[Dnsmasq-discuss] bogus-priv for IPV6
Jim Bos
jim876 at xs4all.nl
Sat Sep 8 10:13:29 BST 2012
On 09/07/2012 09:49 PM, Simon Kelley wrote:
> On 07/09/12 17:47, Gene Czarcinski wrote:
>> dnsmasq has an option which makes a lot of sense to me: bogus-priv
>> which, when specified, has the effect that IPV4 private networks
>> 10.0.00/8, 172.16.0.0/12 and 192.168.0.0/16 are not forwarded since
>> these are reserved for local/private networks.
>>
>> How about extending this option (or add a bogus-priv6 option) to include
>> the Unique Local IPV6 Addresses as specified in RFC 4193 --
>> http://tools.ietf.org/html/rfc4193
>>
>> All correctly implemented routers, etc are suppose to not route packets
>> with these addresses but ... well, people designed/implemented those and
>> people make mistakes.
>>
>> I do not consider this a high priority item.
>>
>
> Agreed that it's a good idea. I think we (the list) had a discussion
> about this before, and it wandered off into a long digression about
> exactly which address ranges should be blocked but nothing happened.
>
> Simon.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
As a temporary workaround as I noticed all kind of queries going
upstream, I put this in my config to prevent reverse lookups for
link-local addresses:
server=/f.f.ip6.arpa/
server=/e.f.ip6.arpa/
Which seems to work as expected, i.e. queries are suppressed.
Jim
More information about the Dnsmasq-discuss
mailing list