[Dnsmasq-discuss] dnsmasq and domain blacklist

SamLT samuel.lethiec at intelunix.fr
Mon Mar 1 12:02:41 GMT 2010



Hello,

1) I'm trying to blacklist some domains with dnsmasq, and until now I was
using the 'local' directive to do just that:

eg:
local=/bigmoney.biz/

When requesting for address of such a domain clients get a NXDOMAIN-IPv4
reply.

This is working go so far, but I found here[2] that one can also use the
directive:

address=/code-server.biz/127.0.0.1

along with a very minimal web server which serves a 1x1 pixel transparent gif
file[3].

I'm now wondering which way is best and why?




2) I'm also considering using a public blacklist[1] and I would like to know
if it can be a problem for dnsmasq to have between 1 and 2 million of such
directives? If so, what is the recommended way of implementing this domain
blacklisting?

Thanks in advance


samlt


[1] like this one http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current.domains
[2] http://wiki.flexion.org/SettingUpDNSMasq.html
[3] http://proxytunnel.sourceforge.net/pixelserv.php



More information about the Dnsmasq-discuss mailing list