headers
Modem Man | 25 May 15:00
Picon

release for debian / ARMv5?

Can anyone tell me, if and where I can get a Debian "testing" version of
IPv6 enabled DnsMasq for Squeeze 2.6.38.8 armv5tel?
I don't like to compile it by myself, so I hope anybody here has contact
to the .deb packet maintainer here , or just knows about the state.

Same question aplies for SlugOS/LE 5.3 (2.6.27.8) from Optware with:
    Dnsmasq version 2.47  Copyright (C) 2000-2009 Simon Kelley
    Compile time options IPv6 GNU-getopt no-DBus no-I18N TFTP

regards,
MM
Permalink | Reply | 1 comment |
headers
Jan-Piet Mens | 25 May 13:17
Picon

A (possibly bad) idea: failover in dnsmasq

Starting just a few days before the day the machine running dnsmasq in
my SOHO died, I was giving some thought to how I'd go about ensuring
a backup copy of dnsmasq could take over if my only running instance
died. Needless to say, the death of the machine left my small network in
shambles, because I couldn't connect to anything to fix things without
first configuring temporary static addresses; sans DHCP, stuff fails... :)

I'm anything but a DHCP specialist, but I want to bounce this idea off
you anyway, even if you mind. ;-)

The trick, as I understand it, in setting up more than a single dnsmasq
instance in a network, is to ensure that it uses --dhcp-script to STORE
the leases and --leasefile-ro to force the script to produce a list of
current leases ("init") from which a launching dnsmasq obtains its data
before going on its usual business.

If we were able to ensure the "data store" (i.e. lease database) were
available on two machines A and B (and up to date on both of course) the
solution would be easy, except for the fact that dnsmasq does not LOOKUP
(i.e. query) for a lease in the data store except upon startup.

I'm thinking along the lines of having a function lease_query() in
lease.c which dnsmasq invokes to determine whether a lease exists before
issuing a new lease for a device.

Being very lightweight, dnsmasq must not be bloated by having a huge
MySQL or other database attached to it. I've been searching the
Internets and finally landed upon Tokyo Tryant [1] which I've discussed a
long time ago [2].
(Continue reading)

Permalink | Reply | 4 comments |
headers
Gerd Koenig | 24 May 12:44
Gravatar

dnsmasq and sshfp records

Hi List,


I'm currently looking for a solution to provide ssh-keys via DNS. Seems like sshfp records will solve this issue ... so far so good.
Since we are using dnsmasq as dns/dhcp/pxe-server I wanted to ask how to put the generated sshfp records into dnsmasq ???
After searching for a while I got only guides for "how to create sshfp records" or things like "put your sshfp records into dns"....not that helpful.

Can somebody enlighten me if it is possible to offer ssh keys via dnsmasq, and how to configure it ?

I tried it similar to the TXT-Records, therefore I created a config-file sshfp.conf and inserted:
""
myhost SSHFP 1 1 cbe4...c6dc
myhost SSHFP 2 1 20ea...b241
""
But if I want to start dnsmasq I got the error:
""
Starting DNS forwarder and DHCP server: dnsmasq
dnsmasq: bad option at line 1 of /etc/dnsmasq.d/sshfp.conf
 failed!
""


any help appreciated...: Gerd :....

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@...
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Permalink | Reply | 7 comments |
headers
Sen Haerens | 22 May 12:51
Picon
Favicon
Gravatar

Dhcp discover client source ip not 0.0.0.0

Greetings,

I have a Netgear switch that is unable to acquire a DHCP lease. The
DHCP discover request is not replied according to dnsmasq & tcpdump
log. I guess the UDP src ip is a violation of the RFC.

11:26:06.106723 IP (tos 0x0, ttl 64, id 380, offset 0, flags [none],
proto UDP (17), length 281)
   192.168.0.239.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP,
Request from 74:44:01:78:e1:ed, length 253, xid 0x8274d270, Flags
[Broadcast] (0x8000)
         Client-Ethernet-Address 74:44:01:78:e1:ed
         Vendor-rfc1048 Extensions
           Magic Cookie 0x63825363
           DHCP-Message Option 53, length 1: Discover
           MSZ Option 57, length 2: 576
           Parameter-Request Option 55, length 3:
             Subnet-Mask, Default-Gateway, Domain-Name-Server

If I add a route for this IP range on the server the problem is fixed.
sudo route add -net 192.168.0.0 netmask 255.255.255.0 dev vlan20

Shouldn't the broadcast flag in the DHCP request take care of this situation?
Thank you for your assistance.

