llars a
month
Please do continue this development though!
Thanks
Ed W
On 17/09/2020 08:06, Roderick Groesbeek wrote:
>
> Hi List,
>
>
>
> Ipset supports a concept of ‘aging’ entries, like:
>
> ~~
>
> Examples from ipset(8):
>
> ipset create test hash:ip ti
inode
order?), which can lead to unexpected reverse host definitions in some cases
Could we have a dictionary order import for add-hosts files please?
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
On 20/07/2021 21:31, Geert Stappers via Dnsmasq-discuss wrote:
> On Mon, Jul 19, 2021 at 06:52:03PM +0100, Ed W wrote:
>> Hi, around 2.82 someone posted a little patch to import the config files in
>> dictionary order, which
>> is very useful for situations where you have ov
On 19/07/2021 18:52, Ed W wrote:
> Hi, around 2.82 someone posted a little patch to import the config files in
> dictionary order, which
> is very useful for situations where you have overlapping definitions. I'm
> using an addn-hosts stanza
> pointing to a directory and fi
On 08/08/2021 16:06, Matthias Andree wrote:
> Am 08.08.21 um 15:02 schrieb Ed W:
>> On 19/07/2021 18:52, Ed W wrote:
>>> Hi, around 2.82 someone posted a little patch to import the config files in
>>> dictionary order, which
>>> is very useful for situations wh
On 10/08/2021 23:12, Simon Kelley wrote:
> On 08/08/2021 14:02, Ed W wrote:
>> On 19/07/2021 18:52, Ed W wrote:
>>> Hi, around 2.82 someone posted a little patch to import the config files in
>>> dictionary order, which
>>> is very useful for situations where y
suggestion?
Thanks again!
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
me
cluster filesystem (I concede I'm eyeballing seaweedfs rather than ceph...).
You will need 3x
raspberry Pi (not going to break the bank) and you can lose any one of them
whilst still staying
active (needs a quorum).
You likely want to start hanging on the various reddit groups as they ha
and calls some external events at the same time.
To be precise I believe you need to first stop dnsmasq before erasing the disk
cache (however, I
regularly get away with doing so while it's running... ;-) )
Ed W
___
Dnsmasq-discuss mailing list
ty to dnsmasq
which simply
monitored it's twin and if inaccessible would promote itself to master.
Technically this is
incorrect as it doesn't handle netsplits, but I think for home use and for DHCP
where you can just
unplug and replug a couple of devices after some cockup, this
ed in one
of your other threads re this situation? I think you could make a
simple/imperfect cluster setup
like this fairly easily? (good enough for a small home lan)
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://
On 04/09/2021 12:07, Chris Green wrote:
> On Sat, Sep 04, 2021 at 11:29:32AM +0100, Ed W wrote:
>> On 04/09/2021 09:15, Chris Green wrote:
>>
>>> I was aiming to synchronise the lease file in /var between the two
>>> systems as well as the configuration.
>>
ut existing entries? You can delete the item a few seconds later since
we don't reload all
the config when a new inotify entry is spotted... (curious huh)
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://list
handle failover, but a few simple ideas
spring to mind (I'm
thinking of a pure warm standby kind of setup, where something promotes the
secondary to primary)
Anyway, just shooting the breeze...
Ed W
On 05/02/2022 11:06, Simon Kelley wrote:
> It could work; there's a whole IETF standar
break out the common domains into
their own ipsets and then
including these across multiple firewall rules. It would be much easier if I
could allow overlapping
results in dnsmasq)
Thanks
Ed W
___
Dnsmasq-discuss mailing list
Dnsma
appers
I could make use of this feature!
I have no opinion on the code, or whether it implements the behaviour as
described
I think we have seen Apple behave something like this in the past? They will
present a patch once
and it nobody wants to bite then there won't be prompting. I think it's up to
the maintainers of
dnsmasq whether we want to integrate this and maintain it?
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
dnsmasq, ideally
without maintaining my own out of tree patch
Have I missed a solution that is possible within vanilla dnsmasq?
Has the idea to implement a filter-http option been rejected already? (I'm
happy to send a patch if
not?)
Thanks
Ed W
_
On 07/03/2023 21:50, Simon Kelley wrote:
>
> On 06/03/2023 22:36, Ed W wrote:
>> Hi, can I get a leg up in understanding the options for blocking dns queries
>> for a specific resource
>> type, specifically type 65 queries
>> My motivation for needing this is that w
think this is a rather specialist feature which should be avoided by
most people...
