<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>I think that can be already specified by --server-file. Each
domain would be listed as --server=/blocked.example.net/, which
implements just --local= option. Of course that requires some
decoration around just list of domains. It is not possible to load
just domain per line file into dnsmasq.<br>
</p>
<p><br>
</p>
<p>You can also use --conf-script to generate blocklist. I think
server-file can reload updated information after SIGHUP received.
I doubt conf-script can do the same, although the example in man
page uses blocklist definition. But have not verified that myself.</p>
<p><br>
</p>
<p>Cheers,<br>
Petr</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 5/7/24 13:14, Steffen Greber wrote:<br>
</div>
<blockquote type="cite"
cite="mid:FR3P281MB2587127FE564967AC440CFC5BFE42@FR3P281MB2587.DEUP281.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I know in the addn-host you can specify additional hosts files.
It would be great to extend the syntax, so we can block some
domains (ipv4 and ipv6).</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Currently I add some domains with 127.0.0.1 or 0.0.0.0 to
blacklist them but it seams not to be really the same than be
resolved to NXDOMAIN, since (some) tools try then to connect to
the specified ips.</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
The background is, I have some services running on a local
machine. An entry in the addnhost file is only done if the
service is running. So, if now a service dies (or is
deactivated) and another service tries to resolve it by its
name, the ip can not be resolved locally and the request it
forwarded to the upstream resolver (which in my case leads to a
security issue). </div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof"
style="font-size: 12pt; color: rgb(0, 0, 0);"><span
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif;">A
other solution would be to use the
</span><span style="font-family: "Times New Roman";"><b>bogus-nxdomain</b></span><span
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif;"> so
I can map my services to a specify ip and define it as a
bogus-nxdomain. But this option seems not to be working with
domains defined in the addn-hosts files.</span></div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Dnsmasq-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.thekelleys.org.uk</a>
<a class="moz-txt-link-freetext" href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Petr Menšík
Software Engineer, RHEL
Red Hat, <a class="moz-txt-link-freetext" href="https://www.redhat.com/">https://www.redhat.com/</a>
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB</pre>
</body>
</html>