[Dnsmasq-discuss] truely filter AAAA

Geert Stappers stappers at stappers.nl
Mon Oct 11 19:26:56 UTC 2021 

Previous-Subject: Re: [Dnsmasq-discuss] Bug while using address=//::
In-Reply-To: <787c6505417aa8b8047df15c616fc3cbd117f9b5.camel at dl6er.de>

On Mon, Oct 11, 2021 at 07:39:07PM +0200, Dominik Derigs wrote:
> Hey Petr and Simon,
> 
> On Mon, 2021-10-11 at 12:59 +0200, Petr Menšík wrote:
> > I cannot consider current implementation of filter-a and filter-
> > aaaa useful.
> 
> I did not look into the code before and was naively assuming it
> would be in fact per-domain and not kill-'em-all style.
> 
> And yes, I do agree it should be like --filter-a=/example.com/
> Maybe this option could simply be syntactic sugar for
> 
> server=/example/#
> address=/example.com/::
> 
> but with a real AAAA filter instead of forcing it to ::
> 
> Best,
> Dominik
> 

Message-ID: <20211008121343.GB25819 at aepfle.de>
References: <29bd427d00f21492cb400a00daa31a63 at riseup.net>
  <644f4340-1615-4302-c107-48361afe1db1 at thekelleys.org.uk>
In-Reply-To: <644f4340-1615-4302-c107-48361afe1db1 at thekelleys.org.uk>
On Fri, Oct 08, 2021 at 02:13:43PM +0200, Olaf Hering wrote:
> On Thu, Oct 07, Simon Kelley wrote:
> 
> > --filter-A and --filter-AAAA options, these drop IPv4 and IPv6 ANSWERS,
> 
> Did you consider an option to filter them per interface or server?
> Like server=/${dnsdomain}/${ip}/no-{A,AAAA}
> 
> 
> Olaf
> 

Manual of dnsmasq, latest git pull, has: 

       --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>]][@<inter‐
       face>][@<source-ip>[#<port>]]
              Specify IP address of upstream servers  directly.  Setting
              this  flag  does not suppress reading of /etc/resolv.conf,
              use --no-resolv to  do  that.  If  one  or  more  optional
              domains  are  given,  that  server  is used only for those
              domains and they are  queried  only  using  the  specified
              server.  ...

New syntax could be

  --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>]][/no-{A,AAAA}][@<inter‐
  face>][@<source-ip>[#<port>]]


when filtered dropping gets implement.




Regards
Geert Stappers
Another person not found of --filter-AAAA  (a.k.a.  kill 'm all)
-- 
Silence is hard to parse



Groeten
Geert Stappers
-- 
Silence is hard to parse

More information about the Dnsmasq-discuss mailing list