_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
URI Visit Hacker News on the Web
COMMENT PAGE FOR:
URI Dnsmasq wins the first BlueHats Prize
hiAndrewQuinn wrote 1 hour 40 min ago:
Dnsmasq saved me at work last month when I had to stand up a DNS server
fast in order to get around an externally supplied one. I'll forever be
grateful to you, dnsmasq. You are excellent.
1970-01-01 wrote 2 hours 25 min ago:
BlueHats Prize is a buried story.
URI [1]: https://nlnet.nl/bluehatsprize/2024/
mianos wrote 12 hours 31 min ago:
When he was on FLOSS weekly last week, he was saying it's running on
every Android phone. Right there are 3 billion devices running his
code.
andrewstuart wrote 19 hours 14 min ago:
The prize is such a small amount of money its almost an insult.
Governments employee tens of thousands of people on $60K to $300K per
year and for critical open source projects? A $10K prize. Ugh.
setcarsonfire wrote 7 hours 15 min ago:
If you want to get a lot of public money in France, the best approach
is to set your entire neighborhood ablaze, which guarantees the money
will come pouring in the following months.
justin_oaks wrote 13 hours 49 min ago:
I wish there were a proper way to thank open source authors and
contributors. I'm thinking of a single place where users could write
their thanks and the open source folks could read it.
There's the saying "Be the change you want to see in the world"
implying that I should do it. Perhaps I should. I might have to wait
for my kids to grow up a bit first.
SCUSKU wrote 10 hours 28 min ago:
Better yet, just start smart and send a nice note to a maintainer
you admire and sponsor a project for $5/mo!
djbusby wrote 15 hours 27 min ago:
You could double it.
lucb1e wrote 20 hours 6 min ago:
Does anyone know what NLnet's involvement is? It says it's a french
initiative and, clicking through, all I can find it that they
"partnered", but it doesn't say if they provide part of the money or
how this collaboration works:
> The French public administration is rewarding maintainers of critical
Free Software that it uses. Its Free Software unit (an OSPO) has
partnered with NLnet to put four notable projects in the spotlight and
award them the BlueHats 2024 prizes.
(For those not familiar with NLnet, they fund a lot of cool stuff.
Picking a random one I like from the list of currently funded projects
as an example: [1] )
URI [1]: https://nlnet.nl/project/CryptPad-Blueprints/
bzg wrote 9 hours 51 min ago:
Hi, I'm in charge of code.gouv.fr and I initiated this BlueHats
prize.
The money comes from the French government (4x10K⬠for the four
prizes).
We wanted to do this with NLnet to benefit from their experience and
to rely on another entity to transfer the funds.
We received a lot of interesting submissions and asking public
administrations who deserves the award is already a very nice
exercise. We will write more about the process and the lessons
learned after this first (experimental) iteration.
NLnet wrote 19 hours 26 min ago:
We helped organizing the prize. BlueHats are civil servants who
promote free and open source in public institutions. French BlueHats
wanted to place FOSS maintainers in the spotlight because, as is well
known, too few resources go that way. So they partnered with us to
organize the prize together.
lucb1e wrote 19 hours 20 min ago:
Thanks for creating an account just to answer my question!
Appreciated. And welcome to the dark side, although I hear HN does
not have too many cookies :-)
oever wrote 19 hours 29 min ago:
As you say, NLnet funds many projects. We (I work there) started off
doing so decades ago from our own resources as the first ISP in the
Netherlands. These days, most of the funds are provided by the EU,
governments and donations. They ask NLnet to handle the applications
and guide the selected projects in achieving the benefit for the
users of the internet that were touted when the project applied for
funding.
The BlueHats prize is different. It's a recognition for past
achievements for FOSS projects that are not widely known by laymen,
but are indispensable in the functioning of ICT in government.
DINUM is partnering with NLnet for their expertise and to have wider
reach for getting nominations and publicity.
lucb1e wrote 19 hours 23 min ago:
> for their expertise and to have wider reach for getting
nominations and publicity.
Got it, thanks for the answer! And hats off to you and your
colleagues :)
> These days, most of the funds are provided by the EU, governments
and donations
Donations sounds to me like either individuals or one-offs, but
isn't it the case that various organizations send their profit to
you per their bylaws? I'm thinking of places like SIDN and
RadicallyOpenSecurity. Do you mean those by donations?
WirelessGigabit wrote 21 hours 12 min ago:
Dnsmasq is amazing. I spend quite the amount of time learning its
config when hacking DD-WRTs.
One thing that always bothered me is how hard it is to set Dnsmasq to
do SLAAC but no RDNS.
You see, if you set
enable-ra
[0], it defaults to using link-local address of the machine as the rDNS
server.
