[Dnsmasq-discuss] [RFC] dns: add option to ban domains
Kevin Darbyshire-Bryant
kevin at darbyshire-bryant.me.uk
Tue Aug 8 10:56:27 BST 2017
On 08/08/17 09:23, wkitty42 at gmail.com wrote:
> On 08/08/2017 04:06 AM, Matteo Croce wrote:
>> 2017-08-08 4:26 GMT+02:00 <wkitty42 at gmail.com>:
>>> On 08/07/2017 06:02 PM, Matteo Croce wrote:
>>>>
>>>> I propose adding an option to allow banning some domains.
>>>>
>>>> add `--ban-hosts' which accepts a file name which contains a list of
>>>> domains to block, one per line.
>>>> Domains are blocked by simply returning NXDOMAIN.
>>>
>>> is the following in dnsmasq.conf broken???
>>>
>>> # block these domains with NXDOMAIN
>>> server=/example.com/
>>> server=/facebook.com/
>>> server=/fbcdn.net/
>>> server=/fbcdn.com/
>>> server=/facebook.net/
>>
>> Nope, but it's unpractical when the ban list is huge
>
> impractical?
>
>> # wc -l /etc/banhosts
>> 13090 /etc/banhosts
>>
>> also, having it in a separate file will allow updating it without
>> messing with the configuration file
>
>
> well, you asked for comments so i did... as for separate files, can't it
> be done in another file that is included in the main one? i can't
> remember if dnsmasq allows one to include additional files or not...
LEDE/Openwrt does exactly that. The startup script conditionally
includes a config file with a list of RFC6761 related domains to never
forward "--conf-file=$RFC6761FILE" - The referenced file contains
"server=/exclude/" type references.
So the functionality is already there, though not quite with perfect
syntax in the sense that 'server=/ /' is repeated each line.
How is the 'ban-hosts' file updated? Does it need a SIGHUP to dnsmasq
(please not another thing hanging off SIGHUP) Does it need a complete
restart?
If 'ban-hosts' can be dynamically updated then I can see some value in
it, until then it looks like it's a syntax nicety. Perhaps there's some
other feature we're all missing... is it faster for example?
Kevin
More information about the Dnsmasq-discuss
mailing list