[Dnsmasq-discuss] Enable bogus-priv by default
Eric Luehrsen
ericluehrsen at hotmail.com
Tue Oct 20 01:21:48 BST 2015
Kevin,
I don't think there is a flaw in your logic. You are probably 50% right.
DNSMASQ is so flexible and useful it has found two significant homes and
a bunch of other neat uses.
Top however, (1) as a single point entry router caching DNS
(ex 192.168.1.1 / X.X.X.X -> 8.8.4.4), and (2) as a local machine
name cache daemon (ex 127.0.1.1 / 192.168.1.2 -> 192.168.1.1).
For use (1) your default concept is quite right to avoid harassing the
world net and not enumerate your internal system to the world. For (2)
rather, the workstation will need to forward otherwise useless requests
up to the router to resolve local. So thats going to be your 50% split.
So I would recommend that both options be included in the CONF syntax.
I would then recommend that the default behavior be a conditional
compile for the distribution builder. In a Debian-Linux workstation
distr. the default is to forward. In a OpenWRT distr. the default is
to not forward bogus local ... something like that.
Eric
>Hi Simon & list,
>
>Ok, here's the controversial idea. Can we consider enabling
>'bogus-priv' by default and have an additional option say 'allow-priv'
>to now disable?
>
>My feeling is that not forwarding 'link-local' type requests upstream by
>default is a cleaner way of having things configured. Bearing in mind
>the popularity of dnsmasq in all sorts of devices (Internet of Things) a
>'be kind to your upstream servers and don't ask daft questions' default
>should at least be considered.
>
>I'm sure the flaws in my idea, logic and thinking will now be loudly
>explained :-)
>
>Kind regards,
>
>Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20151019/ac86a2be/attachment.html>
More information about the Dnsmasq-discuss
mailing list