[Dnsmasq-discuss] Feature request: --server=/*.in-addr.arpa/ overrides --bogus-priv.
Paul Chambers
dnsmasq at lists.bod.org
Sun Jun 7 00:31:09 BST 2009
Only tangentially related, but thought it was worth a mention:
http://www.team-cymru.org/Services/Bogons/
They maintain a 'bogon' list of IP ranges that are private (martians) or
unassigned by the IANA - i.e. IP addresses that are not valid/routable
on the pubic internet. I currently import it into my netfilter rules
with a little cron/wget/sed incantation, but it'd be just as easy to
massage it into something dnsmasq could digest.
-- Paul
Simon Kelley wrote:
> Andrew Rodland wrote:
>
>> Subject line pretty much says it. I have config lines of the form
>>
>> server=/100.168.192.in-addr.arpa/192.168.100.2
>>
>> (for a VPN "split DNS" configuration), but if the bogus-priv option is enabled
>> these queries are returned NXDOMAIN without forwarding to the upstream server.
>> I've disabled bogus-priv as a workaround, but it's my feeling that an explicit
>> forwarding server should override the general-purpose option. That way I can
>> forward the zones that I know exist somewhere, while still getting the benefit
>> of bogus-priv for completely spurious local IPs.
>>
>
> This is a fine suggestion, but there are are two reasons not to do it.
>
> 1) It's more difficult to implement than may be apparent, since the
> bogus-priv logic happens as part of cache processing, and if that yields
> an address, the forwarding logic which checks the server= lines never
> gets run.
>
> 2) The current behaviour has been there for a long time, and there's a
> chance that changing it will adversely affect existing installations.
>
> I'd probably override both these objections and do it anyway, if there
> wasn't a good workaround, but there is. Do this.
>
> 1) remove bogus-priv
>
> 2) add the lines
>
> local=/.168.192.in-addr.arpa/
> local=/.16.172.in-addr.arpa/
> local=/.10.in-addr.arpa/
> local=/.127.in-addr.arpa/
> local=/.254.169.in-addr.arpa/
>
> instead.
>
> (Your server line will be used in preference to the 168.192 one, since
> it's more specific.)
>
> HTH
>
> Simon.
>
More information about the Dnsmasq-discuss
mailing list