows station? I ghosted an image > across 5 computers and now they all have the same hostname. I am hoping > that dhcp allows you to set the hostname of each machine by mac address > so I won't get the "a duplicate name exists on the network" error. > > - Steve > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -- Kasatkin Nikolay -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091202/39808ae9/attachment.htm From Hullen at t-online.de Wed Dec 2 18:28:00 2009 From: Hullen at t-online.de (Helmut Hullen) Date: 02 Dec 2009 19:28:00 +0100 Subject: [Dnsmasq-discuss] windows' hostname In-Reply-To: <008501ca7377$fb41b3d0$f1c51b70$@net> Message-ID: Hallo, Brad, Du meintest am 02.12.09: >> Can dnsmasq set the hostname for a windows station? I ghosted an >> image across 5 computers and now they all have the same hostname. [...] > You are going to have more problems than just the hostname with your > Windows systems. They also have duplicate system identifications > (SIDs). You will need to run a program like NewSID > (http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx) on > each system. You can change the hostname as well at this time. Take a look at especially "SID Duplication" (ok - it's not related in any way to dnsmasq) > Regards, > Brad > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss Viele Gruesse! Helmut From joshua at eeinternet.com Wed Dec 2 19:07:55 2009 From: joshua at eeinternet.com (Joshua J. Kugler) Date: Wed, 02 Dec 2009 10:07:55 -0900 Subject: [Dnsmasq-discuss] windows' hostname In-Reply-To: <008501ca7377$fb41b3d0$f1c51b70$@net> References: <4B16A497.8000205@thestever.net> <008501ca7377$fb41b3d0$f1c51b70$@net> Message-ID: <200912021007.56160.joshua@eeinternet.com> On Wednesday 02 December 2009, Brad Morgan said something like: > > Can dnsmasq set the hostname for a windows station? I ghosted an > > image across 5 computers and now they all have the same hostname. I > > am hoping that dhcp allows you to set the hostname of each machine > > by mac address so I won't get the "a duplicate name exists on the > > network" error. > > You are going to have more problems than just the hostname with your > Windows systems. They also have duplicate system identifications > (SIDs). You will need to run a program like NewSID > (http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx) on > each system. You can change the hostname as well at this time. The SID thing appears to be no longer true. See http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx j -- Joshua Kugler Part-Time System Admin/Programmer http://www.eeinternet.com PGP Key: http://pgp.mit.edu/ ?ID 0x14EA086E From richardvoigt at gmail.com Thu Dec 3 02:50:07 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Wed, 2 Dec 2009 20:50:07 -0600 Subject: [Dnsmasq-discuss] Resolve all domains to the same IP In-Reply-To: <05386E92-A9BD-4AF0-8123-6A5482D3045B@marcsallent.com> References: <05386E92-A9BD-4AF0-8123-6A5482D3045B@marcsallent.com> Message-ID: <2e59e6970912021850o7d01e98cq1f3aecade953eaf@mail.gmail.com> On Wed, Dec 2, 2009 at 3:53 AM, Marc Sallent wrote: > Hi! > > For an interactive installation, I need everybody connecting to my wi- > fi network to be shown the same page, hosted in my computer. > I have a router with Dnsmasq installed, connected to the computer with > the server, IP 1.2.3.4, so everybody looking for, ie. google.com, > yahoo.com should see only the contents in the server with IP 1.2.3.4 > > Is that possible? No, it is not possible. You cannot force people to view a web page. You cannot open a web browser remotely. Even if they open the browser voluntarily, DNS will not help you since it only is involved when the client uses a name. If the client connects by IP address (common since TCP/IP stacks cache recently used lookups) then dnsmasq never enters the picture. Use masquerade as suggested by Laszlo, and realize that people will still not see your page until they choose to open their