[Dnsmasq-discuss] configurable stop-dns-rebind?
Simon Kelley
simon at thekelleys.org.uk
Mon May 10 20:36:22 BST 2010
clemens fischer wrote:
> Hi,
>
> I have one little nit with option "stop-dns-rebind": it breaks the
> RBL's needed to defend against spam. If only it could be a sub-option
> to the "server" option to select which servers are allowed to receive
> answers in the 127/8 or some other range!
>
> Maybe a new option is needed, because "server" requires the IP of the
> nameserver. The configuration would need to allow something like:
>
> rbl=<rbl-domain>/<allowed-range(s)>
>
> This should signal dnsmasq that clients don't actually use IPs from the
> <allowed-range(s)> for networking and should be returned even with
> "stop-dns-rebind" set.
>
> Simon, would you accept a patch to that effect or implement it yourself?
> How should the possibly new option be named? "rbl" sounds a bit too
> specific for a general concept like this.
>
>
One way to do this which would require very little code would be to
extend the current domain matching code:
server=/subdomain.domain/1.2.3.4
and
address=/subdomain.domain/1.2.3.4
By simply giving the ability to switch off rbl checking on some domains
with something like
rbl-domain=/subdomain.domain/
If the ability to specify particular IP ranges is not needed (why should
it be?) then this could be implemented very cheaply (in terms of
developer effort and extra code-size.)
Would that work?
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list