[Dnsmasq-discuss] suggestion filter out loopback addresses for query
dsneddon at redhat.com
Tue Aug 2 18:56:28 BST 2016
On 08/02/2016 07:39 AM, Junyang Gu wrote:
> It seems to me that dnsmasq should filter out loopback addresses for DNS
> queries universally, or at least provide such an option.
> Consider such a scenario,
> dnsmasq runs on host1, and host1's /etc/hosts contains 127.0.1.1 host1,
> which is usually the case.
> A second machine host2 queries dnsmasq for host1, and would get
> 127.0.1.1, which is also a valid IP address, except it goes to host2.
> I do not see any any scenario where dnsmasq should return a loopback
I can think of scenarios where this would be desired. Imagine an
application that was controlled via DNS with a short TTL, such that
when the server was operating normally a real IP would be returned, but
when the main server is down the hosts are redirected to a local cache.
In this case, it would be useful to be able to point hosts at their
local loopback address.
It is also used for "blackholing" certain addresses, such as Websites
with known malware or adult content.
I could see filtering localhost responses being a useful option (if it
wasn't mandatory or on by default).
Dan Sneddon | Principal OpenStack Engineer
dsneddon at redhat.com | redhat.com/openstack
650.254.4025 | dsneddon:irc @dxs:twitter
More information about the Dnsmasq-discuss