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss <at> lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Permalink | Reply | 6 comments |
headers
Oliver Rath | 21 May 17:25
Picon
Favicon

dnsmasq init fails first start on ubuntu 12.04

Hi list,

Im using the 12.04 Ubuntu dnsmasq build (2.59).

If the computer starts, dnsmasq will be started, but no functionality
seemes working.

After killing the dnsmasq-process and restarting the service in this way:

killall dnsmasq
service dnsmasq restart

all runs fine. The configuration is stored in /etc/dnsmasq.conf

Has somebody similar experience and know how to avoid the restart after
boot?

TfH
Oliver
Permalink | Reply | 0 comments |
headers
Marien Zwart | 21 May 15:14
Picon

dnsmasq-2.61 not responding to ipv6 router solicitation requests

Hi,

Running dnsmasq-2.61 as just a DNS server and ipv6 router advertisement
daemon, with the following configuration:

domain-needed
bogus-priv
no-dhcp-interface=sixxs
no-dhcp-interface=eth1
no-dhcp-interface=eth0
domain=marienz.net
dhcp-range=2001:610:788::, slaac
enable-ra

it sends periodic router advertisement packets just fine, according to
syslog:

dnsmasq-dhcp[14136]: RTR-ADVERT(br0) 2001:610:788::

and other systems on the network eventually respond to those, but their
router solicitation packets seem to be getting ignored (network traffic
capture did see them arrive on the host dnsmasq runs on, but no response
is sent).

I think this is at least partially caused by a bug in dnsmasq.c: the
main loop only calls icmp6_packet if daemon->dhcp6 is non-NULL, but
dnsmasq should respond to icmp6 packets if it's providing just RA
services (no dhcpv6) too. That is: I think dnsmasq.c needs something
like this:

diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 1b951f0..11c2d73 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -849,14 +849,11 @@ int main (int argc, char **argv)
 	}

 #ifdef HAVE_DHCP6
-      if (daemon->dhcp6)
-	{
-	  if (FD_ISSET(daemon->dhcp6fd, &rset))
-	    dhcp6_packet(now);
+      if (daemon->dhcp6 && FD_ISSET(daemon->dhcp6fd, &rset))
+	  dhcp6_packet(now);

-	  if (daemon->ra_contexts && FD_ISSET(daemon->icmp6fd, &rset))
-	    icmp6_packet();
-	}
+      if (daemon->ra_contexts && FD_ISSET(daemon->icmp6fd, &rset))
+	  icmp6_packet();
 #endif

 #  ifdef HAVE_SCRIPT

This brings this bit of code in line with other code in dnsmasq.c that
touches dhcp6fd and icmp6fd. I've also confirmed daemon->dhcp6 really is
NULL in my problematic dnsmasq instance.

Unfortunately this has not yet made my dnsmasq respond to router
solicitation requests. Is there some known problem I might be hitting?

Thanks,

--

-- 
Marien Zwart

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@...
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Permalink | Reply | 4 comments |
headers
Ian Rose | 21 May 12:34
Picon

DHCP message

Is it possible to send a message to the client device when an IP address is allocated via DHCP? This would only be a static info message for my purposes, and it wouldn't matter much if some clients didn't support showing it and so ignored it.

Apparently Apple Wi-Fi routers do this, but I'm not sure if this is a vendor-specific addition or something that other DHCP servers are capable of too.

Thanks.

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@...
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Permalink | Reply | 2 comments |
headers
Oliver Rath | 18 May 14:09
Picon
Favicon

standard gateway as Forwarding DNS-ip?

Hi list,

my dnsmasq doesnt forward DNS-queries correctly. The goal is, that
dnsmasq takes the standard-gateway of dhcp as forwarding address for
dns-requests. But this didnt work here.

If I put an additional dns-server in /var/run/dnsmasq/resolv.conf, it
runs fine, but this is not the right way, because i dont know at
starttime the name of my standard-gateway.

Whats wrong?

I have a simple configuration here for dnsmasq:
--------------
except-interface=wlan0
dhcp-range=192.168.97.50,192.168.97.150,255.255.255.0,12h
log-queries
--------------

Starting the dnsmasq creates the folloiwing entry in /etc/resolv.conf:
--------------
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
--------------

The server hast the ipadress 192.168.11.254 (eth0) and (should) forward
to 192.168.172.1 via wlan0

--------------
# route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.172.1 0.0.0.0 UG 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0
192.168.97.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.172.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0
--------------

Now the forwarding is finished by setting forwarding parameter and
Masquerading rule:
--------------
# cat /proc/sys/net/ipv4/ip_forward
1
# iptables -t nat -L
[..]
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
--------------

