[Dnsmasq-discuss] Add blacklist feature

Don Muller don at djmuller.com
Thu Apr 8 00:46:14 BST 2010 

From: dnsmasq at lists.bod.org [mailto:dnsmasq at lists.bod.org] 
Sent: Wednesday, April 07, 2010 6:14 PM
To: Don Muller
Cc: Dnsmasq-discuss at lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] Add blacklist feature

 

It's possible to do this without modifications today. I'm using a cron job:

#!/bin/sh
wget --quiet --output-document=/etc/dnsmasq.d/adservers \
 
<http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0
&mimetype=plaintext&useip=127.0.0.1>
"http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0
&mimetype=plaintext&useip=127.0.0.1"
/etc/init.d/dnsmasq restart

If you use a different source for the blacklist, a little sed or awk in
necessary to reformat the list, but it just so happens that the adservers
list is available natively in dnsmasq format.

Not to say that adding some blacklist functionality to dnsmasq doesn't have
its plus points, of course. Though I think I'd rather the implementation
stays with a single cache and adds a flag to mark an entry as 'evil', than
another cache is added solely for that purpose. I'd like to see RBLs
supported too (is that what you meant by 'blacklist servers'?).

-- Paul

p.s. BTW, are you aware of the web content filtering features OpenDNS
provides? guess it depends what kind of blacklisting you're seeking.

Don Muller wrote: 

Hi Simon,

 

I would like to request the ability of dnsmasq to lookup dns names on
blacklist servers. If the dns name is blacklisted then return a specified
configurable address, like 127.0.0.1,  or a not found error instead of the
true address and add it to a blacklist cache. I see it working something
like this.

 

A  lookup request is received.

Check local (good) cache and hosts file(s).

If found

return address.

If not found 

Look up address in blacklist cache

If found

Return specified address or not found

If not found

Send request to blacklist servers.

If blacklisted

Return specified address or not found

Add to blacklist cache

If not blacklisted

Send to dns resolvers

Do normal processing

 

I think this would be great to eliminate a large number of ad sites, malware
sites, and other bad sites.

 

Don

 



  _____  



 
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
  

 

Hi Paul,

 

Very nice. How do you reference the adservers file in the dnsmasq.conf file?

 

Yes I mean RBLs when I said blacklist.

 

Don

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20100407/bfcc4254/attachment-0001.htm

More information about the Dnsmasq-discuss mailing list