[HN Gopher] Dnsmasq wins the first BlueHats Prize
___________________________________________________________________
Dnsmasq wins the first BlueHats Prize
Author : oever
Score : 109 points
Date : 2024-04-18 16:20 UTC (6 hours ago)
(HTM) web link (nlnet.nl)
(TXT) w3m dump (nlnet.nl)
| hkwerf wrote:
| dnsmasq is such a nice tool. I use it daily, for work with
| embedded devices.
|
| Its simple configuration also allows me to quickly provide
| "default" network configurations, simply by copy-pasting the
| command and parameters to invoke it, to my customers so they can
| verify devices without integration into their network.
| nolist_policy wrote:
| +1
|
| dnsmasq is awesome, for me the best thing is the integration
| with nftables so I can reliably police and filter traffic by
| dns domain names.
| ThinkingGuy wrote:
| Dnsmasq was recently the subject of a FLOSS Weekly podcast
| episode:
|
| https://hackaday.com/2024/03/27/floss-weekly-episode-776-dns...
| transpute wrote:
| dnsmasq can be used for wildcard domain aliases in OPNsense
| firewall,
| https://github.com/opnsense/core/issues/4145#issuecomment-12...
| rand846633 wrote:
| Can you elaborate on this? Why this is awesome and what it
| achieves?
| zhengyi13 wrote:
| Two things occur to me:
|
| 1) blackholing every possible subdomain of business-i-dont-
| like.com, and 2) return a single IP address for any and all
| internal subdomains of a private domain - they all go to the
| same proxy then, and it's just one setting to set and forget.
|
| (I may have completely misunderstood this feature though, and
| I would welcome correction)
| ploxiln wrote:
| Dnsmasq is one of those humble low-resources low-dependencies
| low-churn low-level tools that ends up in a bunch of places - so
| many home/SMB routers, "internet sharing" features of linux-based
| OSes (like android but also linux desktops using NetworkManager)
| and personal projects or test-setups for working on networking
| equipment ... and it's easy to kinda forget about it. Kudos, and
| I'm sure it deserves far more donations.
| sophacles wrote:
| Oh good - this is a well deserved award for dnsmasq. It's one of
| the top entries on my personal short-list of "software that's
| actually good". I use it all the time in products, test
| environments and one-offs, and in my 20+ years of using it, it's
| never been the problem.
|
| I may have misconfigured it, or tried to get it to do things far
| beyond what makes sense, or forgotten to add a command line flag
| as the root cause of my issue - but the software itself has
| always just done exactly what the documentation says it will. It
| just works.
|
| Congrats to Simon and all the contributors over the years, and
| thanks for simplifying part of my existence.
| trallnag wrote:
| Have been using dnsmasq for years now in Microsoft's WSL to deal
| with split DNS.
| WirelessGigabit wrote:
| Dnsmasq is amazing. I spend quite the amount of time learning its
| config when hacking DD-WRTs.
|
| One thing that always bothered me is how hard it is to set
| Dnsmasq to do SLAAC but no RDNS.
|
| You see, if you set enable-ra
|
| [0], it defaults to using link-local address of the machine as
| the rDNS server.
|
| You can set another one by setting dhcp-
| option=option6:dns-server,[2001:4860:4860::8844]
|
| If you don't enable DHCPv6 that entry is used as the rdns entry.
|
| BUT...
|
| That means that if you read through this there is no easy way to
| prevent a DNS address from being distributed, and it is quite
| common to want to do that. One of the reasons is that I want my
| clients to use IPv4 so I can track them, but still allow them to
| use SLAAC (and thus privacy protections) to talk to the outside
| world. But if they use SLAAC to talk to my DNS, I get WAY too
| many addresses in there.
|
| The trick is to set: dhcp-option=option6:dns-
| server
|
| an empty value... Not sure if you can add the comma or not.
|
| I could only find 1 reference online:
| https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/20...
|
| I firmly believe that this design choice has made it as such that
| no commercially available, customer router has support for SLAAC
| without rDNS.
|
| [0] https://dnsmasq.org/docs/dnsmasq-
| man.html#:~:text=By%20defau....
| lucb1e wrote:
| Does anyone know what NLnet's involvement is? It says it's a
| french initiative and, clicking through, all I can find it that
| they "partnered", but it doesn't say if they provide part of the
| money or how this collaboration works:
|
| > The French public administration is rewarding maintainers of
| critical Free Software that it uses. Its Free Software unit (an
| OSPO) has partnered with NLnet to put four notable projects in
| the spotlight and award them the BlueHats 2024 prizes.
|
| (For those not familiar with NLnet, they fund a _lot_ of cool
| stuff. Picking a random one I like from the list of currently
| funded projects as an example: https://nlnet.nl/project/CryptPad-
| Blueprints/)
| oever wrote:
| As you say, NLnet funds many projects. We (I work there)
| started off doing so decades ago from our own resources as the
| first ISP in the Netherlands. These days, most of the funds are
| provided by the EU, governments and donations. They ask NLnet
| to handle the applications and guide the selected projects in
| achieving the benefit for the users of the internet that were
| touted when the project applied for funding.
|
| The BlueHats prize is different. It's a recognition for past
| achievements for FOSS projects that are not widely known by
| laymen, but are indispensable in the functioning of ICT in
| government.
|
| DINUM is partnering with NLnet for their expertise and to have
| wider reach for getting nominations and publicity.
| lucb1e wrote:
| > for their expertise and to have wider reach for getting
| nominations and publicity.
|
| Got it, thanks for the answer! And hats off to you and your
| colleagues :)
|
| > These days, most of the funds are provided by the EU,
| governments and donations
|
| Donations sounds to me like either individuals or one-offs,
| but isn't it the case that various organizations send their
| profit to you per their bylaws? I'm thinking of places like
| SIDN and RadicallyOpenSecurity. Do you mean those by
| donations?
| NLnet wrote:
| We helped organizing the prize. BlueHats are civil servants who
| promote free and open source in public institutions. French
| BlueHats wanted to place FOSS maintainers in the spotlight
| because, as is well known, too few resources go that way. So
| they partnered with us to organize the prize together.
| lucb1e wrote:
| Thanks for creating an account just to answer my question!
| Appreciated. And welcome to the dark side, although I hear HN
| does not have too many cookies :-)
| andrewstuart wrote:
| The prize is such a small amount of money its almost an insult.
|
| Governments employee tens of thousands of people on $60K to $300K
| per year and for critical open source projects? A $10K prize.
| Ugh.
___________________________________________________________________
(page generated 2024-04-18 23:00 UTC)