[Dnsmasq-discuss] Noob question
Petr Menšík
pemensik at redhat.com
Thu Sep 16 19:33:12 UTC 2021
It seems too cryptic to me. It seems to me usually overriding some name,
I would expect also other query types to be handled.
Could we support for example:
--address=/example.com/#,local
meaning the same value as another --local=/example.com/ specified? Just
on single line, only one domain per config needed.
On 8/31/21 10:12 PM, Simon Kelley wrote:
> On 31/08/2021 10:49, Dominik DL6ER wrote:
>
>> Our conclusion was that the all-zero address (0.0.0.0 and [::])
>> approach is the most effective one to block A and AAAA queries.
>> For all other query types we recommend NODATA (i.e., a NOERROR reply
>> with no answer records). Using this combination, we've not seen any
>> issues anywhere. Devices either recognize 0.0.0.0 as an address they
>> cannot connect to or us it to connect to themselves where there is
>> typically nothing served on port 443 (or wherever they are connecting
>> to).
>>
> Which can be achieved in dnsmasq with
>
> --address=/example.com
> --address=/example.com/
>
> The first line gives the A and AAAA answers, the second makes all other
> query types NODATA.
>
>
> I occurs to me that address=/example.com should possibly imply the
> NODATA answer without needing the second line.
Would that mean --server=/example.com would be required to forward
other than address queries to upstream servers?
> Thoughts?
>
> Cheers,
>
> Simon.
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
More information about the Dnsmasq-discuss
mailing list