[Dnsmasq-discuss] RFC: dnsmasq blacklist/whitelist functionality
Simon Kelley
simon at thekelleys.org.uk
Wed Nov 28 20:45:37 GMT 2012
On 24/11/12 14:04, Jonathan McCrohan wrote:
> Hi Simon,
>
> In an effort to work around some broken IPv6 implementations, I am
> finding myself having maintain a number of manual address lines in my
> dnsmasq config file. These lines force an A record to be returned,
> denying the broken AAAA records:
>
> address=/brokenipv6host.example.com/10.1.1.1
>
> This works well for my current needs, but, it isn't scalable, needs to
> be manually updated when the upstream DNS record changes.
>
> Is it possible to implement a blacklist or whitelist functionality which
> could be used to stop or only allow certain types of DNS records to be
> returned by dnsmasq to the client? A syntax such as a the following is
> what I had in mind:
>
> blacklist=/brokenipv6host.example.com/aaaa,mx
> whitelist=/brokenipv6host.example.com/a,txt
>
I'm not clear exactly what these do. Return NODATA or NXDOMAIN replies
for all queries in the domain for the specifed types?
There have certainly been requests in the past to suppress IPv6 DNS
answers to fix hosts with broken IPv6 connectivity. It's not as simple
as it appears to do.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list