[Dnsmasq-discuss] Add blacklist feature

dnsmasq at lists.bod.org dnsmasq at lists.bod.org
Wed Apr 7 23:13:35 BST 2010 

It's possible to do this without modifications today. I'm using a cron job:

#!/bin/sh
wget --quiet --output-document=/etc/dnsmasq.d/adservers \
"http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext&useip=127.0.0.1"
/etc/init.d/dnsmasq restart

If you use a different source for the blacklist, a little sed or awk in 
necessary to reformat the list, but it just so happens that the 
adservers list is available natively in dnsmasq format.

Not to say that adding some blacklist functionality to dnsmasq doesn't 
have its plus points, of course. Though I think I'd rather the 
implementation stays with a single cache and adds a flag to mark an 
entry as 'evil', than another cache is added solely for that purpose. 
I'd like to see RBLs supported too (is that what you meant by 'blacklist 
servers'?).

-- Paul

p.s. BTW, are you aware of the web content filtering features OpenDNS 
provides? guess it depends what kind of blacklisting you're seeking.

Don Muller wrote:
>
> Hi Simon,
>
>  
>
> I would like to request the ability of dnsmasq to lookup dns names on 
> blacklist servers. If the dns name is blacklisted then return a 
> specified configurable address, like 127.0.0.1,  or a not found error 
> instead of the true address and add it to a blacklist cache. I see it 
> working something like this.
>
>  
>
> 1.       A  lookup request is received.
>
> 2.       Check local (good) cache and hosts file(s).
>
> 3.       If found
>
> a.       return address.
>
> 4.       If not found
>
> a.       Look up address in blacklist cache
>
> b.      If found
>
>                                                                i.      
> Return specified address or not found
>
> c.       If not found
>
>                                                                i.      
> Send request to blacklist servers.
>
>                                                              ii.      
> If blacklisted
>
> 1.       Return specified address or not found
>
> 2.       Add to blacklist cache
>
>                                                             iii.      
> If not blacklisted
>
> 1.       Send to dns resolvers
>
> 2.       Do normal processing
>
>  
>
> I think this would be great to eliminate a large number of ad sites, 
> malware sites, and other bad sites.
>
>  
>
> Don
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20100407/1481543c/attachment.htm

More information about the Dnsmasq-discuss mailing list