[Dnsmasq-discuss] rebind-protection vs servers-file
dave.taht at gmail.com
Mon Nov 24 21:48:32 GMT 2014
On Mon, Nov 24, 2014 at 1:02 PM, Simon Kelley <simon at thekelleys.org.uk> wrote:
> On 22/11/14 23:06, Dave Taht wrote:
>> I have been fiddling with improving my internal dns, by creating a
>> file that has all my internal dns servers in it that I can easily copy
>> Example serversfile.
>> and Adding the one line of parsing needed in openwrts dnsmasq script...
>> with rebind-protection enabled I get an error if trying to ping
>> with it disabled, it does the right thing.
>> Will fiddle some more
> So dnsmasq is forwarding the query for rossow.r.lupinlodge.org and
> getting an RFC 1918 address back as the answer? That will trigger the
> rebind protection, which does nothing more than disallow RFC1918
> addresses in answers from upstream servers; it's not very bright. As far
> as I can see, rebind protection is fundamentally incompatible with the
> network-of-dnsmasq instances you're experimenting with, since RFC1918
> addresses as answers from other dnsmasq instances are required.
I had figured that specifying these in the serversfile would override
the basic rebind protection for these ips.
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
More information about the Dnsmasq-discuss