[Dnsmasq-discuss] Can tags be used with the address directive?
A C
dnsmasq6pJH at acarver.net
Sat Apr 21 18:16:16 BST 2018
On 2018-04-21 05:41, john doe wrote:
> On 4/21/2018 10:02 AM, Sean Baughn wrote:
>> Hello. Is it possible to use tags with the address directive? Goal
>> being to
>> specify a name resolution response based on a tag match. Example of my
>> use
>> case:
>>
>> dhcp-mac=set:kids,XX:XX:XX:XX:XX:XX #My kids computer
>> address=tag:kids,/youtube.com/127.0.0.1
>>
>> The address line given above errors out. However I don't know if my
>> syntax
>> is incorrect, or if the use of tags in the address directive is invalid.
>>
>
> According to:
>
> http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
>
> "-A, --address=/<domain>[/<domain>...]/[<ipaddr>]"
>
> So you can't use tags with the '--address=' option:
>
> $ dnsmasq --test
> dnsmasq: error at line 1 of /etc/dnsmasq.conf
>
> $ awk 'NR==1' /etc/dnsmasq.conf
> address=tag:kids,/youtube.com/127.0.0.1
>
This wouldn't work for long because the kids could figure out how to get
around your DNS block by either changing the DNS server or just using a
public DNS lookup engine to find all of the destination's IP addresses
and going directly there (or a local hosts file).
Your best bet for a block is to use IP tables on the router and just
block access to all of the destination IPs when the source IP is the
kid's computer.
More information about the Dnsmasq-discuss
mailing list