browser. > > Thanks! > > marc > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From eric at laganowski.net Thu Dec 3 22:48:52 2009 From: eric at laganowski.net (Eric Laganowski) Date: Thu, 03 Dec 2009 17:48:52 -0500 Subject: [Dnsmasq-discuss] DNS pattern response Message-ID: <4B184054.80408@laganowski.net> I guess I am not communicating this well. The desired dnsmasq behavior would be to reply, say, with 192.168.1.1 to any request starting with "wpad.", not just local domain, so if, say my domain is domain.local, dnsmasq responds with 192.168.1.1 to both wpad.domain.local and wpad.google.com -Eric Date: Wed, 2 Dec 2009 12:52:35 -0430 From: Santiago Zarate Subject: Re: [Dnsmasq-discuss] DNS pattern response To: dnsmasq-discuss at lists.thekelleys.org.uk Message-ID: <200912021252.35536.santiago at zarate.net.ve> Content-Type: Text/Plain; charset="us-ascii" i guess you can use a cname record... address=/wpad.mydomain.net/10.40.60.90 cname=wpad,wpad.mydomain.net tho... i'm pretty sure that cname=wpad,10.40.60.90 will also work... -- Santiago Zarate santiago at zarate.net.ve (+58) 4129864175 (+58) 4241073905 Date: Wed, 2 Dec 2009 11:45:57 -0500 From: Eric Laganowski Subject: [Dnsmasq-discuss] DNS pattern response To: Message-ID: Content-Type: text/plain; charset="iso-8859-1" Hi! I am playing with browser proxy autodiscovery feature and would like dnsmasq to reply with a certain IP address to any DNS query starting with "wpad.", any domain might follow. Is it possible to accomplish this with dnsmasq? -Eric From tmetro+dnsmasq at gmail.com Thu Dec 3 23:41:19 2009 From: tmetro+dnsmasq at gmail.com (Tom Metro) Date: Thu, 03 Dec 2009 18:41:19 -0500 Subject: [Dnsmasq-discuss] query rewriting Message-ID: <4B184C9F.1040705@gmail.com> Is there a dnsmasq directive similar to 'alias' that instead of rewriting IP addresses in the query reply, rewrites the domain in the query? So a query for foo.domain always results in a query for bar.domain? This is related to the idea of a CNAME, but the dnsmasq 'cname' directive is restricted to bar.domain being local. I'm looking for something that will work for domains that aren't locally controlled. The 'address' directive is also related, but the target needs to be a domain, or at least a cached lookup, and not a static IP. -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/ From richardvoigt at gmail.com Fri Dec 4 00:17:06 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Thu, 3 Dec 2009 18:17:06 -0600 Subject: [Dnsmasq-discuss] DNS pattern response In-Reply-To: <4B184054.80408@laganowski.net> References: <4B184054.80408@laganowski.net> Message-ID: <2e59e6970912031617g39143f9awc35b598f4eee3b71@mail.gmail.com> I think you're going about this the wrong way. Use the DHCP option "auto-proxy-config" to control the URL browsers use for auto-proxy. Spoofing addresses in other domains doesn't solve any problems, it only creates more (and is borderline illegal in many areas). On Thu, Dec 3, 2009 at 4:48 PM, Eric Laganowski wrote: > I guess I am not communicating this well. > The desired dnsmasq behavior would be to reply, say, with 192.168.1.1 to any request starting with "wpad.", not just local domain, so if, say my domain is domain.local, dnsmasq responds with 192.168.1.1 to both wpad.domain.local and wpad.google.com > > -Eric > > Date: Wed, 2 Dec 2009 12:52:35 -0430 > From: Santiago Zarate > Subject: Re: [Dnsmasq-discuss] DNS pattern response > To: dnsmasq-discuss at lists.thekelleys.org.uk > Message-ID: <200912021252.35536.santiago at zarate.net.ve> > Content-Type: Text/Plain; ?charset="us-ascii" > > i guess you can use a cname record... > address=/wpad.mydomain.net/10.40.60.90 > cname=wpad,wpad.mydomain.net > > tho... i'm pretty sure that cname=wpad,10.40.60.90 will also work... > > > -- Santiago Zarate santiago at zarate.net.ve (+58) 4129864175 (+58) 4241073905 > > > Date: Wed, 2 Dec 2009 11:45:57 -0500 > From: Eric Laganowski > Subject: [Dnsmasq-discuss] DNS