[Dnsmasq-discuss] feature request : NXDOMAIN all domains on network
dnsmasqlist2021 at rscubed.com
dnsmasqlist2021 at rscubed.com
Thu Mar 18 01:19:11 UTC 2021
That was quick, thanks.
I will have to think of something more challenging we need :)
On Wed, 17 Mar 2021, Simon Kelley wrote:
> On 15/03/2021 02:36, dnsmasqlist2021 at rscubed.com wrote:
>>
>> Hello,
>>
>> Thanks for the many years of support for DNSMasq I have used it for a
>> long time as a filter for most of my machines and servers.
>>
>> Currently I think DNSMasq has the ability to sinkhole all domains on an
>> IP using the bogus-nxdomain feature.
>>
>> We would like to be able to make all domains on whole networks sinkhole
>> / return NXDOMAIN.
>>
>> So if bogus-nxdomain could be updated to accept a network cidr I think
>> that would work.
>>
>> This would be a powerful feature for helping everyone weed out malious
>> domains in bulk from known bad networks.
>>
>> I would like to use it with the spamhaus DROP list (A list of bad
>> network blocks) to make all domains (known and currently unknown) on
>> those networks disappear.
>>
>> This would also help stop the new evil CNAME redirector networks by
>> allowing us to bogus-nxdomain the end network even with the badguys
>> changing domains/ subdomains regularly.
>>
>
>
> Done. I needed a bit of low-hanging fruit. The enhancement works for
> --ignore-address too.
>
> Cheers,
>
> Simon.
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list