Hi
> I have a setup in mind and wonder whether dnsmasq is the correct tool (since I
> have not found the necessary functionality in the documentation yet).
>
> We have a /56 IPv6 network, and plan to use pure DHCPv6 (no stateless
> autoconfiguration) in several /64 networks.
That's perfect. Loo
Hi,
> thanks for the elaborate reply!
No problem!
> There's a slightly more special case for us: We have one central firewall
> (which
> gets the full /56 net on the upstream interface routed to it) and most
> gateways
> are separate nodes
> (i.e. most VLANs are not connected to the central FW
Hi,
although this is no longer fully related to dnsmasq, just a few sentences on
top:
> >> There's a slightly more special case for us: We have one central firewall
> (which
> >> gets the full /56 net on the upstream interface routed to it) and most
> gateways
> >> are separate nodes
> >> (i.e.
ys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
--
Uwe Schindler
Achterdiek 19, D-28357 Bremen
https://www.thetaphi.de
eMail:u...@thetaphi.de
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
nsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dn
uss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
--
Uwe Schindler
Achterdiek 19, D-28357 Bremen
https://www.thetaphi.de
eMail:u...@thetaphi.de
___
Dnsmasq-discuss mailing list
example iptables rules).
Any ideas? Many thanks, Uwe
Uwe
--
Uwe Schindler
Achterdiek 19, D-28357 Bremen
https://www.thetaphi.de
eMail: u...@thetaphi.de
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk
iexes and announcing removed prefixes are also reaching back
my idea contributions back till around 2012.
Groeten
Geert Stappers
Thanke, Uwe
--
Uwe Schindler
Achterdiek 19, D-28357 Bremen
https://www.thetaphi.de
eMail:u...@thetaphi.de
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
RAs do deprecate the old prefix
(using the old prefix with time=0) for a number of times.
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
___
Dnsmasq-discuss mailing list
Dnsmasq-discus
Hi,
> > But I found a problem, especially happening with mobile phones
> > (Android, Galaxy S3 in my case). When those go into sleep mode, they
> > no longer listen to router advertisements, so after waking up, their
> > address was already deprecated by the network stack and they have to
> > wait
Hi,
The config option:
> interface-name=,
should in my opinion also create an record for the given interface, if a
global ipv6 address is assigned, so the name returns both A and records.
Would this be hard to do?
Thanks for the great software,
Uwe
-----
Uwe Schindler
H.-H.-Me
is why my previous "radvd" installation uses:
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
I just wanted to have a similar setup on dnsmasq, which was only possible by
patching the header file and recompiling dnsmasq.
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.
s) must be
assigned to the network adaptor, otherwise dnsmasq prints out a warning that it
cannot find a valid prefix/range..
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
>
. The clients with public IPv6 addresses
can still reach it, as the linux box is default gateway and the kernel
redirects the packages internally to the right interface (which is the
same, just different IPv6).
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
e
Hi,
> RA's are not the same as DHCP, there's no such thing as a "lease time".
> What there is, is preferred and valid lifetimes. What should happen is
> that when old address is about to go away, the address for that prefix
> on the network adaptor should have its preferred lifetime set to zero,
> On 24/07/13 19:16, Uwe Schindler wrote:
> > Hi,
> >
> >> RA's are not the same as DHCP, there's no such thing as a "lease
> >> time". What there is, is preferred and valid lifetimes. What should
> >> happen is that when old address
ebian testing box).
Uwe
-----
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
> From: dnsmasq-discuss-boun...@lists.thekelleys.org.uk [mailto:dnsmasq-
> discuss-boun...@lists.thekelleys.org.uk] On Behalf Of
Hi again,
one addition, because its too hot here... The reality is again different (very
complicated with IPv6):
> > On 24/07/13 19:16, Uwe Schindler wrote:
> > > Hi,
> > >
> > >> RA's are not the same as DHCP, there's no such thing as a "
Hi,
> >>> On 24/07/13 19:16, Uwe Schindler wrote:
> >>>> Hi,
> >>>>
> >>>>> RA's are not the same as DHCP, there's no such thing as a "lease
> >>>>> time". What there is, is preferred and valid lifet
Hi,
> On 25/07/13 11:59, Uwe Schindler wrote:
> > Hi again,
> >
> > In addition, I found a relic from the time when the RA_INTERVAL value
> > was hardcoded into radv.c. There is still one:
> >
> > Line 294: put_opt6_long(1800); /* lifetime - twice RA retrans
would
provide support for this). Radvd does it - see DeprecatePrefix options in radvd.