You can set another one by setting
dhcp-option=option6:dns-server,[2001:4860:4860::8844]
If you don't enable DHCPv6 that entry is used as the rdns entry.
BUT...
That means that if you read through this there is no easy way to
prevent a DNS address from being distributed, and it is quite common to
want to do that. One of the reasons is that I want my clients to use
IPv4 so I can track them, but still allow them to use SLAAC (and thus
privacy protections) to talk to the outside world. But if they use
SLAAC to talk to my DNS, I get WAY too many addresses in there.
The trick is to set:
dhcp-option=option6:dns-server
an empty value... Not sure if you can add the comma or not.
I could only find 1 reference online: [1] I firmly believe that this
design choice has made it as such that no commercially available,
customer router has support for SLAAC without rDNS.
[0] [2] .
URI [1]: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020...
URI [2]: https://dnsmasq.org/docs/dnsmasq-man.html#:~:text=By%20default...
devman0 wrote 15 hours 38 min ago:
I've seen IPv6 deployments where internal names use ULA addresses for
tracking/monitoring purposes, but outbound traffic SLAAC is used by
hosts since having multiple IPv6 address per an interface is somewhat
normal.
trallnag wrote 21 hours 39 min ago:
Have been using dnsmasq for years now in Microsoft's WSL to deal with
split DNS.
fostware wrote 17 hours 7 min ago:
Was a sanity saver for WSL1 with split WFH DNS with company Windows
VPN client.
DNS has been a lot better with WSL2, but the config has remained in
place.
sophacles wrote 21 hours 42 min ago:
Oh good - this is a well deserved award for dnsmasq. It's one of the
top entries on my personal short-list of "software that's actually
good". I use it all the time in products, test environments and
one-offs, and in my 20+ years of using it, it's never been the problem.
I may have misconfigured it, or tried to get it to do things far beyond
what makes sense, or forgotten to add a command line flag as the root
cause of my issue - but the software itself has always just done
exactly what the documentation says it will. It just works.
Congrats to Simon and all the contributors over the years, and thanks
for simplifying part of my existence.
ploxiln wrote 22 hours 30 min ago:
Dnsmasq is one of those humble low-resources low-dependencies low-churn
low-level tools that ends up in a bunch of places - so many home/SMB
routers, "internet sharing" features of linux-based OSes (like android
but also linux desktops using NetworkManager) and personal projects or
test-setups for working on networking equipment ... and it's easy to
kinda forget about it. Kudos, and I'm sure it deserves far more
donations.
wolletd wrote 18 hours 1 min ago:
I even know of vending machines that have routers with OpenWRT and
dnsmasq in them. Mainly because I put those there.
transpute wrote 22 hours 47 min ago:
dnsmasq can be used for wildcard domain aliases in OPNsense firewall,
URI [1]: https://github.com/opnsense/core/issues/4145#issuecomment-1208...
rand846633 wrote 21 hours 16 min ago:
Can you elaborate on this? Why this is awesome and what it achieves?
transpute wrote 17 hours 51 min ago:
Authorizing access to CDNs that have many edge server domains.
zhengyi13 wrote 20 hours 45 min ago:
Two things occur to me:
1) blackholing every possible subdomain of
business-i-dont-like.com, and
2) return a single IP address for any and all internal subdomains
of a private domain - they all go to the same proxy then, and it's
just one setting to set and forget.
(I may have completely misunderstood this feature though, and I
would welcome correction)
dredmorbius wrote 12 hours 36 min ago:
Absolutely the former, which I've used on my own DNSBLs.
The second should also work, though I've not used it (or
considered it prior to reading your comment).
ThinkingGuy wrote 1 day ago:
Dnsmasq was recently the subject of a FLOSS Weekly podcast episode:
URI [1]: https://hackaday.com/2024/03/27/floss-weekly-episode-776-dnsma...
mianos wrote 12 hours 33 min ago:
Well worth a listen BTW, he's a humble guy and seems so nice.
hkwerf wrote 1 day ago:
dnsmasq is such a nice tool. I use it daily, for work with embedded
devices.
Its simple configuration also allows me to quickly provide "default"
network configurations, simply by copy-pasting the command and
parameters to invoke it, to my customers so they can verify devices
without integration into their network.
nolist_policy wrote 22 hours 41 min ago:
+1
dnsmasq is awesome, for me the best thing is the integration with
nftables so I can reliably police and filter traffic by dns domain
names.
freedomben wrote 2 hours 25 min ago:
Thanks for mentioning that, I had no idea! This is something I've
been looking for my home network for a while. Are there any
resources or reading that you particularly recommend? I'll kagi
search of course, but good network related stuff is notoriously
difficult to find.
DIR <- back to front page