Dnsmasq is one of those humble low-resources low-dependencies low-churn low-level tools that ends up in a bunch of places - so many home/SMB routers, "internet sharing" features of linux-based OSes (like android but also linux desktops using NetworkManager) and personal projects or test-setups for working on networking equipment ... and it's easy to kinda forget about it. Kudos, and I'm sure it deserves far more donations.
If you don't enable DHCPv6 that entry is used as the rdns entry.
BUT...
That means that if you read through this there is no easy way to prevent a DNS address from being distributed, and it is quite common to want to do that. One of the reasons is that I want my clients to use IPv4 so I can track them, but still allow them to use SLAAC (and thus privacy protections) to talk to the outside world. But if they use SLAAC to talk to my DNS, I get WAY too many addresses in there.
The trick is to set:
dhcp-option=option6:dns-server
an empty value... Not sure if you can add the comma or not.
I've seen IPv6 deployments where internal names use ULA addresses for tracking/monitoring purposes, but outbound traffic SLAAC is used by hosts since having multiple IPv6 address per an interface is somewhat normal.
Oh good - this is a well deserved award for dnsmasq. It's one of the top entries on my personal short-list of "software that's actually good". I use it all the time in products, test environments and one-offs, and in my 20+ years of using it, it's never been the problem.
I may have misconfigured it, or tried to get it to do things far beyond what makes sense, or forgotten to add a command line flag as the root cause of my issue - but the software itself has always just done exactly what the documentation says it will. It just works.
Congrats to Simon and all the contributors over the years, and thanks for simplifying part of my existence.
dnsmasq is such a nice tool. I use it daily, for work with embedded devices.
Its simple configuration also allows me to quickly provide "default" network configurations, simply by copy-pasting the command and parameters to invoke it, to my customers so they can verify devices without integration into their network.
Thanks for mentioning that, I had no idea! This is something I've been looking for my home network for a while. Are there any resources or reading that you particularly recommend? I'll kagi search of course, but good network related stuff is notoriously difficult to find.
Does anyone know what NLnet's involvement is? It says it's a french initiative and, clicking through, all I can find it that they "partnered", but it doesn't say if they provide part of the money or how this collaboration works:
> The French public administration is rewarding maintainers of critical Free Software that it uses. Its Free Software unit (an OSPO) has partnered with NLnet to put four notable projects in the spotlight and award them the BlueHats 2024 prizes.
(For those not familiar with NLnet, they fund a lot of cool stuff. Picking a random one I like from the list of currently funded projects as an example: https://nlnet.nl/project/CryptPad-Blueprints/)
As you say, NLnet funds many projects. We (I work there) started off doing so decades ago from our own resources as the first ISP in the Netherlands. These days, most of the funds are provided by the EU, governments and donations. They ask NLnet to handle the applications and guide the selected projects in achieving the benefit for the users of the internet that were touted when the project applied for funding.
The BlueHats prize is different. It's a recognition for past achievements for FOSS projects that are not widely known by laymen, but are indispensable in the functioning of ICT in government.
DINUM is partnering with NLnet for their expertise and to have wider reach for getting nominations and publicity.
> for their expertise and to have wider reach for getting nominations and publicity.
Got it, thanks for the answer! And hats off to you and your colleagues :)
> These days, most of the funds are provided by the EU, governments and donations
Donations sounds to me like either individuals or one-offs, but isn't it the case that various organizations send their profit to you per their bylaws? I'm thinking of places like SIDN and RadicallyOpenSecurity. Do you mean those by donations?
We helped organizing the prize. BlueHats are civil servants who promote free and open source in public institutions. French BlueHats wanted to place FOSS maintainers in the spotlight because, as is well known, too few resources go that way. So they partnered with us to organize the prize together.
Thanks for creating an account just to answer my question! Appreciated. And welcome to the dark side, although I hear HN does not have too many cookies :-)
Hi, I'm in charge of code.gouv.fr and I initiated this BlueHats prize.
The money comes from the French government (4x10K€ for the four prizes).
We wanted to do this with NLnet to benefit from their experience and to rely on another entity to transfer the funds.
We received a lot of interesting submissions and asking public administrations who deserves the award is already a very nice exercise. We will write more about the process and the lessons learned after this first (experimental) iteration.
1) blackholing every possible subdomain of business-i-dont-like.com, and
2) return a single IP address for any and all internal subdomains of a private domain - they all go to the same proxy then, and it's just one setting to set and forget.
(I may have completely misunderstood this feature though, and I would welcome correction)
Dnsmasq saved me at work last month when I had to stand up a DNS server fast in order to get around an externally supplied one. I'll forever be grateful to you, dnsmasq. You are excellent.
Was a sanity saver for WSL1 with split WFH DNS with company Windows VPN client.
DNS has been a lot better with WSL2, but the config has remained in place.
I wish there were a proper way to thank open source authors and contributors. I'm thinking of a single place where users could write their thanks and the open source folks could read it.
There's the saying "Be the change you want to see in the world" implying that I should do it. Perhaps I should. I might have to wait for my kids to grow up a bit first.
If you want to get a lot of public money in France, the best approach is to set your entire neighborhood ablaze, which guarantees the money will come pouring in the following months.
reply