[Dnsmasq-discuss] [PATCH] check bogus-nxdomain even when ip is from --address
Simon Kelley
simon at thekelleys.org.uk
Sun Mar 15 21:11:58 GMT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/03/15 08:29, Chen Wei wrote:
> This patch is mainly for blocking malware domains.
>
> Usage scenario:
>
> Let's say we want block malware.com, in dnsmasq configure file,
> use:
>
> bogus-nxdomain=192.0.2.1 address=/malware.com/192.0.2.1
>
> where 192.0.2.1 can be any ip that we know doesn't exist on the
> LAN.
>
> Then the query for *.malware.com will return 0 answer, together
> with the query status set to NXDOMAIN.
>
>
Why use a fake address. It seems more sensible to have some syntax
which directly means "return NXDOMAIN".
The code to decode --address is just the same as the code to decode
- --server, and there's already a "special" value for the address in
- --server
- --server=/.google.com/#
means "use the standard servers for *.google.com"
we could re-use that syntax so that
address=/malware.com/#
means "return NXDOMAIN for *.malware.com"
Seems cleaner.
Simon.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlUF9Z4ACgkQKPyGmiibgrdy0gCgogJ1Akweow8ZafJHfEKOFfFl
lIMAnjGkQujDN/CLXcOL2wMn1/b3yh27
=P4wJ
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss
mailing list