Dear Dr. Dnsmasq:
When cerowrt made the jump between dnsmasq-2.67-test10 and
dnsmasq-2.67-test17, detection of interfaces other than the first
started failing. It seems to be related to interfaces that come up
after dnsmasq starts, as restarting it after the device is fully
booted works. Have move
n this build
http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.10.15-3/
I won't be in a position to test stuff myself til sunday but cero's
devoted userbase seems to be hoovering over the reload button and will
probably beat me to it
>
> Cheers,
>
> Simon.
>
>
>
&g
one interface that dnsmasq should be listening on is around when
> it starts, but others arrive later.
>
> I can't explain why it just broke though, this bug has been around forever.
>
>
>
> Simon.
>
>
>
>
>
> On 10/10/13 19:30, Dave Taht wrote:
>>
&g
ion. You
can wget the version of DNSmasq from this versions packages and forcibly
apply it on top of 3.10.15-4 using opkg.
> --
> David P.
>
>
> On Thu, Oct 10, 2013 at 8:01 PM, Dave Taht wrote:
>>
>> 3.10.15-4 is now out there, containing sufficient patches to get
>>
On Mon, Oct 14, 2013 at 9:42 AM, Simon Kelley wrote:
> On 11/10/13 16:37, Rick Jones wrote:
>>
>> On 10/11/2013 07:16 AM, Simon Kelley wrote:
>>>
>>> On 11/10/13 01:39, Rick Jones wrote:
I am still on the steep learning slope for dnsmasq. The manpage lists a
-l/--dhcp-leasefile opti
The problems cerowrt has with multicast dns over multiple interfaces
are kind of universal.
A new ietf working group is being formed to address the problems with
service discovery beyond the local link and finally (I hope) re-unify
mdns with regular DNS. See below for the announcement. One set of
Using .local is generally reserved for multicast DNS.
Don't do that.
On Nov 8, 2013 1:37 AM, "Guillaume Betous"
wrote:
>
> you must be right :
>
> domain domain.local
> nameserver
> nameserver
>
> 2013/11/8 Albert ARIBAUD :
> > Le 08/11/2013 07:44, Guillaume Betous a écrit :
> >
> >> Hi !
> >>
On Nov 8, 2013 2:08 AM, "Guillaume Betous"
wrote:
>
> what kind of local domain name can I use ? I thought the .local was
> reserved for local networks...
See
http://en.wikipedia.org/wiki/.local
>
> gUI
>
> 2013/11/8 Dave Taht :
> >
> > Using .lo
I have finally got my first-ever comcast ipv6 set of users up, and we
have a problem
with the interrelationship between addresses assigned dynamically by
dhcpv6-pd and other means in dnsmasq 2.68.
What happens now is that dhcpv6-pd works but dnsmasq 2.68 filters out the
interface
13: sw00: mtu 1
, as I'm using a Comcast DHCPv6 assigned address with prefix delegation as
> well.
>
> John Gorkos
>
>
>
> On 1/22/14, 6:37 AM, Simon Kelley wrote:
>>
>> Patch applied.
>>
>>
>>
>> Cheers,
>>
>> Simon.
>>
>> On 21
On Tue, Jan 21, 2014 at 5:13 PM, Simon Kelley wrote:
> On 21/01/14 16:19, Dave Taht wrote:
>>
>> I have finally got my first-ever comcast ipv6 set of users up, and we
>> have a problem
>> with the interrelationship between addresses assigned dynamically by
>> dhc
Dnsmasq is barely in git with dnssec support,
So it would help to clearly identify what commit number you are working
from. ?
And: Pull early, pull often.