pattern response > To: > Message-ID: > Content-Type: text/plain; charset="iso-8859-1" > > > Hi! > > I am playing with browser proxy autodiscovery feature and would like dnsmasq to reply with a certain IP address to any DNS query starting with "wpad.", any domain might follow. > Is it possible to accomplish this with dnsmasq? > > -Eric > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From richardvoigt at gmail.com Fri Dec 4 00:18:35 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Thu, 3 Dec 2009 18:18:35 -0600 Subject: [Dnsmasq-discuss] query rewriting In-Reply-To: <4B184C9F.1040705@gmail.com> References: <4B184C9F.1040705@gmail.com> Message-ID: <2e59e6970912031618j552db0f5y83a31aeee530e13@mail.gmail.com> Spoofing addresses in other people's domains doesn't solve any problems, it only creates more (and is borderline illegal in many areas). What are you trying to accomplish? On Thu, Dec 3, 2009 at 5:41 PM, Tom Metro wrote: > Is there a dnsmasq directive similar to 'alias' that instead of > rewriting IP addresses in the query reply, rewrites the domain in the > query? So a query for foo.domain always results in a query for bar.domain? > > This is related to the idea of a CNAME, but the dnsmasq 'cname' > directive is restricted to bar.domain being local. I'm looking for > something that will work for domains that aren't locally controlled. The > 'address' directive is also related, but the target needs to be a > domain, or at least a cached lookup, and not a static IP. > > ?-Tom > > -- > Tom Metro > Venture Logic, Newton, MA, USA > "Enterprise solutions through open source." > Professional Profile: http://tmetro.venturelogic.com/ > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From eric at laganowski.net Fri Dec 4 03:45:26 2009 From: eric at laganowski.net (Eric Laganowski) Date: Thu, 03 Dec 2009 22:45:26 -0500 Subject: [Dnsmasq-discuss] DNS pattern response In-Reply-To: <2e59e6970912031617g39143f9awc35b598f4eee3b71@mail.gmail.com> References: <4B184054.80408@laganowski.net> <2e59e6970912031617g39143f9awc35b598f4eee3b71@mail.gmail.com> Message-ID: <4B1885D6.1050105@laganowski.net> Well, while legal advice is always appreciated that was not what I was asking for. I was asking about a specific feature of dnsmasq and I am still at a loss whether it is possible to accomplish what I was looking for or not. On a side note, DHCP option 252 is not supported by Firefox, that is way I am forced to explore other options. Thanks, Eric richardvoigt at gmail.com wrote: > I think you're going about this the wrong way. Use the DHCP option > "auto-proxy-config" to control the URL browsers use for auto-proxy. > Spoofing addresses in other domains doesn't solve any problems, it > only creates more (and is borderline illegal in many areas). > > On Thu, Dec 3, 2009 at 4:48 PM, Eric Laganowski wrote: > >> I guess I am not communicating this well. >> The desired dnsmasq behavior would be to reply, say, with 192.168.1.1 to any request starting with "wpad.", not just local domain, so if, say my domain is domain.local, dnsmasq responds with 192.168.1.1 to both wpad.domain.local and wpad.google.com >> >> -Eric >> >> Date: Wed, 2 Dec 2009 12:52:35 -0430 >> From: Santiago Zarate >> Subject: Re: [Dnsmasq-discuss] DNS pattern response >> To: dnsmasq-discuss at lists.thekelleys.org.uk >> Message-ID: <200912021252.35536.santiago at zarate.net.ve> >> Content-Type: Text/Plain; charset="us-ascii" >> >> i guess you can use a cname record... >> address=/wpad.mydomain.net/10.40.60.90 >> cname=wpad,wpad.mydomain.net >> >> tho... i'm pretty sure that cname=wpad,10.40.60.90 will also work... >> >> >> -- Santiago Zarate santiago at zarate.net.ve (+58) 4129864175 (+58) 4241073905 >> >> >> Date: Wed, 2 Dec 2009 11:45:57 -0500 >> From: Eric Laganowski >> Subject: [Dnsmasq-discuss] DNS pattern response >> To: >> Message-ID: >> Content-Type: text/plain; charset="iso-8859-1" >> >> >> Hi! >> >> I am playing with browser