<div dir="ltr">I incidentally have the same problem (I started to tackle ipset today). Taking your example:<div><br></div><div><div>root@srv ~# dnsmasq -d --log-queries --ipset=/<a href="http://vpnin.swtk.info/vpnin">vpnin.swtk.info/vpnin</a></div><div>dnsmasq: started, version 2.79 cachesize 150</div><div>dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify</div><div>dnsmasq-dhcp: DHCP, IP range 10.200.0.1 -- 10.200.0.230, lease time 10d</div><div>dnsmasq-dhcp: DHCP, IP range 10.10.10.1 -- 10.10.10.200, lease time 10d</div><div>dnsmasq-dhcp: DHCP, IP range 10.1.1.1 -- 10.1.1.100, lease time 10d</div><div>dnsmasq-dhcp: DHCP, IP range 10.100.20.1 -- 10.100.20.230, lease time 10d</div><div>dnsmasq-dhcp: DHCP, IP range 10.100.10.1 -- 10.100.10.230, lease time 10d</div><div>dnsmasq: using nameserver 8.8.4.4#53</div><div>dnsmasq: using nameserver 1.1.1.1#53</div><div>dnsmasq: read /etc/hosts - 8 addresses</div><div>dnsmasq: query[A] <a href="http://vpnin.swtk.info">vpnin.swtk.info</a> from 127.0.0.1</div><div>dnsmasq: DHCP <a href="http://vpnin.swtk.info">vpnin.swtk.info</a> is 10.200.0.2</div></div><div><br></div><div>the vpnin ipset is already created (and stays empty):</div><div><br></div><div><div>root@srv ~# ipset vpnin</div><div>ipset v6.34: No command specified: unknown argument vpnin</div><div>Try `ipset help' for more information.</div><div>root@srv ~# ipset list vpnin</div><div>Name: vpnin</div><div>Type: hash:ip</div><div>Revision: 4</div><div>Header: family inet hashsize 1024 maxelem 65536</div><div>Size in memory: 88</div><div>References: 0</div><div>Number of entries: 0</div><div>Members:</div></div><div><br></div><div><br></div><div>Cheers,</div><div>Wojtek</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">Le mar. 4 sept. 2018 à 01:21, Simon Kelley <<a href="mailto:simon@thekelleys.org.uk">simon@thekelleys.org.uk</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Are you sure? It seems to work for me.<br>
<br>
<br>
<br>
srk@holly:~/dnsmasq/dnsmasq$ src/dnsmasq -d -p 10000 --log-queries<br>
--ipset=/<a rel="noreferrer">www.comcast.com/test</a><br>
dnsmasq: started, version 2.80test4 cachesize 150<br>
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN<br>
DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect<br>
inotify dumpfile<br>
dnsmasq: reading /etc/resolv.conf<br>
dnsmasq: using nameserver 127.0.1.1#53<br>
dnsmasq: read /etc/hosts - 8 addresses<br>
dnsmasq: query[A] <a rel="noreferrer">www.comcast.com</a> from 127.0.0.1<br>
dnsmasq: forwarded <a rel="noreferrer">www.comcast.com</a> to 127.0.1.1<br>
dnsmasq: reply <a rel="noreferrer">www.comcast.com</a> is <CNAME><br>
dnsmasq: reply <a rel="noreferrer">www.comcast.com.edgekey.net</a> is <CNAME><br>
dnsmasq: ipset add test 2.22.99.93 <a rel="noreferrer">e523.dscb.akamaiedge.net</a><br>
dnsmasq: reply <a rel="noreferrer">e523.dscb.akamaiedge.net</a> is 2.22.99.93<br>
<br>
Cheers,<br>
<br>
Simon.<br>
<br>
<br>
On 26/08/18 08:48, <a>esinpublic-2012@yahoo.com.hk</a> wrote:<br>
> Hi, <br>
> <br>
> When running with the ipset configuration, e.g.<br>
> <br>
> ipset=/<a rel="noreferrer">example.com/whitelist</a><br>
> <br>
> <br>
> If the query result is a CNAME of differnet domain e.g.<br>
> <br>
> <a rel="noreferrer">example.com</a>. <br>
> 300 IN CNAME <a rel="noreferrer">d123456789abcdefg.cloudfront.net</a>.<br>
> <a rel="noreferrer">d123456789abcdefg.cloudfront.net</a>. 60 <br>
> IN A 123.123.123.123<br>
> <br>
> The IP address 123.123.123.123 would not be added to the IPSET. May I<br>
> ask if it is possible to have dnsmasq to add the final reolved ip into<br>
> the ipset?<br>
> <br>
> Thank you!<br>
> <br>
> <br>
> _______________________________________________<br>
> Dnsmasq-discuss mailing list<br>
> <a>Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
> <a rel="noreferrer">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
> <br>
<br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a>Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a rel="noreferrer">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
</blockquote></div>