[Dnsmasq-discuss] uh, domain concats unwanted...
aweber at comcast.net
Thu May 1 19:38:06 BST 2008
I just found that it does have a blacklisting function, but not for advertisement sites (or there seems to be a user-promoted-list, where the community votes on hosts, but I can't seem to add it to my setup...it doesn't appear as a valid "category").
But like I said in a previous reply (probably passed yours in the ether!), it doesn't explain why it would try and resolve the host by upstream DNS in the first-place. If it's in an addn-hosts file, it should never have proceeded to ask opendns for an address, right?
And I'm having MORE trouble when I add that file (as you can see in my previous reply), in that it doesn't even resolve the name of my dnsmasq server, much less anything else! I'm starting to wonder if there's a limitation to the number of lines in the hosts-files that dnsmasq can handle???
Thanks for the reply and the useful info!
----- Original Message -----
From: Paul Chambers
To: dnsmasq-discuss at lists.thekelleys.org.uk
Sent: Thursday, May 01, 2008 1:53 PM
Subject: Re: [Dnsmasq-discuss] uh, domain concats unwanted...
As an aside, if you're using OpenDNS upstream, for lookups that fail it'll respond with the IP address of an OpenDNS server (rather than NXDOMAIN), which will redirect you to guide.opendns.com. You'll need to use 'bogus-nxdomain=' lines in your dnsmasq configuration for the IP addresses of those 'special' servers if you want lookups to fail if the domain is not found. Specifically, add 'bogus-nxdomain=220.127.116.11' to dnsmasq.conf and restart dnsmasq. Note that this IP address has changed at least once since I started using OpenDNS.
Doesn't explain why your resolver is looking for view.atdmt.com.nnnnnn.com in the first place, but does explain why you're getting an answer. I think the resolver re-attempts a lookup that fails by appending the domain to the original lookup, IIRC. Try adding a 'domain something.bogus' line to your resolv.conf and see if you get 'view.atdmt.com.something.bogus' instead.
p.s. By the way, you do know that OpenDNS offers domain blacklisting by category automatically? just have to create an account and turn it on.
On Thu May 1 2008 10:34:05 AJ Weber wrote:
OK, I'm looking thru my dnsmasq.conf, but can't justify why this is
happening...nor how it's eventually coming-up with a valid IP
ValidHowever, it didn't block an advert site on my first test, and so I
did a nslookup from my laptop...this was the output...
Just Say No to nslookup. dig(1) is the preferred toolServer: broh.nnnnnn.com
18.104.22.168.in-addr.arpa. 86400 IN PTR hit-nxdomain.opendns.com.
The "nnnnnn.com" is set in my "domain=" option in my config.
However, as I read it, it should only be used to decorate simple
names from the hosts-file. Why is it being appended to FQDNs?
Maybe broken or misconfigured system resolver? See, dig(1) will only
use DNS, and only with the name it is given (exception, see +search.)
Furthermore, how the heck did that name then resolve from the
upstream DNS server???
Um, maybe a broken upstream nameserver? [1<snip>
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dnsmasq-discuss