Uwe
> > >>> On 24/07/13 19:16, Uwe Schindler wrote:
> > >>>> Hi,
> > >>>>
> > >>>>> RA's are not the same as DHCP, there's no such
appear later.
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
> From: Simon Kelley [mailto:si...@thekelleys.org.uk]
> Sent: Friday, July 26, 2013 3:03 PM
> To: Uwe Schindler
> Cc:
deprecated, so
all is fine now.
One thing I found in my investigations: The lifetime given in the dhcp-range
for IPv6 oly affects the RAs, but not the time for refreshing the DHCP
information request. I had to set it explicitely as dhcp-option6.
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D
rver. I checked this on windows computer.
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
> From: dnsmasq-discuss-boun...@lists.thekelleys.org.uk [mailto:dnsmasq-
> discuss-boun...@lists.thekelleys.
explicitely given, of course use the information from
option6:information-refresh-time setting.
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
> From: Simon Kelley [mailto:si...@thekelleys.org.uk]
Hi,
> > Regarding the Android-Bug: I found out that I still have to enable
> > the "fast" mode (which is only done in the first minute after a
> > config change). The reason is: Although the prefix has a lifetime of
> > 86400 on my dhcp-range, in contrast, the router itself gets a
> > lifetime
Hi,
I found the reason for this bug:
> One small thing with your new code - maybe a bug, because the comment
> says something else: Although the configured (in my config) valid_lifetime of
> the prefix is now lower
> (30 mins on my machine), after deprecation it raises the valid_lifetime again
Hi Simon,
I did a "git pull" yesterday evening and problem was already fixed. Many thanks!
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
> From: Simon Kelley [mailto:si...@thekelley
Hi Simon,
> >> I want to try and avoid making every parameter changable, like Radv
> >> does. Who can tell what the parameters should be. A flag which says
> >> "stay in fast retransmit mode to fix buggy android" seems much more
> >> sensible.
> >
> > That is perfectly fine! So a boolean option to
Hi,
I don’t think this should be fixed at all, because it violates the „official“
format of resolv.conf, see man page. A resolv.conf file modifies like this
could not be read by libc’s resolver functions.
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
<h
ll. If your
ISP switches to IPv6 completely, they have to fix this, too - but it is out of
your control.
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
> From: dnsmasq-discuss-boun...@lists.thekelleys
Hi Harald,
> > Dnsmasq does the check which the standards require, which is to send
> > an ICMP ping (echo request) to the address it's about to allocate. The
> > fact that the client doesn't respond would seem to indicate that the
> > clients are NOT using IP addresses after the lease has expired
g, connect with that IPv4-only
SSID.
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
> From: Dnsmasq-discuss [mailto:dnsmasq-discuss-
> boun...@lists.thekelleys.org.uk] On Behalf Of ?
> Sen
solved? This is another one where dnssec fails, so clearly a
bug.
There is a test page about exactly that case, which fails for me when resolving
through dnsmasq: http://0skar.cz/dns/en/
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetap
Please note:
I fixed the example domain to have a real A record. Try any other fake name
instead:
e.g., "dummy.pangaea.de", also referring to wildcard domain.
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Ori
an
inform us which commit fixed this issue.
Thanks for the quick reply!
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
> From: Kevin Darbyshire-Bryant [mailto:ke...@darbyshire-bryant.me.uk]
> Se
Hi,
Was there a change in dnsmasq related to this? Would be good to get some
feedback. I'll try this version now. Currently I am running 2.75 (Debian
testing pkg 2.75-1)
Do you have dnssec enabled?
Uwe
-----
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMa
Hi,
ALARM: I compiled "2.76test3" and now it is spinning with 100% CPU on my box,
box responds slow or not at all on DNS query. Was the fix included in "test3"?
I updated from 2.75 to 2.76test3 because of the previously mentioned wildcard
dnssec issue.
Uwe
-
Uwe S
Hi,
I'll try. Unfortunately I have to provoke the spinning somehow. I just
installed the test version, was happy, and a few minutes back it was no longer
responding. TOP showed 99% CPU.
By the way, box is a VIA C7 standard x86 box (32 bits), not MIPS like Kevin's.
Uwe
-
Uwe S
t,
> I can validate everything that Google DNS validates.
>
> Cheers,
>
> Simon.
>
>
>
> On 04/01/16 14:48, Uwe Schindler wrote:
> > Hi,
> >
> > I found out that resolving of DNSSEC signed wildcard domains does
> > not work correctly with d
talked about CNAME's which were not used here.
