[Dnsmasq-discuss] dnsmasq's behaviour with configured static hosts is unintuitive

[Cyberfusion]

> Op 7 mrt. 2021 om 00:33 heeft Aaron Jones <me at aaronmdjones.net> het volgende geschreven:
> 
> On 06/03/2021 19:22, Geert Stappers via Dnsmasq-discuss wrote:
>> Share the challenge you are facing with us.
> 
> Put simply, I need dnsmasq to return nothing for an A query, as the VPN
> has no IPv4 routing; I do not wish the query to be forwarded, because
> then it will be answered by the Internet, and applications may then end
> up trying to access the service without using the VPN.

I think this should be taken care of on the client, e.g. with scutil on macOS.

> This will not work due to firewalling. The hostname has IPv4 and IPv6
> addresses when queried over the Internet, but the particular service on
> that host that I wish to access is only available over the VPN, which is
> IPv6-only.
> 
> It would be nice if there were an explicit way to indicate in a
> --host-record option that it should not forward queries for this name if
> it has not been configured with the respective address, and instead
> reply with nothing (as though the name exists, but the record does not).
> 
> 0.0.0.0 and :: seem as valid a choice as any for a "no address"
> configuration entry. If it ends up being those, I think it should apply
> to hosts(5) entries too.
> 
> This is sort of what I'm achieving right now, with the undesirable side
> effect that dnsmasq returns those addresses literally. Unfortunately,
> this would result in the application attempting to connect to localhost,
> as that's what most operating systems treat 0.0.0.0 / :: as, when used
> as the argument to connect(2).
> 
> Regards,
> Aaron Jones
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss