[Dnsmasq-discuss] dnsmasq and domain blacklist
Simon Kelley
simon at thekelleys.org.uk
Thu Mar 4 10:18:26 GMT 2010
SamLT wrote:
>
> Hello,
>
> 1) I'm trying to blacklist some domains with dnsmasq, and until now I was
> using the 'local' directive to do just that:
>
> eg:
> local=/bigmoney.biz/
>
> When requesting for address of such a domain clients get a NXDOMAIN-IPv4
> reply.
>
> This is working go so far, but I found here[2] that one can also use the
> directive:
>
> address=/code-server.biz/127.0.0.1
>
> along with a very minimal web server which serves a 1x1 pixel transparent gif
> file[3].
>
> I'm now wondering which way is best and why?
>
>
I don't know about this, others may be able to comment.
>
>
> 2) I'm also considering using a public blacklist[1] and I would like to know
> if it can be a problem for dnsmasq to have between 1 and 2 million of such
> directives? If so, what is the recommended way of implementing this domain
> blacklisting?
>
Check the LIMITS section of the man page: it'll be fine as long as you
have a reasonable amount of RAM. Don't try it on a little plastic router
box.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list