| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
Exclude DNSSEC entries from stale caching.
|
| | |
|
| |
|
|
|
| |
Use the first value, rather than initialising at zero,
which takes many queries to converge.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The DBUS per-server stats method should combine the stats from
different records (for different domains) in the same way at the
logging code.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
No longer try and fail to open every port when the port range
is in complete use; go straight to re-using an existing socket.
Die at startup if port range is smaller than --port-limit, since
the code behaves badly in this case.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) It's expected to fail to bind a new source port when they
are scarce, suppress warning in log in this case.
2) Optimse bind_local when max_port - min_port is small. There's no
randomness in this case, so we try all possible source ports
rather than poking at random ones for an arbitrary number of tries.
3) In allocate_rfd() handle the case that all available source ports
are already open. In this case we need to pick an existing
socket/port to use, such that it has a different port from any we
already hold. This gives the required property that the set of ports
utilised by any given query is set by --port-limit and we don't
re-use any until we have port-limit different ones.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This gives dnsmasq the ability to originate retries for upstream DNS
queries itself, rather than relying on the downstream client. This is
most useful when doing DNSSEC over unreliable upstream network. It
comes with some cost in memory usage and network bandwidth.
|
| |
|
|
|
|
|
|
|
| |
By default, when sending a query via random ports to multiple upstream servers or
retrying a query dnsmasq will use a single random port for all the tries/retries.
This option allows a larger number of ports to be used, which can increase robustness
in certain network configurations. Note that increasing this to more than
two or three can have security and resource implications and should only
be done with understanding of those.
|
| | |
|
| |
|
|
|
| |
If we get a SERVFAIL or REFUSED answer to a DNSSEC query for which
we already have a good answer, just ignore it.
|
| | |
|
| |
|
|
|
|
|
| |
Tweak things so that packets relayed towards a server
have source address on the server-facing network, not the
client-facing network. Thanks to Luis Thomas for spotting this
and initial patch.
|
| |
|
|
|
|
| |
Once we have a good answer, close the socket so that the fd can
be reused during DNSSEC validation and we don't have to read and
discard more replies from other servers.
|
| |
|
|
| |
Also add query-ids with log-queries=extra.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Move few patters with whine_malloc, if (successful) copy+free, to a new
whine_realloc. It should do the same thing, but with a help from OS it
can avoid unnecessary copy and free if allocation of more data after
current data is possible.
Added few setting remanining space to 0, because realloc does not use
calloc like whine_malloc does. There is no advantage of zeroing what we
will immediately overwrite. Zero only remaining space.
|
| | |
|
| |
|
|
|
| |
This would return <ip> for queries in some.domain, rather than
forwarding the query via the default server(s) read from /etc/resolv.conf.
|
| |
|
|
|
|
| |
forwarded queries to the configured or default value of
edns-packet-max. There's no point letting a client set a larger
value if we're unable to return the answer.
|
| |
|
|
| |
for DHCPv6 also.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Extract Manufacturer Usage Description (MUD) URL from DHCP Option 161
and make it available to DHCP scripts as DNSMASQ_MUD_URL.
See https://datatracker.ietf.org/doc/html/rfc8520#section-17.3
and https://datatracker.ietf.org/doc/html/rfc8520#section-10
Co-authored-by: Jasper Wiegratz <wiegratz@uni-bremen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extract Manufacturer Usage Description (MUD) URL from DHCP Option 112
and make it available to DHCP scripts as DNSMASQ_MUD_URL.
This expands on the initial support for Manufacturer Usage Description
URLs that has been added in the previous commit for DHCPv4 by also
supporting MUD URLs supplied using DHCPv6.
See https://datatracker.ietf.org/doc/html/rfc8520#section-17.3
and https://datatracker.ietf.org/doc/html/rfc8520#section-10
Co-authored-by: Jasper Wiegratz <wiegratz@uni-bremen.de>
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the most common case, an IPv6 address doesn't have a peer and the
IFA_ADDRESS netlink attribute contains the address itself.
But if the address has a peer (typically for point to point links),
then IFA_ADDRESS contains the peer address and IFA_LOCAL contains the
address [1].
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv6/addrconf.c?h=v5.17#n5030
Fix the parsing of IPv6 addresses with peers, as currently dnsmasq
unsuccessfully tries to bind on the peer address.
A simple reproducer is:
dnsmasq --conf-file=/dev/null -i dummy1 -d --bind-dynamic &
sleep 2
ip link add dummy1 type dummy
ip link set dummy1 up
ip addr add dev dummy1 fd01::1/64 peer fd01::2/64
ip addr add dev dummy1 fd01::42/64
sleep 2
ss -lnp | grep dnsmasq | grep fd01
Before the patch:
dnsmasq: failed to create listening socket for fd01::2: Cannot assign requested address
dnsmasq: failed to create listening socket for fd01::2: Cannot assign requested address
udp UNCONN 0 [fd01::42]:53 [::]:* users:(("dnsmasq",pid=23947,fd=14))
tcp LISTEN 0 [fd01::42]:53 [::]:* users:(("dnsmasq",pid=23947,fd=15
After:
udp UNCONN 0 [fd01::42]:53 [::]:* users:(("dnsmasq",pid=23973,fd=16))
udp UNCONN 0 [fd01::1]:53 [::]:* users:(("dnsmasq",pid=23973,fd=14))
tcp LISTEN 0 [fd01::42]:53 [::]:* users:(("dnsmasq",pid=23973,fd=17))
tcp LISTEN 0 [fd01::1]:53 [::]:* users:(("dnsmasq",pid=23973,fd=15))
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This change also removes a previous bug
where --dhcp-alternate-port would affect the port used
to relay _to_ as well as the port being listened on.
The new feature allows configuration to provide bug-for-bug
compatibility, if required. Thanks to Damian Kaczkowski
for the feature suggestion.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Signed-off-by: DL6ER <dl6er@dl6er.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a bug found on OpenWrt when IPv4/6 dual stack enabled:
The resolv file is located on tmpfs whose mtime resolution
is 1 second. If the resolv file is updated twice within one
second dnsmasq may can't notice the second update.
netifd updates the resolv file with method: write temp then move,
so adding an inode check fixes this bug.
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
| |
Thanks to Leonardo Romor for the suggestion.
|
