-
-
Notifications
You must be signed in to change notification settings - Fork 562
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve conditional forwarding settings #1208
Conversation
…et according to their needs. Signed-off-by: DL6ER <[email protected]>
You've given detailed instructions on how to set it up for IPv4, but nothing for IPv6. Is any documentation going to be added for that? |
Hmmm, do we really need it? It is basically the same thing with the some exception of you using an IPv6 address. |
Also: I submitted a patch some longer time ago to the dnsmasq mailing list which removed the limitations on the allowed CIDR size, however, no response to this as of yet. |
My only concern is that IPv6 is a bit of a mystery compared to IPv4 (at least for me). When I was looking for a way to set up conditional forwarding IPv6, all the discourse posts used a ULA in addition to the router's IP like this
Sorry if I'm missing something, but would the ULA be unneeded with this update? |
This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there: https://discourse.pi-hole.net/t/ula-is-recursively-not-resolved/17711/8 |
This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there: https://discourse.pi-hole.net/t/ipv6-conditional-forwarding/21541/4 |
No, you would simple enter |
Ok, in theory that makes sense. In practice, I guess we’ll see... :) |
Signed-off-by: DL6ER <[email protected]>
Signed-off-by: DL6ER <[email protected]>
I haven't tested this, just some general markup comments :) |
Signed-off-by: DL6ER <[email protected]>
Co-authored-by: Adam Warner <[email protected]>
{ | ||
$error .= "Conditional forwarding subnet (\"".htmlspecialchars($cidr)."\") is invalid!<br>". | ||
"This field requires CIDR notation for local subnets (e.g., 192.168.0.0/16).<br>". | ||
"Please use only subnets /8, /16, /24, and /32.<br>"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@DL6ER This works as expected, I get an error if I try to use a /23. But I do have a question, why is /23 invalid?
My network spans 192.168.0.1-192.168.1.254
(I should have checked this before merging I guess!)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks.... I tried a cursory search on discourse to see if it had already been discussed. I failed, clearly!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In any case, it works if I use /16
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there was a mailinglist patch or question to allow for non-natural masks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah. TL;DR dnsmasq
only supports multiples of 8 for IPv4 (8, 16, 24) and multiples of 4 for IPv6 (4, 8, 12, ...). I submitted patches to allow arbitrary prefix lengths but nothing happened to them. As odd prefix-lengths cause dnsmasq
to fail on startup, they are forbidden for now (until my two patches are implemented)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IPv5
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do this every now and then, usually it goes unnoticed :-)
This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there: https://discourse.pi-hole.net/t/pi-hole-5-1-released/35577/1 |
This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there: https://discourse.pi-hole.net/t/text-change-on-the-settings-dns-page/27022/11 |
By submitting this pull request, I confirm the following:
git rebase
)What does this PR aim to accomplish?:
"Conditional forwarding" can be used to tell FTL to send queries to local devices (either with a local domain) and PTR requests for private ranges to a dedicated device (typically the router of the network) instead of the configured upstreams.
While this works for most users, it is not very flexible, as it implies three severe limitations (assuming the router is
10.1.2.3
):10.1.2.0/24
. This is often correct (typically for192.168.x.0/24
networks, but may also be wrong!How does this PR accomplish the above?:
This PR aims at making conditional forwarding more flexible.
10.0.0.0/8
in above's example)13.225.3.2
for all IPs in range10.0.0.0/8
).This feature is intended for Pi-hole v5.1 to ensure we have proper time for testing once it hits
development
What documentation changes (if any) are needed to support this PR?:
It has to be checked whether/where we document conditional forwarding.