Here the starting log:
--------------
May 18 13:58:14 dnsmasq[3092]: last message repeated 7 times
May 18 13:58:14 dmi-ThinkPad-T500 dnsmasq[3092]: reading
/var/run/dnsmasq/resolv.conf
May 18 13:58:14 dmi-ThinkPad-T500 dnsmasq[3092]: ignoring nameserver
127.0.0.1 - local interface
May 18 13:58:14 dmi-ThinkPad-T500 dnsmasq[3092]: exiting on receipt of
SIGTERM
May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq[3182]: started, version 2.59
cachesize 150
May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq[3182]: compile time options:
IPv6 GNU-getopt DBus i18n DHCP TFTP conntrack IDN
May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq-dhcp[3182]: DHCP, IP range
192.168.97.50 -- 192.168.97.150, lease time 12h
May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq-tftp[3182]: TFTP root is
/opt/dmi/tftproot
May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq[3182]: reading
/var/run/dnsmasq/resolv.conf
May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq[3182]: ignoring nameserver
127.0.0.1 - local interface
May 18 13:58:16 dmi-ThinkPad-T500 dnsmasq[3182]: /etc/hosts lesen – 7
Adressen
--------------

here an dns-request example:
--------------
May 18 13:59:00 dmi-ThinkPad-T500 dnsmasq[3182]: reading
/var/run/dnsmasq/resolv.conf
May 18 13:59:00 dmi-ThinkPad-T500 dnsmasq[3182]: ignoring nameserver
127.0.0.1 - local interface
May 18 13:59:00 dmi-ThinkPad-T500 dnsmasq[3182]: query[A] heise.de from
192.168.97.73
--------------

Tfh!

Regards
Oliver

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss <at> lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Permalink | Reply | 1 comment |
headers
Andre Coetzee | 18 May 10:59
Picon
Favicon

Need help configuring dhcp stateful IPv6

Hello

I've installed dnsmasq 2.61 on an x86 computer on my LAN. DNS is working fine for A, AAAA, CNAME and PTR records. DHCP for IPv4 is also working.

I have recently began to dabble with IPv6 on my LAN and since I do not yet have a provider for IPv6, I have decided to use RFC 4193 Unique Local (fdxx:) addresses for my LAN. Since I only have a few machines, I chose a subnet prefix of /123 and using static IPv6 configuration I was able to ping6 other machines on the same subnet (even by their names), as well as from one subnet to another, even using a sit tunnel.

When I set my dhcp-range option in dnsmasq.conf with a prefix-length of 123, I get an "inconsistent DHCPv6 range" error. setting this value to 125 or greater seems to work, also setting it to 120 or less seems to be acceptable to dnsmasq. Checking out my range with an ip calculator didn't reveal any errors (my dynamic ip range is within the same 5-bit subnet).

These are the pertinent bits of my current conf file:
dhcp-range=interface:eth0, fdxx:xxxx:xxxx::10, fdxx:xxxx:xxxx::1f, 120, 4h
enable-ra
log-dhcp
dhcp-sequential-ip

When I enable networking on a client machine (linux), I see "RTR-SOLICIT(eth0)" messages in the logs, but no responses or advertisements coming from the dnsmasq machine.

I have enabled IPv6 forwarding:
# cat /proc/sys/net/ipv6/conf/all/forwarding 
1

Please can someone indicate what else I need to check? (I tried using a /64 prefix also, but the results were the same).

Thanks
Andre
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@...
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Permalink | Reply | 3 comments |
headers
Nick | 18 May 10:14

Caching issue question

Hi,
I have a question to the caching of dnsmasq. I installed dnsmasq on 
some of our boxes and configured the boxes to use 127.0.0.1 in 
/etc/resolv.conf (so they use dnsmasq). That works really well and I can 
resolve DNS queries on those boxes. All the queries get send from 
dnsmasq to our internal DNS server (which has internal zones 
configured). For testing I checked the incoming DNS requests on the 
central DNS server with the usage of "dnscap". I encountered a strange 
thing:

When I do a "dig session-storage.fd.corp" (fd.corp is an internal 
domain) the first time on one box where dnsmasq is installed I can see 
that one requests comes in on the central DNS server. The second time I 
execute it, nothing comes in on the central DNS. So it gets cached in 
dnsmasq which is fine. The problem appears when I do a "dig 
session-storage.fd.corp" and a "dig AAAA session-storage.fd.corp" 
alternately. I can see an incoming request for every dig request on the 
central DNS server which means that there is no caching. I enabled 
logging in dnsmasq and it seems that a request to the AAAA address 
overwrites the cache entry for the A request. There is no AAAA entry on 
our DNS server for session-storage.fd.corp (only an "A" entry is there 
and this is a CNAME).