proxy autodiscovery feature and would like dnsmasq to reply with a certain IP address to any DNS query starting with "wpad.", any domain might follow. >> Is it possible to accomplish this with dnsmasq? >> >> -Eric >> >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss at lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> >> From perette at barella.org Fri Dec 4 04:06:32 2009 From: perette at barella.org (Perette Barella) Date: Thu, 3 Dec 2009 23:06:32 -0500 Subject: [Dnsmasq-discuss] DNS pattern response In-Reply-To: <4B1885D6.1050105@laganowski.net> References: <4B184054.80408@laganowski.net> <2e59e6970912031617g39143f9awc35b598f4eee3b71@mail.gmail.com> <4B1885D6.1050105@laganowski.net> Message-ID: I think there's a misunderstanding on how the WPAD DNS version operates. The "wpad.domain.localnet" is used by the browser at startup to locate the proxy configuration file which applies to all domains. You don't need a separate wpad.google.com and wpad.amazon.com for every domain users are trying to connect to. If for some reason your local hosts are configured with different domain names (and therefore looking up wpad.google.com or wpad.amazon.com), I think we need more explanation on just what strangeness you've got going on. Perette You can do the same thing by On 2009?12?03?, at 22:45, Eric Laganowski wrote: > Well, while legal advice is always appreciated that was not what I was > asking for. > I was asking about a specific feature of dnsmasq and I am still at a > loss whether it is possible to accomplish what I was looking for or not. > > On a side note, DHCP option 252 is not supported by Firefox, that is way > I am forced to explore other options. > > Thanks, > Eric > > richardvoigt at gmail.com wrote: >> I think you're going about this the wrong way. Use the DHCP option >> "auto-proxy-config" to control the URL browsers use for auto-proxy. >> Spoofing addresses in other domains doesn't solve any problems, it >> only creates more (and is borderline illegal in many areas). >> >> On Thu, Dec 3, 2009 at 4:48 PM, Eric Laganowski wrote: >> >>> I guess I am not communicating this well. >>> The desired dnsmasq behavior would be to reply, say, with 192.168.1.1 to any request starting with "wpad.", not just local domain, so if, say my domain is domain.local, dnsmasq responds with 192.168.1.1 to both wpad.domain.local and wpad.google.com >>> >>> -Eric >>> >>> Date: Wed, 2 Dec 2009 12:52:35 -0430 >>> From: Santiago Zarate >>> Subject: Re: [Dnsmasq-discuss] DNS pattern response >>> To: dnsmasq-discuss at lists.thekelleys.org.uk >>> Message-ID: <200912021252.35536.santiago at zarate.net.ve> >>> Content-Type: Text/Plain; charset="us-ascii" >>> >>> i guess you can use a cname record... >>> address=/wpad.mydomain.net/10.40.60.90 >>> cname=wpad,wpad.mydomain.net >>> >>> tho... i'm pretty sure that cname=wpad,10.40.60.90 will also work... >>> >>> >>> -- Santiago Zarate santiago at zarate.net.ve (+58) 4129864175 (+58) 4241073905 >>> >>> >>> Date: Wed, 2 Dec 2009 11:45:57 -0500 >>> From: Eric Laganowski >>> Subject: [Dnsmasq-discuss] DNS pattern response >>> To: >>> Message-ID: >>> Content-Type: text/plain; charset="iso-8859-1" >>> >>> >>> Hi! >>> >>> I am playing with browser proxy autodiscovery feature and would like dnsmasq to reply with a certain IP address to any DNS query starting with "wpad.", any domain might follow. >>> Is it possible to accomplish this with dnsmasq? >>> >>> -Eric From simon at thekelleys.org.uk Fri Dec 4 10:29:34 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Fri, 04 Dec 2009 10:29:34 +0000 Subject: [Dnsmasq-discuss] DNS pattern response In-Reply-To: <4B184054.80408@laganowski.net> References: <4B184054.80408@laganowski.net> Message-ID: <4B18E48E.9090509@thekelleys.org.uk> Eric Laganowski wrote: > I guess I am not communicating this well. The desired dnsmasq > behavior would be to reply, say, with 192.168.1.1 to any request > starting with "wpad.", not just local