On Jan 26, 2014 5:47 PM, "e9hack" wrote:
> Hi,
>
> for testing purpose, I compile dnsmasq with option -DHAVE_DNSSEC. After a
> few name
> qu
I have been (mostly) happily fiddling with my new comcast ipv6 connection,
trying to route all dns queries over ipv6 in particular, by disabling
requesting the ipv4 dns addrs and relying on the dhcpv6 request to
succeed.
config interface eth0
option 'ifname' 'eth0'
option 'proto'
On Wed, Jan 29, 2014 at 2:02 PM, Toke Høiland-Jørgensen wrote:
> Dave Taht writes:
>
>> works. yea! no more nat holes for ipv4 dns.
>
> Eh? Nat holes for DNS? What exactly are you doing, and what is your
> setup? :)
>
> -Toke
1 case:
Since most forwarders can'
On Thu, Jan 30, 2014 at 1:57 AM, Simon Kelley wrote:
> On 29/01/14 19:22, Dave Taht wrote:
>>
>> I have been (mostly) happily fiddling with my new comcast ipv6 connection,
>> trying to route all dns queries over ipv6 in particular, by disabling
>> requesting the ipv4 d
-- Forwarded message --
From: Toke Høiland-Jørgensen
Date: Wed, Feb 5, 2014 at 12:10 PM
Subject: Re: [Cerowrt-devel] Fwd: [Dnsmasq-discuss] Testers wanted: DNSSEC.
To: Dave Taht
Cc: "cerowrt-de...@lists.bufferbloat.net"
Toke Høiland-Jørgensen writes:
> Can
On Sun, Feb 16, 2014 at 9:06 AM, /dev/rob0 wrote:
> On Sun, Feb 16, 2014 at 07:38:37AM +0100, Oliver Rath wrote:
>> did somebody some speed comparison tests for the dns caching
>> functionality between dnsmasq and unbound (http://unbound.net/)?
>
> Compare apples to apples. You're not doing that.
Simon just added support for dynamically adding/removing an upstream
dns server and reverse resolver in the upcoming
release which I think will handle your use case.
On Thu, Mar 6, 2014 at 1:39 AM, Tony Breeds wrote:
> Hi All,
> I'm a new user of dnsmasq and I can't see an easy way to do
I'd like to note that we are trying to get away from resolve.conf.auto in a
couple cases, notably when you have multiple upstreams and you want reverse
queries to go to the right place.
A search list doesn't cut it in that case.
BUT supplying a search list makes sense to clients.
On Mar 8, 2014 1
signed have the AD bit set. In
>> addition, and just as importantly, dnsmasq supplies
>> correct DNSSEC information to clients which are doing
>> their own validation, and caches DNSKEY, DS and RRSIG
>> records, which significantl
I would certainly like to have a standard way of getting these
statistics, through the dns, perhaps one unified with whatever bind
and unbound use (or don't use.)
Not a lot of people seem to be aware of why dns caching forwarders are
so great, although benchmarks like namebench against your chrome
On Mon, Mar 24, 2014 at 3:21 PM, Dave Taht wrote:
> I would certainly like to have a standard way of getting these
> statistics, through the dns, perhaps one unified with whatever bind
> and unbound use (or don't use.)
>
> Not a lot of people seem to be aware of why dns ca
did you also compile with dhcpv6 support enabled?
On Tue, Mar 25, 2014 at 7:33 AM, Tomas Hozza wrote:
>
>
> - Original Message -
>> On 24/03/14 13:51, Tomas Hozza wrote:
>> > Hi.
>> >
>> > I did a version diff scan between 2.68 and 2.69rc1 version.
>> >>From my point of view there is one
On Thu, Mar 27, 2014 at 8:12 AM, Stéphane Guedon wrote:
> Le jeudi 27 mars 2014, 10:30:30 John Gorkos a écrit :
>> This sounds remarkably similar to the problem I described here:
>> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q4/0078
>> 10.html Mine is on a Debian system, but the
On Fri, Mar 28, 2014 at 9:35 AM, Dave Taht wrote:
> On Thu, Mar 27, 2014 at 1:57 PM, Simon Kelley wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 26/03/14 05:12, Olivier Mauras wrote:
>>> Yes it should definitely be TXT records. Sounds rea
On Thu, Mar 27, 2014 at 1:57 PM, Simon Kelley wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 26/03/14 05:12, Olivier Mauras wrote:
>> Yes it should definitely be TXT records. Sounds really good to me.
