Dnsmasq is one of those humble low-resources low-dependencies low-churn low-level tools that ends up in a bunch of places - so many home/SMB routers, "internet sharing" features of linux-based OSes (like android but also linux desktops using NetworkManager) and personal projects or test-setups for working on networking equipment ... and it's easy to kinda forget about it. Kudos, and I'm sure it deserves far more donations.
Dnsmasq is amazing. I spend quite the amount of time learning its config when hacking DD-WRTs.<p>One thing that always bothered me is how hard it is to set Dnsmasq to do SLAAC but no RDNS.<p>You see, if you set<p><pre><code> enable-ra
</code></pre>
[0], it defaults to using link-local address of the machine as the rDNS server.<p>You can set another one by setting<p><pre><code> dhcp-option=option6:dns-server,[2001:4860:4860::8844]
</code></pre>
If you don't enable DHCPv6 that entry is used as the rdns entry.<p>BUT...<p>That means that if you read through this there is no easy way to prevent a DNS address from being distributed, and it is quite common to want to do that. One of the reasons is that I want my clients to use IPv4 so I can track them, but still allow them to use SLAAC (and thus privacy protections) to talk to the outside world. But if they use SLAAC to talk to my DNS, I get WAY too many addresses in there.<p>The trick is to set:<p><pre><code> dhcp-option=option6:dns-server
</code></pre>
an empty value... Not sure if you can add the comma or not.<p>I could only find 1 reference online: <a href="https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q4/014521.html" rel="nofollow">https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/20...</a><p>I firmly believe that this design choice has made it as such that no commercially available, customer router has support for SLAAC without rDNS.<p>[0] <a href="https://dnsmasq.org/docs/dnsmasq-man.html#:~:text=By%20default%2C%20the%20relevant%20link%2Dlocal%20address%20of%20the%20machine%20running%20dnsmasq%20is%20sent%20as%20recursive%20DNS%20server" rel="nofollow">https://dnsmasq.org/docs/dnsmasq-man.html#:~:text=By%20defau...</a>.
Oh good - this is a well deserved award for dnsmasq. It's one of the top entries on my personal short-list of "software that's actually good". I use it all the time in products, test environments and one-offs, and in my 20+ years of using it, it's never been the problem.<p>I may have misconfigured it, or tried to get it to do things far beyond what makes sense, or forgotten to add a command line flag as the root cause of my issue - but the software itself has always just done exactly what the documentation says it will. It just works.<p>Congrats to Simon and all the contributors over the years, and thanks for simplifying part of my existence.
Dnsmasq was recently the subject of a FLOSS Weekly podcast episode:<p><a href="https://hackaday.com/2024/03/27/floss-weekly-episode-776-dnsmasq-making-the-internet-work-since-1999/#more-671472" rel="nofollow">https://hackaday.com/2024/03/27/floss-weekly-episode-776-dns...</a>
dnsmasq is such a nice tool. I use it daily, for work with embedded devices.<p>Its simple configuration also allows me to quickly provide "default" network configurations, simply by copy-pasting the command and parameters to invoke it, to my customers so they can verify devices without integration into their network.
Does anyone know what NLnet's involvement is? It says it's a french initiative and, clicking through, all I can find it that they "partnered", but it doesn't say if they provide part of the money or how this collaboration works:<p>> The French public administration is rewarding maintainers of critical Free Software that it uses. Its Free Software unit (an OSPO) has partnered with NLnet to put four notable projects in the spotlight and award them the BlueHats 2024 prizes.<p>(For those not familiar with NLnet, they fund a <i>lot</i> of cool stuff. Picking a random one I like from the list of currently funded projects as an example: <a href="https://nlnet.nl/project/CryptPad-Blueprints/" rel="nofollow">https://nlnet.nl/project/CryptPad-Blueprints/</a>)
dnsmasq can be used for wildcard domain aliases in OPNsense firewall, <a href="https://github.com/opnsense/core/issues/4145#issuecomment-1208889357">https://github.com/opnsense/core/issues/4145#issuecomment-12...</a>
Dnsmasq saved me at work last month when I had to stand up a DNS server fast in order to get around an externally supplied one. I'll forever be grateful to you, dnsmasq. You are excellent.
BlueHats Prize is a buried story.<p><a href="https://nlnet.nl/bluehatsprize/2024/" rel="nofollow">https://nlnet.nl/bluehatsprize/2024/</a>
The prize is such a small amount of money its almost an insult.<p>Governments employee tens of thousands of people on $60K to $300K per year and for critical open source projects? A $10K prize. Ugh.