So my question is if this is a normal behaviour of dnsmasq or a bug? I 
have a php application which requests those A and AAAA names alternately 
(this is how I recognized it).

I am running dnsmasq 2.59 (the version from Ubuntu 12.04). Our central 
DNS server uses powerdns.

Thanks for your help in advance.

Best Regards
Nick
Permalink | Reply | 9 comments |
headers
richardvoigt-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org | 17 May 20:38
Picon

Re: help needed in dnsmasq problem

It's not anything specifically wrong in the configuration file, but it
doesn't sound like it matches your network setup.

From your question, I think you have some names that can only be
resolved by one of your nameservers?  And therefore you are concerned
when dnsmasq doesn't contact the server with the ability to resolve
those names.

But dnsmasq's list of upstream servers is designed for redundancy, and
it requires that any query can be sent to any arbitrary server and get
a correct answer.  There is not load balancing per se, but checks are
done to see which server on the list is the nearest/fastest, which
will tend to pick the least busy server, which is similar to load
balancing.

If some queries must be sent to a single server, then you should
create per-domain rules that cause those queries to go to that server,
and not be handled by the global upstream.

"strict-order" will help determine if this is actually your problem,
because it causes queries to be sent to every server in turn.  But it
hurts performance, so adding domain-specific server entries is the
better way.

On Thu, May 17, 2012 at 11:32 AM, Atul Gupta <atul14.kumar <at> gmail.com> wrote:
> Please reply what you think is not correct in conf file.
>
> Thanks.
>
> On Thu, May 17, 2012 at 12:29 PM, richardvoigt <at> gmail.com
> <richardvoigt <at> gmail.com> wrote:
>> I think your configuration is wrong, but as a test, does the
>> "strict-order" option fix your problem?
>>
>> On Thu, May 17, 2012 at 9:38 AM, Atul Gupta <atul14.kumar <at> gmail.com> wrote:
>>> Hi,
>>> One server in my dnsmasq.conf file is never tried for sending the query.
>>>
>>>   Below is my config file:-
>>>   # Management DNS servers [2]
>>>   server=/ody.engr.net/2001:5b0:ffff:fff6::25 <at> 2001:05b0:3efe:2e1f:0000:0000:004c:4d0d
>>>   server=/ody.engr.net/2001:5b0:ffff:fff6::26 <at> 2001:05b0:3efe:2e1f:0000:0000:004c:4d0d
>>>   address=/controlcenter.com/192.168.0.1
>>>   address=/controlcenter.com/fd0d:edc3:e12a:0000::1
>>>   address=/www.odyagentid.com/66.82.162.22
>>>   cache-size=1000
>>>   max-ttl=60
>>>   neg-ttl=60
>>>   no-resolv
>>>   max-ipperhost=5
>>>   server=192.168.160.20 <at> 172.20.54.1
>>>   server=192.168.160.20 <at> 172.20.54.1
>>>   server=2001:5b0:3eff:fff7::20 <at> 2001:05b0:3e1a:8000:0280:aeff:fe4b:0277
>>>   server=2001:5b0:3eff:fff7::20 <at> 2001:05b0:3e1a:8000:0280:aeff:fe4b:0277
>>>   I guess dnsmasq adds all servers in the daemon->servers list and picks
>>>   servers from there while forwarding the query. My question is that if
>>>   there is any scenario where dnsmasq removes any server from this
>>>   (daemon->servers) list.As this is what seems to happening in my case
>>>   i.e. server 192.168.160.20 is never being tried to forward the query.
>>>   restart of dnsmasq solves this problem.
>>>   Also when this problem comes and dump cache, there is no entry for
>>>   192.168.160.20. below is dump
>>>
>>>   cache size 1000, cache insertions 2644, re-used unexpired cache entries 0
>>>   queries forwarded 1301, queries answered locally 37
>>>   server 2001:5b0:ffff:fff6::25#53: queries sent 0, retried or failed 0, used 0
>>>   server 2001:5b0:ffff:fff6::26#53: queries sent 0, retried or failed 0, used 0
>>>   server 2001:5b0:3eff:fff7::20#53: queries sent 680, retried or
>>> failed 0, used 0
>>>   Host                                     Address
>>>    Flags     Expires
>>>
>>>   Please ignore the counters next to  "queries sent", "cache insertions"
>>>   etc. as they may be inconsistent, but real problem is that i don't see
>>>   192.168.160.20 in this list.
>>>
>>>   Please help!!!!
>>>   Regards,
>>>   Atul.
>>>
>>> _______________________________________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss <at> lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss <at> lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Permalink | Reply | 3 comments |

Gmane