>>
>> for upstream servers, why not having upstream.bind return total
>> queries
On Tue, Apr 1, 2014 at 9:54 AM, /dev/rob0 wrote:
> On Tue, Mar 25, 2014 at 07:08:44PM -0400, Alex Xu wrote:
>> On 25/03/14 07:03 PM, sven falempin wrote:
>> > my concern of nettle vs openssl is the amount of review and
>> > testing nettle did get compared to something more widely(!)
>> > used
>>
>
On Wed, Apr 2, 2014 at 8:59 AM, Albert ARIBAUD wrote:
> Le 02/04/2014 17:26, Quintus a écrit :
>>
>> Hi there,
>
>
> Hi Quintus,
>
>
>> with DHPv4, dnsmasq properly converts the hostnames send to it to A
>> records we can query for. It seems however that this is not the case
>> with DHCPv6 and AAA
It looks like there will be some issues getting dnssec on
on android by switching to dnsmasq:
https://code.google.com/p/android/issues/detail?id=65510
What is dnsmasq's behavior on how/when to switch to tcp?
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscrib
On Wed, Apr 9, 2014 at 6:24 AM, /dev/rob0 wrote:
> On Tue, Apr 01, 2014 at 11:54:28AM -0500, I wrote:
> ^^
>> On Tue, Mar 25, 2014 at 07:08:44PM -0400, Alex Xu wrote:
>> > On 25/03/14 07:03 PM, sven falempin wrote:
>> > > my concern of nettle vs openssl is the amount of review and
>> >
On Wed, Apr 9, 2014 at 10:29 AM, Simon Kelley wrote:
> On 09/04/14 15:51, Dave Taht wrote:
>
>>
>> My heart bleeds for the openssl folk and openssl derived application users
>> right now. More investment into creating, maintaining and improving
>> core crypto libr
On Wed, Apr 9, 2014 at 11:11 AM, Olaf Westrik wrote:
> Simon,
>
>
>> Don't underestimate the contribution of all the people who take
>> responsibility for the software that runs as root, or exposed to the
>> net, on your machines. It's something I have nightmares about.
>
>
> I do hope that is not
wonder if this would have picked up one of the earlier dnssec bugs...
http://blog.regehr.org/archives/1128
--
Dave Täht
NSFW:
https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
___
Dnsmasq-discuss mailing list
Dnsm
interesting long thread over at the fedora project this weekend:
https://lists.fedoraproject.org/pipermail/devel/2014-April/197755.html
-- Forwarded message --
From: Chuck Anderson
Date: Sun, Apr 13, 2014 at 10:59 AM
Subject: Re: [Cerowrt-devel] Full blown DNSSEC by default?
To
On Mon, Apr 14, 2014 at 8:38 AM, Dan Williams wrote:
> On Mon, 2014-04-14 at 09:31 +0100, Simon Kelley wrote:
>> On 13/04/14 21:24, Dave Taht wrote:
>> > interesting long thread over at the fedora project this weekend:
>> >
>> > https://lists.fedoraproject.o
I think a lot of distro makers would be comforted by the idea of a
stable branch and feel more comfortable in upgrading to the latest
"stable" for distribution into their embedded products...
... regardless of your success in dealing the backward compatability
issues. You could periodically obsole
I will argue that a better place to report dnssec validation
errors is the dnsmasq list.
On Wed, Apr 23, 2014 at 8:31 AM, Aaron Wood wrote:
> Wed Apr 23 15:13:05 2014 daemon.info dnsmasq[29719]: query[A]
> e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net from 172.30.42.99
> Wed Apr 23 15:13:05
On Wed, Apr 23, 2014 at 10:18 AM, Aaron Wood wrote:
> On Wed, Apr 23, 2014 at 6:44 PM, Robert Bradley
> wrote:
>>
>>
>> > ; <<>> DiG 9.8.1-P1 <<>> +cd @8.8.8.8 a
>> > e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net
>>
>> >
>> > But a query for DS on the same domain, which is what dnsmasq does ne
What does unbound or bind do?