Uwe
-----
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
> From: Dnsmasq-discuss [mailto:dnsmasq-discuss-
> boun...@lists.thekelleys.org.uk] On Behalf O
Hi,
Grabbed, compiled, and installed it. I'll report back. It is now in use on my
router, so I'll see if anything like this happens again.
Uwe
-
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
Hi Simon,
> Well, that's the smoking gun. Dnsmasq is doing the right thing, and your
> upstream server at 212.202.215.1 is broken. I realise that doesn't solve
> the problem, but at least you know where to work now :)
>
>
> (the reason dnsmasq is returning SERVFAIL is that there's a
> chain-of-t
Hi Simon,
> > Well, that's the smoking gun. Dnsmasq is doing the right thing, and your
> > upstream server at 212.202.215.1 is broken. I realise that doesn't solve
> > the problem, but at least you know where to work now :)
> >
> >
> > (the reason dnsmasq is returning SERVFAIL is that there's a
>
request only).
Uwe
-
Uwe Schindler
Achterdiek 19, D-28357 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
> From: Dnsmasq-discuss [mailto:dnsmasq-discuss-
> boun...@lists.thekelleys.org.uk] On Behalf Of Pali Rohár
> Sent: Thursday, December 22, 2
Hi,
> > Windows hosts generally have 2 problems, so assigning a DNS name with
> > IPv6 address using "ra-names" only works under the following
> > circumstances:
> >
> > - The Windows firewall must allow ICMP Echo (PING) requests to go
> > through (IPv6). And here comes the problem: By default the
pe this explanation helps,
Uwe
-
Uwe Schindler
Achterdiek 19, D-28357 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de
> -Original Message-
> From: Dnsmasq-discuss [mailto:dnsmasq-discuss-
> boun...@lists.thekelleys.org.uk] On Behalf Of Robert N
> Sent: Saturday, Sep
gh,60,0
>>>
>>> I changed the ra-param in an attempt to bypass the routers' RA.
>>>
>>> Option6 is working as expected.
>>>
>>> Any ideas, or am I just looking at a pipe dream (wanting host names
>in
>>> the pi-hole query log, in
Hey,
> > The question is, should the above configuration be "baked in" to the code?
>
> As I understand, this vulnerability arises from the Web Proxy Automatic
> Discovery (WPAD) protocol, not from dnsmasq itself. And, dnsmasq
> configuration provides - or will provide - a configuration mechanism
DHCPv6 lease time. E.g., if router
advertisements last a maximum time of 30 minutes, also set the lease time to 30
minutes for IPv6. This requires clients to renew more often, but the change
gots faster. If you force the router to disconnect during nights at a fixed
time, the effect won't be so large.
debian package to have the correct path in the default file (instead of
%%PREFIX%%). This looks like a bug in the debian package installer.
Uwe
-
Uwe Schindler
Achterdiek 19, D-28357 Bremen
http://www.thetaphi.de <http://www.thetaphi.de/>
eMail: u...@thetaphi.de
From: D
. If you want “.ncp” your preferred domain, set “domain = ncp” and
only keep the first entry.
Uwe
-
Uwe Schindler
Achterdiek 19, D-28357 Bremen
https://www.thetaphi.de
eMail: u...@thetaphi.de
From: Dnsmasq-discuss On
Behalf Of Sean Warner
Sent: Tuesday, October 22, 2019 2:25 AM
-interfaces) option.
Uwe
-
Uwe Schindler
Achterdiek 19, D-28357 Bremen
<https://www.thetaphi.de> https://www.thetaphi.de
eMail: u...@thetaphi.de
From: Dnsmasq-discuss On
Behalf Of Koos Pol
Sent: Saturday, December 21, 2019 9:11 AM
To: dnsmasq-discuss@lists.thekelleys.org.uk
S
conf
nameserver 127.0.0.1
search zbmc.eu
Which is a bit odd since I don't have resolvconf.
The system works OK, DNS works, but I'd like to know how.
--
Uwe Schindler
Achterdiek 19, D-28357 Bremen
https://www.thetaphi.de
eMail: u...@thetaphi.de
_
Generated by resolvconf
nameserver 127.0.0.1
search zbmc.eu
Which is a bit odd since I don't have resolvconf.
The system works OK, DNS works, but I'd like to know how.
--
Uwe Schindler
Achterdiek 19, D-28357 Bremen
https://www.thetaphi.de
eMail: u...@thetaphi.de
55 matches
Mail list logo
