[Dnsmasq-discuss] Using a secondary set of nameservers for dynamic blocking

Ed W lists at wildgooses.com
Mon Aug 8 14:18:47 BST 2011

On 07/08/2011 19:22, Sam Crawford wrote:
> I also wish for the dnsmasq host to have some logic and act upon the
> response from the server (so the logic couldn't be entirely
> server-side). The server would return a set of TXT records (indicating
> the classifications of the domains) if it were classified, and
> NXDOMAIN otherwise. Based upon these classifications returned from the
> server and *local* configuration of the host running dnsmasq, the
> original client would then either be sent back the real response (from
> the ISP server) or an A record pointing at the dnsmasq host (which
> would also be running a small webserver with a static page, as you
> suggested).

This basic problem is used a lot in mail blacklisting.  I would suggest
taking a look at the techniques used for rbldns and I think you will
also find some example software which does very high speed lookups into
massive rbl lists (if for example you want to benchmark alternative
implementations to dnsmasq)

Also if necessary you can use Perl (or something else) to create your
own resolver which has the necessary logic (ie check here, if no
response then check there)

Good luck - interested to hear how you solve this!

Ed W

More information about the Dnsmasq-discuss mailing list