On Thu, Apr 24, 2014 at 5:35 AM, Aaron Wood wrote:
> And if I use Free.fr's servers, the DS resolves (I'm running CeroWRT
> double-NAT behind a Freebox v6):
>
> dig @192.168.1.254 DS e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net
>
> ; <<>> DiG 9.8.5-P1 <<>> @192.16
On Thu, Apr 24, 2014 at 5:33 AM, Aaron Wood wrote:
> Using CeroWRT 3.10.36-4, I'm seeing the following in the logs:
>
> Thu Apr 24 14:15:14 2014 daemon.info dnsmasq[13365]: query[PTR]
> b._dns-sd._udp.96.42.30.172.in-addr.arpa from 172.30.42.99
> Thu Apr 24 14:15:14 2014 daemon.info dnsmasq[13365]
jg tells me the test-ipv6.com site fails with dnssec and enabled on native ipv6.
disabling dnssec works.
anyone can confirm? get a log/packet capture?
--
Dave Täht
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists
On Sat, Apr 26, 2014 at 12:44 PM, Simon Kelley wrote:
> On 26/04/14 17:20, Aaron Wood wrote:
>> David,
>>
>> With two of them (akamai and cloudflare), I _think_ it's a dnsmasq
>> issue with the DS records for proving insecure domains are insecure.
>> But Simon Kelley would know that better than I.
On Sat, Apr 26, 2014 at 4:38 AM, Aaron Wood wrote:
> Just too many sites aren't working correctly with dnsmasq and using Google's
> DNS servers.
After 4 days of uptime, I too ended up with a wedged cerowrt 3.10.36-6 on wifi.
The symptoms
were dissimilar from what has been described here - I was
On Mon, Apr 28, 2014 at 9:55 AM, Jim Gettys wrote:
> Comcast recently lit up IPv6 native dual stack in the Boston area.
>
> The http://test-ipv6.com/ web site complains about DNS problems unless
> dnssec is disabled; if it is, I get various timeouts.
>
>
>
Test with IPv4 DNS record
> ok (4.196
arder.
It is falling back to trying a recursive lookup on the default domain (
ipv6.test-ipv6.com.home.lan ) - which it does do a nxdomain for
immediately...
On Mon, Apr 28, 2014 at 10:03 AM, Dave Taht wrote:
>
>
>
> On Mon, Apr 28, 2014 at 9:55 AM, Jim Gettys wrote:
>
>>
I see A and requests for for "ds.test-ipv6.com" that fail.
On Mon, Apr 28, 2014 at 11:37 AM, Dave Taht wrote:
> I have put a link up to two of jim's captures going to test-ipv6 via cero,
> one with dnssec enabled, captured at the local laptop
>
> http://snapon
signed by .com
As one example of a registrar not with the program, name.com
(registrar for bufferbloat.net) does not allow for ds records to
come from it, so that domain can't be fully signed.
So it sounds to me as if negative proofs are not possible with
registrars that lack this support
On Tue, Apr 29, 2014 at 1:57 PM, Phil Pennock
wrote:
> On 2014-04-29 at 14:22 +0100, Simon Kelley wrote:
>> secure no DS means that the original unsigned answer should be accepted,
>> except that it shouldn't. There's no way to distinguish between secure
>> lack of DS because we've reached an unsi
On Thu, May 1, 2014 at 1:26 PM, Rich Brown wrote:
>
> On May 1, 2014, at 2:37 PM, Simon Kelley wrote:
>
>> On 30/04/14 18:26, Dave Taht wrote:
>>> On Tue, Apr 29, 2014 at 1:57 PM, Phil Pennock
>>> wrote:
>
> snip, snip snip...
