[Dnsmasq-discuss] dnsmasq and domain blacklist

Simon Kelley simon at thekelleys.org.uk
Thu Mar 4 10:18:26 GMT 2010


SamLT wrote:
> 
> Hello,
> 
> 1) I'm trying to blacklist some domains with dnsmasq, and until now I was
> using the 'local' directive to do just that:
> 
> eg:
> local=/bigmoney.biz/
> 
> When requesting for address of such a domain clients get a NXDOMAIN-IPv4
> reply.
> 
> This is working go so far, but I found here[2] that one can also use the
> directive:
> 
> address=/code-server.biz/127.0.0.1
> 
> along with a very minimal web server which serves a 1x1 pixel transparent gif
> file[3].
> 
> I'm now wondering which way is best and why?
> 
> 

I don't know about this, others may be able to comment.
> 
> 
> 2) I'm also considering using a public blacklist[1] and I would like to know
> if it can be a problem for dnsmasq to have between 1 and 2 million of such
> directives? If so, what is the recommended way of implementing this domain
> blacklisting?
> 

Check the LIMITS section of the man page: it'll be fine as long as you
have a reasonable amount of RAM. Don't try it on a little plastic router
box.

Cheers,

Simon.




More information about the Dnsmasq-discuss mailing list