|
version 1.1, 2013/07/29 19:37:40
|
version 1.1.1.2, 2021/03/17 00:56:46
|
|
Line 9 A: The high ports that dnsmasq opens are for replies f
|
Line 9 A: The high ports that dnsmasq opens are for replies f
|
| from port 53 the replies would be _to_ port 53 and get blocked. |
from port 53 the replies would be _to_ port 53 and get blocked. |
| |
|
| This is not a security hole since dnsmasq will only accept replies to that |
This is not a security hole since dnsmasq will only accept replies to that |
| port: queries are dropped. The replies must be to oustanding queries | port: queries are dropped. The replies must be to outstanding queries |
| which dnsmasq has forwarded, otherwise they are dropped too. |
which dnsmasq has forwarded, otherwise they are dropped too. |
| |
|
| Addendum: dnsmasq now has the option "query-port" (-Q), which allows |
Addendum: dnsmasq now has the option "query-port" (-Q), which allows |
|
Line 59 A: Yes, there is explicit support for *BSD and MacOS X
|
Line 59 A: Yes, there is explicit support for *BSD and MacOS X
|
| |
|
| Q: My company's nameserver knows about some names which aren't in the |
Q: My company's nameserver knows about some names which aren't in the |
| public DNS. Even though I put it first in /etc/resolv.conf, it |
public DNS. Even though I put it first in /etc/resolv.conf, it |
| dosen't work: dnsmasq seems not to use the nameservers in the order | doesn't work: dnsmasq seems not to use the nameservers in the order |
| given. What am I doing wrong? |
given. What am I doing wrong? |
| |
|
| A: By default, dnsmasq treats all the nameservers it knows about as |
A: By default, dnsmasq treats all the nameservers it knows about as |
|
Line 144 Q: Who are Verisign, what do they have to do with the
|
Line 144 Q: Who are Verisign, what do they have to do with the
|
| option in dnsmasq and why should I wory about it? |
option in dnsmasq and why should I wory about it? |
| |
|
| A: [note: this was written in September 2003, things may well change.] |
A: [note: this was written in September 2003, things may well change.] |
| Versign run the .com and .net top-level-domains. They have just | Verisign run the .com and .net top-level-domains. They have just |
| changed the configuration of their servers so that unknown .com and |
changed the configuration of their servers so that unknown .com and |
| .net domains, instead of returning an error code NXDOMAIN, (no such |
.net domains, instead of returning an error code NXDOMAIN, (no such |
| domain) return the address of a host at Versign which runs a web | domain) return the address of a host at Verisign which runs a web |
| server showing a search page. Most right-thinking people regard |
server showing a search page. Most right-thinking people regard |
| this new behaviour as broken :-). You can test to see if you are |
this new behaviour as broken :-). You can test to see if you are |
| suffering Versign brokeness by run a command like | suffering Verisign brokenness by run a command like |
| |
|
| host jlsdajkdalld.com |
host jlsdajkdalld.com |
| |
|
| If you get "jlsdajkdalld.com" does not exist, then all is fine, if |
If you get "jlsdajkdalld.com" does not exist, then all is fine, if |
| host returns an IP address, then the DNS is broken. (Try a few |
host returns an IP address, then the DNS is broken. (Try a few |
| different unlikely domains, just in case you picked a wierd one | different unlikely domains, just in case you picked a weird one |
| which really _is_ registered.) |
which really _is_ registered.) |
| |
|
| Assuming that your DNS is broken, and you want to fix it, simply |
Assuming that your DNS is broken, and you want to fix it, simply |
|
Line 180 A: There are a couple of configuration gotchas which h
|
Line 180 A: There are a couple of configuration gotchas which h
|
| whilst the ISC one works. |
whilst the ISC one works. |
| |
|
| The first thing to check is the broadcast address set for the |
The first thing to check is the broadcast address set for the |
