[Dnsmasq-discuss] suggestion filter out loopback addresses for query

Albert ARIBAUD albert.aribaud at free.fr
Tue Aug 2 18:06:31 BST 2016


Hi,

Le Tue, 02 Aug 2016 10:39:23 -0400
Junyang Gu <mikejyg at fastmail.com> a écrit:

> It seems to me that dnsmasq should filter out loopback addresses for
> DNS queries universally, or at least provide such an option.
> 
> Consider such a scenario,
> 
> dnsmasq runs on host1, and host1's /etc/hosts contains 127.0.1.1
> host1, which is usually the case.
> 
> A second machine host2 queries dnsmasq for host1, and would get
> 127.0.1.1, which is also a valid IP address, except it goes to host2.
> 
> I do not see any any scenario where dnsmasq should return a loopback
> address.

I've seen this method used by NS providers for blackholing suspicious
FQDNs. It makes sure traffic directed at them will not even enter the
Net.

> Regards

Amicalement,
-- 
Albert.



More information about the Dnsmasq-discuss mailing list