[Dnsmasq-discuss] Support for adding CNAME query result to IPSET

Wojtek Swiatek w at swtk.info
Fri Sep 7 13:49:17 BST 2018


I incidentally have the same problem (I started to tackle ipset today).
Taking your example:

root at srv ~# dnsmasq -d --log-queries --ipset=/vpnin.swtk.info/vpnin
dnsmasq: started, version 2.79 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6
no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
dnsmasq-dhcp: DHCP, IP range 10.200.0.1 -- 10.200.0.230, lease time 10d
dnsmasq-dhcp: DHCP, IP range 10.10.10.1 -- 10.10.10.200, lease time 10d
dnsmasq-dhcp: DHCP, IP range 10.1.1.1 -- 10.1.1.100, lease time 10d
dnsmasq-dhcp: DHCP, IP range 10.100.20.1 -- 10.100.20.230, lease time 10d
dnsmasq-dhcp: DHCP, IP range 10.100.10.1 -- 10.100.10.230, lease time 10d
dnsmasq: using nameserver 8.8.4.4#53
dnsmasq: using nameserver 1.1.1.1#53
dnsmasq: read /etc/hosts - 8 addresses
dnsmasq: query[A] vpnin.swtk.info from 127.0.0.1
dnsmasq: DHCP vpnin.swtk.info is 10.200.0.2

the vpnin ipset is already created (and stays empty):

root at srv ~# ipset vpnin
ipset v6.34: No command specified: unknown argument vpnin
Try `ipset help' for more information.
root at srv ~# ipset list vpnin
Name: vpnin
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 88
References: 0
Number of entries: 0
Members:


Cheers,
Wojtek


Le mar. 4 sept. 2018 à 01:21, Simon Kelley <simon at thekelleys.org.uk> a
écrit :

> Are you sure? It seems to work for me.
>
>
>
> srk at holly:~/dnsmasq/dnsmasq$ src/dnsmasq -d -p 10000 --log-queries
> --ipset=/www.comcast.com/test
> dnsmasq: started, version 2.80test4 cachesize 150
> dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN
> DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect
> inotify dumpfile
> dnsmasq: reading /etc/resolv.conf
> dnsmasq: using nameserver 127.0.1.1#53
> dnsmasq: read /etc/hosts - 8 addresses
> dnsmasq: query[A] www.comcast.com from 127.0.0.1
> dnsmasq: forwarded www.comcast.com to 127.0.1.1
> dnsmasq: reply www.comcast.com is <CNAME>
> dnsmasq: reply www.comcast.com.edgekey.net is <CNAME>
> dnsmasq: ipset add test 2.22.99.93 e523.dscb.akamaiedge.net
> dnsmasq: reply e523.dscb.akamaiedge.net is 2.22.99.93
>
> Cheers,
>
> Simon.
>
>
> On 26/08/18 08:48, esinpublic-2012 at yahoo.com.hk wrote:
> > Hi,
> >
> > When running with the ipset configuration, e.g.
> >
> > ipset=/example.com/whitelist
> >
> >
> > If the query result is a CNAME of differnet domain e.g.
> >
> > example.com.
> >  300  IN    CNAME  d123456789abcdefg.cloudfront.net.
> > d123456789abcdefg.cloudfront.net.    60
> > IN    A            123.123.123.123
> >
> > The IP address 123.123.123.123 would not be added to the IPSET. May I
> > ask if it is possible to have dnsmasq to add the final reolved ip into
> > the ipset?
> >
> > Thank you!
> >
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180907/f6c794ae/attachment.html>


More information about the Dnsmasq-discuss mailing list