| ethernet interface. This is normally the adddress on the connected | ethernet interface. This is normally the address on the connected |
| network with all ones in the host part. For instance if the |
network with all ones in the host part. For instance if the |
| address of the ethernet interface is 192.168.55.7 and the netmask |
address of the ethernet interface is 192.168.55.7 and the netmask |
| is 255.255.255.0 then the broadcast address should be |
is 255.255.255.0 then the broadcast address should be |
|
Line 205 A: By default, none of the DHCP clients send the host-
|
Line 205 A: By default, none of the DHCP clients send the host-
|
| send with the "hostname" keyword in /etc/network/interfaces. (See |
send with the "hostname" keyword in /etc/network/interfaces. (See |
| "man interfaces" for details.) That doesn't work for dhclient, were |
"man interfaces" for details.) That doesn't work for dhclient, were |
| you have to add something like "send host-name daisy" to |
you have to add something like "send host-name daisy" to |
| /etc/dhclient.conf [Update: the lastest dhcpcd packages _do_ send | /etc/dhclient.conf [Update: the latest dhcpcd packages _do_ send |
| the hostname by default. |
the hostname by default. |
| |
|
| Q: I'm network booting my machines, and trying to give them static |
Q: I'm network booting my machines, and trying to give them static |
|
Line 240 Q: What are these strange "bind-interface" and "bind-d
|
Line 240 Q: What are these strange "bind-interface" and "bind-d
|
| |
|
| A: Dnsmasq from v2.63 can operate in one of three different "networking |
A: Dnsmasq from v2.63 can operate in one of three different "networking |
| modes". This is unfortunate as it requires users configuring dnsmasq |
modes". This is unfortunate as it requires users configuring dnsmasq |
| to take into account some rather bizzare contraints and select the | to take into account some rather bizarre constraints and select the |
| mode which best fits the requirements of a particular installation. |
mode which best fits the requirements of a particular installation. |
| The origin of these are deficiencies in the Unix networking |
The origin of these are deficiencies in the Unix networking |
| model and APIs and each mode has different advantages and |
model and APIs and each mode has different advantages and |
|
Line 252 A: Dnsmasq from v2.63 can operate in one of three diff
|
Line 252 A: Dnsmasq from v2.63 can operate in one of three diff
|
| The three modes are "wildcard", "bind-interfaces" and "bind-dynamic". |
The three modes are "wildcard", "bind-interfaces" and "bind-dynamic". |
| |
|
| In "wildcard" mode, dnsmasq binds the wildcard IP address (0.0.0.0 or |
In "wildcard" mode, dnsmasq binds the wildcard IP address (0.0.0.0 or |
| ::). This allows it to recieve all the packets sent to the server on | ::). This allows it to receive all the packets sent to the server on |
| the relevant port. Access control (--interface, --except-interface, |
the relevant port. Access control (--interface, --except-interface, |
| --listen-address, etc) is implemented by dnsmasq: it queries the |
--listen-address, etc) is implemented by dnsmasq: it queries the |
| kernel to determine the interface on which a packet was recieved and | kernel to determine the interface on which a packet was received and |
| the address to which it was sent, and applies the configured |
the address to which it was sent, and applies the configured |
| rules. Wildcard mode is the default if neither of the other modes are |
rules. Wildcard mode is the default if neither of the other modes are |
| specified. |
specified. |
|
Line 276 A: Dnsmasq from v2.63 can operate in one of three diff
|
Line 276 A: Dnsmasq from v2.63 can operate in one of three diff
|
| The mode chosen has four different effects: co-existence with other |
The mode chosen has four different effects: co-existence with other |
| servers, semantics of --interface access control, effect of new |
servers, semantics of --interface access control, effect of new |
| interfaces, and legality of --interface specifications for |
