[Dnsmasq-discuss] Ignore certain returned DNS response?

Maciej Soltysiak maciej at soltysiak.com
Sat Dec 27 18:10:55 GMT 2014


Cool feature! Congrats! I wonder if router vendors will implement this in
webguis though.

Best regards,
Maciej
PS. Excise my brevity. On mobile device.
On 27 Dec 2014 17:12, "Simon Kelley" <simon at thekelleys.org.uk> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Patch tidied and tweaked a little bit, and merged into the git repo.
> Many thanks for this, and sorry it took so long to get around to it.
>
>
> Cheers,
>
> Simon.
>
>
> On 19/11/14 01:42, Glen Huang wrote:
> > Hey Simon,
> >
> > Is the patch good for merging?
> >
> > I have been personally using the patch for over a month without
> > problems.
> >
> >> On Oct 9, 2014, at 10:48 PM, Simon Kelley
> >> <simon at thekelleys.org.uk> wrote:
> >>
> >> On 08/10/14 13:13, Glen Huang wrote:
> >>> Is it possible to ask dnsmasq to ignore DNS responses whose
> >>> records match a certain list of ip, and keep waiting for
> >>> another response?
> >>>
> >>> The rational behind this is that in China, when querying a
> >>> domain like youtube.com or twitter.com, a fake ip is quickly
> >>> returned, fooling dnsmasq to discard the genuine response that
> >>> comes after it. Luckily the returned fake ips are of a limited
> >>> set. So it’s relatively easy to distinguish such bogus
> >>> responses.
> >>
> >> Sigh. Now if Twitter and Youtube did DNSSEC signatures, such
> >> silly games would no longer be possible.
> >>>
> >>> I can’t find an option which does this in the man page. So
> >>> this might be a feature request. I guess it should work like
> >>> the bogus-nxdomain option, but instead of treating the ip as
> >>> nxdomain, dnsmasq would ignore it, and keep wait for another
> >>> response.
> >>>
> >>> I’m willing to take a stab at this feature (it could take some
> >>> time though, since I’m not familiar with the internels of
> >>> dnsmasq). But before doing so, I want to make sure that I
> >>> didn’t missing any option that already does that and this
> >>> feature does belong to dnsmasq.
> >>>
> >>
> >> There's no way to do this in the current dnsmasq releases, but
> >> I'd certainly consider a patch to implement it. You're right
> >> that the code can be modelled on bogus-nxdomain.
> >>
> >> You can use code like that in check_for_bogus_wildcard() to
> >> detect the bad answer (the option-parsing code would be
> >> identical) the check needs to be called from near the start of
> >> reply_query() and should just return from that function if bogus
> >> answer is detected.
> >>
> >>
> >> Cheers,
> >>
> >> Simon.
> >>
> >>
> >>
> >>> Thank you. _______________________________________________
> >>> Dnsmasq-discuss mailing list
> >>> Dnsmasq-discuss at lists.thekelleys.org.uk
> >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>>
> >>
> >>
> >>
> >>>
> >>>
> _______________________________________________
> >> Dnsmasq-discuss mailing list
> >> Dnsmasq-discuss at lists.thekelleys.org.uk
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJUntJ+AAoJEBXN2mrhkTWiOugP/j+6uu26uhekhjC0A6CvcIks
> aUAh2jIr/oow5PHfKaGkNnnY8R4XH44okyyzZm0onmPhp6HaG0pQPS8S+hg0hQaY
> Lp8cnBKy+A0qMwUBT5elrwT9tUArsmTSUx9/u47YCGeIF62Sd8xPu73FalTlqq+/
> 5/8EJH+7VWouTnLvqq3A8pBsaQDZ1YBGlZ76ByPUQrPMSD+8iybO7Uhu9DbKv5UF
> rA6BHgx89fq8mZ0qaRea3+NgFMX8lBdnElJLw+ZfZJz6MHQPU1bt5I9y1se1E979
> 9CQ792PIvM0PFLQCrobjhGPdO1ntQQPBnYL4cK5VlwH4EO/Ygnk5cdFQjArZP/hL
> c8kL8VcZcziQc4x1trq8NZPJhz8jJEE9k5fw4YCA+FCPD6TMAjDkFxH//vK85Sj5
> 7thVxxaWtWUJjW/538PHvmFthwszF1FRxwdSXpBU7hZwG7jCQxK6gciDjHQUw9EE
> vOS2bHb+hYWAeScG30tAOpPQ2iP5AMSkb0pCKPdHOGSQjWEkT1G2y3aCzVXAkpGl
> aT0kwq+msz4HKu1hx3grPa7MMO1AW9sLKKEKs8fKdg0rP1Or2VU+8os3AYV4rmUi
> X/wfjOPrZNGhcsDM6x7nACTQ4avx7Yikr5yPmlTPfW+EzKMzWeJ9z5/+tza+A60K
> 7K9jikX3iwRybQVRZx37
> =lQlZ
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20141227/9c90d7d5/attachment.html>


More information about the Dnsmasq-discuss mailing list