[Dnsmasq-discuss] Running a script after a resolution request

Ronaldo Zacarias Afonso ronaldo.afonso at oi.net.br
Fri Mar 28 13:26:13 UTC 2014 

On 03/24/2014 06:08 PM, Simon Kelley wrote:
> On 24/03/14 19:39, Ronaldo Zacarias Afonso wrote:
>>     Hi everybody,
>>
>>     I'd like to know if it is possible to configure dnsmasq to execute a
>> script after a name resolution request.
>>
>>     The ideia is having a script that updates a firewall each time
>> someone asks for the resolution of www.somedomain.com.
>>
>>     Any help would be appreciated.
>>
>>     Thanks in advance ...
>>
> Would this serve to solve the problem?
>
> --ipset=/<domain>/[domain/]<ipset>[,<ipset>]
>      Places the resolved IP addresses of queries for the specified
>      domains in the specified netfilter ip sets. Domains
>      and subdomains are matched in the same way as --address. These ip
>      sets must already exist. See ipset(8) for  more details.
>
>
> Cheers,
>
> Simon.

   Hi Simon,

   In fact, it worked partially.

   Now I need a way to "timeout" those ipset entries. It would be still 
better if the timeout value was the same as the DNS A record dnsmasq 
received when it queried the domaain.

   For example:

   root at ronaldoafonso:~# dig www.ronaldoafonso.com.br -t a

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.ronaldoafonso.com.br -t a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32993
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.ronaldoafonso.com.br.    IN    A

;; ANSWER SECTION:
www.ronaldoafonso.com.br. 85223    IN    A    50.62.226.1

;; AUTHORITY SECTION:
ronaldoafonso.com.br.    85223    IN    NS    b.sec.dns.br.
ronaldoafonso.com.br.    85223    IN    NS    c.sec.dns.br.

;; ADDITIONAL SECTION:
b.sec.dns.br.        89959    IN    A    200.192.232.11
c.sec.dns.br.        89557    IN    A    200.189.40.11

;; Query time: 1 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Fri Mar 28 10:04:21 2014
;; MSG SIZE  rcvd: 130

   The perfect timeout would be "85223" received for the A record.

   Is it possible?

   Thanks in advance ...
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


-- 
Ronaldo Afonso
Sistemas Embarcados
Oi: 55 (11) 95252-0484
Fixo: 55 (11) 3065-9949
www.oiwifi.com.br
Esta mensagem, incluindo seus anexos, pode conter informacoes privilegiadas e/ou de carater confidencial, nao podendo ser retransmitida sem autorizacao do remetente. Se voce nao e o destinatario ou pessoa autorizada a recebe-la, informamos que o seu uso, divulgacao, copia ou arquivamento sao proibidos. Portanto, se você recebeu esta mensagem por engano, por favor, nos informe respondendo imediatamente a este e-mail e em seguida apague-a.

More information about the Dnsmasq-discuss mailing list