[Dnsmasq-discuss] feature request : NXDOMAIN all domains on network
Simon Kelley
simon at thekelleys.org.uk
Wed Mar 17 20:44:28 UTC 2021
On 15/03/2021 02:36, dnsmasqlist2021 at rscubed.com wrote:
>
> Hello,
>
> Thanks for the many years of support for DNSMasq I have used it for a
> long time as a filter for most of my machines and servers.
>
> Currently I think DNSMasq has the ability to sinkhole all domains on an
> IP using the bogus-nxdomain feature.
>
> We would like to be able to make all domains on whole networks sinkhole
> / return NXDOMAIN.
>
> So if bogus-nxdomain could be updated to accept a network cidr I think
> that would work.
>
> This would be a powerful feature for helping everyone weed out malious
> domains in bulk from known bad networks.
>
> I would like to use it with the spamhaus DROP list (A list of bad
> network blocks) to make all domains (known and currently unknown) on
> those networks disappear.
>
> This would also help stop the new evil CNAME redirector networks by
> allowing us to bogus-nxdomain the end network even with the badguys
> changing domains/ subdomains regularly.
>
Done. I needed a bit of low-hanging fruit. The enhancement works for
--ignore-address too.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list