I would love if we could improve things a little bit though. The idea of
filtering based on cached A
query results would be nice.
Thanks for all the replies and the very helpful insight into the underlying
challenges!
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
, but tag
all others as undesirable
Cheers
Ed W
On 21/03/2023 11:48, Petr Menšík wrote:
> I would prefer to use --filter- and expand it to accept also /domain/
> modifier, just like
> --address or --server. Reusing --address seems confusing, especially with
> negated !AA
this is of marginal value, but I'm building an embedded system
and at least on the surface this appears to allow me to centralise some
more configuration and dynamically modify fewer files?
Grateful for any pointers as to whether this should in fact be possible
though?
Thanks
Ed W
.1.222
If it's possible to use ethers could you please describe how? If it's
not could I please make a feature request to support this in some future
release?
Thanks also for answering my previous question
Cheers
Ed W
y only reading the config example and not looking
at the command line options - it's quite a useful feature, so perhaps
worth documenting next to the /etc/ethers example?
Thanks for the wonderful software which is dnsmasq!
Ed W
man pages to see there is a "dhcp-hostsfile" option which
allows you to specify a file where this syntax is in fact accepted (and
for my uses is much more useful than ethers)
Good luck
Ed W
x more. It has plenty of
variations for all kinds of situations including PXE:
http://syslinux.zytor.com/wiki/index.php/PXELINUX
Probably worth a look?
Good luck
Ed W
to be vulnerable to dns
tunnelling hacks - such a feature would allow dnsmasq to resolve local
and cached responses, but the firewall can make decisions based on the
connection mark to allow outbound queries)
Thanks for any thoughts
Ed W
ly packet comes back,
conntrack will match it for us and apply the same mark so that we will
tag it as the same users traffic (whether UDP or TCP)
So the main thing needed is to read incoming packet marks and apply them
to the outgoing request. iptables/conntrack does everything else for us?
Grateful for your thoughts on whether this could be implemented in dnsmasq?
Thanks!
Ed W
r I ask these questions it turns out to be a failure to read the manual
correctly, so I did have a good gander and raid google first...
Note, if there is no explicit option for this then I think "strict-order" is
actually satisfactory as a workaround!
Many thanks
Ed W
s around say the 2-24 hour mark
for TIME and some hundreds to thousands for the TEST param?
Thanks
Ed W
need to supply
iptables rules for that, but I'm not fluent enough to crack them out
without testing first...)
Thanks for looking into this
Ed W
client address, but this is very unlikely to yield a generally useful
> solution.
We can only do that for the leg from the client to dnsmasq, after that
we loose information about the original request. Hence the need to copy
the packet mark across to the connection from dnsmasq to upstream dns server
Thanks
Ed W
called conntrack (on linux). Also this
capability is exposed to userspace and hence you can do some quite
clever things if you wish. Cool huh
Thanks
Ed W
owever, superb if it's possible to implement.
Note: I would be happy to sponsor this feature (financially). Please
send me a proposal offlist?
Thanks
Ed W
server? Minimal logging, 301
redirects and static file serving being the only requirements - non
conforming to non mainstream http request headers completely acceptable...
Cheers
Ed W
previously needed to enable logging to get some (nothing seen otherwise)?
Good luck
Ed W
;, which is a compatible format with other programs?
Cool feature anyway - use it to keep my SSH sessions alive no matter
whether on wired/wireless.
Cheers
Ed W
ww.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
Good luck
Ed W
sq)? eg adding some kind of high speed static lookup table to
support white/blacklists? (also be aware of IPSET in modern kernels
which implements flexible hashes of ip addresses, ports and more)
Good luck
Ed W
ot; (vserver housekeeping requirement to allocate all machines a
unique 32bit id)
Any tips or pointers on getting started here, especially if the answer
is to look somewhere else..?
Thanks
Ed W
P.S. I do get the very basics of ipv6, I'm looking for implementation
suggestions rather than "what is it"...
probably a corner
> case and I was about to read about mDNS&Cie anyway.
Just a thought, but I believe it's possible to sponsor specific features?
All the best
Ed W
cation?
If they subsequently hammer the network then it would seem very likely
that you might max out some switches and see packet loss?
Curious problem - I'm mostly interested in how to reproduce without
having a rack of equipment to keep pulling the plug on?
