Simon McVittie wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: dnsmasq
Version: 2.40-1
Severity: important
dnsmasq's filterwin2k option suppresses *all* SRV queries. These aren't
only used by Windows to find domain controllers - they're increasingly
commonly used for, for instance, SIP and XMPP.
For instance, connecting to Google Talk correctly requires either making
a successful SRV lookup, or explicitly specifying the server's real
hostname. Since this is all meant to work automatically, and in the
absence of indiscriminate SRV blocking it *does* work, we'd prefer to be
able to relegate the server hostname to some sort of "advanced options"
rather than forcing users to care about it.
See also:
https://dev.openwrt.org/ticket/2566
Because dnsmasq is also used on consumer embedded hardware where it's hard or
impossible to reconfigure, and in openwrt (which hasn't had a release
since the ticket above was fixed), this is likely to haunt us for quite
some time.
Our suggested fix would be to define exactly which requests are "useless"
and filter more specifically for those - perhaps checking specifically
for the service that Windows periodically looks up.
Regards,
Simon
telepathy.freedesktop.org
This problem was recognised some time ago, and the default configuration
file distributed with dnsmasq changed to comment out the option so that
people don't get it by inertia. Warnings about side effects were also added.
I regard the option as a bit of a crock, but I don't see how changing
its behaviour and therefore potentialy causing breakage for people who
are using it successfully will help the situation. Nothing I can do in a
dnsmasq release will fix old releases of openwrt using old releases of
dnsmasq.
I'm happy to add specific warnings about Google talk, SIP and XMPP to
the example config file and changelog.
Cheers,
Simon.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
