Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - stumper

Pages1
#1
25.1, 25.4 Production Series / Re: Dnsmasq possible feature request?
May 30, 2025, 08:16:32 PM
Monviech (Cedrik): Thank you again for your Dnsmasq responses.

I have a simple home network (4 VLAN) and with the following configuration, I am able to allow select subnets (I only needed one for my current needs) to not have the DNSBL apply:

- System | Settings | General, I have 2 public DNS servers setup
- Dnsmasq | DHCP Ranges for 4 VLAN and one of those VLAN with DHCP Option 6 (DNS Server) pointing to an external DNS Server (which could be the same one as what is in System | Settings | General.

Although this setup is not as advanced as Unbound, adguard or pinole, it does enable for allowing select subnets to bypass the DNSBL.

Hopefully this information may be helpful for others who may be interested in having a single DNS and DHCP solution with DNSBL capabilities.
#2
25.1, 25.4 Production Series / Dnsmasq possible feature request?
May 30, 2025, 04:09:07 AM
@Monviech (Cedrik): Are there any plans with Dnsmasq to have a WebUI option to add pre-defined DNSBL such as hagzei pro, oisd.big, ...?

Context
My goal is to run Dnsmasq standalone, for DHCP, local DNS (static and dynamic DHCP reservations/leases) + external DNS recursive servers (System | Settings | General), and having DNSBL capabilities for blocking "stuff" using pre-defined DNSBL, similar to what is in Unbound currently (pre-defined block lists in WebUI).

Current Understanding
I am familiar with Dnsmasq /usr/local/etc/dnsmasq.conf.d/*.conf capabilities and have successfully manually download (via curl) the hagzei pro DNSBL into a "dnsbl-hagezi-pro.conf) file under the .../dnsmasq.conf.d/  directory and have that file successfully incorporated into a running Dnsmasq configuration.

Reason for my feature request question
Before I go down the path of creating a cron job to periodically download updated DNSBL, write a script to consolidate different DNSBL, I wanted to see if this is a possible planned capability or if this could be considered for a feature request (I'll submit request if agreed to)??

#3
25.1, 25.4 Production Series / Re: dnsmasq and query forwarding
May 29, 2025, 03:27:49 AM
Quote1. Reverse lookups: dig -p 53053 @192.168.31.1 -x 192.168.31.20
your reverse resolution forward entries in unbound are probably wrong: I guess you wanna change *.198.* to *.192.in-addr.arpa . Furthermore your are probably better off with a single 168.192.in-addr.arpa. as I doubt you want to individually configure this on host level in your setup.

@medivh: thanks for pointing out my mistake (case of tired eyes on my part), everything working as expected with that correction.

2. Short name resolutions - I also realized, after stepping away for a bit, that short name digs were not going to work no matter what.

3. With the patches applied and the Unbound query forwarding address correction, I have not received any intermittent resolution errors in the past hour.

@Patrick: Having Dnsmasq as an available option is good thing, at least for my needs - once it is stable here, my goal is to retire Unbound and rely only on Dnsmasq for DHCP and DNS, with DNS blackhole capabilities added in (coming from an Asuswrt-Merlin home setup, I have been using Dnsmasq blackhole functionality for many years successfully and comfortably).

Thank you to all who have responded and provided very useful information!!
#4
25.1, 25.4 Production Series / Re: dnsmasq and query forwarding
May 28, 2025, 01:35:43 PM
@monviech and @meyergru thank your for your responses and will wait for next release

kind regards
#5
25.1, 25.4 Production Series / Re: dnsmasq and query forwarding
May 28, 2025, 03:00:26 AM
@meyergru post #13 - querying dnsmasq directly using "dig" from my laptop (MacBook) with the port (53053) and server (192.168.31.1 in my case) worked as expected, short and fully qualified names, including reverse lookups. I confirmed /var/etc/dnsmasq-hosts contain the expected static assignments as well.

