[Dnsmasq-discuss] Using a secondary set of nameservers for dynamic blocking

Sam Crawford samcrawford at gmail.com
Mon Aug 15 12:02:07 BST 2011


Ed,

Many thanks for the suggestion. You're quite right - my server-side
idea was effectively re-inventing the wheel. I've ended up going with
rbldnsd, which has been a breeze to setup for this task (even with
millions of records) and no code changes were required.

The next step is to focus on the changes required at the dnsmasq level
(client side). I appreciate your suggestions regarding the CPAN
modules, but I'm intending for this to function on small embedded
devices (typically ~4MB flash), and getting Perl on there is quite
unlikely.

Thanks,

Sam


On 8 August 2011 14:18, Ed W <lists at wildgooses.com> wrote:
> On 07/08/2011 19:22, Sam Crawford wrote:
>> I also wish for the dnsmasq host to have some logic and act upon the
>> response from the server (so the logic couldn't be entirely
>> server-side). The server would return a set of TXT records (indicating
>> the classifications of the domains) if it were classified, and
>> NXDOMAIN otherwise. Based upon these classifications returned from the
>> server and *local* configuration of the host running dnsmasq, the
>> original client would then either be sent back the real response (from
>> the ISP server) or an A record pointing at the dnsmasq host (which
>> would also be running a small webserver with a static page, as you
>> suggested).
>
> This basic problem is used a lot in mail blacklisting.  I would suggest
> taking a look at the techniques used for rbldns and I think you will
> also find some example software which does very high speed lookups into
> massive rbl lists (if for example you want to benchmark alternative
> implementations to dnsmasq)
>
> Also if necessary you can use Perl (or something else) to create your
> own resolver which has the necessary logic (ie check here, if no
> response then check there)
>        http://search.cpan.org/search?query=dns&mode=all
>
> Good luck - interested to hear how you solve this!
>
> Ed W
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>



More information about the Dnsmasq-discuss mailing list