[Dnsmasq-discuss] ipsets usability
Aleksandr Mezin
mezin.alexander at gmail.com
Fri Nov 13 01:46:18 GMT 2020
Hello.
I use dnsmasq's ipset feature to selectively tunnel some connections
through shadowsocks. I thought about creating a GUI for dnsmasq ipsets
in OpenWrt. However, there are some problems that will, probably, make
the user experience bad:
1) The user adds a domain to the ipset (in dnsmasq config). If the
domain is already cached on the client, IPs won't actually be added to
the ipset (at least until the cache entry expires).
2) The user removes a domain from the ipset in dnsmasq config.
Domain's IPs won't actually be removed from the ipset ever (until the
user reboots the router, or something else flushes the ipset)
(1) can be partially solved by sending a DNS request for every domain
listed in ipset config. For (2) it is possible to flush the ipset and
then, again, send a request for every domain... But some IPs will be
lost almost every time.
I thought that maybe the relationship between domains and IPs added to
ipsets should be tracked somehow. So IPs that aren't related to the
configured domains can be found and removed. And the relationship info
should persist across dnsmasq restarts. Is it even possible to
implement? Should I maybe try to extend ipset-dns [1] instead of
dnsmasq?
[1] https://git.zx2c4.com/ipset-dns/
More information about the Dnsmasq-discuss
mailing list