√ ~ % dig -p 53053 @192.168.31.1 kmbpro

; <<>> DiG 9.10.6 <<>> -p 53053 @192.168.31.1 kmbpro
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36073
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;kmbpro.                IN    A

;; ANSWER SECTION:
kmbpro.            1    IN    A    192.168.31.20

;; Query time: 9 msec
;; SERVER: 192.168.31.1#53053(192.168.31.1)
;; WHEN: Tue May 27 20:02:40 EDT 2025
;; MSG SIZE  rcvd: 51

dig -p 53053 @192.168.31.1 kmbpro.mgmt.internal

; <<>> DiG 9.10.6 <<>> -p 53053 @192.168.31.1 kmbpro.mgmt.internal
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22263
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;kmbpro.mgmt.internal.        IN    A

;; ANSWER SECTION:
kmbpro.mgmt.internal.    1    IN    A    192.168.31.20

;; Query time: 9 msec
;; SERVER: 192.168.31.1#53053(192.168.31.1)
;; WHEN: Tue May 27 20:42:43 EDT 2025
;; MSG SIZE  rcvd: 65

dig -p 53053 @192.168.31.1 -x 192.168.31.20

; <<>> DiG 9.10.6 <<>> -p 53053 @192.168.31.1 -x 192.168.31.20
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10355
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;20.31.168.192.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
20.31.168.192.in-addr.arpa. 1    IN    PTR    kMBPro.mgmt.internal.

;; Query time: 9 msec
;; SERVER: 192.168.31.1#53053(192.168.31.1)
;; WHEN: Tue May 27 20:02:06 EDT 2025
;; MSG SIZE  rcvd: 89

doing the same query without pointing directly to dnsmasq always fails on short names and reverse lookups, whereas FQDN works occasionally, otherwise also fails with NXDOMAIN
dig kmbpro

; <<>> DiG 9.10.6 <<>> kmbpro
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53396
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;kmbpro.                IN    A

;; AUTHORITY SECTION:
.            1562    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2025052702 1800 900 604800 86400

;; Query time: 17 msec
;; SERVER: 192.168.31.1#53(192.168.31.1)
;; WHEN: Tue May 27 20:45:49 EDT 2025
;; MSG SIZE  rcvd: 110

dig kmbpro.mgmt.internal

; <<>> DiG 9.10.6 <<>> kmbpro.mgmt.internal
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22874
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;kmbpro.mgmt.internal.        IN    A

;; ANSWER SECTION:
kmbpro.mgmt.internal.    1    IN    A    192.168.31.20

;; Query time: 11 msec
;; SERVER: 192.168.31.1#53(192.168.31.1)
;; WHEN: Tue May 27 20:47:56 EDT 2025
;; MSG SIZE  rcvd: 65

√ ~ % dig -x 192.168.31.20   

; <<>> DiG 9.10.6 <<>> -x 192.168.31.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43607
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;20.31.168.192.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
168.192.in-addr.arpa.    10800    IN    SOA    localhost. nobody.invalid. 1 3600 1200 604800 10800

;; Query time: 16 msec
;; SERVER: 192.168.31.1#53(192.168.31.1)
;; WHEN: Tue May 27 20:48:10 EDT 2025
;; MSG SIZE  rcvd: 114

I believe I have things configured consistent with the online doc examples (see screenshots below)

Am I missing something in unbound configuration or is this a possible bug?







#6
25.1, 25.4 Production Series / Re: dnsmasq and query forwarding
May 27, 2025, 03:17:40 PM
Yes, I have Dnsmasq DNS do not forward reverse + system dns servers (no dns servers are configured at system level) and Unbound custom forwards configured for each of my subnets.

What i have also observed is that the forward and reverse lookups work initially after service restarts or firewall reboot only for a short time, then I start receiving NXDOMAIN.

Pending your response, I'm thinking I may need to redo my configs from scratch to make sure I haven't misconfigured something since I have been trying to get this working over the past week (static and dynamic leases are working as expected, it's just the name resolution are not).
#7
25.1, 25.4 Production Series / Re: dnsmasq and query forwarding
May 27, 2025, 02:39:49 PM
Should the two patches @Monviech mentioned also correct reverse lookups? In my case, following the configuration (Dnsmasq and Unbound) in the  doc, reverse lookups are failing still (forwards are now working tho).
#8
25.1, 25.4 Production Series / Re: DNSMasq Leases UI questions/wishlist
May 24, 2025, 04:55:14 PM
@Monviech thanks for the response and will do on the feature requests
#9
25.1, 25.4 Production Series / DNSMasq Leases UI questions/wishlist
May 24, 2025, 01:28:32 PM
Will the DNSMasq Leases UI have the following abilities similar to ISC DHCP or is it there somewhere and I'm missing it?
- show the status of a lease (e.g., online (green) or offline (red))
- add a static mapping for a dynamic lease
- delete a lease
Pages1