[Dnsmasq-discuss] dnsmasq's behaviour with configured static hosts is unintuitive
Cyberfusion
wedwards at cyberfusion.nl
Sun Mar 7 08:35:30 UTC 2021
> Op 7 mrt. 2021 om 00:33 heeft Aaron Jones <me at aaronmdjones.net> het volgende geschreven:
>
> On 06/03/2021 19:22, Geert Stappers via Dnsmasq-discuss wrote:
>> Share the challenge you are facing with us.
>
> Put simply, I need dnsmasq to return nothing for an A query, as the VPN
> has no IPv4 routing; I do not wish the query to be forwarded, because
> then it will be answered by the Internet, and applications may then end
> up trying to access the service without using the VPN.
I think this should be taken care of on the client, e.g. with scutil on macOS.
> This will not work due to firewalling. The hostname has IPv4 and IPv6
> addresses when queried over the Internet, but the particular service on
> that host that I wish to access is only available over the VPN, which is
> IPv6-only.
>
> It would be nice if there were an explicit way to indicate in a
> --host-record option that it should not forward queries for this name if
> it has not been configured with the respective address, and instead
> reply with nothing (as though the name exists, but the record does not).
>
> 0.0.0.0 and :: seem as valid a choice as any for a "no address"
> configuration entry. If it ends up being those, I think it should apply
> to hosts(5) entries too.
>
> This is sort of what I'm achieving right now, with the undesirable side
> effect that dnsmasq returns those addresses literally. Unfortunately,
> this would result in the application attempting to connect to localhost,
> as that's what most operating systems treat 0.0.0.0 / :: as, when used
> as the argument to connect(2).
>
> Regards,
> Aaron Jones
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list