[Dnsmasq-discuss] Ignore certain returned DNS response?
simon at thekelleys.org.uk
Sat Dec 27 15:38:43 GMT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Patch tidied and tweaked a little bit, and merged into the git repo.
Many thanks for this, and sorry it took so long to get around to it.
On 19/11/14 01:42, Glen Huang wrote:
> Hey Simon,
> Is the patch good for merging?
> I have been personally using the patch for over a month without
>> On Oct 9, 2014, at 10:48 PM, Simon Kelley
>> <simon at thekelleys.org.uk> wrote:
>> On 08/10/14 13:13, Glen Huang wrote:
>>> Is it possible to ask dnsmasq to ignore DNS responses whose
>>> records match a certain list of ip, and keep waiting for
>>> another response?
>>> The rational behind this is that in China, when querying a
>>> domain like youtube.com or twitter.com, a fake ip is quickly
>>> returned, fooling dnsmasq to discard the genuine response that
>>> comes after it. Luckily the returned fake ips are of a limited
>>> set. So it’s relatively easy to distinguish such bogus
>> Sigh. Now if Twitter and Youtube did DNSSEC signatures, such
>> silly games would no longer be possible.
>>> I can’t find an option which does this in the man page. So
>>> this might be a feature request. I guess it should work like
>>> the bogus-nxdomain option, but instead of treating the ip as
>>> nxdomain, dnsmasq would ignore it, and keep wait for another
>>> I’m willing to take a stab at this feature (it could take some
>>> time though, since I’m not familiar with the internels of
>>> dnsmasq). But before doing so, I want to make sure that I
>>> didn’t missing any option that already does that and this
>>> feature does belong to dnsmasq.
>> There's no way to do this in the current dnsmasq releases, but
>> I'd certainly consider a patch to implement it. You're right
>> that the code can be modelled on bogus-nxdomain.
>> You can use code like that in check_for_bogus_wildcard() to
>> detect the bad answer (the option-parsing code would be
>> identical) the check needs to be called from near the start of
>> reply_query() and should just return from that function if bogus
>> answer is detected.
>>> Thank you. _______________________________________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss