[Dnsmasq-discuss] [PATCH] auth-zone to ignore more non-global addresses

Alexander Clouter alex+dnsmasq at digriz.org.uk
Wed Jan 21 22:39:18 GMT 2015


>On 20/01/15 20:33, Alexander Clouter wrote:
>
>One possible solution  to this might be to make the filter language in
>- --auth-zone allow _exclusion_ of subnets as well as inclusion, say
>somthing like
>
>exclude:fd00::/8
>
>for ULA addresses.
>
>So now you could do
>
>- -auth-zone=digriz.wormnet.eu,lo,ppp0,br0/6,exclude:fd00::/8
>
>Which will give you all the A and AAAA addresses in the
>subnets/prefixes associated with those interfaces, except the ULA
>addresses. Extending that to exclude RFC1918 is trivial.
>
>Comments?

Looks good to me, covers exactly what I want out of it.

You want me to roll up my sleeves and do this, as I'm the only weirdo using loopback like this :)

If so, you okay with me adding support for a macro expansion (say called '%nonglobal') which just 
includes everything for now marked non-global in RFC6890?  I see this being used like:

auth-zone=digriz.wormnet.eu,lo,ppp0,br0/6,exclude:%nonglobal,exclude:1.2.3.0/24,exclude:2005:1:2::/48

Thanks

-- 
Alexander Clouter
.sigmonster says: Contains a substantial amount of non-tobacco ingredients.



More information about the Dnsmasq-discuss mailing list