[Dnsmasq-discuss] [PATCH] auth-zone to ignore more non-global addresses

Alexander Clouter alex+dnsmasq at digriz.org.uk
Sun Jan 18 17:17:14 GMT 2015 

This patch makes sure dnsmasq does not put any non-global addresses (loopback,
rfc1918, and ULA addresses) into the authoritive zone file, in particular when
global addresses are added to the loopback interface.

The following configuration shows this behaviour:
----
# ip addr show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 scope host lo
        valid_lft forever preferred_lft forever
     inet6 2002:4d4b:6a22:8::/64 scope global
        valid_lft forever preferred_lft forever
     inet6 2a01:348:45:8::/64 scope global
        valid_lft forever preferred_lft forever
     inet6 fd2a:7fba:ff04:8::/64 scope global
        valid_lft forever preferred_lft forever
     inet6 ::1/128 scope host
        valid_lft forever preferred_lft forever

# dnsmasq .... \
     --auth-server=digriz.wormnet.eu,ppp0 \
     --server=/digriz.wormnet.eu/ \
     --interface-name=digriz.wormnet.eu,lo \
     --interface-name=digriz.wormnet.eu,ppp0 \
     --auth-zone=digriz.wormnet.eu,lo,ppp0,br0/6 \
     --domain=digriz.wormnet.eu,192.168.1.0/24,local
----

Without this patch, you see externally:
----
alex at marmot:~$ host digriz.wormnet.eu 77.75.106.34
Using domain server:
Name: 77.75.106.34
Address: 77.75.106.34#53
Aliases:

digriz.wormnet.eu has address 127.0.0.1
digriz.wormnet.eu has address 77.75.106.34
digriz.wormnet.eu has IPv6 address ::1
digriz.wormnet.eu has IPv6 address fd2a:7fba:ff04:8::
digriz.wormnet.eu has IPv6 address 2a01:348:45:8::
digriz.wormnet.eu has IPv6 address 2002:4d4b:6a22:8::
digriz.wormnet.eu has IPv6 address 2a01:348:ad51:1539:6524:39bd:2da6:e349
----

With the patch, you see:
----
alex at marmot:~$ host digriz.wormnet.eu 77.75.106.34
Using domain server:
Name: 77.75.106.34
Address: 77.75.106.34#53
Aliases:

digriz.wormnet.eu has address 77.75.106.34
digriz.wormnet.eu has IPv6 address 2a01:348:45:8::
digriz.wormnet.eu has IPv6 address 2002:4d4b:6a22:8::
digriz.wormnet.eu has IPv6 address 2a01:348:ad51:1539:6524:39bd:2da6:e349
----

Signed-off-by: Alexander Clouter <alex+dnsmasq at digriz.org.uk>
--
  src/network.c |    6 ++++--
  1 files changed, 4 insertions(+), 2 deletions(-)

--- a/src/network.c	2015-01-04 19:09:25.086396076 +0000
+++ b/src/network.c	2015-01-04 19:29:04.402377390 +0000
@@ -302,10 +302,12 @@
  #endif
  	}
      }
-  
+
+  if ((addr->sa.sa_family == AF_INET && !private_net(addr->in.sin_addr, 1))
  #ifdef HAVE_IPV6
-  if (addr->sa.sa_family != AF_INET6 || !IN6_IS_ADDR_LINKLOCAL(&addr->in6.sin6_addr))
+    || (addr->sa.sa_family == AF_INET6 && !IN6_IS_ADDR_LOOPBACK(&addr->in6.sin6_addr) && !IN6_IS_ADDR_LINKLOCAL(&addr->in6.sin6_addr) && !IN6_IS_ADDR_ULA(&addr->in6.sin6_addr))
  #endif
+    )
      {
        struct interface_name *int_name;
        struct addrlist *al;

More information about the Dnsmasq-discuss mailing list