>
>>> Is the c
On May 22, 2014 3:37 PM, "Chris Green" wrote:
>
> On Thu, May 22, 2014 at 11:08:22PM +0100, Chris Green wrote:
> > On Thu, May 22, 2014 at 10:46:46PM +0100, Chris Green wrote:
> > > I seem to have spoken too soon with my transfer of dnsmasq to a
> > > different machine.
> > >
> > > It's running on
As an outgrowth of the ietf homenet working group, the homewrt folk
are attempting to blend together mdns, an mdns proxy, and improved
address allocation schemes with dnsmasq in openwrt. They could use
some more testers, coders, and help in general. I have long planned to
integrate their work in ce
The simplest thing to do is merely move the dhcp leases file to
persistent storage, if you are willing to live with the long term
failure mode of flash becoming less long term. I don't honestly know
the cycle lifetime of low end flash chips anymore - it was very bad
when they first came out but has
On Mon, Sep 22, 2014 at 5:49 AM, Stephen Riehm wrote:
> Hi,
>
> I'm wondering if there are some 'typical' or 'best practice'
> configuration norms for configuring dnsmasq to provide A and
> DNS lookups for unqualified and qualified hostnames in an ipv6 home
> network without a static ipv6 pre
+1 on inotify and kevent
On Sat, Oct 4, 2014 at 9:24 AM, Karl Vogel wrote:
> On Sat, Oct 4, 2014 at 6:10 PM, Karl Vogel wrote:
>> On Fri, Oct 3, 2014 at 10:08 PM, Simon Kelley
>> wrote:
>>> On 30/09/14 15:02, Karl Vogel wrote:
First version of the patch generated a compiler warning due
>>
on cerowrt (ALONG with all the fq_codel, and ipv6 chocolately goodness)
http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-2477-6d1fcde4-650e-45fa-8551
dnssec. working. after 12 years.
/me happy
THANK YOU SIMON FOR THIS IMPORTANT WORK!
(I am puzzled about the edns0 result, tho.)
--
Da
I have been fiddling with improving my internal dns, by creating a
file that has all my internal dns servers in it that I can easily copy
everywhere.
Example serversfile.
server=/rossow.r.lupinlodge.org/172.23.143.9
rev-server=172.23.8.0/23,172.23.143.9
server=/lodge.r.lupinlodge.org/172.23.143.
I setup a bunch of picostations running openwrt barrier breaker to try
and get hnetd working, some details here:
https://plus.google.com/u/0/107942175615993706558/posts/jV9WJyEYGGP
Ran into problems also with getting reverse dns to work right.
I think I should switch to blogging this stuff rathe
On Mon, Nov 24, 2014 at 1:25 PM, Simon Kelley wrote:
> On 23/11/14 17:16, Dave Taht wrote:
>> I setup a bunch of picostations running openwrt barrier breaker to try
>> and get hnetd working, some details here:
>>
>> https://plus.google.com/u/0/107942175615993706558/
On Mon, Nov 24, 2014 at 1:02 PM, Simon Kelley wrote:
> On 22/11/14 23:06, Dave Taht wrote:
>> I have been fiddling with improving my internal dns, by creating a
>> file that has all my internal dns servers in it that I can easily copy
>> everywhere.
>>
>>
I have been wrestling with prefix coloring, where choosing a "best"
prefix would be of use in (for example) reducing the problems induced
by happy eyeballs when more than one ipv6 prefix is present and
several other scenarios.
There are many parts to this - one is in addressing, the other in DNS,
On Thu, Dec 18, 2014 at 2:06 PM, Brian E Carpenter
wrote:
> On 19/12/2014 04:07, Michael Richardson wrote:
I am way behind on my mail (this thread) and will be away for the holidays.
Merry Christmas, everyone, and to all a happy new year!
