[Dnsmasq-discuss] Add blacklist feature
Don Muller
don at djmuller.com
Thu Apr 8 00:46:14 BST 2010
From: dnsmasq at lists.bod.org [mailto:dnsmasq at lists.bod.org]
Sent: Wednesday, April 07, 2010 6:14 PM
To: Don Muller
Cc: Dnsmasq-discuss at lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] Add blacklist feature
It's possible to do this without modifications today. I'm using a cron job:
#!/bin/sh
wget --quiet --output-document=/etc/dnsmasq.d/adservers \
<http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0
&mimetype=plaintext&useip=127.0.0.1>
"http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0
&mimetype=plaintext&useip=127.0.0.1"
/etc/init.d/dnsmasq restart
If you use a different source for the blacklist, a little sed or awk in
necessary to reformat the list, but it just so happens that the adservers
list is available natively in dnsmasq format.
Not to say that adding some blacklist functionality to dnsmasq doesn't have
its plus points, of course. Though I think I'd rather the implementation
stays with a single cache and adds a flag to mark an entry as 'evil', than
another cache is added solely for that purpose. I'd like to see RBLs
supported too (is that what you meant by 'blacklist servers'?).
-- Paul
p.s. BTW, are you aware of the web content filtering features OpenDNS
provides? guess it depends what kind of blacklisting you're seeking.
Don Muller wrote:
Hi Simon,
I would like to request the ability of dnsmasq to lookup dns names on
blacklist servers. If the dns name is blacklisted then return a specified
configurable address, like 127.0.0.1, or a not found error instead of the
true address and add it to a blacklist cache. I see it working something
like this.
A lookup request is received.
Check local (good) cache and hosts file(s).
If found
return address.
If not found
Look up address in blacklist cache
If found
Return specified address or not found
If not found
Send request to blacklist servers.
If blacklisted
Return specified address or not found
Add to blacklist cache
If not blacklisted
Send to dns resolvers
Do normal processing
I think this would be great to eliminate a large number of ad sites, malware
sites, and other bad sites.
Don
_____
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Hi Paul,
Very nice. How do you reference the adservers file in the dnsmasq.conf file?
Yes I mean RBLs when I said blacklist.
Don
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20100407/bfcc4254/attachment-0001.htm
More information about the Dnsmasq-discuss
mailing list