domain, so if, say my domain is > domain.local, dnsmasq responds with 192.168.1.1 to both > wpad.domain.local and wpad.google.com > > -Eric That's not possible. If one wanted to implement it, the logical way would be to do full regexp pattern matching on the domains. That has been suggested in the past, but I've always resisted it on the grounds that it's overkill. For wpad, the browser will always append a domain, I think. Can you not just enumerate all the possible domains? Agreed that DHCP would be better way to do this, but also agreed that it don't work on firefox (mainly because Linux lacks an API to the DHCP system than firefox can use, and the standards for DHCP say you need to send DHCPINFORM packets from a privileged port, which makes doing so from process run by an ordinary user impossible.) Simon. From simon at thekelleys.org.uk Fri Dec 4 11:17:09 2009 From: simon at thekelleys.org.uk (Simon Kelley) Date: Fri, 04 Dec 2009 11:17:09 +0000 Subject: [Dnsmasq-discuss] query rewriting In-Reply-To: <4B184C9F.1040705@gmail.com> References: <4B184C9F.1040705@gmail.com> Message-ID: <4B18EFB5.5080204@thekelleys.org.uk> Tom Metro wrote: > Is there a dnsmasq directive similar to 'alias' that instead of > rewriting IP addresses in the query reply, rewrites the domain in the > query? So a query for foo.domain always results in a query for bar.domain? > > This is related to the idea of a CNAME, but the dnsmasq 'cname' > directive is restricted to bar.domain being local. I'm looking for > something that will work for domains that aren't locally controlled. The > 'address' directive is also related, but the target needs to be a > domain, or at least a cached lookup, and not a static IP. > > -Tom > There's no way to do that, and it would be very difficult to provide one for the following reason. Dnsmasq doesn't store a query when it forwards it: it keeps the minimum amount of information needed to recognise the reply and send it back to the original requestor. If the domain was re-written before forwarding, there would be no-way to restore the original question before returning the answer. The original requestor would therefore get an answer to a different question than the one it asked, and ignore it. Sorry. Simon. From redbully at cc.hs-owl.de Fri Dec 4 11:33:45 2009 From: redbully at cc.hs-owl.de (Jan 'RedBully' Seiffert) Date: Fri, 04 Dec 2009 12:33:45 +0100 Subject: [Dnsmasq-discuss] DNS pattern response In-Reply-To: <4B18E48E.9090509@thekelleys.org.uk> References: <4B184054.80408@laganowski.net> <4B18E48E.9090509@thekelleys.org.uk> Message-ID: <4B18F399.7020909@cc.hs-owl.de> Simon Kelley schrieb: > Eric Laganowski wrote: >> I guess I am not communicating this well. The desired dnsmasq >> behavior would be to reply, say, with 192.168.1.1 to any request >> starting with "wpad.", not just local domain, so if, say my domain is >> domain.local, dnsmasq responds with 192.168.1.1 to both >> wpad.domain.local and wpad.google.com >> >> -Eric > > That's not possible. If one wanted to implement it, the logical way > would be to do full regexp pattern matching on the domains. That has > been suggested in the past, but I've always resisted it on the grounds > that it's overkill. > But doesn't mean there is no patch. I have this laying around for some time, here for dnsmasq 2.50. This way one can write: address=/:^wpad\..