[Dnsmasq-discuss] Please support IPv6 on 'alias=' settings

Petr Menšík pemensik at redhat.com
Wed Aug 4 14:05:29 UTC 2021


Hi,

how does this help to block something? If responses are dnssec signed,
changing replies would make verification failing.

What is the point of blocking base on IP level in DNS? If you want
blocking target addresses, why just firewall is not used at the router?
What is advantage of using DNS instead?

It can block any name by using --address=/blockedname/::1. No similar
thing is possible based on resolved address, but when would it be
needed? Is there reason why firewall would not be more efficient way to
block IP (range)?

Cheers,

Petr

On 7/31/21 11:42 AM, Galloni wrote:
> I'm using alias to block bunch of IP addresses on my network 
> for example
>
> block (ipv4 start)-(ipv4 end) range (answer will be nulled out)
> ----> alias=(ipv4 start)-(ipv4 end),0.0.0.0,255.0.0.0
>
> I already read your manual and it looks like ipv6 cannot be blocked
> using alias at all.
>
> Could you support IPv6 on alias?
>
> Or something like 'blockanswerips' will be much nice.
>
> blockanswerips=1.2.3.4/56 (will remove this cidr from ansewr)
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB





More information about the Dnsmasq-discuss mailing list