[Dnsmasq-discuss] Noob question
simon at thekelleys.org.uk
Tue Aug 31 20:12:11 UTC 2021
On 31/08/2021 10:49, Dominik DL6ER wrote:
> Our conclusion was that the all-zero address (0.0.0.0 and [::])
> approach is the most effective one to block A and AAAA queries.
> For all other query types we recommend NODATA (i.e., a NOERROR reply
> with no answer records). Using this combination, we've not seen any
> issues anywhere. Devices either recognize 0.0.0.0 as an address they
> cannot connect to or us it to connect to themselves where there is
> typically nothing served on port 443 (or wherever they are connecting
Which can be achieved in dnsmasq with
The first line gives the A and AAAA answers, the second makes all other
query types NODATA.
I occurs to me that address=/example.com/# should possibly imply the
NODATA answer without needing the second line.
More information about the Dnsmasq-discuss