Please update dnsmasq to 2.87

skveen · September 27, 2022, 7:57am

Hello development team
Because dnsmasq2.87 supports nftset
Can you please update it to 2.87 in the next version?

Thanks.

hnyman · September 27, 2022, 8:48am

2.87 pre-release versions have been in testing by @ldir for some time, and also @jow has it in his staging tree.

As 2.87 has been officially released last Sunday, it might well be the time for the version bump here.

[Dnsmasq-discuss] Announce: dnsmasq-2.87.

Simon Kelley [simon at thekelleys.org.uk ]
Sun Sep 25 22:07:21 UTC 2022

and @ldir has already done a PR for that purpose. You could test it:

stangri · September 27, 2022, 10:55am

Thanks @hnyman for posting the PR link.

I've tried to build the 2.87 supporting nft myself, but my build VM couldn't handle the extra storage required for the toolchain (vs SDKs I already have there), so it failed.

I'd very much like to test the dnsmasq-full from that PR and if anyone is building/has already built it for x86_64, please send a link!

frollic · September 27, 2022, 11:25am

free for life oracle cloud hosts, FTW.

sign up, and spin one up. won't be fast, but it'll get the job done.

or try the 8 core trial host, I think they last 3 mo, if you don't pay.

Google, Amazon and MS have those too, but I think Oracle are the
only ones offering free for life.

MakiseKurisu · September 29, 2022, 5:41pm

I'm also very interested in this version of Dnsmasq due to nftset support, but I want to ask a general question about how openwrt handles the package update.

Assume the pr is merged, when will we see the new version in the opkg archive? Next dot release? Major release? I know the answer for debian or arch, but I'm not so sure about openwrt.

anon78773196 · September 29, 2022, 5:41pm

hello everyone is it included in the last snapshot? "dnsmaq 2.87"

hnyman · September 29, 2022, 5:51pm

No. It is still just a pull request. Not yet merged.

frollic · September 29, 2022, 6:22pm

Poll the packages dir of the snapshots?

anomeome · September 29, 2022, 6:24pm

Seems rather pointless, at least before the PR is actually pushed; and if you want to know when that happens, go to the PR and hit the subscribe button.

j9brown · October 8, 2022, 6:25am

Nifty. I’m hoping it 2.87 might improve query performance with large adblock lists.

Would it be possible to backport 2.87 to the OpenWrt 21.x series also?

anomeome · October 8, 2022, 5:29pm

The PR received a lethal dose and is in need of a champion to resuscitate.

account4538 · October 8, 2022, 10:22pm

You should have seen a huge improvement with v2.86. I can run the full OISD list with no increase in load or latency.

j9brown · October 8, 2022, 11:16pm

The dnsmasq 2.86 package hasn't been backported to OpenWrt 21.02 so I can't easily test it out. Also, that version of dnsmasq seems to have enough serious bugs that I'm holding off on upgrading to OpenWrt 22.03 until dnsmasq 2.87 lands.

slh · October 8, 2022, 11:23pm

dnsmasq v2.87 will land in master soon™ (for some value of soon), chances for it to land at all in openwrt-22.03 however would be slim (non-zero, as it can be argued that it fixes a real deficiency of nftables based ipsets, but very slim, as it is a quite major change in a release code base; generally, this would be a big no-no).

j9brown · October 10, 2022, 8:48pm

Hmm. I'm not particularly interested in the nftables related improvements myself. I'm much more interested in the security bug fixes, performance, and stability improvements. Judging from the forums, dnsmasq 2.86 is rather buggy and it has several CVEs.

I don't see any breaking changes in dnsmasq 2.87. So if we bumped the package version and made no other changes to how it integrates in the system (e.g. --nftset) then wouldn't it be a relatively safe net improvement over the status quo?

rhester72 · October 10, 2022, 9:15pm

Agree - 2.86 has a breaking bug that causes it to crash outright when configured to mask IPv6 responses for specific domains. At minimum this needs to be backported to 22.03.

WordsWorthLess · October 23, 2022, 7:39pm

dnsmasq ver.2.87 x86 64 for OpenWrt 22.03.2

Please give it a try,
But in my case ,nftset is not working properly

I tried to build my domain list config in forms of

nftset=/www.example.com/4#inet#vpn_table#set_vpn_ipv4,6#inet#vpn_table#set_vpn_ipv6

or

nftset=/www.example.com/4#inet#vpn_table#set_vpn_ipv4
nftset=/www.example.com/6#inet#vpn_table#set_vpn_ipv6

and my nft table was like

table inet vpn_table {
        set set_vpn_v4 {
                type ipv4_addr
                flags interval
                elements {
                }
        }
        set set_vpn_v6 {
                type ipv6_addr
                flags interval
                elements {
                }
        }
        ruchains {xxxxxxxxx
        }
}

the ipv4 addresses were added to the nft set correctly, some how it seem like dnsmasq didn't deal with the ipv6 addddress
maybe there are something wrong with my configuarations

----mistry solved------------
Turns out it was my fault,
No need to specify the address family for each sets.
DNSMASQ will put the right in the sets according to set types.
Seems like once DNSMASQ receive a given address family, it will discard all the records that don't fit, then,there won't be any records for the following sets with different address family specified

stangri · October 24, 2022, 5:09am

Thank you so much, you saved me a lot of time! Seems to be working just fine with pbr on OpenWrt 22.03!

Did you implement any changes in the init script from the previously closed PR or is it just the new dnsmasq binary with the old init script?

WordsWorthLess · October 24, 2022, 10:03am

I just compiled the package and try it on the 22.03.2 official build, did not make any changes to the old init script

stangri · January 1, 2023, 3:05am

Would you be so kind to build and share dnsmasq-full 2.88 ipk for OpenWrt 22.03 using this: https://github.com/openwrt/openwrt/blob/5c7e4a9d2e25d5ecc33c3c2650e4f954936c9c69/package/network/services/dnsmasq/Makefile ?