*:/192.168.0.1 or something like that... Note: This patch is not that well tested... [snip] > > Simon. > Greetings Jan -- Miksch's Law: If a string has one end, then it has another end. -------------- next part -------------- A non-text attachment was scrubbed... Name: dnsmasq-2.50-regex.patch Type: text/x-patch Size: 5577 bytes Desc: not available Url : http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20091204/e1e6d4c8/attachment-0001.bin From richardvoigt at gmail.com Fri Dec 4 16:03:17 2009 From: richardvoigt at gmail.com (richardvoigt at gmail.com) Date: Fri, 4 Dec 2009 10:03:17 -0600 Subject: [Dnsmasq-discuss] DNS pattern response In-Reply-To: References: <4B184054.80408@laganowski.net> <2e59e6970912031617g39143f9awc35b598f4eee3b71@mail.gmail.com> <4B1885D6.1050105@laganowski.net> Message-ID: <2e59e6970912040803u74e9fa2l63a79cf0958013b2@mail.gmail.com> On Thu, Dec 3, 2009 at 10:06 PM, Perette Barella wrote: > I think there's a misunderstanding on how the WPAD DNS version operates. The "wpad.domain.localnet" is used by the browser at startup to locate the proxy configuration file which applies to all domains. ?You don't need a separate wpad.google.com and wpad.amazon.com for every domain users are trying to connect to. > > If for some reason your local hosts are configured with different domain names (and therefore looking up wpad.google.com or wpad.amazon.com), I think we need more explanation on just what strangeness you've got going on. In general, I think we can say that users who have ignored the DHCP-provided domain and configured their own intend to opt-out of wpad. Browser proxy settings are at the discretion of the user anyway, if you want a mandatory proxy setup you'll need to use iptables to accomplish that, not DNS. There's no need to wildcard match wpad hostnames, which are subject to user-side DNS caching anyway (a user who has configured for domain=google.com probably already has wpad.google.com cached and won't get information from dnsmasq). Any solution to this which involves DNS is inherently broken. > > Perette > > > You can do the same thing by > On 2009?12?03?, at 22:45, Eric Laganowski wrote: > >> Well, while legal advice is always appreciated that was not what I was >> asking for. >> I was asking about a specific feature of dnsmasq and I am still at a >> loss whether it is possible to accomplish what I was looking for or not. >> >> On a side note, DHCP option 252 is not supported by Firefox, that is way >> I am forced to explore other options. >> >> Thanks, >> Eric >> >> richardvoigt at gmail.com wrote: >>> I think you're going about this the wrong way. ?Use the DHCP option >>> "auto-proxy-config" to control the URL browsers use for auto-proxy. >>> Spoofing addresses in other domains doesn't solve any problems, it >>> only creates more (and is borderline illegal in many areas). >>> >>> On Thu, Dec 3, 2009 at 4:48 PM, Eric Laganowski wrote: >>> >>>> I guess I am not communicating this well. >>>> The desired dnsmasq behavior would be to reply, say, with 192.168.1.1 to any request starting with "wpad.", not just local domain, so if, say my domain is domain.local, dnsmasq responds with 192.168.1.1 to both wpad.domain.local and wpad.google.com >>>> >>>> -Eric >>>> >>>> Date: Wed, 2 Dec 2009 12:52:35 -0430 >>>> From: Santiago Zarate >>>> Subject: Re: [Dnsmasq-discuss] DNS pattern response >>>> To: dnsmasq-discuss at lists.thekelleys.org.uk >>>> Message-ID: <200912021252.35536.santiago at zarate.net.ve> >>>> Content-Type: Text/Plain; ?charset="us-ascii" >>>> >>>> i guess you can use a cname record... >>>> address=/wpad.mydomain.net/10.40.60.90 >>>> cname=wpad,wpad.mydomain.net >>>> >>>> tho... i'm pretty sure that cname=wpad,10.40.60.90 will also work... >>>> >>>> >>>> -- Santiago Zarate santiago at zarate.net.ve (+58) 4129864175 (+58) 4241073905 >>>> >>>> >>>> Date: Wed, 2 Dec 2009 11:45:57 -0500 >>>> From: Eric Laganowski >>>> Subject: [Dnsmasq-discuss] DNS pattern response >>>> To: >>>> Message-ID: >>>> Content-Type: text/plain; charset="iso-8859-1" >>>> >>>> >>>> Hi! >>>> >>>> I am playing with browser proxy autodiscovery feature and would like dnsmasq to reply with a certain IP address to any DNS query starting with "wpad.", any domain might follow. >>>> Is it possible to accomplish this with dnsmasq? >>>> >>>> -Eric > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From eric at laganowski.net Fri Dec 4 16:27:01 2009 From: eric at laganowski.net (Eric Laganowski) Date: Fri, 04 Dec 2009 11:27:01 -0500 Subject: [Dnsmasq-discuss] DNS