[Dnsmasq-discuss] Block PTR queries for local IPs being sent upstream

Simon Kelley simon at thekelleys.org.uk
Tue Dec 13 18:23:06 GMT 2011


On 13/12/11 14:32, Ed W wrote:
> On 12/12/2011 17:40, Matthias Andree wrote:
>> Am 11.12.2011 20:00, schrieb Ed W:
>>> How can I tell dnsmasq that it's effectively authoritive for reverse
>>> lookups for private IP ranges and prevent upstream lookups?  I do have
>>> "bogus-priv" set.  Dnsmasq-1.58
>> By adding another server-line for 10.in-addr.arpa.
> 
> Can you please try your suggestion - for me it's not working.  I already
> have what you describe and basically DNS stops working without huge
> delays here.  I'm not sure if the delays are due to massive amounts of
> logging generated due to endless retries or because the max number of
> parallel queries kicks in and the retries are stalling further queries -
> however, it's not workable...
> 
> Note as I said in my previous email, I need to point the server to some
> fake address, eg
> 
> 	server=/10.in-addr.arpa/127.0.0.2
> 
> Setting it to 127.0.0.1 seems to be ignored and the queries still go out upstream
> 
> Either it's an artifact of my dnsmasq version (very recent), or there isn't obviously a way to surpress these?  
> 
> Any ideas on how to suppress please?

local=/10.in-addr.arpa/

which just syntactic sugar for

server=/10.in-addr.arpa/

ie, there is no upstream server for these domains, dnsmasq, please
return NXDOMAIN or NODATA.


I think that should work. Bogus-priv won't since the dnsmasq parsing
code is stopped by the lb._dns-sd._udp type stuff from parsing an IPv4
address out of this.

Simon.



More information about the Dnsmasq-discuss mailing list