<div dir="ltr"><div>Hi,</div><div>I have made a patch to disable the A-for-A feature. </div><div>I believe that the text portions can be made better by an actual DNS expert.</div><div><br></div>Given the following quote, and if that trend holds true, there are probably no significant A-for-A requests anymore.<br><div><p class="MsoNormal"><span lang="EN-US">The
percentages of A-for-A seen by root servers reported in 2001, 2003, and 2008
was 12%–18%, 7.03%, and 2.7%, respectively. The decreasing trend continues in
our data collected in 2012, where A-for-A only contributes 0.4% of the traffic.<span></span></span></p>
<p class="MsoNormal"><span lang="EN-US">[[ <a href="http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf">http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf</a>
]]<span></span></span></p><p class="MsoNormal"><br></p><p class="MsoNormal"><span lang="EN-US">---</span></p><p class="MsoNormal"> man/dnsmasq.8 | 3 +++</p><p class="MsoNormal"> src/dnsmasq.h | 3 ++-</p><p class="MsoNormal"> src/option.c | 3 +++</p><p class="MsoNormal"> src/rfc1035.c | 2 +-</p><p class="MsoNormal"> 4 files changed, 9 insertions(+), 2 deletions(-)</p><p class="MsoNormal"><br></p><p class="MsoNormal">diff --git a/man/dnsmasq.8 b/man/dnsmasq.8</p><p class="MsoNormal">index 6b914ec..40d531c 100644</p><p class="MsoNormal">--- a/man/dnsmasq.8</p><p class="MsoNormal">+++ b/man/dnsmasq.8</p><p class="MsoNormal">@@ -1908,6 +1908,9 @@ A special case of</p><p class="MsoNormal"> which differs in two respects. Firstly, only --server and --rev-server are allowed</p><p class="MsoNormal"> in the configuration file included. Secondly, the file is re-read and the configuration</p><p class="MsoNormal"> therein is updated when dnsmasq receives SIGHUP.</p><p class="MsoNormal">+.TP</p><p class="MsoNormal">+.B --no-afora</p><p class="MsoNormal">+Do not treat A-for-A DNS requests special. I.e. do not duck type a FQDN to an IP.</p><p class="MsoNormal"> .SH CONFIG FILE</p><p class="MsoNormal"> At startup, dnsmasq reads</p><p class="MsoNormal"> .I /etc/dnsmasq.conf,</p><p class="MsoNormal">diff --git a/src/dnsmasq.h b/src/dnsmasq.h</p><p class="MsoNormal">index f4d330a..dbb3477 100644</p><p class="MsoNormal">--- a/src/dnsmasq.h</p><p class="MsoNormal">+++ b/src/dnsmasq.h</p><p class="MsoNormal">@@ -250,7 +250,8 @@ struct event_desc {</p><p class="MsoNormal"> #define OPT_MAC_B64 54</p><p class="MsoNormal"> #define OPT_MAC_HEX 55</p><p class="MsoNormal"> #define OPT_TFTP_APREF_MAC 56</p><p class="MsoNormal">-#define OPT_LAST 57</p><p class="MsoNormal">+#define OPT_NO_AFORA 57</p><p class="MsoNormal">+#define OPT_LAST 58</p><p class="MsoNormal"><br></p><p class="MsoNormal"> /* extra flags for my_syslog, we use a couple of facilities since they are known</p><p class="MsoNormal"> not to occupy the same bits as priorities, no matter how syslog.h is set up. */</p><p class="MsoNormal">diff --git a/src/option.c b/src/option.c</p><p class="MsoNormal">index 831593b..be3bb9e 100644</p><p class="MsoNormal">--- a/src/option.c</p><p class="MsoNormal">+++ b/src/option.c</p><p class="MsoNormal">@@ -160,6 +160,7 @@ struct myoption {</p><p class="MsoNormal"> #define LOPT_DHCPTTL 348</p><p class="MsoNormal"> #define LOPT_TFTP_MTU 349</p><p class="MsoNormal"> #define LOPT_REPLY_DELAY 350</p><p class="MsoNormal">+#define LOPT_NO_AFORA 351</p><p class="MsoNormal"><br></p><p class="MsoNormal"> #ifdef HAVE_GETOPT_LONG</p><p class="MsoNormal"> static const struct option opts[] =</p><p class="MsoNormal">@@ -325,6 +326,7 @@ static const struct myoption opts[] =</p><p class="MsoNormal"> { "script-arp", 0, 0, LOPT_SCRIPT_ARP },</p><p class="MsoNormal"> { "dhcp-ttl", 1, 0 , LOPT_DHCPTTL },</p><p class="MsoNormal"> { "dhcp-reply-delay", 1, 0, LOPT_REPLY_DELAY },</p><p class="MsoNormal">+ { "no-afora", 0, 0, LOPT_NO_AFORA },</p><p class="MsoNormal"> { NULL, 0, 0, 0 }</p><p class="MsoNormal"> };</p><p class="MsoNormal"><br></p><p class="MsoNormal">@@ -497,6 +499,7 @@ static struct {</p><p class="MsoNormal"> { LOPT_IGNORE_ADDR, ARG_DUP, "<ipaddr>", gettext_noop("Ignore DNS responses containing ipaddr."), NULL },</p><p class="MsoNormal"> { LOPT_DHCPTTL, ARG_ONE, "<ttl>", gettext_noop("Set TTL in DNS responses with DHCP-derived addresses."), NULL },</p><p class="MsoNormal"> { LOPT_REPLY_DELAY, ARG_ONE, "<integer>", gettext_noop("Delay DHCP replies for at least number of seconds."), NULL },</p><p class="MsoNormal">+ { LOPT_NO_AFORA, OPT_NO_AFORA, NULL, gettext_noop("Do not treat A-for-A special."), NULL },</p><p class="MsoNormal"> { 0, 0, NULL, NULL, NULL }</p><p class="MsoNormal"> };</p><p class="MsoNormal"><br></p><p class="MsoNormal">diff --git a/src/rfc1035.c b/src/rfc1035.c</p><p class="MsoNormal">index 0ad3ab1..940fc25 100644</p><p class="MsoNormal">--- a/src/rfc1035.c</p><p class="MsoNormal">+++ b/src/rfc1035.c</p><p class="MsoNormal">@@ -1570,7 +1570,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,</p><p class="MsoNormal"><br></p><p class="MsoNormal"> /* Check for "A for A" queries; be rather conservative</p><p class="MsoNormal"> about what looks like dotted-quad. */</p><p class="MsoNormal">- if (qtype == T_A)</p><p class="MsoNormal">+ if (qtype == T_A && !option_bool(OPT_NO_AFORA))</p><p class="MsoNormal"> {</p><p class="MsoNormal"> char *cp;</p><p class="MsoNormal"><span lang="EN-US"></span></p><p class="MsoNormal"> unsigned int i, a;</p></div><div><br></div></div>