[Dnsmasq-discuss] Using a secondary set of nameservers for dynamic blocking

richardvoigt at gmail.com richardvoigt at gmail.com
Mon Aug 15 14:16:48 BST 2011

On Mon, Aug 15, 2011 at 7:02 AM, Sam Crawford <samcrawford at gmail.com> wrote:
> Ed,
> Many thanks for the suggestion. You're quite right - my server-side
> idea was effectively re-inventing the wheel. I've ended up going with
> rbldnsd, which has been a breeze to setup for this task (even with
> millions of records) and no code changes were required.
> The next step is to focus on the changes required at the dnsmasq level
> (client side). I appreciate your suggestions regarding the CPAN
> modules, but I'm intending for this to function on small embedded
> devices (typically ~4MB flash), and getting Perl on there is quite
> unlikely.

miniperl and microperl are pretty small, although distributions for
such routers may have crammed the flash nearly full already.

> Thanks,
> Sam
> On 8 August 2011 14:18, Ed W <lists at wildgooses.com> wrote:
>> On 07/08/2011 19:22, Sam Crawford wrote:
>>> I also wish for the dnsmasq host to have some logic and act upon the
>>> response from the server (so the logic couldn't be entirely
>>> server-side). The server would return a set of TXT records (indicating
>>> the classifications of the domains) if it were classified, and
>>> NXDOMAIN otherwise. Based upon these classifications returned from the
>>> server and *local* configuration of the host running dnsmasq, the
>>> original client would then either be sent back the real response (from
>>> the ISP server) or an A record pointing at the dnsmasq host (which
>>> would also be running a small webserver with a static page, as you
>>> suggested).
>> This basic problem is used a lot in mail blacklisting.  I would suggest
>> taking a look at the techniques used for rbldns and I think you will
>> also find some example software which does very high speed lookups into
>> massive rbl lists (if for example you want to benchmark alternative
>> implementations to dnsmasq)
>> Also if necessary you can use Perl (or something else) to create your
>> own resolver which has the necessary logic (ie check here, if no
>> response then check there)
>>        http://search.cpan.org/search?query=dns&mode=all
>> Good luck - interested to hear how you solve this!
>> Ed W
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list