[Dnsmasq-discuss] Noob question

Simon Kelley simon at thekelleys.org.uk
Tue Aug 31 20:12:11 UTC 2021

On 31/08/2021 10:49, Dominik DL6ER wrote:

> Our conclusion was that the all-zero address ( and [::])
> approach is the most effective one to block A and AAAA queries.
> For all other query types we recommend NODATA (i.e., a NOERROR reply
> with no answer records). Using this combination, we've not seen any
> issues anywhere. Devices either recognize as an address they
> cannot connect to or us it to connect to themselves where there is
> typically nothing served on port 443 (or wherever they are connecting
> to).

Which can be achieved in dnsmasq with


The first line gives the A and AAAA answers, the second makes all other
query types NODATA.

I occurs to me that address=/example.com/# should possibly imply the
NODATA answer without needing the second line.




More information about the Dnsmasq-discuss mailing list