>> Dave,
>> my take is that applications, and the entire
Wow, this thread goes back a ways. Is ds.test-ipv6.com still
configured wrong, and does it pass now? It passes for me (but I am
behind a more modern openwrt box right now)
Is there another site that demonstrates this problem?
BTW: For a while there (on comcast), in production, I ran with pure
ipv
10:07 AM, Simon Kelley wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
>
> On 08/01/15 17:44, Dave Taht wrote:
>> Wow, this thread goes back a ways. Is ds.test-ipv6.com still
>> configured wrong, and does it pass now? It passes for me (but I am
>> behi
I was able to lock up this version of dnsmasq twice: 100% cpu usage.
No syscalls were visible from strace during the lockup. Lockups
occurred once on nearly at boot, and the second time, after a few
hours of casual usage, with only ipv6 upstreams, on cero-3.10.50-1.
furthermore, the only thing tha
I strongly suspect an ipv6 fragmentation handling bug in the kernel
version cerowrt uses. Have tons of evidence pointing to that now,
starting with some tests run last year from iwl and also the tests
that netalyzer was doing. And: I just locked up the box completely
while doing some dnssec stuff.
On Wed, Feb 11, 2015 at 2:11 PM, Seth wrote:
> On Tue, 10 Feb 2015 16:57:07 -0800, Ranganathan Krishnan
> wrote:
>
>> I am looking into ways to improve DNS on the openwireless router software.
>> When I mentioned DNSSEC as one of the items to review, I received this
>> response from one of the de
I had had a lot of hope for DNAMEs, but they were shot down in the ietf
years ago. Vestiges survive in "bind", at least, but I suspect there is
little application support.
I would not mind an attempt to resurrect them. Naming in the face of being
renumbered all the time by various ipv4 and ipv6 pr
On Mon, Mar 16, 2015 at 9:18 PM, Brad Smith wrote:
> On 03/16/15 22:41, Dave Taht wrote:
>
>> I had had a lot of hope for DNAMEs, but they were shot down in the ietf
>> years ago. Vestiges survive in "bind", at least, but I suspect there is
>> little applicati
I have renewed hope then.
On Mon, Mar 16, 2015 at 11:09 PM, Paul Vixie wrote:
> dname is not dead. it always included a synthesized cname. so a dname in
> the zone file can create an unlimited number of cnames in cache.
>
> re:
>
> Dave Taht
> Tuesday, March 17, 2015 1
On Mon, Mar 23, 2015 at 3:31 PM, John Knight wrote:
> Hi,
>
>
>
> We use dnsmasq 2.55 in our Linksys routers. We have generally had few
> problems with dnsmasq, but recently one of our customers reported a failure
> that did not recover.
>
I have seen a failure with dns for ipv6 on dnsmasq lik
I see this patch for EAGAIN on an interface going away did not make the
babel-ss-merge branch apparently. (for those new to this bug, see:
http://lists.alioth.debian.org/pipermail/babel-users/2014-October/001777.html
for more details. )
No, I haven't had time to test this patch, nor have I come u
I too would like a more high availability form of DNS and dhcp in general.
One thing that I do currently is use anycast in my (fairly complex,
highly routed) campus network, so that the local dns servers are
distributed via the babel routing protocol, and the closest one that
is up responds. (anyc
I have trouble accessing ietf.org, also, with older versions of
dnsmasq + dnssec, presently.
On Mon, Mar 30, 2015 at 8:52 AM, Marc Petit-Huguenin
wrote:
> Am I the only one who cannot access www.ietf.org since Cloudflare enabled
> DNSSEC? (with dnsmasq-full 2.73-3)
>
> Thanks.
>
> --
> Marc Peti
ug, should be fixed in 2.73rc3 pls shout if not.
>>
>> (the problem is that the clouldflare.bet zone includes the domains
>> /003.cloudflare.net (that's ctrl-c at the start) and that was
>> confusing dnsmasq.)
>
> Thanks.
