[Dnsmasq-discuss] Mask a domain
Jima
jima at beer.tclug.org
Mon Mar 19 13:49:56 GMT 2007
On Mon, 19 Mar 2007, Davide Ferrari wrote:
> So what's happening now? Since I have expand-hosts in dnsmasq, sub.domain.tld
> is appended to every DNS request and, if not found, forwarded to mainstream
> DNS servers, that obviously always answer with an IP (there is the wildcard,
> now).
> So, what's the best way to solve this in dnsmasq's realm, if is there a way to
> solve this?
As long as there's nothing legitimate/critical on that IP address (I hope
not, for your sake), you could use --bogus-nxdomain:
-B, --bogus-nxdomain=<ipaddr>
Transform replies which contain the IP address given into "No
such domain" replies. This is intended to counteract a devious
move made by Verisign in September 2003 when they started
returning the address of an advertising web page in response to
queries for unregistered names, instead of the correct NXDOMAIN
response. This option tells dnsmasq to fake the correct response
when it sees this behaviour. As at Sept 2003 the IP address
being returned by Verisign is 64.94.110.11
Which reminds me, my upstream ISP at home (Charter Communications)
started doing this same thing. I should add that to my configuration.
Jima
More information about the Dnsmasq-discuss
mailing list