[Dnsmasq-discuss] Block PTR queries for local IPs being sent upstream
Ed W
lists at wildgooses.com
Tue Dec 13 17:48:59 GMT 2011
On 12/12/2011 17:40, Matthias Andree wrote:
> Am 11.12.2011 20:00, schrieb Ed W:
>
> This is zeroconfiguration DNS-based service discovery stuff. Check
> Wikipedia for "Zeroconf".
>
>> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
>> dr._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.8.8
>> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
>> dr._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.4.4
>> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: query[PTR]
>> lb._dns-sd._udp.225.177.159.10.in-addr.arpa from 192.168.111.137
>> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
>> lb._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.8.8
>> Dec 11 18:28:08 localhost daemon.info dnsmasq[590]: forwarded
>> lb._dns-sd._udp.225.177.159.10.in-addr.arpa to 8.8.4.4
>>
>>
>>
>> How can I tell dnsmasq that it's effectively authoritive for reverse
>> lookups for private IP ranges and prevent upstream lookups? I do have
>> "bogus-priv" set. Dnsmasq-1.58
> By adding another server-line for 10.in-addr.arpa.
>
OK, I would like to claim this is a "bug"... I read the description of
dns-sd (snippet from page27 of the RFC) here:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=315970
This gives a tiny amount of clarity on the origin of some of my peculiar
dns traffic
However, I see no way to prevent internal dns reverse name requests from
leaking upstream, eg if my local ip range is 192.168.111.0/24 then how
to prevent requests for x.111.168.192.in-addr.arpa ? (If I use
"server=/111.168.192.in-addr.arpa/127.0.0.x" then various unpleasant
things happen as reported previously)
Additionally, given that I have bogus-priv in my config - should this
not suppress such reverse host lookups?
Any thoughts?
Thanks
Ed W
More information about the Dnsmasq-discuss
mailing list