>
> Dave, any chance to get a build of
A) Not clear what happens if it tries to write it while the jffs
filesystem is still being cleaned
B) the dnssec_timestamp file needs to go somewhere that can be
written by nobody.
B1) trying to create it to /etc/ fails and fails to startup dnsmasq (see A)
Thu Apr 2 18:31:52 2015 daemon.info d
So I am testing with the latest 2.73 release candidate3.
I do TWO dnssec queries on the same domain.
The first, does the right thing. The second, does not give me the RRSIGs.
d@nuc-client:~/public_html/archer_c7_O2$ dig www.bufferbloat.net +dnssec +multi
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>>
ng validation at all
> .
I have no idea. I used comcast´s upstream resolvers.
(Next up for me is hammering dnssec via as many ways as I can come up with
over ipv6, btw)
>
>
> Cheers,
>
>
> Simon.
>
>
>
>
>
>
> On 02/04/15 20:10, Dave Taht wrote:
>> S
On Thu, Apr 2, 2015 at 1:50 PM, Simon Kelley wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 02/04/15 21:43, Dave Taht wrote:
>> On Thu, Apr 2, 2015 at 1:08 PM, Simon Kelley
>> wrote: I get a BOGUS validation because
>> there'
On Thu, Apr 2, 2015 at 1:20 PM, Simon Kelley wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 02/04/15 19:41, Dave Taht wrote:
>> A) Not clear what happens if it tries to write it while the jffs
>> filesystem is still being cleaned
>
> Not sure I have
Well the most elegant and simple solution we came up with was:
https://tools.ietf.org/html/draft-taht-kelley-hunt-dhcpv4-to-slaac-naming-00
But the world did not go that way, preferring nothing that worked at all.
On Fri, Apr 3, 2015 at 12:20 PM, Jonathan Fisher
wrote:
> Absolutely :) That set
nslookup www.ietf.org fails again... it did not fail a few days ago.
chrome returns nxdomain
--
Dave Täht
Open Networking needs **Open Source Hardware**
https://plus.google.com/u/0/+EricRaymond/posts/JqxCe2pFr67
___
Dnsmasq-discuss mailing list
Dns
6 12:08:13 2015
;; MSG SIZE rcvd: 538
On Wed, May 6, 2015 at 11:22 AM, Dave Taht wrote:
> nslookup www.ietf.org fails again... it did not fail a few days ago.
>
> chrome returns nxdomain
>
>
> --
> Dave Täht
> Open Networking needs **Open Source Hardware**
>
> http
t; Cheers,
>
> ke...@darbyshire-bryant.me.uk
> Sent from my phone, apologies for brevity, spelling & top posting
>
>> On 6 May 2015, at 20:21, Dave Taht wrote:
>>
>> nslookup www.ietf.org fails again... it did not fail a few days ago.
>>
>> chrome returns nxdo
prematurely sent that email. setting edns_packet_max to 1200 made it
drop to tcp and work.
I am going to argue that edns0 should be set to the bare minimum, by
default, in dnsmasq, whatever it is, for it to
fall back to tcp correctly.
On Wed, May 6, 2015 at 12:09 PM, Dave Taht wrote
corresponding RRSIGS in that answer. I
> wonder if that's intended?
>
> All the above is on IPv4. Dave are you using IPv6? I'll try that next.
>
> Cheers,
>
> Simon.
>
>
>
>
> On 06/05/15 20:42, Dave Taht wrote:
>> I retried it with edns0 set to
on a comcast native ipv6 connection, 1232 from OSX (ping6 -s 1232
2001:4860:4860::)
On the router *itself* I can't even
ping6 -s 80 2001:4860:4860::
PING 2001:4860:4860:: (2001:4860:4860::): 80 data bytes
^C
--- 2001:4860:4860:: ping statistics ---
1 packets transmitted,
I like the idea of github as a bug tracker also.
