Re: [Dnsmasq-discuss] dnsmasq's behaviour with configured static hosts is unintuitive
On Thu, Mar 04, 2021 at 06:50:39AM +, Aaron Jones wrote: > Hello. > > I'm trying to force queries for specific names to not be forwarded along > to recursors, and be answered locally. The normal way to do this is to > put such address/name pairs in hosts(5), or you can add a --host-record= > option to the configuration file. > > That works okay. Acknowledge > However, I'm trying to force a specific address family. Specifically, > these records are for host names on a VPN, and the VPN is IPv6 only. So, > for example, given the following configuration option: > > --host-record=foo.example.org,fd00::1 > > Or given the following hosts(5) entry: > > fd00::1 foo.example.org > > ... will result in an query for the name returning fd00::1, but an > A query is forwarded along to the configured recursors, instead of > dnsmasq replying with NODATA. > > This seems wrong. I don't think so. Infact it is what dnsmasq does - reply with what it knows - otherwise forward the request > I tried to explicitly indicate that there is no IPv4 address, but this > option has no effect: > > --host-record=foo.example.org,,fd00::1 > > ... and this option returns the address exactly as given: > > --host-record=foo.example.org,0.0.0.0,fd00::1 > > Any pointers? Share the challenge you are facing with us. Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Monthly posting
On Sat, Mar 06, 2021 at 08:34:26PM +0100, Monthly posting via Dnsmasq-discuss wrote: > > The dnsmasq manual is feature complete. And known as hard to read for > those who are new to it. But still do read it and try to understand it. > Reading it again is known being effective for getting better > understandig. > I agree with much of what this posting said. but, what/where is "The dnsmasq manual"? Do you mean the dnssmasq man page? If so I think it would be a good idea if this was more explicit. Seeing a reference to "The dnsmasq manual" I'd expect to be able to find it at https://dnsmasq.org/ and (as far as I know) it isn't there. -- Chris Green ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Monthly posting
Hi, "How To Ask Questions The Smart Way" has immediatly after the introduction an advice on before you ask. http://www.catb.org/esr/faqs/smart-questions.html#before Following that advice is still no guarantee for a quick response. So when you are still stuck with something that you think it is dnsmasq related, you have to make more effort. Greatest challenge is most likely being persistent in solving the problem. ( Not being persistent in demanding an answer ) The dnsmasq manual is feature complete. And known as hard to read for those who are new to it. But still do read it and try to understand it. Reading it again is known being effective for getting better understandig. Pattern seen on the mailinglist is unawareness of network-server-client-model. Expressing such problems is indeed hard, but also the road to a solution. Know that you are the main stakeholder of the problem that you are facing. The highest reward for finding a solution goes to you. Keep the eco system that you are consulting healthy by sharing also your success stories. Avoid "DNS doesn't work", make it "My DNS client gets odd replies from dnsmasq", "My DNS requests don't get forwarded" or another non-generic issue. Use real DNS tools like `dig` instead of `ping`. A `.pcap`-file that can be fetched with `wget` is preferred above (email programm malformed) output of `tcpdump` or `wireshark`. Dnsmasq is a mature project, meaning not often a release. However we constantly want to improve. Yes, patches welcome. Patches are not always reviewed within three days. Retransmit of your review request after eight days is not too pushy. Aim for common interst. If you find it here, fine. If you cannot find it here, you found a clue for looking elsewhere on "common interst". Do know there are real humans behind the email addresses. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Monthly posting, man page
On Sat, Mar 06, 2021 at 08:12:30PM +, Chris Green wrote: > On Sat, Mar 06, 2021 at 08:34:26PM +0100, Monthly posting wrote: > > > > The dnsmasq manual is feature complete. And known as hard to read for > > those who are new to it. But still do read it and try to understand it. > > Reading it again is known being effective for getting better > > understandig. > > > I agree with much of what this posting said. but, what/where is "The > dnsmasq manual"? Do you mean the dnssmasq man page? > If so I think it would be a good idea if this was more explicit. Will do. > Seeing a reference to "The dnsmasq manual" I'd expect to be able to > find it at https://dnsmasq.org/ and (as far as I know) it isn't there. Quote from the paragraph (section?) "Get code." The tarball includes this documentation, source, and manpage. And `manpage` is a link to https://dnsmasq.org/docs/dnsmasq-man.html Thanks for the feedback. Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Monthly posting, man page
On Sat, Mar 06, 2021 at 10:42:46PM +0100, Geert Stappers via Dnsmasq-discuss wrote: > On Sat, Mar 06, 2021 at 08:12:30PM +, Chris Green wrote: > > On Sat, Mar 06, 2021 at 08:34:26PM +0100, Monthly posting wrote: > > > > > > The dnsmasq manual is feature complete. And known as hard to read for > > > those who are new to it. But still do read it and try to understand it. > > > Reading it again is known being effective for getting better > > > understandig. > > > > > I agree with much of what this posting said. but, what/where is "The > > dnsmasq manual"? Do you mean the dnssmasq man page? > > If so I think it would be a good idea if this was more explicit. > > Will do. > > > > Seeing a reference to "The dnsmasq manual" I'd expect to be able to > > find it at https://dnsmasq.org/ and (as far as I know) it isn't there. > > Quote from the paragraph (section?) "Get code." > >The tarball includes this documentation, source, and manpage. > > And `manpage` is a link to https://dnsmasq.org/docs/dnsmasq-man.html > You're absolutely right! :-) I'm not quite sure why I missed/ignored that before. I think it's just that I was expecting something more like 'a manual' somwhere. > > Thanks for the feedback. > Thanks for being so polite! -- Chris Green ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dnsmasq's behaviour with configured static hosts is unintuitive
On 06/03/2021 19:22, Geert Stappers via Dnsmasq-discuss wrote: > Share the challenge you are facing with us. Put simply, I need dnsmasq to return nothing for an A query, as the VPN has no IPv4 routing; I do not wish the query to be forwarded, because then it will be answered by the Internet, and applications may then end up trying to access the service without using the VPN. This will not work due to firewalling. The hostname has IPv4 and IPv6 addresses when queried over the Internet, but the particular service on that host that I wish to access is only available over the VPN, which is IPv6-only. It would be nice if there were an explicit way to indicate in a --host-record option that it should not forward queries for this name if it has not been configured with the respective address, and instead reply with nothing (as though the name exists, but the record does not). 0.0.0.0 and :: seem as valid a choice as any for a "no address" configuration entry. If it ends up being those, I think it should apply to hosts(5) entries too. This is sort of what I'm achieving right now, with the undesirable side effect that dnsmasq returns those addresses literally. Unfortunately, this would result in the application attempting to connect to localhost, as that's what most operating systems treat 0.0.0.0 / :: as, when used as the argument to connect(2). Regards, Aaron Jones OpenPGP_signature Description: OpenPGP digital signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
