[Dnsmasq-discuss] Block PTR queries for local IPs being sent upstream
Simon Kelley
simon at thekelleys.org.uk
Tue Dec 13 18:23:06 GMT 2011
On 13/12/11 14:32, Ed W wrote:
> On 12/12/2011 17:40, Matthias Andree wrote:
>> Am 11.12.2011 20:00, schrieb Ed W:
>>> How can I tell dnsmasq that it's effectively authoritive for reverse
>>> lookups for private IP ranges and prevent upstream lookups? I do have
>>> "bogus-priv" set. Dnsmasq-1.58
>> By adding another server-line for 10.in-addr.arpa.
>
> Can you please try your suggestion - for me it's not working. I already
> have what you describe and basically DNS stops working without huge
> delays here. I'm not sure if the delays are due to massive amounts of
> logging generated due to endless retries or because the max number of
> parallel queries kicks in and the retries are stalling further queries -
> however, it's not workable...
>
> Note as I said in my previous email, I need to point the server to some
> fake address, eg
>
> server=/10.in-addr.arpa/127.0.0.2
>
> Setting it to 127.0.0.1 seems to be ignored and the queries still go out upstream
>
> Either it's an artifact of my dnsmasq version (very recent), or there isn't obviously a way to surpress these?
>
> Any ideas on how to suppress please?
local=/10.in-addr.arpa/
which just syntactic sugar for
server=/10.in-addr.arpa/
ie, there is no upstream server for these domains, dnsmasq, please
return NXDOMAIN or NODATA.
I think that should work. Bogus-priv won't since the dnsmasq parsing
code is stopped by the lb._dns-sd._udp type stuff from parsing an IPv4
address out of this.
Simon.
More information about the Dnsmasq-discuss
mailing list