interfaces, and legality of --interface specifications for |
| non-existent inferfaces. We will deal with these in order. | non-existent interfaces. We will deal with these in order. |
| |
|
| A dnsmasq instance running in wildcard mode precludes a machine from |
A dnsmasq instance running in wildcard mode precludes a machine from |
| running a second instance of dnsmasq or any other DNS, TFTP or DHCP |
running a second instance of dnsmasq or any other DNS, TFTP or DHCP |
|
Line 297 A: Dnsmasq from v2.63 can operate in one of three diff
|
Line 297 A: Dnsmasq from v2.63 can operate in one of three diff
|
| by dnsmasq when in --bind-interfaces mode. In wildcard or bind-dynamic |
by dnsmasq when in --bind-interfaces mode. In wildcard or bind-dynamic |
| mode, such interfaces are handled normally. |
mode, such interfaces are handled normally. |
| |
|
| A --interface specification for a non-existent interface is a fatal | An --interface specification for a non-existent interface is a fatal |
| error at start-up when in --bind-interfaces mode, by just generates a |
error at start-up when in --bind-interfaces mode, by just generates a |
| warning in wildcard or bind-dynamic mode. |
warning in wildcard or bind-dynamic mode. |
| |
|
|
Line 313 Q: Can I get email notification when a new version of
|
Line 313 Q: Can I get email notification when a new version of
|
| released? |
released? |
| |
|
| A: Yes, new releases of dnsmasq are always announced through |
A: Yes, new releases of dnsmasq are always announced through |
| freshmeat.net, and they allow you to subcribe to email alerts when | freshmeat.net, and they allow you to subscribe to email alerts when |
| new versions of particular projects are released. New releases are |
new versions of particular projects are released. New releases are |
| also announced in the dnsmasq-discuss mailing list, subscribe at |
also announced in the dnsmasq-discuss mailing list, subscribe at |
| http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss |
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss |
| |
|
| Q: What does the dhcp-authoritative option do? |
Q: What does the dhcp-authoritative option do? |
| |
|
| A: See http://www.isc.org/files/auth.html - that's | A: The DHCP spec says that when a DHCP server receives a renewal request |
| for the ISC daemon, but the same applies to dnsmasq. | from a client it has no knowledge of, it should just ignore it. |
| | This is because it's supported to have more than one DHCP server |
| | on a network, and another DHCP server may be dealing with the client. |
| | This has the unfortunate effect that when _no_ DHCP replies to |
| | the client, it takes some time for the client to time-out and start |
| | to get a new lease. Setting this option makes dnsmasq violate the |
| | standard to the extent that it will send a NAK reply to the client, |
| | causing it to immediately start to get a new lease. This improves |
| | behaviour when machines move networks, and in the case that the DHCP |
| | lease database is lost. As long as there are not more tha one DHCP |
| | server on the network, it's safe to enable the option. |
| |
|
| Q: Why does my Gentoo box pause for a minute before getting a new |
Q: Why does my Gentoo box pause for a minute before getting a new |
| lease? |
lease? |
|
Line 349 A: By default, the identity of a machine is determined
|
Line 359 A: By default, the identity of a machine is determined
|
| method for setting the client-id varies with DHCP client software, |
method for setting the client-id varies with DHCP client software, |
| dhcpcd uses the "-I" flag. Windows uses a registry setting, |
dhcpcd uses the "-I" flag. Windows uses a registry setting, |
| see http://www.jsiinc.com/SUBF/TIP2800/rh2845.htm |
see http://www.jsiinc.com/SUBF/TIP2800/rh2845.htm |
| |
|
| Addendum: |
Addendum: |
| From version 2.46, dnsmasq has a solution to this which doesn't |
From version 2.46, dnsmasq has a solution to this which doesn't |
| involve setting client-IDs. It's possible to put more than one MAC |
involve setting client-IDs. It's possible to put more than one MAC |
