[Dnsmasq-discuss] Matching any domain in -A

Peter Surda surda at shurdix.com
Wed Feb 8 19:03:22 GMT 2006

Simon Kelley wrote:
> It's a bug, introduced in 2.24 by the changes in domain-matching rules.
I was expecting something like this after looking at the changelog.

> I doubt that particular facility gets used much!
See below.

> I'll fix it for the next release. In the meantime I suggest downgrading
> to 2.23, or, if that's not desirable, mail me for a 2.27test version.
I don't need it at the moment, but probably in the future.

Imagine a LAN with 2 kinds of computers: authorized and unauthorized. 
Authorized are allowed internet access, unauthorized not. But all need 
DNS (otherwise some features won't work). (Un)fortunately, there are 
ways to tunnel traffic through DNS by creating a special DNS server 
somewhere on the net. So my intention is to run a second instance of 
dnsmasq on a different port, which will return some arbitrary IP for 
every request, and use iptables -j REDIRECT to force unauthorized 
computers to use it. As I said, I'm just experimenting now, it will take 
some time before I actually use it somewhere.

But I'm happy to hear that the problem isn't on my side and it will be 
fixed :-).

> Thanks for the report.
NP, thnx for fast reply.

> Cheers,
> Simon.
Yours sincerely,

http://www.shurdix.org - Linux distribution for routers and firewalls

More information about the Dnsmasq-discuss mailing list