[Dnsmasq-discuss] Matching any domain in -A
Peter Surda
surda at shurdix.com
Wed Feb 8 19:03:22 GMT 2006
Simon Kelley wrote:
> It's a bug, introduced in 2.24 by the changes in domain-matching rules.
I was expecting something like this after looking at the changelog.
> I doubt that particular facility gets used much!
See below.
> I'll fix it for the next release. In the meantime I suggest downgrading
> to 2.23, or, if that's not desirable, mail me for a 2.27test version.
I don't need it at the moment, but probably in the future.
Imagine a LAN with 2 kinds of computers: authorized and unauthorized.
Authorized are allowed internet access, unauthorized not. But all need
DNS (otherwise some features won't work). (Un)fortunately, there are
ways to tunnel traffic through DNS by creating a special DNS server
somewhere on the net. So my intention is to run a second instance of
dnsmasq on a different port, which will return some arbitrary IP for
every request, and use iptables -j REDIRECT to force unauthorized
computers to use it. As I said, I'm just experimenting now, it will take
some time before I actually use it somewhere.
But I'm happy to hear that the problem isn't on my side and it will be
fixed :-).
> Thanks for the report.
NP, thnx for fast reply.
> Cheers,
>
> Simon.
Yours sincerely,
Peter
--
http://www.shurdix.org - Linux distribution for routers and firewalls
More information about the Dnsmasq-discuss
mailing list