pattern response In-Reply-To: <2e59e6970912040803u74e9fa2l63a79cf0958013b2@mail.gmail.com> References: <4B184054.80408@laganowski.net> <2e59e6970912031617g39143f9awc35b598f4eee3b71@mail.gmail.com> <4B1885D6.1050105@laganowski.net> <2e59e6970912040803u74e9fa2l63a79cf0958013b2@mail.gmail.com> Message-ID: <4B193855.2060201@laganowski.net> richardvoigt at gmail.com wrote: > On Thu, Dec 3, 2009 at 10:06 PM, Perette Barella wrote: > >> I think there's a misunderstanding on how the WPAD DNS version operates. The "wpad.domain.localnet" is used by the browser at startup to locate the proxy configuration file which applies to all domains. You don't need a separate wpad.google.com and wpad.amazon.com for every domain users are trying to connect to. >> >> If for some reason your local hosts are configured with different domain names (and therefore looking up wpad.google.com or wpad.amazon.com), I think we need more explanation on just what strangeness you've got going on. >> > > In general, I think we can say that users who have ignored the > DHCP-provided domain and configured their own intend to opt-out of > wpad. Browser proxy settings are at the discretion of the user > anyway, if you want a mandatory proxy setup you'll need to use > iptables to accomplish that, not DNS. > > There's no need to wildcard match wpad hostnames, which are subject to > user-side DNS caching anyway (a user who has configured for > domain=google.com probably already has wpad.google.com cached and > won't get information from dnsmasq). > > Any solution to this which involves DNS is inherently broken. Guys, all I want to do is to be able to use my company-provided laptop at home which has proxy in the network. It is configured with a different domain than my local subnet for obvious reasons. DHCP was tested and confirmed to work properly with MSIE. FF does not work as it relies purely on DNS (wpad). The idea is to make this as transparent as possible. -Eric From eric at laganowski.net Fri Dec 4 16:29:04 2009 From: eric at laganowski.net (Eric Laganowski) Date: Fri, 04 Dec 2009 11:29:04 -0500 Subject: [Dnsmasq-discuss] DNS pattern response In-Reply-To: <4B18F399.7020909@cc.hs-owl.de> References: <4B184054.80408@laganowski.net> <4B18E48E.9090509@thekelleys.org.uk> <4B18F399.7020909@cc.hs-owl.de> Message-ID: <4B1938D0.2030502@laganowski.net> Jan 'RedBully' Seiffert wrote: > Simon Kelley schrieb: > >> Eric Laganowski wrote: >> >>> I guess I am not communicating this well. The desired dnsmasq >>> behavior would be to reply, say, with 192.168.1.1 to any request >>> starting with "wpad.", not just local domain, so if, say my domain is >>> domain.local, dnsmasq responds with 192.168.1.1 to both >>> wpad.domain.local and wpad.google.com >>> >>> -Eric >>> >> That's not possible. If one wanted to implement it, the logical way >> would be to do full regexp pattern matching on the domains. That has >> been suggested in the past, but I've always resisted it on the grounds >> that it's overkill. >> >> > > But doesn't mean there is no patch. > I have this laying around for some time, here for dnsmasq 2.50. > > This way one can write: > address=/:^wpad\..*:/192.168.0.1 > or something like that... > Jan, I appreciate your response. Will test is as soon as possible and provide with a feedback. Thanks, Eric From santiago at zarate.net.ve Fri Dec 4 17:18:27 2009 From: santiago at zarate.net.ve (Santiago Zarate) Date: Fri, 4 Dec 2009 12:48:27 -0430 Subject: [Dnsmasq-discuss] DNS pattern response In-Reply-To: <4B193855.2060201@laganowski.net> References: <4B184054.80408@laganowski.net> <2e59e6970912031617g39143f9awc35b598f4eee3b71@mail.gmail.com> <4B1885D6.1050105@laganowski.net> <2e59e6970912040803u74e9fa2l63a79cf0958013b2@mail.gmail.com> <4B193855.2060201@laganowski.net> Message-ID: add an IPTABLES rule.... and that's it.. if i'm not mistaken: # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT Taken from here: