[Dnsmasq-discuss] Ignore certain returned DNS response?
Glen Huang
curvedmark at gmail.com
Wed Nov 19 01:42:22 GMT 2014
Hey Simon,
Is the patch good for merging?
I have been personally using the patch for over a month without problems.
> On Oct 9, 2014, at 10:48 PM, Simon Kelley <simon at thekelleys.org.uk> wrote:
>
> On 08/10/14 13:13, Glen Huang wrote:
>> Is it possible to ask dnsmasq to ignore DNS responses whose records
>> match a certain list of ip, and keep waiting for another response?
>>
>> The rational behind this is that in China, when querying a domain
>> like youtube.com or twitter.com, a fake ip is quickly returned,
>> fooling dnsmasq to discard the genuine response that comes after it.
>> Luckily the returned fake ips are of a limited set. So it’s
>> relatively easy to distinguish such bogus responses.
>
> Sigh. Now if Twitter and Youtube did DNSSEC signatures, such silly games
> would no longer be possible.
>>
>> I can’t find an option which does this in the man page. So this might
>> be a feature request. I guess it should work like the bogus-nxdomain
>> option, but instead of treating the ip as nxdomain, dnsmasq would
>> ignore it, and keep wait for another response.
>>
>> I’m willing to take a stab at this feature (it could take some time
>> though, since I’m not familiar with the internels of dnsmasq). But
>> before doing so, I want to make sure that I didn’t missing any option
>> that already does that and this feature does belong to dnsmasq.
>>
>
> There's no way to do this in the current dnsmasq releases, but I'd
> certainly consider a patch to implement it. You're right that the code
> can be modelled on bogus-nxdomain.
>
> You can use code like that in check_for_bogus_wildcard() to detect the
> bad answer (the option-parsing code would be identical) the check needs
> to be called from near the start of reply_query() and should just return
> from that function if bogus answer is detected.
>
>
> Cheers,
>
> Simon.
>
>
>
>> Thank you. _______________________________________________
>> Dnsmasq-discuss mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list