On Mon, May 11, 2015 at 9:51 AM, Thiago Farina wrote:
> On Sat, May 9, 2015 at 5:38 PM, Karl-Philipp Richter
> wrote:
>> Hi,
>> Mirroring the git repository git://thekelleys.org.uk/dnsmasq.git to
>> github.com would facilitate contributions by pro
Important Info for signers of the FCC Letter from Dave Täht and CeroWrt
To: Dave Taht
Thank you for endorsing our comments to the FCC about locking down
Wi-Fi routers and other devices. Your signature is one of over 140
names at this time.
I am working with Dave Täht to complete the submissio
/edit?usp=sharing
The principal signers (Dave Taht and Vint Cerf), are joined by many
network researchers, open source developers, and dozens of developers
of aftermarket firmware projects like OpenWrt.
Prominent signers currently include:
Jonathan Corbet, David P. Reed, Dan Geer, Jim Gettys,
DNS cookies look kind of interesting...
-- Forwarded message --
From: Mark Andrews
Date: Wed, Dec 2, 2015 at 1:39 AM
Subject: Re: strategies to mitigate DNS amplification attacks in ISP network
To: Michael Hare
Cc: "na...@nanog.org"
Deploy DNS COOKIES. This allows legitimat
I am testing the dnsmasq-full build on current lede-project head, and
enabled dnssec. Then :
root@dancer:/# host flent-fremont.bufferbloat.net
flent-fremont.bufferbloat.net has address 23.239.20.41
flent-fremont.bufferbloat.net has IPv6 address 2600:3c01::f03c:91ff:fe50:48d4
;; Got bad packet: bad
n the SOA record doesn't
> need to be touched at all, if the order of the records varied, that
> could expose bugs in this code.
>
> Not an answer, but some good clues..
Don't even know if it's over ipv4 or ipv6 at the moment. will check harder.
Great clues, t
so far I can only make it happen on mips. Doesn't happen on arm.
Haven't tried harder yet.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
pstream reply?
Not yet. I'll touch bases with you later in the week.
>
>
> Simon.
>
>
>
> On 18/01/17 07:31, Dave Taht wrote:
>> so far I can only make it happen on mips. Doesn't happen on arm.
>> Haven't tried harder yet.
>>
> -BEG
old.ns.cloudflare.com.
dns.cloudflare.com. 2023610183 1 2400 604800 3600
;; Query time: 72 msec
;; SERVER: 172.26.16.1#53(172.26.16.1)
;; WHEN: Wed Jan 18 12:42:02 PST 2017
;; MSG SIZE rcvd: 123
On Wed, Jan 18, 2017 at 12:01 PM, Dave Taht wrote:
> On Wed, Jan 18, 2017 at 11:48 AM, Si
just checkin
--
Dave Täht
Let's go make home routers and wifi faster! With better software!
http://blog.cerowrt.org
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-dis
From a brief conversation with the bind9 maintainer:
D: if bind gets a servfail, and has two forwarders, will it try the
other forwarder?
E: Yes.
D: Even in the case of a dnssec query?
E:
Bind9 retries an authoritative answer because it might have been
spoofed or one of the servers might be out
I am curious as to the deployment status of IDN in the field?
and to how often others are building it into their default distro of
dnsmasq, and any issues that may exist (other than improving the ease
of domain name phishing)
--
Dave Täht
Let's go make home routers and wifi faster! With better s
> göögle.com and not as xn--ggle-5qaa.com
That jumps to a very interesting site, btw...
And I guess a couple loggers and logger utilities need to be checked
if they are 8 bit clean.
>
> Cheers,
>
> Simon.
>
>
>
> On 28/01/17 21:09, Dave Taht wrote:
>> I am curious
On Tue, Feb 14, 2017 at 7:17 AM, Simon Kelley wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> That's an improvement, but I tend to agree that /0 doesn't make much
> sense. If we're going to patch this, it seems to make more sense to
> reject anything other that /32 /24 /16 or /8.
>
1 - 100 of 103 matches
Mail list logo