Ed W
On 16/06/2011 17:13, Mike McQuaid wrote:
> Ed W writes:
>> I have a (UK) ISP (idnet) which alleges to offer me IPV6 range, but at
>> present my PPPOE router (airport express) is not obviously receiving an
>> IPV6 range. I suspect the router is the problem, but lets leave t
On 25/05/2011 16:11, Ed W wrote:
> Now, the next question is perhaps, what is the lightest weight and most
> dependency free simply http server? For example I have a server that I
> want to add to the ntp pool and one of their requests is that any http
> request to that IP is respond
inx
- Wildcard: Busybox...
My favourite would be Nginx, but I don't need featherweight, just
decently lightweight
Cheers
Ed W
q, is
a useful saving? Is this a very compact embedded system you are
building? If so, presumably you already include busybox - did you look
at the microwebserver included in that?
Always interested in other peoples projects!
Good luck
Ed W
e have any thoughts on how to better handle getting
redirected to a local CDN, other than perhaps using only the ISP servers?
Thanks
Ed W
rules (what should happen when the
main node goes down, comes up, etc)
For completeness you want some way to fence each node so that simple
cables falling out can't cause wierd issues. However, you can probably
not worry too much for your requirements
Good luck - please share what you come up with!
Ed W
between adaptors
and on reflection I never thought to check that I'm not flooding the
network with spurious arp replies... Obviously you are meant to disable
one of the adaptors...
Good luck
Ed W
access dbus and I believe there are some gui
dbus tools - quite possibly you can put that lot together...?
Actually if you do have a play with all of the above please report on
how you get on, even partially?
Good luck
Ed W
s not possible.
But you can do all kinds of hairy things with DNAT, REDIRECT, and other
ways to pretend to share an IP address between machines (if that is the
underlying problem?)
Ed W
://search.cpan.org/search?query=dns&mode=all
Good luck - interested to hear how you solve this!
Ed W
etup static interfaces and works with openresolv to handle all kinds of
failover magic.
My favourite is probably 1) above. Simple and easy to setup, but depends
on your requirements
Good luck
Ed W
t the
setup looks fairly straightforward and quite a few implementations can
use certificates, private keys, LDAP, etc, for authentication
Using a VPN solves a bunch of problems that you haven't yet worried
about such as eavesdropping, forced routing and the like?
Simple is often best though!
Good luck!
Ed W
but it's not yet on
my "must have" list that I necessarily want to fund the entire project?
Anyone?
Ed W
lash nearly full already.
I think if you want perl then you need perl. It's a nice idea, but with
only 4MB you need to look at something more compact than perl
Interested to see where you go with dnsmasq?
Good luck
Ed W
Note to Sam Crawford - interesting idea in there for "transparent"
forwarders which can check local sources first, but forward upstream if
not found
Ed W
is
at least increasing and you can minimise the amount you step back in
time. Gentoo openrc has an initscript called swclock which implements
this if you want a leg up
Good luck
Ed W
ile just before going down and hence reduce flash writes (but
personally I doubt you will have a problem with even fairly high freq
writes?)
Also if your budget runs to it then add a second ntp server which can be
"peer"ed and will hence lock and sync. This will help see you through
reboots of either one machine?
Good luck
Ed W
Cool idea - just curious to see how it's going to get set in stone for
final implementation?
Cheers
Ed W
dns queries are a problem for
minimising costs)
Thanks
Ed W
I believe it runs several of the root domain servers, just to
give some credibility here...)
Ed W
d
>> configuration and tweaking onto a current OS version and made it live,
>> I'll be in a position to do stuff like making git access available. I'm
> What about github ?
>
Seconded on the github idea
Ed W
On 12/12/2011 17:40, Matthias Andree wrote:
> Am 11.12.2011 20:00, schrieb Ed W:
>> How can I tell dnsmasq that it's effectively authoritive for reverse
>> lookups for private IP ranges and prevent upstream lookups? I do have
>> "bogus-priv" set. Dnsmasq-1.58
On 12/12/2011 17:40, Matthias Andree wrote:
> Am 11.12.2011 20:00, schrieb Ed W:
>> I try and block these using:
>>
>>server=/111.168.192.in-addr.arpa/127.0.0.1
> The logs above show queries for a different address, namely for
> 10.159.177.225.
>
> The server
On 12/12/2011 17:40, Matthias Andree wrote:
Am 11.12.2011 20:00, schrieb Ed W:
This is zeroconfiguration DNS-based service discovery stuff. Check
Wikipedia for "Zeroconf".
Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
dr._dns-sd._udp.225.177.159.10.in-addr.arpa
could get a cross
platform solution going... (thinking something simple involving
broadcasts to allow an election process... Technically leases don't need
to be sync'd, so separate process can handle that)
Cheers
Ed W
On 23/12/2011 12:38, Ed W wrote:
1) Atomic updates to the leasefile (or near enough for practical purposes)
2) Re-reading of the leasefile on change (in a way designed to support
use with a cluster filesystem or manual sync)
Actually, I missed a fairly mature solution idea, Samba's
alup for example).
Just trying to put ideas into your head...
All the best
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
e two instances?)
Wasn't the original question the difference between binding to 0.0.0.0
vs binding to each interface individually?
Cheers
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekell
hanks!
(Now I just need to figure out how to use it from perl sockets...)
Many thanks for the tip!
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
a busy enough cache then someone is paying the penalty for
you quite regularly and your responses look good. I suspect you need
really quite a LOT of traffic before your recursive server gets decently
warm... So my thought would be to use a big upstream that you trust,
unless you are "ISP si
re than just a dhcp client). This builds various configs for me
on demand. Couple that with the ability for dnsmasq to accept config
files in pieces, plus it's dbus access, and you can actually achieve
very dynamic configs without too much trouble.
t's technique?
http://roy.marples.name/projects/openresolv
Cheers
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
could be made a soft error?
Cheers
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
options
Ed W
On 10/11/2012 15:54, /dev/rob0 wrote:
Seems to me that dnsmasq is a better nscd replacement, and it has a
place in mobile computing.
# we use this dnsmasq as this system's own resolver
no-resolv
# I'm not sure if both of these are needed; we only want DNS and
# only on lo
On 11/11/2012 23:05, /dev/rob0 wrote:
On Sun, Nov 11, 2012 at 08:34:38PM +, Ed W wrote:
Try:
http://roy.marples.name/projects/openresolv
Eww, no. That's a kludge, and again, it totally misses the point of
this dnsmasq instance exclusively providing DNS to local processes.
Thi
Work it back and ensure that you only have the correct nameservers in
place at any given moment, after that your choice should come down to
"fastest response please"?
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelle
On 13/11/2012 15:03, /dev/rob0 wrote:
And dhcpcd(8) is writing domain_name_servers to
/var/lib/dhcpcd/resolv.conf.
How do you remove servers from that file when the link goes down? What
if two connections try to add the same entries and then one of them goes
down?
Ed
_
atever you wish, using a
local dnsmasq/unbound/something else as your upstream proxy)
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
hould prove that this is the case?
Ed W
On 03/03/2013 04:31, Sjors Gielen wrote:
Hi all,
I've either got a case of some very very bad luck from my RNG, or a bug on my
hands. (Or I'm just being an idiot.)
I noticed that one of my upstream DNS servers has an old entry in its cache:
nse, eg update ipset, custom
logging, inform centralised fail2ban instance, etc.
I guess we should start with: has this got any wings at all?
I might be interested in sponsoring Simon to make such an enhancement.
(I think we have exchanged emails on a similar idea in the past?) Anyone
else want
g else is special
These distributed VCS systems are very cool!
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
On 27/05/2015 09:34, zhi wrote:
Building a DNS service by dnsmasq. But sometimes DNS service can not
resolve domain name, but ping the IP address is okay. Did someone meet
the same problem?
Are you using Mac OSX 10.10 by any chance? And using a .local domain...?
Ed W
ong period)
Thanks if anyone can confirm what happens here with certainty
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Hi Simon
Thanks for the (as usual) excellent answer (and thanks Carlos!)
This behaviour is extremely desirable and as far as I can tell isn't
available with other DHCP servers!
Cheers
Ed W
On 20/10/2015 21:51, Simon Kelley wrote:
On 15/10/15 12:39, Ed W wrote:
Hi, I'm not q
an try cranking down my lease times
and record the logs to see if I can catch it in action?
Thanks
Ed W
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
On 09/04/2017 19:22, Denton Gentry wrote:
https://fingerbank.org/about.html is a database of OS signatures based
on the DHCP options populated and the order in which they appear. So
for example, an Android device will typically send
'1,33,3,6,15,26,28,51,58,59' while iOS sends '1,3,6,15,119,252'.
87 matches
Mail list logo
