[Dnsmasq-discuss] [PATCH] Two small fixes
Dominik Derigs
dl6er at dl6er.de
Wed Sep 29 21:04:11 UTC 2021
Hey Petr,
On Wed, 2021-09-29 at 22:48 +0200, Petr Menšík wrote:
> Source based response rules are in general cache unfriendly. What do you
> need it for? Is the dnsmasq instance always the only source for name
> resolution?
We add many features on top of dnsmasq. One example is our support for
blocking lists with (dozens of) millions of domains still fitting into a
few megabytes of memory. We use a B-tree for this, as there is no need to
know the full name if you have other means to know you have an exact match.
Anohter example are regular expressions for all sort of things like
blocking, enforcing specific replies (not only A/AAAA but also
NXDOMAIN/NODATA/REFUSED). And there is more.
You may not want to apply the same rules to all devices so you can group
them together and then associate clients to these groups. Group selectors
can be IP addresses, MAC addresses, hostnames or the interface a query
arrived on (for easy, say, VPN/WiFi/ethernet rules).
In the latter case, we need to know the label.
If it turns out keeping/using label is out of scope for dnsmasq, I will add
the label variable myself into our local dnsmasq fork. One thing that is
important to us, however, is to keep the difference between our fork and
dnsmasq minimal. Even with all the stuff we do on top, the diff between our
fork and the main project is less than 100 lines and the vast majority of
patches to this mailing list applies cleanly right away.
Best,
Dominik
More information about the Dnsmasq-discuss
mailing list