[Dnsmasq-discuss] Noob question

Simon Kelley simon at thekelleys.org.uk
Tue Aug 31 20:12:11 UTC 2021


On 31/08/2021 10:49, Dominik DL6ER wrote:

> 
> Our conclusion was that the all-zero address (0.0.0.0 and [::])
> approach is the most effective one to block A and AAAA queries.
> For all other query types we recommend NODATA (i.e., a NOERROR reply
> with no answer records). Using this combination, we've not seen any
> issues anywhere. Devices either recognize 0.0.0.0 as an address they
> cannot connect to or us it to connect to themselves where there is
> typically nothing served on port 443 (or wherever they are connecting
> to).
> 

Which can be achieved in dnsmasq with

--address=/example.com/#
--address=/example.com/

The first line gives the A and AAAA answers, the second makes all other
query types NODATA.


I occurs to me that address=/example.com/# should possibly imply the
NODATA answer without needing the second line.

Thoughts?

Cheers,

Simon.




More information about the Dnsmasq-discuss mailing list