| address in a --dhcp-host configuration. This tells dnsmasq that it |
address in a --dhcp-host configuration. This tells dnsmasq that it |
| should use the specified IP for any of the specified MAC addresses, |
should use the specified IP for any of the specified MAC addresses, |
| and furthermore it gives dnsmasq permission to sumarily abandon a | and furthermore it gives dnsmasq permission to summarily abandon a |
| lease to one of the MAC addresses if another one comes along. Note |
lease to one of the MAC addresses if another one comes along. Note |
| that this will work fine only as longer as only one interface is |
that this will work fine only as longer as only one interface is |
| up at any time. There is no way for dnsmasq to enforce this |
up at any time. There is no way for dnsmasq to enforce this |
| constraint: if you configure multiple MAC addresses and violate |
constraint: if you configure multiple MAC addresses and violate |
| this rule, bad things will happen. |
this rule, bad things will happen. |
| |
|
| |
Addendum-II: The link above is dead, the former contents of the link are: |
| |
|
| |
------------------------------------------------------------------------------ |
| |
How can I keep the same DHCP client reservation, if the MAC address changes? |
| |
|
| |
When you reserve an IP address for a DHCP client, you provide the |
| |
MAC address of the client's NIC. |
| |
|
| |
It is possible to use a custom identifier, which is sent as |
| |
option 61 in the client's DHCP Discover and Request packet. |
| |
|
| |
The DhcpClientIdentifier is a REG_DWORD value that is located at: |
| |
|
| |
Windows NT 4.0 SP2+ |
| |
|
| |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<Adapter Name>'X'\Parameters\Tcpip |
| |
|
| |
where <Adapter Name> is the NIC driver name and 'X' is the number of the NIC. |
| |
|
| |
Windows 2000 |
| |
|
| |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TcpIp\Parameters\Interfaces\<NIC GUID> |
| |
|
| |
where <NIC GUID> is the GUID of the NIC. |
| |
|
| |
The valid range of data is 0x0 - 0xFFFFFFFF. The custom identifier is send as 4 bytes, |
| |
8 hexadecimal character, in groups of 2 hexadecimal characters, with the groups being |
| |
sent in reverse order. If the custom identifier is less than 8 hexadeciaml characters, |
| |
it is zero padded at the end. Examples: |
| |
|
| |
Custom Client Client Reservation |
| |
Identifier on DHCP Server |
| |
12345678 78563412 |
| |
123456 56341200 |
| |
1234 34120000 |
| |
1234567 67452301 |
| |
12345 45230100 |
| |
123 23010000 |
| |
A18F42 428FA100 |
| |
CF432 32F40C00 |
| |
C32D1BE BED1320C |
| |
|
| |
------------------------------------------------------------------------------------------------------- |
| |
|
| |
|
| Q: Can dnsmasq do DHCP on IP-alias interfaces? |
Q: Can dnsmasq do DHCP on IP-alias interfaces? |
| |
|
| A: Yes, from version-2.21. The support is only available running under |
A: Yes, from version-2.21. The support is only available running under |
|
Line 488 Q: DHCP doesn't work with windows 7 but everything els
|
Line 544 Q: DHCP doesn't work with windows 7 but everything els
|
| |
|
| A: There seems to be a problem if Windows 7 doesn't get a value for |
A: There seems to be a problem if Windows 7 doesn't get a value for |
| DHCP option 252 in DHCP packets it gets from the server. The |
DHCP option 252 in DHCP packets it gets from the server. The |
| symtoms have beeen variously reported as continual DHCPINFORM | symptoms have been variously reported as continual DHCPINFORM |
| requests in an attempt to get an option-252, or even ignoring DHCP |
requests in an attempt to get an option-252, or even ignoring DHCP |
| offers completely (and failing to get an IP address) if there is no |
offers completely (and failing to get an IP address) if there is no |
| option-252 supplied. DHCP option 252 is for WPAD, WWW Proxy |
option-252 supplied. DHCP option 252 is for WPAD, WWW Proxy |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to FAQ CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq