<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<div class="moz-cite-prefix">Hi</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Oooh! I really like the idea of this!
However, I would prefer it to be optional... (or have some way to
set a minimum timeout)<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">I'm using ipsets for a couple of
purposes, one is stuff like categorising IPs to upstream usage.
However, in practice most large service providers have stupidly
low timeouts set on their DNS (1 min or 3 mins), and this means in
practice we see very little caching and in some of my use cases,
DNS can be a major fraction of all bandwidth used. So for one of
my use cases I don't mind if the IP list is a little stale (few
hours say) since a) it's unlikely to actually happen in practice
and b) having a few extra open IP addresses in the firewall isn't
a probable issue since they are unlikely to leak to some other use
case in those few hours and c) most big name apps seem to trigger
a fresh DNS check when something goes wrong, so there is a good
chance of stale stuff sorting itself out without the user
particularly noticing more than a minor glitch</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">For this reason and more I've set min
TTLs on a bunch of major app service entries. Bandwidth costs are
high for my use case and extra DNS traffic can be thousands of
dollars a month <br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Please do continue this development
though!</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Thanks</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Ed W</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 17/09/2020 08:06, Roderick Groesbeek
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:HE1PR0202MB28432D2FB2BBF00C3B3E3089FE3E0@HE1PR0202MB2843.eurprd02.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.E-mailStijl17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi List,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Ipset supports a concept of ‘aging’
entries, like:<o:p></o:p></p>
<p class="MsoNormal">~~<o:p></o:p></p>
<p class="MsoNormal"
style="background:white;vertical-align:baseline"><span
style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Examples
from </span><span
style="font-size:10.0pt;font-family:Consolas;color:#242729;border:none
windowtext 1.0pt;padding:0in">ipset(8)</span><span
style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">:<o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span
style="font-size:10.0pt;font-family:Consolas;border:none
windowtext 1.0pt;padding:0in">ipset create test hash:ip
timeout 300</span><span
style="font-size:10.0pt;font-family:Consolas;border:none
windowtext 1.0pt;padding:0in"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span
style="font-size:10.0pt;font-family:Consolas;border:none
windowtext 1.0pt;padding:0in">ipset add test 192.168.0.1
timeout 60<o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span
style="font-size:10.0pt;font-family:Consolas;border:none
windowtext 1.0pt;padding:0in">ipset -exist add test
192.168.0.1 timeout 600</span><span
style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal">~~<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Dnsmasq supports a concept of adding
entries to ipset<o:p></o:p></p>
<p class="MsoNormal">~~<o:p></o:p></p>
<p class="MsoNormal">ipset=/.wearetriple.com/p1_afkl_http_https_test<o:p></o:p></p>
<p class="MsoNormal">~~<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">However the timeout functionality is not
implemented in the current DNSMASQ implementation.<o:p></o:p></p>
<p class="MsoNormal">Using the DNS TTL as an IPSET TIMEOUT would
seem natural…<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Would this be right construct, to support
that behavior?<o:p></o:p></p>
<p class="MsoNormal">ATTR_DATA followed by the IP or TIMEOUT
value in the nested construct?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">~~<o:p></o:p></p>
<p class="MsoNormal"> proto = IPSET_PROTOCOL;<o:p></o:p></p>
<p class="MsoNormal"> add_attr(nlh, IPSET_ATTR_PROTOCOL,
sizeof(proto), &proto);<o:p></o:p></p>
<p class="MsoNormal"> add_attr(nlh, IPSET_ATTR_SETNAME,
strlen(setname) + 1, setname);<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> nested[0] = (struct my_nlattr *)(buffer +
NL_ALIGN(nlh->nlmsg_len));<o:p></o:p></p>
<p class="MsoNormal"> nlh->nlmsg_len +=
NL_ALIGN(sizeof(struct my_nlattr));<o:p></o:p></p>
<p class="MsoNormal"> nested[0]->nla_type = NLA_F_NESTED |
IPSET_ATTR_DATA;<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> nested[1] = (struct my_nlattr *)(buffer +
NL_ALIGN(nlh->nlmsg_len));<o:p></o:p></p>
<p class="MsoNormal"> nlh->nlmsg_len +=
NL_ALIGN(sizeof(struct my_nlattr));<o:p></o:p></p>
<p class="MsoNormal"> nested[1]->nla_type = NLA_F_NESTED |
IPSET_ATTR_IP;<o:p></o:p></p>
<p class="MsoNormal"> <span lang="NL">add_attr(nlh,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="NL"> (af == AF_INET ?
IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6) |
NLA_F_NET_BYTEORDER,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="NL"> </span>addrsz,
ipaddr);<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> nested[2] = (struct my_nlattr *)(buffer +
NL_ALIGN(nlh->nlmsg_len));<o:p></o:p></p>
<p class="MsoNormal"> nlh->nlmsg_len +=
NL_ALIGN(sizeof(struct my_nlattr));<o:p></o:p></p>
<p class="MsoNormal"> nested[2]->nla_type = NLA_F_NESTED |
IPSET_ATTR_DATA;<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> nested[3] = (struct my_nlattr *)(buffer +
NL_ALIGN(nlh->nlmsg_len));<o:p></o:p></p>
<p class="MsoNormal"> nlh->nlmsg_len +=
NL_ALIGN(sizeof(struct my_nlattr));<o:p></o:p></p>
<p class="MsoNormal"> nested[3]->nla_type = NLA_F_NESTED |
IPSET_ATTR_TIMEOUT;<o:p></o:p></p>
<p class="MsoNormal"> add_attr(nlh, IPSET_ATTR_TIMEOUT |
NLA_F_NET_BYTEORDER, sizeof(attl), &attl);<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> nested[3]->nla_len = (void *)buffer +
NL_ALIGN(nlh->nlmsg_len) - (void *)nested[3];<o:p></o:p></p>
<p class="MsoNormal"> nested[2]->nla_len = (void *)buffer +
NL_ALIGN(nlh->nlmsg_len) - (void *)nested[2];<o:p></o:p></p>
<p class="MsoNormal"> nested[1]->nla_len = (void *)buffer +
NL_ALIGN(nlh->nlmsg_len) - (void *)nested[1];<o:p></o:p></p>
<p class="MsoNormal"> nested[0]->nla_len = (void *)buffer +
NL_ALIGN(nlh->nlmsg_len) - (void *)nested[0];<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> while (retry_send(sendto(ipset_sock,
buffer, nlh->nlmsg_len, 0,<o:p></o:p></p>
<p class="MsoNormal"> (struct sockaddr
*)&snl, sizeof(snl))));<o:p></o:p></p>
<p class="MsoNormal">~~<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">sendto(3, {{len=88,
type=NFNL_SUBSYS_IPSET<<8|IPSET_CMD_ADD,
flags=NLM_F_REQUEST, seq=0, pid=0}, {nfgen_family=AF_INET,
version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=5,
nla_type=NFNETLINK_V1}, "\x06"}, {{nla_len=28, nla_type=0x2},
"\x70\x31\x5f\x61\x66\x6b\x6c\x5f\x68\x74\x74\x70\x5f\x68\x74\x74\x70\x73\x5f\x74\x65\x73\x74\x00"},
{{nla_len=32, nla_type=NLA_F_NESTED|0x7},
"\x1c\x00\x01\x80\x08\x00\x01\x40\x5d\xbb\x0d\xc8\x10\x00\x06\x80\x0c\x00\x06\x40\x0e\x00\x00\x00\x00\x00\x00\x00"}]},
88, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000},
12) = 88<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="line-height:9.0pt"><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black"
lang="NL">Met vriendelijke groet / Best regards,<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt"><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black"
lang="NL"> <o:p></o:p></span></p>
<table class="MsoNormalTable" style="width:300.0pt" width="400"
cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<td colspan="4" style="padding:0in 0in 0in 0in"
valign="top">
<p class="MsoNormal" style="line-height:20.0pt"><b><span
style="font-family:"Arial",sans-serif;color:#E6A732">Roderick
Groesbeek<o:p></o:p></span></b></p>
</td>
</tr>
<tr>
<td colspan="4" style="padding:0in 0in 0in 0in"
valign="top">
<p class="MsoNormal" style="line-height:11.0pt"><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">CTO<o:p></o:p></span></p>
</td>
</tr>
<tr style="height:9.0pt">
<td colspan="4" style="padding:0in 0in 0in
0in;height:9.0pt" valign="top"><br>
</td>
</tr>
<tr style="height:3.0pt">
<td style="width:75.0pt;background:#E6A732;padding:0in 0in
0in 0in;height:3.0pt" width="100" valign="top">
<br>
</td>
<td style="width:75.0pt;padding:0in 0in 0in
0in;height:3.0pt" width="100" valign="top">
<br>
</td>
<td style="width:75.0pt;padding:0in 0in 0in
0in;height:3.0pt" width="100" valign="top">
<br>
</td>
<td style="width:75.0pt;padding:0in 0in 0in
0in;height:3.0pt" width="100" valign="top">
<br>
</td>
</tr>
<tr style="height:9.0pt">
<td colspan="4" style="padding:0in 0in 0in
0in;height:9.0pt" valign="top"><br>
</td>
</tr>
<tr>
<td colspan="2" style="padding:0in 0in 0in 0in"
valign="top">
<p class="MsoNormal" style="line-height:16.0pt"><b><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">M:</span></b><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">
+31 6250 67917</span><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
</td>
<td colspan="2" style="padding:0in 0in 0in 0in"
valign="top">
<p class="MsoNormal" style="line-height:16.0pt"><b><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">O:</span></b><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">
<a href="tel:+31725129516" moz-do-not-send="true"><span
style="color:black">+31 72 512 95 16</span></a><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td colspan="2" style="padding:0in 0in 0in 0in"
valign="top">
<p class="MsoNormal" style="line-height:16.0pt"><b><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">E:</span></b><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">
<a href="mailto:r.groesbeek@wearetriple.com"
moz-do-not-send="true"><span style="color:#0563C1">r.groesbeek@wearetriple.com</span></a><o:p></o:p></span></p>
</td>
<td colspan="2" style="padding:0in 0in 0in 0in"
valign="top">
<p class="MsoNormal" style="line-height:16.0pt"><b><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">W:</span></b><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">
<a href="http://www.wearetriple.com/"
moz-do-not-send="true"><span style="color:black">www.wearetriple.com</span></a><o:p></o:p></span></p>
</td>
</tr>
<tr style="height:9.0pt">
<td colspan="4" style="padding:0in 0in 0in
0in;height:9.0pt" valign="top"><br>
</td>
</tr>
<tr>
<td colspan="4" style="padding:0in 0in 0in 0in"
valign="top">
<p class="MsoNormal" style="line-height:10.0pt"><span
style="font-size:8.0pt;font-family:"Arial",sans-serif;color:#999999">Triple
| Keesomstraat 10E | 1821 BS | Alkmaar | The
Netherlands</span><span
style="font-size:8.0pt;font-family:"Arial",sans-serif;color:#999999"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Dnsmasq-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.thekelleys.org.uk</a>
<a class="moz-txt-link-freetext" href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a>
</pre>
</blockquote>
<p><br>
</p>
</body>
</html>