[Dnsmasq-discuss] uh, domain concats unwanted...
bod at bod.org
Thu May 1 18:53:31 BST 2008
As an aside, if you're using OpenDNS upstream, for lookups that fail
it'll respond with the IP address of an OpenDNS server (rather than
NXDOMAIN), which will redirect you to guide.opendns.com. You'll need to
use 'bogus-nxdomain=' lines in your dnsmasq configuration for the IP
addresses of those 'special' servers if you want lookups to fail if the
domain is not found. Specifically, add 'bogus-nxdomain=220.127.116.11'
to dnsmasq.conf and restart dnsmasq. Note that this IP address has
changed at least once since I started using OpenDNS.
Doesn't explain why your resolver is looking for
view.atdmt.com.nnnnnn.com in the first place, but does explain why
you're getting an answer. I think the resolver re-attempts a lookup that
fails by appending the domain to the original lookup, IIRC. Try adding a
'domain something.bogus' line to your resolv.conf and see if you get
p.s. By the way, you do know that OpenDNS offers domain blacklisting by
category automatically? just have to create an account and turn it on.
> On Thu May 1 2008 10:34:05 AJ Weber wrote:
>> OK, I'm looking thru my dnsmasq.conf, but can't justify why this is
>> happening...nor how it's eventually coming-up with a valid IP
>> However, it didn't block an advert site on my first test, and so I
>> did a nslookup from my laptop...this was the output...
> Just Say No to nslookup. dig(1) is the preferred tool
>> Server: broh.nnnnnn.com
>> Address: 192.168.1.128
>> Non-authoritative answer:
>> Name: view.atdmt.com.nnnnnn.com
>> Address: 18.104.22.168
> 22.214.171.124.in-addr.arpa. 86400 IN PTR hit-nxdomain.opendns.com.
>> The "nnnnnn.com" is set in my "domain=" option in my config.
>> However, as I read it, it should only be used to decorate simple
>> names from the hosts-file. Why is it being appended to FQDNs?
> Maybe broken or misconfigured system resolver? See, dig(1) will only
> use DNS, and only with the name it is given (exception, see +search.)
>> Furthermore, how the heck did that name then resolve from the
>> upstream DNS server???
> Um, maybe a broken upstream nameserver? [1
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dnsmasq-discuss