http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html 2009/12/4 Eric Laganowski : > richardvoigt at gmail.com wrote: >> On Thu, Dec 3, 2009 at 10:06 PM, Perette Barella wrote: >> >>> I think there's a misunderstanding on how the WPAD DNS version operates. The "wpad.domain.localnet" is used by the browser at startup to locate the proxy configuration file which applies to all domains. ?You don't need a separate wpad.google.com and wpad.amazon.com for every domain users are trying to connect to. >>> >>> If for some reason your local hosts are configured with different domain names (and therefore looking up wpad.google.com or wpad.amazon.com), I think we need more explanation on just what strangeness you've got going on. >>> >> >> In general, I think we can say that users who have ignored the >> DHCP-provided domain and configured their own intend to opt-out of >> wpad. ?Browser proxy settings are at the discretion of the user >> anyway, if you want a mandatory proxy setup you'll need to use >> iptables to accomplish that, not DNS. >> >> There's no need to wildcard match wpad hostnames, which are subject to >> user-side DNS caching anyway (a user who has configured for >> domain=google.com probably already has wpad.google.com cached and >> won't get information from dnsmasq). >> >> Any solution to this which involves DNS is inherently broken. > Guys, all I want to do is to be able to use my company-provided laptop > at home which has proxy in the network. It is configured with a > different domain than my local subnet for obvious reasons. > DHCP was tested and confirmed to work properly with MSIE. FF does not > work as it relies purely on DNS (wpad). The idea is to make this as > transparent as possible. > > -Eric > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss at lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > From b-morgan at concentric.net Fri Dec 4 17:30:54 2009 From: b-morgan at concentric.net (Brad Morgan) Date: Fri, 4 Dec 2009 10:30:54 -0700 Subject: [Dnsmasq-discuss] DNS pattern response In-Reply-To: <4B193855.2060201@laganowski.net> References: <4B184054.80408@laganowski.net> <2e59e6970912031617g39143f9awc35b598f4eee3b71@mail.gmail.com> <4B1885D6.1050105@laganowski.net> <2e59e6970912040803u74e9fa2l63a79cf0958013b2@mail.gmail.com> <4B193855.2060201@laganowski.net> Message-ID: <003301ca7507$8dae4630$a90ad290$@net> > Guys, all I want to do is to be able to use my company-provided laptop > at home which has proxy in the network. It is configured with a > different domain than my local subnet for obvious reasons. > DHCP was tested and confirmed to work properly with MSIE. FF does not > work as it relies purely on DNS (wpad). The idea is to make this as > transparent as possible. I think you need two things. First, an DNS entry on your home network that resolves wpad.company.network to a local address. Second, at that address, you need to provide a web server that serves up a proxy configuration file that basically says bypass the proxy for everything. Here's an example proxy.pac file: function FindProxyForURL(url, host) { /* ** Proxy configuration file ** ** Comment out the alert statements by adding // at the ** beginning of the line. */ // alert("url= " + url); // alert("host= " + host); if (isPlainHostName(host)) { // alert("host= " + host + " return= DIRECT (isPlainHostName)"); return "DIRECT"; } if (isInNet(host, "192.168.0.0", "255.255.255.0")) { // For testing at home. // alert("host= " + host + " return= DIRECT (isInNet)"); return "DIRECT"; } // alert("host= " + host + " return= PROXY"); return "PROXY 192.168.0.100:3180"; // Proxy for testing at home } From eric at laganowski.net Fri Dec 4 17:40:53 2009 From: eric at laganowski.net (Eric Laganowski) Date: Fri, 04 Dec 2009 12:40:53 -0500 Subject: [Dnsmasq-discuss] DNS pattern response In-Reply-To: References: <4B184054.80408@laganowski.net> <2e59e6970912031617g39143f9awc35b598f4eee3b71@mail.gmail.com> <4B1885D6.1050105@laganowski.net>